[rsbac] Urgent Security Bugfix 1.2.3-14

Andrea Pasquinucci cesare at ucci.it
Wed Feb 23 19:51:01 CET 2005

Do I understand correctly that there is no bug for v1.2.3 on 2.6 kernel? 
Otherwise which patch should I use? Thanks


On Wed, Feb 23, 2005 at 04:23:09PM +0100, Amon Ott wrote:
* RSBAC Security Bugfix v1.2.3-14 for 2.4 kernels has been released! 
* Urgency is high - please apply ASAP, if you run v1.2.3 on a 2.4 
* kernel!
* 14. General/Kernels 2.4.x: Missing RSBAC interception for sys_sysctl
*     * Urgency: High.
*     * What you see: Processes with sufficient Linux rights can change 
* sysctl settings through sys_sysctl, although not allowed by RSBAC 
* control.
*     * What is wrong: The syscall sys_sysctl is not intercepted, but 
* the proc interface at /proc/sys/ is intercepted correctly.
*     * Implications: Encapsulated daemons running as root or with 
* additional Linux capabilities can change important system settings. 
* E.g. kernel.modprobe controls, which binary is run by the kernel with 
* root rights when trying to access a not existing device.
*     * Credits: Thanks to Brad Sprengler for hinting at sys_sysctl.
*     * RSBAC versions affected: All versions up to 1.2.4.
*     * What you should do: Apply this patch (MD5 / GnuPG Cert) to get 
* the bug corrected, recompile the kernel, reinstall and reboot.
* Amon.
* -- 
* http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list