[rsbac] New code on rsync server

Amon Ott ao at rsbac.org
Fri Jan 24 17:52:35 MET 2003

On Tuesday 21 January 2003 16:43, Amon Ott wrote:
> News:
> - AUTH port to generic lists has been finished and seems to work fine
> - new optional requests CHANGE_DAC_EFF_OWNER and CHANGE_DAC_FS_OWNER
> - Optional separate AUTH caps for these
> - TTL for all AUTH caps (not yet in menues)
> The new code is available via rsync and http at rsync:rsbac.dyndns.org and 
> http://rsbac.dyndns.org/rsync/. I also put up the uml code there for easy 
> rsync download.
> There will soon be the next pre release, including some simple process 
> mechanism.

The CAP module now contains a process hiding scheme: You can hide the status 
of a process from all other users (except CAP Secoff and Sysadm) or from all 
users (except CAP Secoff). A new kernel param rsbac_cap_process_hiding 
defaults the value for all processes to 1 (hide from other users).

There will probably be a new capability to replace the current fixed 
exception scheme, and there might be per-executable values.

It is no good idea to hide too much from root, though - some daemons will not 
work properly, if they do not get process states.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list