[rsbac] Medium Bugfix v1.2.4-1
Amon Ott
ao at rsbac.org
Tue Feb 22 17:15:44 CET 2005
1. JAIL/PAX: suid/sgid files can be created inside jail, RSBAC does
not compile without PAX module
* Urgency: Medium.
* What you see: Programs can create suid and sgid files with
sys_creat, sys_open and sys_mknod inside jails. RSBAC does not
compile without PAX module.
* What is wrong: In the JAIL module CREATE check, the
corresponding mode values are not checked. The pax_print_flags
function is used unconditionally, but only defined with
CONFIG_RSBAC_PAX.
* Implications: Possible indirect privilege escalation inside the
jail.
* RSBAC versions affected: 1.2.4.
* What you should do: Apply this patch (MD5 / GnuPG Cert) to get
the bugs corrected, recompile the kernel, reinstall and reboot.
-------------- nächster Teil --------------
500590d957b93a6dac8b396e2fa94499 rsbac-bugfix-v1.2.4-1.diff
-------------- nächster Teil --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBCG0Sfq9yn6h5RTo8RAhYSAJ4uQHZmDXhxYequQjwLItL7b5QhgwCfWoAX
ct0IsSGxKE+SAYe8P6WLNlc=
=95lD
-----END PGP SIGNATURE-----
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : rsbac-bugfix-v1.2.4-1.diff
Dateityp : text/x-diff
Dateigröße : 1307 bytes
Beschreibung: nicht verfügbar
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20050222/570d189b/rsbac-bugfix-v1.2.4-1.bin
More information about the rsbac
mailing list