[rsbac] Problems with UM/RC

Rafal Bisingier ravbc at man.poznan.pl
Fri Jul 1 17:07:43 CEST 2005


I feel a little oddly, but I think I found one more bug in UM code of
RSBAC. Here's the problem:
I've got a RC role with def_user_create_type set to 3 (I've added this
type to default RSBAC config), but sometimes when a process with this
role try to create user it create a user with rc_type 0 !
That's not the end of the problem - when I change rc_type of this user
to anything else (eg. 1 - Security User), then I delete this user (from
the secoff account), and once again I create user with the same UID by
the original process (with def_user_create_type = 3), then the newly
created user will get rc_type set to this UID before deletion.
But that's still not the worst of it. This recreated user will get also
the same RC role (!) as user with this UID before it was deleted.


Rafal Bisingier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050701/caeca5e5/attachment.bin

More information about the rsbac mailing list