[rsbac] (no subject)

Fabrice MARIE rsbac@rsbac.org
Fri Apr 5 08:31:01 2002


On Friday 05 April 2002 11:50, Metrix wrote:
> a few questions....how would i go about restricting a
> process to one directory, and in the directory
> allowing it only to append log files, not read or
> delete to them?

restrict the process to one directory is done
trhough chroot (man chroot(1), man chroot(2))


> If people know rsbac is implemented, would they not
> try and get a root shell, in which they can just su to
> secoff, or try and gain uid400 as opposed to 0?

Append can be done the FF attributes if I'm not wrong.
How can they su by calling the su command if you never
put the su command in their jail. Then, the only alternative
they have is to "upload" to the jail a program that
would call setuid(). But then AUTH will deny the setuid,
simply because it's never been decalred as a valid one.

> also a minor prob, in console mode, frame buffer at
> 1024x768, the rsbac_menu program seems to get muddled,
> and displays weird.

You can probably change the shell variables :

Have a nice day,

Fabrice MARIE
Senior R&D Engineer
Celestix Networks

"Silly hacker, root is for administrators"