[rsbac] FF: Some questions
Amon Ott
ao at rsbac.org
Thu Sep 16 12:47:16 CEST 2004
On Sonntag, 12. September 2004 00:38, Nico Manicone wrote:
> i am playing with RSBAC on Adamantix 1.04 and have some questions
> regarding file flags:
>
> 1. i have played with the fileflags and i was a little bit amazed
about
> the results i found:
>
> read_only read, delete, execute possible
> excute_only only execute allowed
> search_only read, delete, execute possible
> write_only only write allowed
>
> Is this the normal behavior?
Certainly not, and I cannot reproduce it here. Can you provide more
info? Do you get a syslog entry?
> 2. I have troubles understanding the usage of "search_only" and
> "no_mount". The meaning is obvious, but in which scenarios should
they
> be used?
search_only is e.g. for program directories, from which you should
only execute programs you know about. It hides a dir from ls.
no_mount protects e.g. /etc from a mount, which would replace all
config files with the attacker's files.
> 3. Up to now i have used "rsbac_menu" to manipulate file flags. Is
there
> a command line tool to change many files flags at once?
Yes, attr_set_file_dir and attr_set_fd. Please read the updated model
description at http://rsbac.org/documentation/models.php#ff
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20040916/cbf40e4d/attachment.bin
More information about the rsbac
mailing list