=>  Releases

Stable: 1.4.8

  • 3.10.y

Patched kernels
Includes vanilla kernel with the RSBAC patch

  • 3.10.29

Enhanced kernels
Combined patches with RSBAC and PaX, less well tested

External RSBAC+PaX
Maintained by m-privacy

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Bugfixes

This page lists fixes for relevant bugs in all released RSBAC versions from 1.1.0 onwards. If you want to report new bugs or problems, please write to the list and do not forget to mention your kernel and RSBAC version.

Reported oopses and crashes can only be investigated with known function addresses. If these are not shown in the log, we will need your System.map to find them.

The very latest bugfixes might only be available in the subversion repository at svn://rsbac.mprivacy-update.de/rsbac.

Download bugfixes directly

Version 1.2.4

1. JAIL/PAX: suid/sgid files can be created inside jail, RSBAC does not compile without PAX module

  • Urgency: Medium.
  • What you see: Programs can create suid and sgid files with sys_creat, sys_open and sys_mknod inside jails. RSBAC does not compile without PAX module.
  • What is wrong: In the JAIL module CREATE check, the corresponding mode values are not checked. The pax_print_flags function is used unconditionally, but only defined with CONFIG_RSBAC_PAX.
  • Implications: Possible indirect privilege escalation inside the jail.
  • RSBAC versions affected: 1.2.4.
  • What you should do: Apply this patch, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

2. General/Kernels 2.4.29-31 and 2.6.10: Missing RSBAC interceptions for sys_sysctl

  • Urgency: High (2.4.29) / Low (2.6.10).
  • What you see: Processes with sufficient Linux rights can read (2.4 and 2.6) and write (2.4) sysctl settings through sys_sysctl, although not allowed by RSBAC control.
  • What is wrong: The syscall sys_sysctl is not intercepted on 2.4 and only for writing on 2.6, the proc interface at /proc/sys/ is only intercepted for writing.
  • Implications: Under 2.4 kernel, encapsulated daemons running as root or with additional Linux capabilities can change important system settings. E.g. kernel.modprobe controls, which binary is run by the kernel with root rights when trying to access a not existing device. Under 2.4 and 2.6 kernels, these system settings can be read without control.
  • Credits: Thanks to Brad Sprengler for hinting at sys_sysctl.
  • RSBAC versions affected: All versions up to 1.2.4.
  • What you should do: Apply the bugfix, recompile the kernel and the admin tools, reinstall and reboot. Adjust RC and ACL model settings to allow GET_STATUS_DATA on target SCD other where appropiate.

Download for 2.4 kernels (gnupg, md5)

Download for 2.6 kernels (gnupg , md5)

3. General: Various fixes.

  • Urgency: Medium.
  • What you see: Several more or less significant bugs: Incomplete interception in /proc/pid. Missing check in PAX module, whether RSBAC has already been initialized. RC does not properly access control user password changes in new User Management (but other modules do). Endless loop DoS when writing unrecognized strings to /proc/rsbac-info/debug and others. Rare lockup cases with program path logging. Missing special ACL GROUP access rights in default setup for user 400. Missing DAC_OWNER and DAC_GROUP interceptions in setuid and setgid calls for 2.4.29. User passwords can be changed by other users, if old password is known. User management complains that system accounts without password must change it. Several bugs in PAM and NSS modules for User Management. Administration menues do not adapt to screen size correctly. Group memberships do not always get imported to User Management.
  • What is wrong: Missing interceptions, RC code at wrong place, pre-initialized err variable used elsewhere, mm segment already locked when looking up program mapping, no check for current→uid, no check for disabled password.
  • Implications: The system can lockup or allow undesired accesses, depending on RSBAC kernel configuration and setup.
  • RSBAC versions affected: 1.2.4.
  • Bugtracker issue: #0000027 and others.
  • What you should do: Apply this patch for 2.6 (MD5 / GnuPG Cert) or this patch for 2.4 (MD5 / GnuPG Cert) and this patch for the admin tools (MD5 / GnuPG Cert) to get the bugs corrected, recompile the kernel, reinstall and reboot.

