[rsbac] CHANGE_OWNER request on PROCESS for same uid

Amon Ott ao at rsbac.org
Wed Jun 18 17:32:41 MEST 2003

On Wednesday, 18. June 2003 15:25, Jochen Eisinger wrote:
> yes, I admit, I first installed a new version of rsbac and then read the
> Changes... well, but that's how it is, and now I'm a little puzzled what
> to do about this:
> - Changed behaviour on setuid etc.: Notification is always sent, even
>   if the uid was set to the same value. This allows for restricted RC
>   initial roles with correct role after setuid to root.
> Now with this feature, half of my programs cannot be executed anymore...
> my question is now: what do I have to do to grant all programs to setuid
> to their current uid (possibly without adding this capability explicitly
> to every program)?
> running rsbac-1.2.2-pre5

Please add an AUTH capability for user 4294967293 (-3), which is the special 
value for 'user who started the program'. The rsbac_fd_menu lets you choose 
this value when setting an AUTH cap.

In my experience, there are only a handful of programs that really need this 
capability, mostly kde programs. Many programs still work, even if 
setuid(getuid()) fails.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list