!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/system-config-securitylevel/   drwxr-xr-x
Free 51.24 GB of 127.8 GB (40.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     selinuxPage.py (6.68 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#
# selinuxPage.py - GUI for SELinux page in system-config-securitylevel
#
# Brent Fox <bfox@redhat.com>
# Dan Walsh <dwalsh@redhat.com>
#
# Copyright 2004 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import gtk
import gtk.glade
import os
import gobject
import sys

INSTALLPATH='/usr/share/system-config-securitylevel'
sys.path.append(INSTALLPATH)
rhplPath="/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1])
if not rhplPath in sys.path:
    sys.path.append(rhplPath)

rhplPath="/usr/lib64/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1])
if not rhplPath in sys.path:
    sys.path.append(rhplPath)

from Conf import *
import commands
ENFORCING=0
PERMISSIVE=1
DISABLED=2
SELINUXDIR="/etc/selinux/"
RELABELFILE="/.autorelabel"

##
## I18N
## 
from rhpl.translate import _, N_
import rhpl.translate as translate
domain = "system-config-securitylevel"
translate.textdomain (domain)

def waitCmd (msg, cmd):
    dialog = gtk.MessageDialog (None,
                                gtk.DIALOG_DESTROY_WITH_PARENT | gtk.DIALOG_MODAL,
                                gtk.MESSAGE_INFO,
                                gtk.BUTTONS_NONE,
                                msg)
    dialog.set_position(gtk.WIN_POS_CENTER)
    dialog.show_all()
    dialog.get_toplevel().window.set_cursor(gtk.gdk.Cursor(gtk.gdk.WATCH))

    while gtk.events_pending():
        gtk.main_iteration()

    (status, output) = commands.getstatusoutput(cmd)

    dialog.destroy()
    return (status, output)

class selinuxPage:
    def __init__(self, xml, doDebug=None, inFirstboot=False):
        self.xml = xml
        self.selinuxsupport = True
        self.needRelabel = False
        self.doDebug = doDebug
        self.inFirstboot = inFirstboot

        # Bring in widgets from glade file.
        self.seLinuxVBox = xml.get_widget("seLinuxVBox")
        self.enabledOptionMenu = xml.get_widget("enabledOptionMenu")

        listStore = gtk.ListStore(gobject.TYPE_STRING)
        self.enabledOptionMenu.set_model(listStore)
        cell = gtk.CellRendererText()
        self.enabledOptionMenu.pack_start(cell, True)
        self.enabledOptionMenu.add_attribute(cell, 'text', 0)
        self.enabledOptionMenu.append_text(_("Enforcing"))
        self.enabledOptionMenu.append_text(_("Permissive"))
        self.enabledOptionMenu.append_text(_("Disabled"))

        if self.read_selinux_config() == None:
            self.seLinuxVBox.set_sensitive(False)
            self.selinuxsupport = False
        else:
            self.enabledOptionMenu.connect("changed", self.enabled_changed)

        # This line should always go last
        self.dirty = False

    def setup_relabel(self):
        fd=open(RELABELFILE,"w")
        fd.close()

    def set_current_mode(self,value):
        return commands.getoutput("/usr/sbin/setenforce %d" % value)

    def verify(self, message):
        dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
                                gtk.BUTTONS_YES_NO,
                                message)
        dlg.set_position(gtk.WIN_POS_MOUSE)
        dlg.show_all()
        rc = dlg.run()
        dlg.destroy()
        return rc

    def enabled_changed(self, combo):
        setting = combo.get_active()

        if setting < 2:
            enabled = True
        else:
            enabled = False

        # If the combo has been changed back to its inital setting, we don't
        # need to do anything.
        if setting == self.initEnabled:
            self.dirty = False
            self.needRelabel = False
        else:
            self.dirty = True

            # If we were initially disabled, we must be set to enabling here.
            if self.initEnabled == DISABLED:
                if not self.inFirstboot and self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system.  Do you wish to continue?")) == gtk.RESPONSE_NO:
                    return None

                self.needRelabel = True
            else:
                self.needRelabel = False

    def read_selinux_config(self):
        self.initEnabled = DISABLED
        self.boolconf={}
        self.types=[]
        if os.access(SELINUXDIR, os.F_OK) == 0:
            #File doesn't exist.  return
            return None

        self.conf=ConfShellVar(SELINUXDIR+"config")
        self.conf.rcs=1
        if self.conf.has_key("SELINUX"):
            value=self.conf.vars["SELINUX"].upper().strip()
        else:
            value="ENFORCING"
            self.conf.vars["SELINUX"]=value            

        if value == "ENFORCING":
            self.initEnabled = ENFORCING
            self.enabledOptionMenu.set_active(ENFORCING)
        elif value == "PERMISSIVE":
            self.initEnabled = PERMISSIVE
            self.enabledOptionMenu.set_active(PERMISSIVE)
        elif value == "DISABLED":
            self.initEnabled = DISABLED
            self.enabledOptionMenu.set_active(DISABLED)

        self.enabled_changed(self.enabledOptionMenu)

        return 0

    def apply(self):
    retval = 0

        if not self.selinuxsupport:
            return retval

        if self.dirty:
            enabled = self.enabledOptionMenu.get_active()
            newMode = 0

            if enabled == ENFORCING:
                self.conf["SELINUX"] = "enforcing"
                newMode = 1
            elif enabled == PERMISSIVE:
                self.conf["SELINUX"] = "permissive"
                newMode = 0
            elif enabled == DISABLED:
                # The only way to make sure SELinux is disabled is to reboot.
                # We should also setenforce 0 right now too.
                self.conf["SELINUX"] = "disabled"
                newMode = 0
                retval = 1

            if not self.doDebug:
                self.conf.write()
                self.set_current_mode(newMode)
        
            if self.needRelabel:
                if not self.doDebug:
                    self.setup_relabel()
        retval = 1
            else:
                if os.access(RELABELFILE, os.F_OK) != 0 and not self.doDebug:
                    os.unlink(RELABELFILE)

    return retval

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.012 ]--