webadmin-devel

fdisk links to mount...

[<jam...@te...>]

Hi All,

My general philosophy on security is that unless a user has access to
something, they should not even
be given a direct opportunity by which they may be tempted to break a
security policy.  For instance if
a user is not allowed within a certain module of a program then no where
should that user be given a
link to that module.  In the fdisk module this is not the case as whether
or not the user has access to the
mount there are links over the mount points in the fdisk module pointing to
the mount command.  If they
clikc there it will stop them and say access denied, but really I don't
think they should be given the opportunity
to click.

Anyway I have attached a patch wich I think achieves this (if they don't
have access they do not get
a link).  I tried to figure out what was the right way to figure out if a
user was able to access a foreign module,
but maybe I overlooked something.   Anyway here its:
*** index.cgi.orig  Fri Jun 21 17:22:23 2002
--- index.cgi  Mon Jun 24 17:24:31 2002
***************
*** 10,15 ****
--- 10,27 ----
  print "<hr>\n";
  $extwidth = 250;

+ #
+ # Figure out if the user should be able to edit filesystems
+ # or not.  That is can they access the mount module...
+ local $can_mount = 0;
+ for my $test_mod (@{$main::acl_array_cache{$base_remote_user}})
+ {
+     if($test_mod eq 'mount') {
+    $can_mount = 1;
+    last;
+     }
+ }
+
  print "<table border width=100%>\n";
  print "<tr $tb> <td><b>$text{'index_disk'}</b></td> ",
        "<td><b>$text{'index_parts'}</b></td> </tr>\n";
***************
*** 104,111 ****
                    print "<tt><a href=/mount/edit_mount.cgi?index=$stat[4]&temp=1&return=/$module_name/>$stat[0]</a></tt>\n";
                    }
               elsif ($stat[0]) {
                    print "<tt><a href=/mount/edit_mount.cgi?index=$stat[3]&return=/$module_name/>$stat[0]</a></tt>\n";
!                   }
               print "</td> <td>\n";
               if (!$p->{'extended'} && $stat[2] &&
                   &indexof($p->{'type'}, @space_type) >= 0 &&
--- 116,127 ----
                    print "<tt><a href=/mount/edit_mount.cgi?index=$stat[4]&temp=1&return=/$module_name/>$stat[0]</a></tt>\n";
                    }
               elsif ($stat[0]) {
+                   if($can_mount) {
                    print "<tt><a href=/mount/edit_mount.cgi?index=$stat[3]&return=/$module_name/>$stat[0]</a></tt>\n";
!                                 } else {
!                   print "<tt>$stat[0]</tt>\n";
!                      }
!                   }
               print "</td> <td>\n";
               if (!$p->{'extended'} && $stat[2] &&
                   &indexof($p->{'type'}, @space_type) >= 0 &&

Cheers...james

Re: fdisk links to mount...

[Jamie C. <jca...@we...>]

jam...@te... wrote:

> Hi All,
> 
> My general philosophy on security is that unless a user has access to
> something, they should not even
> be given a direct opportunity by which they may be tempted to break a
> security policy.  For instance if
> a user is not allowed within a certain module of a program then no where
> should that user be given a
> link to that module.  In the fdisk module this is not the case as whether
> or not the user has access to the
> mount there are links over the mount points in the fdisk module pointing to
> the mount command.  If they
> clikc there it will stop them and say access denied, but really I don't
> think they should be given the opportunity
> to click.
> 
> Anyway I have attached a patch wich I think achieves this (if they don't
> have access they do not get
> a link).  I tried to figure out what was the right way to figure out if a
> user was able to access a foreign module,
> but maybe I overlooked something.   Anyway here its:


Sounds like a good fix - I will put it in the next release.
I suspect that someone with access to the fdisk module could find a way
to become root and subvert all your security restrictions though :)

  - Jamie