[rsbac] Group DAC ?

Andrea Pasquinucci cesare at ucci.it
Mon May 9 12:57:36 CEST 2005


I have given

auth_set_cap -g FD add /bin/su 0
auth_set_cap -E FD add /bin/su 0
auth_set_cap -F FD add /bin/su 0

I am uid 500 and trying to su to root, I get the following errors:


May  9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP, 
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500, 
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 1, 
result NOT_GRANTED (Softmode) by AUTH
May  9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP, 
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500, 
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 2, 
result NOT_GRANTED (Softmode) by AUTH
May  9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP, 
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500, 
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 3, 
result NOT_GRANTED (Softmode) by AUTH
May  9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP, 
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500, 
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 4, 
result NOT_GRANTED (Softmode) by AUTH
May  9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP, 
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500, 
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 6, 
result NOT_GRANTED (Softmode) by AUTH
May  9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP, 
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500, 
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 10, 
result NOT_GRANTED (Softmode) by AUTH


Am I silly again?

I am running kernel 
http://fixed.rsbac.mprivacy-update.de/linux-2.6.11-rsbac-v1.2.4-pax-20050412.tar.bz2 
with latest Group DAC fixes.

Andrea

--
Andrea Pasquinucci                     cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F  CCBB CB51 2983 6494 0DA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050509/a09bf472/attachment.bin


More information about the rsbac mailing list