[rsbac] / in ramdisk
Martin Heyer
martin.heyer at gmx.de
Thu Sep 9 13:11:28 CEST 2004
Am Donnerstag, 9. September 2004 03:44 schrieb Bencsath Boldizsar:
Thanks for the fast reply.
I also thought about this possibility but, I don't have a good feeling with
this.
Generally rsbac prohibits i.e. uid-changes as long as I do not allow them
explicitly. Imagine what happens if the evil root-user manages to kill my
setup-script. => Normally rsbac were up allowing nothing.OK But in the latter
case rsbac runs softmode forever :((
The harddisk is mounted on /hdd.
My problem was that rsbac "forgets" its config (+AUTH_MAY_SUID) for a file (my
400wrapper) on the harddisk. Doesn't it save everything for /hdd/...
in /hdd/rsbac.dat (the one that survives reboot) or does it also save those
things in /rsbac.dat (the one that doesn't)?
> check our 'sniffix' live cd, it is based on knoppix, so it is a cd and
> ramdisk based distribution, it loads in softmode, a small script
> initializes rsbac and sets the basic privileges, and after that it turns
> off softmode. So the students can set all the other permissions by hand,
> and if they fail, just reboot the cd...
> on the other hand, if you want to save these settings, just backup_all
> them to a hdd and load it by hand or by the cd...
>
> it is no use to manually modify/use rsbac.dat etc. files as they contain
> INODE based information and you definitely want use PATH based information
> (e.g. backup_all )
>
> boldizsar
>
>
> --------------------------------
> Bencsath Boldizsar
> boldi at mail2003.etl.hu
> --------------------------------
>
More information about the rsbac
mailing list