No events planned
RSBAC 1.4.6 has been released for the kernel 3.1.5.
Most important changes since 1.4.5:
The complete lists of changes are available here:
Kernel changes: http://www.rsbac.org/dl.php?file=code/1.4.6/changes-1.4.6.txt
Admin tools changes: http://www.rsbac.org/dl.php?file=code/1.4.6/admin-changes-1.4.6.txt
Unfortunately, there is a severe bug in the code that determines the RSBAC request type in sys_open() calls. As a result from this bug, open access will be decided upon by RSBAC with wrong request type, a read open can happen unnoticed. A read() access after opening is intercepted as intended, because only the open interception is wrong.
Affected are all RSBAC git repos for kernels starting from 2.6.35 and the official release 1.4.5 for 2.6.35. RSBAC for kernel 2.6.32 is not affected.
Please update your kernel sources from git or apply the patch for 2.6.35.y, rebuild and reboot to get the bug fixed. I will try to get a new release out for kernel 3.1.4 or later as soon as possible. After fixing, your system might need RSBAC rights adjustments, because the set of accesses changes.
Background: Between 2.6.32 and 2.6.35, the meaning of the flags parameter for sys_open() helper functions changed from some translated internal value to an exact copy of the sys_open() flags parameter. When porting RSBAC code from 2.6.32, we did not notice that change.
RSBAC has been successfully ported to Linux kernel 3.0, you find a new git repo at http://git.rsbac.org. Please test it and report so that we can make a new 3.0 based release soon.
RSBAC has been successfully ported to 22.214.171.124, you find a new git repo at http://git.rsbac.org. Please test it and report so that we can make a new release soon.
After having no enhanced kernels (with PaX and RSBAC) for a while, we now have Marcos <natashell at rsbac dot org> as new maintainer of enhanced kernels. Thanks a lot for your help!
Here is his list announcement:
It’s a big pleasure for me announce you that there is a new “Enhaced Kernel” which include RSBAC-1.4.5 and PaX test-24. This one is available from:
It compiles fine and I think it is working fine also.
Hope you can test it and get your feedback about it.
We also have a git repo for 2.6.38 at http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-2.6.38.y.git;a=summary
2.6.38 is not long term supported by official kernel, but 2.6.39 has significant changes in some APIs, so porting RSBAC to 2.6.39 will take a while.
The GIT repository management has been changed. This is the new layout:
|linux-2.6-next.git||Follows Linus’s linux-2.6.git and includes RSBAC unstable|
|linux-2.6.git||Follows Linus’s linux-2.6.git and includes RSBAC stable|
|linux-2.6.35.y.git||Follows the Long Term Support branch for 2.6.35 and includes RSBAC stable|
|linux-2.6.32.y.git||Follows the Long Term Support branch for 2.6.32 and includes RSBAC stable|
|linux-2.6-old.git||For reference purpose only, this repository is read-only and should not be used|
We might eventually add more LTS1) branches as kernel.org adds them, of course.
Please note that we have some documentation on how to use these GIT repositories (for developers and users alike), in case you have questions.
As you may have noticed, our tarball for the RSBAC admin tool version 1.4.5 on http://download.rsbac.org/code/1.4.5/ contained the wrong version numbers in some places and did not reflect the exact 1.4.5 release.
This has been corrected. Sorry for the inconvenience.