Download for 2.4 kernels (gnupg, md5)

Download for 2.6 kernels (gnupg , md5)

4. General: Memory leak in logging code

  • Urgency: Medium.
  • What you see: System memory usage increases more or less slowly. /proc/slabinfo shows too many allocations in rsbac-256.
  • What is wrong: For each request log entry, several memory chunks of 256 Bytes get allocated. The chunk for attr_val_name does not get deallocated.
  • Implications: The system will run out of memory after a while, depending on the amount of request logging.
  • RSBAC versions affected: 1.2.4.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

5. General/Kernels 2.4 with bugfix 1.2.4-3: Compile error with gcc 2.95

  • Urgency: Low.
  • What you see: The kernel does not compile with RSBAC enabled. Compile errors are in fs/proc/base.c.
  • What is wrong: In two functions, not all variable declarations happen before the first instruction. Kernel folks tend to assign values right in the declaration, the new RSBAC interceptions were placed before those lines.
  • Implications: The kernel does not compile.
  • RSBAC versions affected: 1.2.4 with bugfix 1.2.4-3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, compile the kernel, install and reboot.

Download it (gnupg, md5)

6. General: Fix rare dereference oopses in inheritance code.

  • Urgency: Low.
  • What you see: In some rare cases, RSBAC oopses in function rsbac_get_parent.
  • What is wrong: Sometimes a file dentry pointer gets freed in do_exec() before the RSBAC EXECUTE notification call.
  • Implications: A program might be executed with wrong program based rights, e.g. wrong RC role, if those have been set at the directory where the program is.
  • Credits: Thanks to Cyberguard for nailing this nasty bug down!
  • RSBAC versions affected: 1.2.4.
  • Bugtracker issue: #0000019.
  • What you should do: Apply the patch for 2.6 (MD5 / GnuPG Cert) or the patch for 2.4 (MD5 / GnuPG Cert) to get the bugs corrected, recompile the kernel, reinstall and reboot.

Download for 2.4 kernels (gnupg, md5)

Download for 2.6 kernels (gnupg , md5)

7. General/2.6 kernels: Fix rare file lookup failures with symlink redirection enabled.

  • Urgency: Medium.
  • What you see: In some rare cases, filenames cannot be looked up correctly, and a file not found error gets returned. This only happens on 2.6 kernels with ext2 or ext3 and if symlink redirection has been enabled.
  • What is wrong: Newer 2.6 kernels violate the filesystem layering by directly using a pointer to ext2/ext3 internal data from virtual filesystem switch instead of copying the string content. RSBAC symlink redirection replaces the string by a possibly redirected temporary string, which gets freed after use. When the higher layer uses the direct pointer, the string is no longer valid and its content might have been changed by another memory user.
  • Implications: Random programs might fail or produce weird results, because they cannot read other files.
  • RSBAC versions affected: 1.2.4.
  • Bugtracker issue: none.
  • What you should do: Apply the patch for 2.6 (MD5 / GnuPG Cert) or the patch for 2.4 (MD5 / GnuPG Cert) to get the bug corrected and to avoid unnecessary string allocations, recompile the kernel, reinstall and reboot.

Download for 2.4 kernels (gnupg, md5)

Download for 2.6 kernels (gnupg , md5)

Version 1.2.3

1. AUTH: In some configs, normal users can switch AUTH module off

  • Urgency: High.
  • What you see: If module switching is enabled, but AUTH self protection disabled, FF, RC and ACL modules do not prevent switching AUTH module off, even if they have been configured to protect the AUTH module. The other modules have the required check and are not affected.
  • What is wrong: In the SWITCH_MODULE check, these modules do not check for AUTH as switch target.
  • Implications: Without AUTH module, user ids are not checked. This means that administration accounts are no longer protected from root.
  • RSBAC versions affected: 1.0.8-1.2.3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

2. General/Kernel 2.6.7: Compile error with GCC 2.95

  • Urgency: Low.
  • What you see: If you try to compile RSBAC v1.2.3 for kernel 2.6.7 with GCC 2.95, you get an error in fs/exec.c.
  • What is wrong: When moving from 2.6.6 to 2.6.7, the RSBAC variable declarations in do_execve() were placed after some code. While older versions are doing fine, GCC 2.95 does not like this.
  • Implications: RSBAC not working
  • RSBAC versions affected: 1.2.3.
  • What you should do: Use GCC 3.x or apply this patch (MD5 / GnuPG Cert) to get the bug corrected and retry.

