[rsbac] A few bugs; RH kernels

Amon Ott ao at rsbac.org
Thu Sep 4 09:55:20 MEST 2003

On Thursday, 4. September 2003 04:22, Samuli Kärkkäinen wrote:
> 1) Some RSBAC configuration utility seems to create file /tmp/temp and leave
> it there. I run the guilty utility first as root, so that /tmp/temp gets
> created with owner root. Then I run the utility as the security officer, but
> now the utility can't overwrite /tmp/temp, and shows some warnings.

Thanks for telling, there is a left over debug statement in rsbac_fd_menu. 
The attached patch disables it.
> 2) When ever I try to press the help button in some menu based configuration
> utility, the effect is same as pressing the cancel button. Could this be
> because of a faulty installation, or is this a known bug?

This is a known bug in some older dialog versions, where my patch was 
incorrectly adopted. Please try the version at http://rsbac.org/dialog/ with 
the provided patch, it works fine.
> 3) Has it been considered releasing either RSBAC patches against Redhat
> kernel sources, or releasing binary rpm's that are based on the Redhat
> kernels? I'm going to recommend my company to use RSBAC in its servers, and
> I'm sure they'd be much more willing to do that if it didn't require
> suspicious manual patching to add RSBAC into a Redhat kernel (which is what
> they will keep using).

Redhat, like many other distros, heavily patch their kernels with more or 
less stable and useful extra features. RSBAC patches have always been against 
vanilla kernels, I just cannot follow all distributions and create patches 
for their special kernels.

What I do is provide pre-patched vanilla kernels, which you only need to 
download, untar, configure and compile. This kernel would probably be best 
suited for your needs. Alternatively, you can use the precompiled kernel from 
the latest RSBAC Live CD.

In you special case, I have no Redhat distro, never used one and probably 
will never use one. If someone on this list, maybe you, likes to create 
patches for special kernels, I would happily add them to the patch directory.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde geschreddert...
Dateiname   : rsbac_fd_menu.diff
Dateityp    : text/x-diff
Dateigröße  : 394 bytes
Beschreibung: nicht verfügbar
URL         : http://gateway.compuniverse.de/pipermail/rsbac/attachments/20030904/1c9e2531/rsbac_fd_menu.bin

More information about the rsbac mailing list