[prev in list] [next in list] [prev in thread] [next in thread]
List: rsbac
Subject: Re: [rsbac] CHANGE_OWNER request on PROCESS for same uid
From: Amon Ott <ao () rsbac ! org>
Date: 2003-06-18 14:32:41
[Download RAW message or body]
On Wednesday, 18. June 2003 15:25, Jochen Eisinger wrote:
> yes, I admit, I first installed a new version of rsbac and then read the
> Changes... well, but that's how it is, and now I'm a little puzzled what
> to do about this:
>
> - Changed behaviour on setuid etc.: Notification is always sent, even
> if the uid was set to the same value. This allows for restricted RC
> initial roles with correct role after setuid to root.
>
> Now with this feature, half of my programs cannot be executed anymore...
> my question is now: what do I have to do to grant all programs to setuid
> to their current uid (possibly without adding this capability explicitly
> to every program)?
>
> running rsbac-1.2.2-pre5
Please add an AUTH capability for user 4294967293 (-3), which is the special
value for 'user who started the program'. The rsbac_fd_menu lets you choose
this value when setting an AUTH cap.
In my experience, there are only a handful of programs that really need this
capability, mostly kde programs. Many programs still work, even if
setuid(getuid()) fails.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
_______________________________________________
rsbac mailing list
rsbac@rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic