[rsbac] Urgent Security Bugfix 1.2.3-14

Amon Ott ao at rsbac.org
Wed Feb 23 16:23:09 CET 2005

RSBAC Security Bugfix v1.2.3-14 for 2.4 kernels has been released! 
Urgency is high - please apply ASAP, if you run v1.2.3 on a 2.4 

14. General/Kernels 2.4.x: Missing RSBAC interception for sys_sysctl

    * Urgency: High.
    * What you see: Processes with sufficient Linux rights can change 
sysctl settings through sys_sysctl, although not allowed by RSBAC 
    * What is wrong: The syscall sys_sysctl is not intercepted, but 
the proc interface at /proc/sys/ is intercepted correctly.
    * Implications: Encapsulated daemons running as root or with 
additional Linux capabilities can change important system settings. 
E.g. kernel.modprobe controls, which binary is run by the kernel with 
root rights when trying to access a not existing device.
    * Credits: Thanks to Brad Sprengler for hinting at sys_sysctl.
    * RSBAC versions affected: All versions up to 1.2.4.
    * What you should do: Apply this patch (MD5 / GnuPG Cert) to get 
the bug corrected, recompile the kernel, reinstall and reboot.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : rsbac-bugfix-v1.2.3-14.diff
Dateityp    : text/x-diff
Dateigröße  : 1951 bytes
Beschreibung: nicht verfügbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20050223/ecd46315/rsbac-bugfix-v1.2.3-14.bin
-------------- nächster Teil --------------
Version: GnuPG v1.2.5 (GNU/Linux)

-------------- nächster Teil --------------
b790e5e966628c895100bdd8badc22f3  rsbac-bugfix-v1.2.3-14.diff

More information about the rsbac mailing list