[rsbac] rsbac-v1.2.2-pre3 uploaded

Amon Ott ao at rsbac.org
Mon Jan 27 15:56:42 MET 2003

Hi folks!

The new pre-release v1.2.2-pre3 has been uploaded to http://rsbac.org/pre, 
the pre-patched kernels are still in progress.

- AUTH port to generic lists has been finished and seems to work fine

- new optional requests CHANGE_DAC_EFF_OWNER and CHANGE_DAC_FS_OWNER

- Optional separate AUTH caps for these

- TTL for all AUTH caps (not yet in menues)

- CAP module now contains a process hiding scheme: You can hide the status 
of a process from all other users (except CAP Secoff and Sysadm) or from all 
users (except CAP Secoff). A new kernel param rsbac_cap_process_hiding 
defaults the value for all processes to 1 (hide from other users).

- All 1.2.1 bugfixes and some smaller ones

1.2.2-final is coming close, so please try this one out and report all the 

Do you think I should make a UML version of this pre-release? The recipe on 
the UML page should work fine, though.

New to-do list:


- MS module support for F-Protd as scanning engine
- ms_need_scan FD attribute for selective scanning
- JAIL flag to additionally allow to/from local/remote IP
- RSBAC syscall version numbers
- Add RES module with minimum and maximum resource settings for
  users and programs
- New requests CHANGE_DAC_(EFF|FS)_OWNER on target type PROCESS to
  control euid and fsuid
- Port the last lists (AUTH) to generic lists
- Extra AUTH cap sets for these
- Feature to make processes only visible to owners (GET_STATUS_DATA)

To do for 1.2.2:

- Change i18n technique of admin tool help to gettext
- Support more scanners (AVP, AntiVir, Clamav) in MS module

To do later:

- More sophisticated resource control scheme
- Allow IP-list in jail, not just one IP.
- Optional RC role and type hierarchy
- RC ttl setting in menues (already displayed, but setting is a bit tricky)
- AUTH daemon for authentication enforcement
- Support more network address families with addresses etc.
- Support more network address families with NETDEV and SCD/network/firewall
- PM overhaul and menues
- (maybe) Install trace mode with automatic attribute restore (for software
- Script log->auth cap setting
- Learning modes etc. for automatic setup script generation
- ACL support in Samba
- (maybe) Attribute set undo log in menues
- (maybe) Attribute get log in menues

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list