Download it (gnupg, md5)

3. JAIL: suid/sgid files can be created inside jail

  • Urgency: Medium.
  • What you see: Programs can create suid and sgid files with sys_creat, sys_open and sys_mknod inside jails.
  • What is wrong: In the JAIL module CREATE check, the corresponding mode values are not checked.
  • Implications: Possible indirect privilege escalation inside the jail.
  • Credits: Thanks to Brad Sprengler for reporting this bug.
  • RSBAC versions affected: 1.2.2-1.2.3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

4. General/Kernels 2.4.26-28/x86_64: Missing RSBAC syscall number.

  • Urgency: Low.
  • What you see: Admin tools do not compile under x86_64.
  • What is wrong: The RSBAC syscall number is not defined in the headers.
  • Implications: Cannot administrate under x86_64.
  • RSBAC versions affected: 1.2.3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

5. Admin tools/PAX: attr_set_fd does not accept PaX characters.

  • Urgency: Low.
  • What you see: Admin tool sets pax_flags to 0 when value uses PaX character notation.
  • What is wrong: The conversion code is missing.
  • Implications: PaX might be accidentially deactivated for certain files.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: #0000001.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile attr_set_fd and reinstall.

Download it (gnupg, md5)

6. General: Various small fixes.

  • Urgency: Low.
  • What you see: Several small glitches: When e.g. calling fuser in 2.4 kernels, lots of logging entries for device 00:00. Ext2 and ext3 do not work as modules, because symbol rsbac_symlink_redirect is missing. 2.6 does not compile on new gcc or spits out warnings. When checking of IPC sempahores is enabled, WRITE on IPC targets returns UNDEFINED. User pseudonyms do not work.
  • What is wrong: sys_stat interception is incomplete. Symbol is not exported. WRITE on IPC is not listed in adf_check.c. When getting the user pseudo value, the target id variable is not intialized.
  • Implications: Some people cannot boot 2.4 kernels. In some cases, 2.6 does not compile. Semaphore access is always denied. User privacy may be weakened.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: #0000007.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bugs corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

7. General/Kernels 2.6.6-9: RSBAC initializes from device 00:00

  • Urgency: Medium.
  • What you see: 2.6 kernels with initrd support loose some RSBAC setting over reboots, because RSBAC initializes from device 00:00 instead of the correct root device.
  • What is wrong: The rsbac_init call in init/do_mounts.c uses the real_root_dev variable, which does not seem to be initialized correctly in 2.6 kernels.
  • Implications: RSBAC looses settings over reboot.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: #0000005.
  • What you should do: Use RSBAC delayed init as a workaround or apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

8. General/Kernels 2.6.7-9: Missing interception for remount

  • Urgency: Low.
  • What you see: Users can remount a filesystem, although they have no MOUNT right on device and filesystem root dir.
  • What is wrong: The interception for remount is missing.
  • Implications: Mount restrictions like read-only or nodev might get removed by users with Linux mount right, e.g. root.
  • RSBAC versions affected: 1.2.3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile, reinstall and reboot.

Download it (gnupg, md5)

9. General: More small fixes.

  • Urgency: Low.
  • What you see: Several small glitches: GCC 3.4 compile fixes, some REG samples miss include files, inode number checks on non-ext2/3 fs create oopses.
  • What is wrong: Return values unchecked, header files not included, some fs do weird things with inode numbers.
  • Implications: Compiling RSBAC kernels and tools fails with GCC 3.4. REG samples do not compile. Oopses when calling rsbac_check() with check_inode = 1 on XFS and maybe other filesystems.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: None.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bugs corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

10. General/Kernels 2.6: Lockups with secure_delete

  • Urgency: Medium.
  • What you see: 2.6 kernels can lockup when files are deleted with secure_delete.
  • What is wrong: The secure_delete code tries to acquire a lock, which is already held by the kernel unlink function.
  • Implications: Possible lockup.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: None.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

