[rsbac] Minor and medium Bugfixes v1.2.3-6 and v1.2.3-7

Amon Ott ao at rsbac.org
Mon Oct 4 12:14:54 CEST 2004


Minor and medium RSBAC Bugfixes v1.2.3-6 and v1.2.3-7 have been 

6. General: Various small fixes.

    * Urgency: Low.
    * What you see: Several small glitches: When e.g. calling fuser in 
2.4 kernels, lots of logging entries for device 00:00. Ext2 and ext3 
do not work as modules, because symbol rsbac_symlink_redirect is 
missing. 2.6 does not compile on new gcc or spits out warnings. When 
checking of IPC sempahores is enabled, WRITE on IPC targets returns 
UNDEFINED. User pseudonyms do not work.
    * What is wrong: sys_stat interception is incomplete. Symbol is 
not exported. WRITE on IPC is not listed in adf_check.c. When getting 
the user pseudo value, the target id variable is not intialized.
    * Implications: Some people cannot boot 2.4 kernels. In some 
cases, 2.6 does not compile. Semaphore access is always denied. User 
privacy may be weakened.
    * RSBAC versions affected: 1.2.3.
    * Bugtracker issue: #0000007.
    * What you should do: Apply this patch (MD5 / GnuPG Cert) to get 
the bugs corrected, recompile the kernel, reinstall and reboot.

7. General/Kernels 2.6: RSBAC initializes from device 00:00

    * Urgency: Medium.
    * What you see: 2.6 kernels with initrd support loose some RSBAC 
setting over reboots, because RSBAC initializes from device 00:00 
instead of the correct root device.
    * What is wrong: The rsbac_init call in init/do_mounts.c uses the 
real_root_dev variable, which does not seem to be initialized 
correctly in 2.6 kernels.
    * Implications: RSBAC looses settings over reboot.
    * RSBAC versions affected: 1.2.3.
    * Bugtracker issue: #0000005.
    * What you should do: Use RSBAC delayed init as a workaround or 
apply this patch (MD5 / GnuPG Cert) to get the bug corrected, 
recompile, reinstall and retry.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list