[rsbac] Minor and medium Bugfixes v1.2.3-6 and v1.2.3-7
Amon Ott
ao at rsbac.org
Mon Oct 4 12:14:54 CEST 2004
Hi!
Minor and medium RSBAC Bugfixes v1.2.3-6 and v1.2.3-7 have been
released.
6. General: Various small fixes.
* Urgency: Low.
* What you see: Several small glitches: When e.g. calling fuser in
2.4 kernels, lots of logging entries for device 00:00. Ext2 and ext3
do not work as modules, because symbol rsbac_symlink_redirect is
missing. 2.6 does not compile on new gcc or spits out warnings. When
checking of IPC sempahores is enabled, WRITE on IPC targets returns
UNDEFINED. User pseudonyms do not work.
* What is wrong: sys_stat interception is incomplete. Symbol is
not exported. WRITE on IPC is not listed in adf_check.c. When getting
the user pseudo value, the target id variable is not intialized.
* Implications: Some people cannot boot 2.4 kernels. In some
cases, 2.6 does not compile. Semaphore access is always denied. User
privacy may be weakened.
* RSBAC versions affected: 1.2.3.
* Bugtracker issue: #0000007.
* What you should do: Apply this patch (MD5 / GnuPG Cert) to get
the bugs corrected, recompile the kernel, reinstall and reboot.
7. General/Kernels 2.6: RSBAC initializes from device 00:00
* Urgency: Medium.
* What you see: 2.6 kernels with initrd support loose some RSBAC
setting over reboots, because RSBAC initializes from device 00:00
instead of the correct root device.
* What is wrong: The rsbac_init call in init/do_mounts.c uses the
real_root_dev variable, which does not seem to be initialized
correctly in 2.6 kernels.
* Implications: RSBAC looses settings over reboot.
* RSBAC versions affected: 1.2.3.
* Bugtracker issue: #0000005.
* What you should do: Use RSBAC delayed init as a workaround or
apply this patch (MD5 / GnuPG Cert) to get the bug corrected,
recompile, reinstall and retry.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list