[rsbac] (no subject)
Amon Ott
rsbac@rsbac.org
Mon May 6 10:09:01 2002
On Friday, 3. May 2002 09:49, Amon Ott wrote:
> On Friday, 3. May 2002 05:09, Metrix wrote:
> > just a few more questions, I was wondering how it is
> > possible wit rsbac to stop users seeing other users
> > processes, like in grsecurity. Also, if i set a
> > directory to append_only with ff flags, it is still
> > possible to create files with cat, although they
> > contain no data.
>
> Congratulation, you found another bug. Please use the attached patch
against
> rsbac/adf/ff/ff_main.c.
Sorry for the confusion, this was *not* a bug, but intended. append_only is
for log files, so programs must be able to create the files, but they can
only append to existing files. For appending you also need WRITE, so both
changes in the patch are wrong.
Amon.
--
http://www.rsbac.org