Serious MAC bug (was [rsbac] Mac role functions)
Amon Ott
ao at rsbac.org
Fri Oct 17 10:14:44 MEST 2003
On Thursday, 16. October 2003 20:50, Chirag Pandya wrote:
> attr_set_file_dir is set to 555.
> On a file (sitting in root's home dir as root) I can
> do:
> attr_set_file_dir MAC FILE xxx mac_prop_trusted 1
> attr_set_file_dir MAC FILE xxx mac_file_flags 36
> (or any combination of file flags)
> I believe root shouldn't be able to set any MAC
> attributes.
You are perfectly right, this is a serious bug. Please apply the attached
bugfix ASAP to protect all your MAC systems and send me a brown paper
bag. :(
This bugfix is also available online from the bugfix page.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : rsbac-bugfix-v1.2.2-3.diff
Dateityp : text/x-diff
Dateigr??e : 1071 bytes
Beschreibung: nicht verf?gbar
URL : http://gateway.compuniverse.de/pipermail/rsbac/attachments/20031017/9b6ea9cd/rsbac-bugfix-v1.2.2-3.bin
More information about the rsbac
mailing list