[rsbac] Urgent Security Bugfix 1.2.3-14

Andrea Pasquinucci cesare at ucci.it
Wed Feb 23 20:08:54 CET 2005

PS. I am using the kernels in 
and I am quite happy about them. Is the kernel 
free of this bug? (this is the same question as before, sorry, but the 
changelog say that it has applied only up to bugfix v1.2.3-13)


On Wed, Feb 23, 2005 at 04:23:09PM +0100, Amon Ott wrote:
* RSBAC Security Bugfix v1.2.3-14 for 2.4 kernels has been released! 
* Urgency is high - please apply ASAP, if you run v1.2.3 on a 2.4 
* kernel!
* 14. General/Kernels 2.4.x: Missing RSBAC interception for sys_sysctl
*     * Urgency: High.
*     * What you see: Processes with sufficient Linux rights can change 
* sysctl settings through sys_sysctl, although not allowed by RSBAC 
* control.
*     * What is wrong: The syscall sys_sysctl is not intercepted, but 
* the proc interface at /proc/sys/ is intercepted correctly.
*     * Implications: Encapsulated daemons running as root or with 
* additional Linux capabilities can change important system settings. 
* E.g. kernel.modprobe controls, which binary is run by the kernel with 
* root rights when trying to access a not existing device.
*     * Credits: Thanks to Brad Sprengler for hinting at sys_sysctl.
*     * RSBAC versions affected: All versions up to 1.2.4.
*     * What you should do: Apply this patch (MD5 / GnuPG Cert) to get 
* the bug corrected, recompile the kernel, reinstall and reboot.
* Amon.
* -- 
* http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list