[rsbac] rsbac Digest, Vol 32, Issue 6

igraltist Kolpok at gmx.net
Fri Aug 12 11:32:38 CEST 2005


> --- Ursprüngliche Nachricht ---
> Von: rsbac-request at rsbac.org
> An: rsbac at rsbac.org
> Betreff: rsbac Digest, Vol 32, Issue 6
> Datum: Thu, 11 Aug 2005 12:00:02 +0200
> 
> Send rsbac mailing list submissions to
> 	rsbac at rsbac.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://rsbac.dyndns.org/mailman/listinfo/rsbac
> or, via email, send a message with subject or body 'help' to
> 	rsbac-request at rsbac.org
> 
> You can reach the person managing the list at
> 	rsbac-owner at rsbac.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of rsbac digest..."
> 
> 
> Today's Topics:
> 
>    1. question (igraltist)
>    2. Re: question (Amon Ott)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 10 Aug 2005 14:57:51 +0200 (MEST)
> From: "igraltist" <Kolpok at gmx.net>
> Subject: [rsbac] question
> To: rsbac at rsbac.org
> Message-ID: <28762.1123678671 at www8.gmx.net>
> Content-Type: text/plain; charset="us-ascii"
> 
> hallo liste,
> something struck me with rsbac.
> i use the the rsbac-admin-tool 1.2.4 and the kernel 2.4.29 on adamantix.
> i have build the kernel with all enabled in rsbac and pax and without
> softmode.
> when i do with the security-user in the rsbac_menu and then go for example
> in to /usr/sbin/apache with the rsbac_fd_menu to change settings, and in
> an
> other konsole with root-user do ps aux |grep apache, then he shows me the
> konsole content from the security.
> that happens if only as above described.
> 
> what do you think about it?
> mfg 
> igraltist
> 
> -- 
> GMX DSL = Maximale Leistung zum minimalen Preis!
> 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat:
> http://www.gmx.net/de/go/dsl
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 11 Aug 2005 10:07:51 +0200
> From: Amon Ott <ao at rsbac.org>
> Subject: Re: [rsbac] question
> To: RSBAC Discussion and Announcements <rsbac at rsbac.org>
> Message-ID: <200508111007.51668.ao at rsbac.org>
> Content-Type: text/plain;  charset="iso-8859-1"
> 
> On Mittwoch 10 August 2005 14:57, igraltist wrote:
> > something struck me with rsbac.
> > i use the the rsbac-admin-tool 1.2.4 and the kernel 2.4.29 on 
> adamantix.
> > i have build the kernel with all enabled in rsbac and pax and 
> without
> > softmode.
> > when i do with the security-user in the rsbac_menu and then go for 
> example
> > in to /usr/sbin/apache with the rsbac_fd_menu to change settings, 
> and in an
> > other konsole with root-user do ps aux |grep apache, then he shows 
> me the
> > konsole content from the security.
> > that happens if only as above described.
> > 
> > what do you think about it?
> 
> What your ps does is GET_STATUS_DATA on the process.
> 
> In RC, change security's def_process_execute_type to Security-Process, 
> better check security's rights to that type, and you are ready.
> 
> You can also use CAP's process hiding and set user root to cap_role 
> User. This would be a bit of overkill, though.
> 
> Amon.
> -- 
> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
> 
> 
> ------------------------------
> 
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://rsbac.dyndns.org/mailman/listinfo/rsbac
> 
> End of rsbac Digest, Vol 32, Issue 6
> ************************************
> 


ok, thanks i will try it.
i give ps an seperate RC an than mayby i give them to much free also through
this.
i must take a look. 




-- 
5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse für Mail, Message, More +++


More information about the rsbac mailing list