[rsbac] Medium Bugfix v1.2.4-3

Amon Ott ao at rsbac.org
Wed Mar 30 11:17:32 CEST 2005 

3. General: Various fixes.

    * Urgency: Medium.
    * What you see: Several more or less significant bugs: Incomplete 
interception in /proc/pid. Missing check in PAX module, whether RSBAC 
has already been initialized. RC does not properly access control 
user password changes in new User Management (but other modules do). 
Endless loop DoS when writing unrecognized strings 
to /proc/rsbac-info/debug and others. Rare lockup cases with program 
path logging. Missing special ACL GROUP access rights in default 
setup for user 400. Missing DAC_OWNER and DAC_GROUP interceptions in 
setuid and setgid calls for 2.4.29. User passwords can be changed by 
other users, if old password is known. User management complains that 
system accounts without password must change it. Several bugs in PAM 
and NSS modules for User Management. Administration menues do not 
adapt to screen size correctly. Group memberships do not always get 
imported to User Management.
    * What is wrong: Missing interceptions, RC code at wrong place, 
pre-initialized err variable used elsewhere, mm segment already 
locked when looking up program mapping, no check for current->uid, no 
check for disabled password.
    * Implications: The system can lockup or allow undesired accesses, 
depending on RSBAC kernel configuration and setup.
    * RSBAC versions affected: 1.2.4.
    * Bugtracker issue: #0000027 and others.
    * What you should do: Apply this patch for 2.6 (MD5 / GnuPG Cert) 
or this patch for 2.4 (MD5 / GnuPG Cert) and this patch for the admin 
tools (MD5 / GnuPG Cert) to get the bugs corrected, recompile the 
kernel, reinstall and reboot.

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : rsbac-bugfix-v1.2.4-3-2.4.diff
Dateityp    : text/x-diff
Dateigröße  : 23206 bytes
Beschreibung: nicht verfügbar
URL         : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050330/4e508cbf/rsbac-bugfix-v1.2.4-3-2.4-0001.bin
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : rsbac-bugfix-v1.2.4-3-2.6.diff
Dateityp    : text/x-diff
Dateigröße  : 17538 bytes
Beschreibung: nicht verfügbar
URL         : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050330/4e508cbf/rsbac-bugfix-v1.2.4-3-2.6-0001.bin
-------------- nächster Teil --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCSXJhq9yn6h5RTo8RApnVAJ9vk4jyZ1qw1Kon75c/37z0Tm+uogCggN8R
OR6/brIVGiKYNxVE2LaoOrA=
=+Fej
-----END PGP SIGNATURE-----
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : rsbac-bugfix-v1.2.4-3-admin.diff
Dateityp    : text/x-diff
Dateigröße  : 38853 bytes
Beschreibung: nicht verfügbar
URL         : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050330/4e508cbf/rsbac-bugfix-v1.2.4-3-admin-0001.bin
-------------- nächster Teil --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCSXJhq9yn6h5RTo8RAqJtAJ9AOfxcsjyqs12TdVWcRktUsxkc+ACfTpz3
cUKb3zj5F3xG4Hr+l+q5Oc8=
=UCS8
-----END PGP SIGNATURE-----
-------------- nächster Teil --------------
24b9bb1ad2e552203674f53c4fb46508  rsbac-bugfix-v1.2.4-3-admin.diff
-------------- nächster Teil --------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCSXJhq9yn6h5RTo8RAt6ZAJ91IHnrLQlPvGSrnuoaTE36dJGSpQCfV1rJ
+DumwECYxFLP/f6S1flKjto=
=ztTu
-----END PGP SIGNATURE-----
-------------- nächster Teil --------------
9e28360cfb90a7ca1f2ca8d7f813cbc3  rsbac-bugfix-v1.2.4-3-2.4.diff
-------------- nächster Teil --------------
4512166173c44ea926364ed5e2757690  rsbac-bugfix-v1.2.4-3-2.6.diff

More information about the rsbac mailing list