Válasz: Re: [rsbac] rsbac_rc_get_item () returned error -1009! rsbac thread pid 4294967295 ?? BUG in attr_set_user
Amon Ott
ao at rsbac.org
Mon Feb 16 10:29:31 CET 2004
On Dienstag, 20. Januar 2004 11:52, Amon Ott wrote:
> On Montag, 19. Januar 2004 14:47, Chirag Pandya wrote:
> > > > attr_set_user -V 66050 remotecopy rc_def_role
> > > 20185
> > > > although there was no remotecopy user on the
> > > system. Unfortunately it
> > > > didn't say "There is no user" or some similar
> > > error message instead it
> > > > applied it to user 0 !!!!
> > >
> > > This is really bad - I thought I had fixed it
> > > already. Will be corrected soon.
> >
> > Similar problems also exist in the attr_set_file_dir
> > call,
> > For example, as secoff, if I type
> > attr_set_file_dir MAC FILE <some_program>
> > mac_trusted_for_user <some__user_name xxx>
> >
> > The attribute gets applied to user "root". It doesn't
> > matter if "xxx" exists or not.
> > UID's work fine.
>
> OK, will fix that, too.
I believe to have fixed all such cases in my code tree now.
There was a logical error in the previous code, which accepted the 0 value
instead of exiting with an error. Additionally, some places missed the code
altogether. Somehow I never happended to run into the problem myself, until
just after you reported the problem.
Now there is a separate function rsbac_get_uid, which takes proper care of all
cases (and which is also smaller and faster :).
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list