Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/xuancong84/chown-pid

A Linux kernel module to modify a running process' UID, GID, and supplementary group list
https://github.com/xuancong84/chown-pid

chgrp chown chown-sync chownow gid kernel-driver linux-kernel uid

Last synced: about 2 months ago
JSON representation

A Linux kernel module to modify a running process' UID, GID, and supplementary group list

Awesome Lists containing this project

README 

          
# A Linux kernel module to modify a running process' UID, GID, and supplementary group list



Linux is a very powerful multi-user operating system in which users can run programs both locally (as a PC) or remotely (as a server). In a typical multi-user environment, very often, we encounter the group-permission-not-updated issue for already launched processeses when we create a new group and added some existing users to the new group. That is because the Linux kernel credential module has a major security defect that if a user is added to or removed from a supplementary group (not the user's primary group defined in `/etc/passwd`), that user's existing processes will not have its supplementary group permission updated.



For example, if a user has a `tmux` (or `screen`) session running some background jobs, and the user is added to a new group whose members have access to some secure folder, then the user will not be able to access the secure folder in his/her `tmux` session, even if he spawns new shell panes/windows in his `tmux` session or creates new `tmux` sessions. The only two workarounds are:

1. close all his `tmux` sessions so that his `tmux` server stops and then relaunch `tmux`.

2. create a new `tmux` session under a different `tmux` socket.



In another example, if a user quits a project and the system admin removes him from the project group (`/etc/group`), then all that user's existing programs and `tmux` sessions will continue to access files and folders that are only accessible by that project group members. Moreover, the user can use his existing `tmux` (or `screen`) session to spawn new processes (including new `tmux` sessions) that continue to enjoy the old supplementary group permission, so that he can continue to access those files and folders on which his permission has been withdrawn. This can lead to a data security problem.



Since this defect lies in the Linux kernel, up to today, no user-level programs and softwares can tackle it directly.



This kernel-module program is created to add or remove a supplementary group (by GID) to and from a process (by PID).



## How to compile

1. Login as root (e.g., `sudo su` or `su`)

2. `cd` into the project folder and run `make`

3. If compilation is successful, `chown-pid.ko` will be generated

4. `sudo make` will NOT work (unless you append the option `Defaults env_keep += "PWD"` to `/etc/sudoers` which is not secure)



## How to run

1. To add a supplementary group GID to a process PID:

```

sync && insmod chown-pid.ko arg_pid= arg_gid= arg_act='add' && rmmod chown-pid

```

in which `arg_act='add'` is optional (default argument).



2. To remove a supplementary group GID from a process PID:

```

sync && insmod chown-pid.ko arg_pid= arg_gid= arg_act='remove' && rmmod chown-pid

```



3. To enquire whether a GID is inside the process' supplementary group list:

```

sync && insmod chown-pid.ko arg_pid= arg_gid= arg_act='query' && rmmod chown-pid

```



4. To list all GIDs under the process PID:

```

sync && insmod chown-pid.ko arg_pid= arg_act='list' && rmmod chown-pid

```

You can also view this list at `/proc//status`.



5. To set UID for the process PID:

```

sync && insmod chown-pid.ko arg_pid= arg_gid= arg_act='set_uid' && rmmod chown-pid

```



6. To set GID for the process PID:

```

sync && insmod chown-pid.ko arg_pid= arg_gid= arg_act='set_gid' && rmmod chown-pid

```



**Since this is a kernel module, all verbose output can only be seen by `dmesg -t | tail`. Moreover, under extreme race conditions, there is a slight risk of causing your OS to crash, so better `sync` before doing anything.**