11. General/Kernel 2.6.10: PaX and RSBAC PAX module do not compile together

  • Urgency: Medium.
  • What you see: Kernel 2.6.10 with PaX patch does not compile together with the RSBAC PAX module. When applying the RSBAC patches after the PaX patch, you get patch rejects.
  • What is wrong: The PaX interception function has been renamed, and the PaX process flags have moved to another place. PaX moves a few things, so the RSBAC patch does not find the correct places.
  • Implications: 2.6.10 cannot be controlled by RSBAC module.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: None.
  • What you should do: Apply the RSBAC patch for kernel 2.6.10 before the PaX patch. Apply this patch (MD5 / GnuPG Cert) to get the RSBAC PAX module updated. Configure PaX to use direct MAC integration. Compile the kernel, recompile admin tools, install and reboot.

Download it (gnupg, md5)

12. General/Kernels 2.6.6-2.6.10: Hangs with ReiserFS and Posix ACLs

  • Urgency: Low.
  • What you see: When mounting a ReiserFS filesystem with Posix ACLs under Kernels 2.6.6-10 with RSBAC, the mount and finally the whole system hangs.
  • What is wrong: During mount, ReiserFS makes a directory lookup with a lock held. At this time, RSBAC has not yet been initialized for the new filesystem mount, so it tries to auto-rsbac_mount the unknown device. The auto-rsbac_mount also tries to acquire the lock, and the process hangs.
  • Implications: 2.6.6-10 cannot be used with ReiserFS and Posix ACLs.
  • Credits: Thanks to Murf for reporting this bug.
  • RSBAC versions affected: 1.2.3.
  • Bugtracker issue: #0000012.
  • What you should do: Disable Posix ACLs in ReiserFS kernel configuration or apply this patch (MD5 / GnuPG Cert) to make the lookup without RSBAC checks. Recompile the kernel, install and reboot.

Download it (gnupg, md5)

13. RES: Cannot reset FD resource settings

  • Urgency: Low.
  • What you see: After setting a res_min or res_max value for a filesystem object, setting it back to default value does not work, unless another value is also non-default.
  • What is wrong: The attribute struct is only updated, if some value is non-default. Otherwise it should be removed, but is not.
  • Implications: Inconvenience in administration.
  • Credits: Thanks to Murf for reporting this bug.
  • RSBAC versions affected: 1.2.2-1.2.3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

14. General/Kernels 2.4.x: Missing RSBAC interception for sys_sysctl

  • Urgency: High.
  • What you see: Processes with sufficient Linux rights can change sysctl settings through sys_sysctl, although not allowed by RSBAC control.
  • What is wrong: The syscall sys_sysctl is not intercepted, but the proc interface at /proc/sys/ is intercepted correctly.
  • Implications: Encapsulated daemons running as root or with additional Linux capabilities can change important system settings. E.g. kernel.modprobe controls, which binary is run by the kernel with root rights when trying to access a not existing device.
  • Credits: Thanks to Brad Sprengler for hinting at sys_sysctl.
  • RSBAC versions affected: All versions up to 1.2.4.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Download it (gnupg, md5)

Version 1.2.2

1. ACL: Network access control uses local template only

  • What you see: When trying to access control network data flow to/from remote targets, it does not work.
  • What is wrong: In ACL data structures, the call to find the correct template always asks for the local endpoint template, although some request types require the use of the remote template.
  • RSBAC versions affected: 1.2.0-1.2.2.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

2. General/2.4 kernels: Busy Inodes on Umount

  • What you see: When umounting a filesystem, the system “Busy Inodes on Umount”. Some SMP systems might hang then or at the next mount. UP systems seem to work as expected.
  • What is wrong: The dentry pointer for the rsbac.dat dir is not dput.
  • RSBAC versions affected: 1.2.2 with 2.4 kernels.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get it fixed.

3. MAC: Some attributes are unprotected

  • What you see: Some MAC attributes can be read and changed by all users.
  • What is wrong: The access checks for READ_ATTRIBUTE and MODIFY_ATTRIBUTE miss these attributes.
  • RSBAC versions affected: 1.2.2.
  • What you should do: Apply this patch (updated) (MD5 / GnuPG Cert) to get it fixed.

