[rsbac] FF: Some questions

Amon Ott ao at rsbac.org
Thu Sep 16 12:47:16 CEST 2004

On Sonntag, 12. September 2004 00:38, Nico Manicone wrote:
> i am playing with RSBAC on Adamantix 1.04 and have some questions 
> regarding file flags:
> 1. i have played with the fileflags and i was a little bit amazed 
> the results i found:
> read_only	read, delete, execute possible		
> excute_only	only execute allowed
> search_only	read, delete, execute possible
> write_only	only write allowed
> Is this the normal behavior?

Certainly not, and I cannot reproduce it here. Can you provide more 
info? Do you get a syslog entry?
> 2. I have troubles understanding the usage of "search_only" and 
> "no_mount". The meaning is obvious, but in which scenarios should 
> be used?

search_only is e.g. for program directories, from which you should 
only execute programs you know about. It hides a dir from ls.

no_mount protects e.g. /etc from a mount, which would replace all 
config files with the attacker's files.

> 3. Up to now i have used "rsbac_menu" to manipulate file flags. Is 
> a command line tool to change many files flags at once?

Yes, attr_set_file_dir and attr_set_fd. Please read the updated model 
description at http://rsbac.org/documentation/models.php#ff

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: signature
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20040916/cbf40e4d/attachment.bin

More information about the rsbac mailing list