[rsbac] / in ramdisk

Martin Heyer martin.heyer at gmx.de
Thu Sep 9 13:11:28 CEST 2004


Am Donnerstag, 9. September 2004 03:44 schrieb Bencsath Boldizsar:
Thanks for the fast reply.
I also thought about this possibility but, I don't have a good feeling with 
this.
Generally rsbac prohibits i.e. uid-changes as long as I do not allow them 
explicitly. Imagine what happens if the evil root-user manages to kill my 
setup-script. => Normally rsbac were up allowing nothing.OK But in the latter 
case rsbac runs softmode forever :((
The harddisk is mounted on /hdd.
My problem was that rsbac "forgets" its config (+AUTH_MAY_SUID) for a file (my 
400wrapper) on the harddisk. Doesn't it save everything for /hdd/... 
in /hdd/rsbac.dat (the one that survives reboot) or does it also save those 
things in /rsbac.dat (the one that doesn't)?

> check our 'sniffix' live cd, it is based on knoppix, so it is a cd and
> ramdisk based distribution, it loads in softmode, a small script
> initializes rsbac and sets the basic privileges, and after that it turns
> off softmode. So the students can set all the other permissions by hand,
> and if they fail, just reboot the cd...
> on the other hand, if you want to save these settings, just backup_all
> them to a hdd and load it by hand or by the cd...
>
> it is no use to manually modify/use rsbac.dat etc. files as they contain
> INODE based information and you definitely want use PATH based information
> (e.g. backup_all )
>
> boldizsar
>
>
> --------------------------------
> Bencsath Boldizsar
> boldi at mail2003.etl.hu
> --------------------------------
>


More information about the rsbac mailing list