[rsbac] RSBAC v1.2.4-pre4 / rc1 released

Amon Ott ao at rsbac.org
Thu Jan 27 19:59:55 CET 2005


RSBAC v1.2.4-pre4 has been released for kernels 2.4.28, 2.4.29 and 
2.6.10. This is the first release candidate for v1.2.4.

The code can be downloaded from http://rsbac.org/download/pre

Changes agains pre3 are:

    * New kernel flag: rsbac_freeze: Disallows all modifying 
administration in RSBAC syscalls. Added new switch target FREEZE.
    * Make PaX default flags configurable.
    * RC check access to UNIX socket partner process
    * Transaction support for administration: begin, add a set of 
desired changes, commit atomically or forget.
    * Correct role and type values in rc_getname item parameters.
    * Add RC copy_type, to be allowed with ADMIN right.
    * User Management "exclusive mode": Only users and groups known to 
RSBAC UM can be reached. Kernel parameter and /proc setting to 
temporarily disable the restrictions.
    * Add RC type copying to rsbac_rc_type_menu
    * Randomize UM password salt better
    * Optionally randomize transaction numbers
    * Reduce memory consumption of rsbac_do_init.
    * Further reduce RSBAC's stack usage to prepare for 4 KB kernel 
stack size.
    * Password protection for transaction operations refresh, forget, 
    * Add hooks with MODIFY_SYSTEM_DATA on SCD network to queueing 
    * Warn explicitely, if CAP max_caps do not get applied because of 
running in softmode.
    * Update Dazuko interface to 2.0.5
    * Update defconfig in all archs
    * Fix mount, sync etc. hang with 2.6 ReiserFS, if Posix ACLs have 
been enabled
    * ACLs for Users and Linux groups
    * Extend AUTH auth_may_setuid flag with values last_auth_only and 
last_auth_and_gid to allow last authenticated uid to be reached. The 
second allows all group ids, too, because you cannot auth for them. 
No longer add process cap at UM authentication, but rather check at 
CHANGE_OWNER with last_auth process attribute.
    * Fix severe Oopses when forgetting transactions with lists of 

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde geschreddert...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-signature
Dateigröße  : 189 bytes
Beschreibung: nicht verfügbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20050127/6719090c/attachment.bin

More information about the rsbac mailing list