4. General/SMP Systems: deadlocks on mount or umount possible

  • What you see: When mounting or umounting a filesystem, SMP systems can deadlock hard without any log or console messages.
  • What is wrong: rsbacd tries to write dirty lists to the filesystem and the write might sleep with a lock held.
  • RSBAC versions affected: 1.2.2 with SMP kernels.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get it fixed.

5. General: rare oopses in rsbac_get_parent

  • What you see: In some rare cases, the RSBAC inheritance code in rsbac_get_parent oopses because of an invalid pointer.
  • What is wrong: In these cases, other kernel code did not fill all pointers in the dentry structure. The inheritance code assumes all the pointers to be filled correctly and accesses them without check.
  • RSBAC versions affected: 1.2.2
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to add some more checks and get it fixed.

6. General/Network: wrong remote ports

  • What you see: In some requests using remote endpoints, e.g. SEND and RECEIVE, a wrong port number is used for access control and printed in the logs.
  • What is wrong: In these cases, the port number in network byte order is not converted to host byte order (e.g. port 53 showed up as 13568 = 53*256).
  • RSBAC versions affected: 1.2.0-1.2.2
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get it fixed and change your network templates and/or access control settings to use the same port numbers for these requests as for the other ones (CONNECT etc.).

7. General/Initrd: Cannot umount initial ramdisk

  • What you see: When booting with an initial ramdisk (initrd) and the required delayed RSBAC init, the initrd cannot be umounted with error EBUSY.
  • What is wrong: With delayed init, RSBAC initialization is triggered by the mount program run from initrd and the rsbacd kernel thread keeps the mount program as parent. This keeps files on initrd referenced, so the filesystem is busy and cannot be umounted. When RSBAC is initialized, there can also be internal mountpoint references, which are invalid after changing the root mount with pivot_root and can also keep the initrd mount busy.
  • RSBAC versions affected:1.2.2 and earlier
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get it fixed.

8. AUTH: In some configs, normal users can switch AUTH module off

  • What you see: If module switching is enabled, but AUTH self protection disabled, FF, RC and ACL modules do not prevent switching AUTH module off, even if they have been configured to protect the AUTH module. The other modules have the required check and are not affected.
  • What is wrong: In the SWITCH_MODULE check, these modules do not check for AUTH as switch target.
  • RSBAC versions affected: 1.0.8-1.2.3.
  • What you should do: Apply this patch (MD5 / GnuPG Cert) to get the bug corrected, recompile the kernel, reinstall and reboot.

Version 1.2.1

1. ACL: Possible kernel oopses and hangs when modifying FD or DEV default ACLs

  • What you see: When administrating the ACL default acls for FD and DEV targets, there might be a kernel oops and the system might hang.
  • What is wrong: An internal name lookup structure for the target filename is freed, although there has been no lookup.
  • RSBAC versions affected: 1.2.1.
  • What you should do: Apply this patch to get the bug corrected, recompile the kernel, reinstall and reboot.

2. General/2.4.19 kernel: process hangs on file truncation with secure_delete

  • What you see: When truncating a file, which is marked for secure deletion, the process hangs. Other processes might hang later, too. This usually happens when saving an edited file.
  • What is wrong: The overwrite code is called with inode lock held, so the overwriting blocks.
  • RSBAC versions affected: 1.2.1.
  • What you should do: Do not use secure_delete or apply this patch to get it fixed.

3. JAIL: IPC contact to outside of jail does not work

  • What you see: Even when enabled by rsbac_jail switch, the contact to IPC objects outside the jail does not get allowed.
  • What is wrong: The JAIL decision code did not handle the allow_external_ipc flag.
  • RSBAC versions affected: 1.2.1.
  • What you should do: Apply this patch to get the bug corrected, recompile the kernel, reinstall and reboot.

4. General: Admin tool rsbac_klogd from contrib does not compile

  • What you see: When compiling the rsbac_klogd tool in the contrib dir, linking fails.
  • What is wrong: librsbac.a is not referenced correctly.
  • RSBAC versions affected: 1.2.1.
  • What you should do: Apply this patch to get it fixed and retry.

