[rsbac] Strange random errors

Amon Ott ao at rsbac.org
Fri Jun 24 10:57:36 CEST 2005 

On Freitag 24 Juni 2005 10:32, Rafal Bisingier wrote:
> I'm using
> 
http://fixed.rsbac.mprivacy-update.de/linux-2.6.11-rsbac-v1.2.4-pax-20050613.tar.bz2
> compiled without symlink redirection, but quite offten I obseve
> problems running different programs. There are two type of errors. 
First
> ends with plain "memory fault", or "segmetation fault" and a program

Do you use RSBAC User Management?

> crash, the second is: "Inconsistency detected by ld.so: rtld.c: 
1075: dl_main:
> Assertion `_rtld_local._dl_rtld_map.l_libname' failed!"

Never seen this message before. Does this also happen with PaX 
disabled?
 
> BTW: I tried to use FF module. I wanted to set execute_only flag
> on some files, but then on every exec I got an error for READ
> request not granted by FF (behaviour of FF module is corect, but why 
I
> need read right to just run a progam?)

All scripts first start the interpreter, which then READs the script 
to interpret it. execute_only only works for binaries. Please try the 
file utility, then you will see how many programs are scripts.
 
> One more thing with the FF module (make it a feature request):
> I'd like to have FF++ module with rights changed to 2-bits with the
> meaning:
> 0 - no access of this type
> 1 - only this type access
> 2 - inherit this type right
> 3 - grant access of this type
> I think this would make FF module much more usefull. ;-)
> I would do this myself, but my programing skills are too low :-(
> I know there is enough work with 1.2.5 currently, but maybe in 1.2.6
> this could be done... ;-)

Mind making a list of what accesses you would like to see controlled 
in this way? Default would be 2 for most rights, root dir default 3.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde abgetrennt...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: nicht verf?gbar
URL         : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050624/6ae29eab/attachment.bin

More information about the rsbac mailing list