Serious MAC bug (was [rsbac] Mac role functions)

Amon Ott ao at
Fri Oct 17 10:14:44 MEST 2003

On Thursday, 16. October 2003 20:50, Chirag Pandya wrote:
> attr_set_file_dir is set to 555.
> On a file (sitting in root's home dir as root) I can
> do:
> attr_set_file_dir MAC FILE xxx mac_prop_trusted 1
> attr_set_file_dir MAC FILE xxx mac_file_flags 36
> (or any combination of file flags)

> I believe root shouldn't be able to set any MAC
> attributes.

You are perfectly right, this is a serious bug. Please apply the attached 
bugfix ASAP to protect all your MAC systems and send me a brown paper 
bag. :(

This bugfix is also available online from the bugfix page.

-- - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : rsbac-bugfix-v1.2.2-3.diff
Dateityp    : text/x-diff
Dateigr??e  : 1071 bytes
Beschreibung: nicht verf?gbar
URL         :

More information about the rsbac mailing list