5. General: Booting with Initial Ramdisk (initrd) hangs

  • What you see: During boot you get RSBAC messages about unknown devices and access is denied.
  • What is wrong: The initial ramdisk does not get added to the RSBAC list of known devices.
  • RSBAC versions affected: 1.2.1.
  • What you should do: Apply this patch to get the auto-mount feature from 1.2.2-pre, recompile the kernel, reinstall and reboot.

Version 1.2.0

If you encounter problems with RSBAC, please make sure that your system is not too old. E.g., your bash version should have a builtin test command for the menues.

1. General: Admin Tool attr_back_fd produces tons of errors EINVALIDMODULE

  • What you see: When making attribute backups with attr_back_fd, it produces massive error messages RSBAC_EINVALIDMODULE, if not all modules are compiled. The backup will be correct, though.
  • What is wrong: The tool tries to backup attributes for all modules, but does not suppress the errors for missing modules.
  • RSBAC versions affected: 1.2.0.
  • What you should do: Apply this patch in the admin-tools/src directory to get it right, recompile, reinstall and rerun your backup.

2. General: Admin Tool Script backup_all_1.1.2 does not run correctly on RC backup

  • What you see: When making full attribute backups with backup_all_1.1.2 for update to 1.2.0, you get an error message about an invalid command and the result for RC role special values is wrong.
  • What is wrong: A backslash \ is missing, and several replacement rules for role special values are wrong.
  • RSBAC versions affected: 1.2.0.
  • What you should do: Apply this patch in the admin-tools/src/scripts directory to get it right, reinstall and rerun your backup.

3. General: Workaround for menuconfig bug triggered by CONFIG_RSBAC_NET

  • What you see: When you had previously compiled with RSBAC network support, turn it off in menuconfig and recompile, there are missing references in RC and ACL functions.
  • What is wrong: The RSBAC config for several decision modules indirectly depends on the RSBAC network support switch CONFIG_RSBAC_NET through CONFIG_RSBAC_NET_DEV and _OBJ. Menuconfig handles this incorrectly and still keeps CONFIG_RSBAC_RC_NET_DEV etc. set, although net support is off.
  • RSBAC versions affected: 1.2.0.
  • What you should do: Call make menuconfig again and save settings again, or apply this patch to get a workaround.

4. General: Compilation fails with PM, but without 'Show more options'

  • What you see: When you try to compile RSBAC with PM module, but without ‘Show more options’, compilation fails in aci_data_structures.c.
  • What is wrong: The wrong macro CONFIG_RSBAC_SECOFF_UID has been used in types.h instead of RSBAC_SECOFF_UID.
  • RSBAC versions affected: 1.2.0.
  • What you should do: Recompile without PM or with ‘Show more options’ (does not change anything), or apply this patch to get it fixed.

5. RC: Admin Tool rc_get_item backup with -p (printall) does not fully backup

  • What you see: When making RC backups with ‘rc_get_item -p backup’, the backup is incomplete.
  • What is wrong: The tool uses a loop variable for right name printing, which is already in use. The backup without -p option is not affected.
  • RSBAC versions affected: 1.2.0.
  • What you should do: Apply this patch in the admin-tools/src directory to get it right, recompile, reinstall and rerun your backup, or backup without -p option.

6. General: Process signalling is not always intercepted

  • What you see: Despite RSBAC configuration, users can still kill their own processes. This includes the superuser root, which can affect encapsulated daemons. Still, signalling of another user’s processes is correctly intercepted.
  • What is wrong: The interception happens too late in the Linux access control checking logic.
  • RSBAC versions affected: 1.2.0 for kernels 2.4.18 and 2.2.20.
  • What you should do: Apply this patch for 2.4.18 kernel or this patch for 2.2.20 kernel to get it fixed, recompile the kernel, reinstall and reboot.

Version 1.1.2

1. General/2.4.[89] kernels: busy inodes after umount

  • What you see in the log: VFS complains about busy inodes after umount.
  • What is wrong: If /rsbac dir lookup failed on a filesystem, e.g. because there is none, the dentry is not dput. However, you can safely ignore this message, because everything gets cleaned up correctly.
  • RSBAC versions affected: 1.1.2.
  • What you should do: Ignore the log message or apply this patch to get it fixed.

