[rsbac] RSBAC: Inconsistencies, confusion galore...
Michael Chang
rsbac@rsbac.org
Fri Jan 3 08:41:01 2003
Hi, folks.
I'm having a problem, here. Well, several, actually.
Here's one:
When I use attr_set_fd to tell rsbac to log all EXECUTE
requests for /sbin/ifconfig, it appears as though all of the
log_program_based bits are cleared.
[secoff@polaris rsbac]$ attr_set_fd -v GEN FILE log_program_based EXECUTE
/sbin/ifconfig
attr_set_fd: 1 targets
Processing FILE '/sbin/ifconfig', attribute log_program_based, value 0
[secoff@polaris rsbac]$ attr_get_fd -v GEN FILE log_program_based
/sbin/ifconfig
attr_get_fd: 1 targets
Processing FILE '/sbin/ifconfig', attribute log_program_based
/sbin/ifconfig: Returned value: 00000000000000000000000000000000000000000000
Now, when I run /sbin/ifconfig, nothing gets logged (nothing in the kernel
logs, and nothing in /proc/rsbac-info/rmsg). I know that logging does
work, since it get request notifications for other actions.
Am I using the wrong utility? Based upon the behaviour of attr_set_fd, it
appears as though it *is* the correct utility. Which leads me to another
question: What is the difference between FILE and FD? In my
understanding, FD (or 'fd') is lingo for 'file descriptor', and file
descriptors only apply to "files" which are currently open in a process.
However, the rsbac utilities imply, in their usage output, that FD is a
shortcut which can be applied against both files and directories (but not
device files). There appears to be a discrepancy, then, since there is an
attr_set_file_dir utility --- this implies that an FD is *not* the same as
a FILE or DIR, otherwise three separate utilities wold not exist.
Therefore, the only logical conclusion that I can come up
with is that FD can only be used against files which have been opened (by
open(), etc.) by a currently running process. If I'm wrong, please let
me know. I'm confused up to my ears.
The same logic that I used above is also applicable to the 3 utilities,
'attr_set_up', 'attr_set_user', and 'attr_set_process'. If attr_set_up
can be applied to both processes and users, then why do there exist
separate utilities for changing the attributes for processes and users?
Again, I'm confused up to my ears.
Another question: What is the relationship between AUTH and CAPABILITIES
in the context of the RSBAC implementation?
More questions: What is the difference between the acl_rights and
acl_tlist utilities? When setting rights for a target of type PROCESS,
are those rights only retained for the lifetime of a process, or do the
rights apply indefinitely for each and every subsequent invocation of an
executable which produces the same process image? When I remove the
DELETE attribute for an executable, does it mean that the executable
itself can no longer be deleted, or does it mean that the executable
cannot call unlink()? Have I mentioned, yet, that I'm confused up to my
ears? :)
I hope someone has the time to reply with some answers. I'm unable to
find any man pages for the utilities, so some guidance would be
appreciated.
TIA,
Michael
--
/* BEGIN SIG
*
* "Afraid of change, afraid of staying the same,
* when temptation calls, we just look away."
* - Barenaked Ladies
*
* "He started writing in mirror writing, 'Help! I'm
* trapped behind the world.'"
* - New York State Journal of Medicine
*
*-----------------------------
* Michael Chang
* miranda@uranus.com
* http://www.syndetic.org/
*/