[rsbac] (no subject)

Amon Ott rsbac@rsbac.org
Fri May 3 09:49:05 2002

Previous message: [rsbac] (no subject)
Next message: [rsbac] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------Boundary-00=_W2ZIW7PMGVJVA5EDU89M
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

On Friday, 3. May 2002 05:09, Metrix wrote:
> just a few more questions, I was wondering how it is
> possible wit rsbac to stop users seeing other users
> processes, like in grsecurity. Also, if i set a
> directory to append_only with ff flags, it is still
> possible to create files with cat, although they
> contain no data. 

Congratulation, you found another bug. Please use the attached patch against 
rsbac/adf/ff/ff_main.c.
 
> Also, would you be able to recommend a good source of
> information to get the grasp of roles?

The unpublished RC paper can give you a start, and most examples use RC. If 
you want, I can send you a personal copy of the current state of my 
dissertation, where RC gets defined and explained in detail.

> \With rsbac, is it possible to restrict acces of kmem
> to the X server only, but not to any users?

Define a new RC role 'X Server' as a copy of 'General User' (or of 'System 
Admin' to get more rights), add kmem access to this role and assign it as 
force_role to the X binary.

Amon.
--
http://www.rsbac.org

--------------Boundary-00=_W2ZIW7PMGVJVA5EDU89M
Content-Type: text/x-diff;
  charset="iso-8859-1";
  name="ff.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ff.diff"

LS0tIGZmX21haW4uY34JTW9uIERlYyAxMCAxMjoxNzo0NSAyMDAxCisrKyBmZl9tYWluLmMJRnJp
IE1heSAgMyAwOTo0NDowMyAyMDAyCkBAIC0xODcsNyArMTg3LDcgQEAKICAgICAgICAgICAgICAg
ewogICAgICAgICAgICAgICAgIGNhc2UgVF9ESVI6IAogICAgICAgICAgICAgICAgICAgcmV0dXJu
KGNoZWNrX2ZsYWdzX2ZmKHRhcmdldCx0aWQsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgRkZfcmVhZF9vbmx5IHwgRkZfc2VhcmNoX29ubHkpKTsKKyAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBGRl9yZWFkX29ubHkgfCBGRl9zZWFyY2hfb25s
eSB8IEZGX2FwcGVuZF9vbmx5KSk7CiAKICAgICAgICAgICAgICAgICAvKiBhbGwgb3RoZXIgY2Fz
ZXMgYXJlIHVuZGVmaW5lZCAqLwogICAgICAgICAgICAgICAgIGRlZmF1bHQ6IHJldHVybihET19O
T1RfQ0FSRSk7CkBAIC00NjcsNyArNDY3LDcgQEAKICAgICAgICAgICAgICAgICBjYXNlIFRfRklM
RToKICAgICAgICAgICAgICAgICBjYXNlIFRfRklGTzoKICAgICAgICAgICAgICAgICAgIHJldHVy
bihjaGVja19mbGFnc19mZih0YXJnZXQsdGlkLAotICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIEZGX3JlYWRfb25seSB8IEZGX2V4ZWN1dGVfb25seSkpOworICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEZGX3JlYWRfb25seSB8IEZGX2V4ZWN1dGVf
b25seSB8IEZGX2FwcGVuZF9vbmx5KSk7CiAjZW5kaWYKIAogICAgICAgICAgICAgICAgIC8qIGFs
bCBvdGhlciBjYXNlcyBhcmUgdW5kZWZpbmVkICovCg==

--------------Boundary-00=_W2ZIW7PMGVJVA5EDU89M--

Previous message: [rsbac] (no subject)
Next message: [rsbac] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]