[rsbac] prohibit tcpip connects with ACL - why don't works?
Amon Ott
ao at rsbac.org
Tue Sep 23 09:47:05 MEST 2003
On Tuesday 23 September 2003 00:03, Pallai Roland wrote:
> On Mon, 2003-09-22 at 10:14, Amon Ott wrote:
> > The setup looks OK. Could you please try with another ACL entry at the
> > template 100100 for user 0? There might be a lurking bug related to role
> > rights.
> same results.. every connect allowed for everyone..
>
> > Please also try the acl_rights command to get the system's opinion about
> > existing rights, and maybe a "Who has rights here?" from the
rsbac_acl_menu
> > on the template.
> Who has rights to NETTEMP 100100:
> USER_0 000000011111110010000000000000010000000000110000000
> [...]
> USER_2229 000000000000000000000000000000000000000000010000000
> [...]
>
> vudumen at xxx:~$ id
> uid=2229(vudumen) gid=2000 groups=2000
> vudumen at xxx:~$ telnet 192.168.0.200 22
> Trying 192.168.0.200...
> Connected to 192.168.0.200.
> [...]
Ouch and congratulations: You hit a bug in RSBAC. :(
ACL always used the local template, even for remote requests. Please try the
attached patch for acl_data_structures.c and tell whether it works now. If it
does, this will become the first official bugfix for 1.2.2.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : rsbac-bugfix-v1.2.2-1.diff
Dateityp : text/x-diff
Dateigr??e : 995 bytes
Beschreibung: nicht verf?gbar
URL : http://gateway.compuniverse.de/pipermail/rsbac/attachments/20030923/a0c1d2bd/rsbac-bugfix-v1.2.2-1.bin
More information about the rsbac
mailing list