[rsbac] l 2.4.23 + rsbac 1.2.2 (fix 1-5) grsec freeswan(x509)

[Amon Ott]

On Samstag, 6. Dezember 2003 01:28, Bencsath Boldizsar wrote:
> My latest merged version is available on my site
> http://boldi.hu/programs/rsbac/linux-2423-rsbac-grsec-freeswan.tgz
> 
> Contains:
> linux 2.4.23
> rsbac 1.2.2 + fixes (1-5) +sample module 2 disabled
> grsecurity (latest)
> freeswan 2.04 + x509 patch 1.4.8
> +rsbac admin source
> 
> it seems to be "stable" as far as I tested (few days, few different
> configs)...
> 
> my remarks:
> while upgrading from rsbac 1.2.1 you should take care of AUTH capabilities
> - I've lost some (cleared), and you might want to set AUTH cap
> " 4294967293      Special: user who started program" for a "lot" of
> programs (/usr/bin/mail,/usr/bin/ssh,mtr,ping are some examples).
> Setting auth caps for lots of programs makes it real harder to do regular
> updates. Do you have any "standards" doing it in a sensitive way?

The AUTH module has been moved to generic lists between 1.2.1 and 1.2.2, and 
there is no automatic way to update - this means, you will loose ALL cap 
settings. Please backup with auth_back_cap and restore after starting 1.2.2.

You can safely reapply your backup after each update. There have been ideas of 
an apt-get or rpm wrapper, which automatically backups attributes for all 
affected files and restores them afterwards.
 
> Amon:
> asking for "help"  in admin tools 1.2.2 rsbac_fd_menu (e.g. Rc force role)
> puts on the help of the next item (can this be an index problem of the
> menu? ( dialog         0.9a-20020309a ), with dialog  dialog
> 0.9b-20031002-.. help simply exits the whole menu. (I'm unsure about the
> reason).

There is a bug in dialog, which causes this. Please try the patch at http://
rsbac.org/dialog, there is also an unchanged dialog source to apply the patch 
against. Unfortunately, the dialog author(s) misunderstood my extension and 
implemented it differently.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22