[rsbac] New code on rsync server
Amon Ott
ao at rsbac.org
Fri Jan 24 17:52:35 MET 2003
On Tuesday 21 January 2003 16:43, Amon Ott wrote:
> News:
>
> - AUTH port to generic lists has been finished and seems to work fine
>
> - new optional requests CHANGE_DAC_EFF_OWNER and CHANGE_DAC_FS_OWNER
>
> - Optional separate AUTH caps for these
>
> - TTL for all AUTH caps (not yet in menues)
>
> The new code is available via rsync and http at rsync:rsbac.dyndns.org and
> http://rsbac.dyndns.org/rsync/. I also put up the uml code there for easy
> rsync download.
>
> There will soon be the next pre release, including some simple process
hiding
> mechanism.
The CAP module now contains a process hiding scheme: You can hide the status
of a process from all other users (except CAP Secoff and Sysadm) or from all
users (except CAP Secoff). A new kernel param rsbac_cap_process_hiding
defaults the value for all processes to 1 (hide from other users).
There will probably be a new capability to replace the current fixed
exception scheme, and there might be per-executable values.
It is no good idea to hide too much from root, though - some daemons will not
work properly, if they do not get process states.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list