[rsbac] quick question

Amon Ott rsbac@rsbac.org
Thu, 14 Mar 2002 10:03:59 +0100

On Thursday, 14. March 2002 15:24, metrix007@yahoo.com wrote:
> with rsbac, the way i understand it, if set up correctly, if a program is
> exploited, the shell that is granted does not have full permission? eg
> confine sendmail to one directory, and then the /bin/sh cannot escape from
> that dirrectory? same with no write files etc etc...

This depends on your setup. With RC model, if you assign a role to a program, 
and this program calls another without assigned role, the original program 
role is kept and used.

So all you have to make sure is that the special program does not call other 
programs with non-standard initial or forced role setting.

First of all, you might prevent execution of a shell. If you really need one, 
make sure it has no role assigned, and the confinement is maintained.

> is this correct? or if a program is exploited...does it override rsbac?

There is no known way to override the kernel based RSBAC, except from kernel 
space, e.g. by loading uncontrolled kernel modules.

With sufficient rights (e.g. as user 400), you can change the settings and 
then get access granted, but that is intended behaviour. But no normal 
program should be able to setuid to a privileged user ID anyway.