[rsbac] Group DAC ?
Andrea Pasquinucci
cesare at ucci.it
Mon May 9 12:57:36 CEST 2005
I have given
auth_set_cap -g FD add /bin/su 0
auth_set_cap -E FD add /bin/su 0
auth_set_cap -F FD add /bin/su 0
I am uid 500 and trying to su to root, I get the following errors:
May 9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP,
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500,
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 1,
result NOT_GRANTED (Softmode) by AUTH
May 9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP,
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500,
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 2,
result NOT_GRANTED (Softmode) by AUTH
May 9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP,
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500,
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 3,
result NOT_GRANTED (Softmode) by AUTH
May 9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP,
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500,
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 4,
result NOT_GRANTED (Softmode) by AUTH
May 9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP,
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500,
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 6,
result NOT_GRANTED (Softmode) by AUTH
May 9 12:48:55 old kernel: rsbac_adf_request(): request CHANGE_GROUP,
pid 25825, ppid 25824, prog_name su, prog_file /bin/su, uid 500,
audit_uid 500, target_type PROCESS, tid 25825, attr group, value 10,
result NOT_GRANTED (Softmode) by AUTH
Am I silly again?
I am running kernel
http://fixed.rsbac.mprivacy-update.de/linux-2.6.11-rsbac-v1.2.4-pax-20050412.tar.bz2
with latest Group DAC fixes.
Andrea
--
Andrea Pasquinucci cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050509/a09bf472/attachment.bin
More information about the rsbac
mailing list