[rsbac] CHANGE_OWNER request on PROCESS for same uid
Amon Ott
ao at rsbac.org
Wed Jun 18 17:32:41 MEST 2003
On Wednesday, 18. June 2003 15:25, Jochen Eisinger wrote:
> yes, I admit, I first installed a new version of rsbac and then read the
> Changes... well, but that's how it is, and now I'm a little puzzled what
> to do about this:
>
> - Changed behaviour on setuid etc.: Notification is always sent, even
> if the uid was set to the same value. This allows for restricted RC
> initial roles with correct role after setuid to root.
>
> Now with this feature, half of my programs cannot be executed anymore...
> my question is now: what do I have to do to grant all programs to setuid
> to their current uid (possibly without adding this capability explicitly
> to every program)?
>
> running rsbac-1.2.2-pre5
Please add an AUTH capability for user 4294967293 (-3), which is the special
value for 'user who started the program'. The rsbac_fd_menu lets you choose
this value when setting an AUTH cap.
In my experience, there are only a handful of programs that really need this
capability, mostly kde programs. Many programs still work, even if
setuid(getuid()) fails.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list