[rsbac] (no subject)

Amon Ott rsbac@rsbac.org
Fri Apr 5 11:11:01 2002

On Friday, 5. April 2002 05:50, Metrix wrote:
> a few questions....how would i go about restricting a
> process to one directory, and in the directory
> allowing it only to append log files, not read or
> delete to them?

Use RC model:
- Create new FD type for the dir
- Create new role for the process
- Give role SEARCH, APPEND_OPEN, WRITE, CLOSE and, if it also has to create 
new files, CREATE to the new type
- Give role only SEARCH to all other FD types (for path lookup)
- Assign role as force_role to program running in the process
- Assign type to dir

> If people know rsbac is implemented, would they not
> try and get a root shell, in which they can just su to
> secoff, or try and gain uid400 as opposed to 0?

You cannot su to 400. No program can setuid to 400, unless you gave it an 
AUTH cap 400 to do so.

The big difference is that many programs run as root, e.g. during boot or as 
daemons, but usually none run as secoff.

The main task of AUTH module is to restrict paths to user ids. If you use an 
extra program for local login, which only runs on console, and this is the 
only program with AUTH cap 400, then user 400 can only work on console. 

Mingetty is handy for that, because you can specify the login program.

> also a minor prob, in console mode, frame buffer at
> 1024x768, the rsbac_menu program seems to get muddled,
> and displays weird.

Which RSBAC and kernel versions? I have seen problems running the new 
rsbac_dialog of 1.2.0-pre in framebuffer console. Dialog and rsbac_dialog 
use the ncurses lib, so an ncurses update might help.