[rsbac] Binaries losing RSBAC privileges after being updated
Fabian Kiendl
rsbac at gmx.net
Mon Jun 30 12:07:07 MEST 2003
I'm quite happy with RSBAC's limiting damage in case someone SHOULD break
root through a security hole in some service. However, there's still more to
security than just RSBAC, so I keep up installing security upgrades for my
distribution. Unfortunately, by installing new versions of binaries I also rob
them of all special privileges I had previously given them, so they may stop
working. E.g. after a new version of sshd is installed, sshd does no longer
have the "AUTH May Setuid" capability. And an updated X server is no longer
granted GET_STATUS_DATA to the SCD kmem, so X stops working. The updated kdm can
no longer "AUTH May Setuid" either, so I have to log in as secoff on the
console to fix all that.
I reckon the privileges I give to binaries are bound not only to their
names, but also to at least the inode where they reside. So the privilege does no
longer apply after a new version is installed, and the corresponding entry
becomes orphaned in RSBAC control files. Is there any way to stop this
behaviour, or could RSBAC at least log a warning in the syslog that an
RSBAC-privileged (e.g. "AUTH May Setuid") binary has been updated and therefore lost its
special powers? Otherwise I'm in for a nightmare every time I apply a large
batch of security patches.
Fabian
More information about the rsbac
mailing list