Version 1.1.1

1. General/ReiserFS: rsbac_check with inode checks fails

  • What you see in the log: RSBAC removes entry for inode, ReiserFS complains about bad inode afterwards.
  • What is wrong: ReiserFS internally works with 64 bit inode numbers, which are not yet supported by the standard Linux inode struct. The ReiserFS workarounds were not followed by the RSBAC inode number checks.
  • RSBAC versions affected: up to 1.1.1.
  • What you should do: Apply this patch to skip inode checks for ReiserFS, avoid ReiserFS or disable check on init and make sure you never call rsbac_check with inode checking.

2. General/Net support: some programs cannot bind UNIX sockets, e.g. postfix, syslog-ng, mysql

  • What you see in the log: RSBAC complains about an IPC object of unknown type and returns errors. The program complains about not being able to bind.
  • What is wrong: These programs use a socket name longer than IP socket addresses, or at least they call sys_bind with a larger addrlen argument. The memory allocation for socket addresses in the RSBAC interception is too small, so the identification data is overwritten.
  • RSBAC versions affected: up to 1.1.1, but only with Net Support enabled in kernel config
  • What you should do: Apply this patch to get the allocation right, or disable RSBAC Net Support in kernel config. E.g. syslog-ng in the current CVS version already got fixed to use the real path length.

3. General: Rename does not check for overwrite

  • What you see in the log: Nothing.
  • What is wrong: When a rename to an existing name is done, RSBAC does not issue a DELETE for the old name’s inode. However, the rename target directory is still WRITE checked, so the overwrite usually only happens on separately protected files.
  • RSBAC versions affected: up to 1.1.1.
  • What you should do: Apply this patch for 2.4 kernels or this patch for 2.2 kernels.

4. General: 2.4.[0-5] patch removes Linux check for valid signals

  • What you see in the log: Nothing.
  • What is wrong: Due to a diffing mistake, RSBAC patches for 2.4 kernels remove an important call to bad_signal() within the sys_kill code. This can lead to processes being signalled and killed without access control.
  • RSBAC versions affected: up to 1.1.1 with 2.4 kernels up to 2.4.5
  • What you should do: Apply this patch for 2.4 kernels.

Version 1.1.0

1. ACL: Some programs will not run when called as ordinary user

  • What you see in the log: ACL denies an EXECUTE request on target T_NONE (which is internally mapped by ACL to SCD target ‘other’).
  • What is wrong: The default setting for ACL module is missing right EXECUTE on SCD target ‘other’ for group 0 ‘Everyone’. This means that some programs cannot be run as ordinary user, because memory segments without file mapping cannot be set executable.
  • RSBAC versions affected: 1.1.0 only.
  • What you should do: Apply this patch to get the default right, or with RSBAC active login as secoff (user 400) and call acl_grant GROUP 0 EXECUTE SCD other

2. ACL: Admin Tool acl_tlist does not backup SCD target ACLs correctly

  • What you see: In the backup file, there are lines calling acl_grant without specifying the target type. When applying the backup file for restore, there are error messages like ‘could not stat file time_structs’.
  • What is wrong: A line setting up the name ‘SCD’ is missing in acl_tlist.c, so there is an empty target type name, which is treated as FD at restore time.
  • RSBAC versions affected: 1.0.9 - 1.1.0.
  • What you should do: Apply this patch in the admin-tools directory to get it right, recompile, reinstall and rerun your backup.

3. General: rsbacd disabled

  • What you see: In /proc/rsbac-info/stats*, all lists that are dirty, keep dirty.
  • What is wrong: Due to a bug in rsbacd, the timer is not reset, so the daemon does not wake up to save the lists. However, all lists are saved on umount, so you will only loose attributes etc., if the system crashes.
  • RSBAC versions affected: 1.1.0 only.
  • What you should do: Apply this patch to get it right, recompile the kernel and restart. Until then, you can call rsbac_write by hand or cron job to trigger a write-to-disk of all dirty lists. Please note that a user needs WRITE right to SCD target ‘rsbac’ to do this.
 

download/bugfixes.txt · Last modified: 2006/05/02 15:40
This website is kindly hosted by m-privacy