[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rsbac
Subject:    Serious bug in MAC
From:       ao () morpork ! shnet ! org (A !  Ott)
Date:       2000-02-24 10:08:00
[Download RAW message or body]

Hi all!

Due to an old bug, any user can change the mac_trusted_for_user entry for  
files. This entry allows to turn off *-property checking, if the file is  
executed. This bug is serious for MAC!

Please apply the following patch to rsbac/adf/mac/mac_main.c:

Amon.

--- mac_main.c~	Tue Feb 22 15:30:36 2000
+++ mac_main.c	Thu Feb 24 10:55:42 2000
@@ -1500,6 +1500,7 @@
                 case A_max_read_categories:
                 case A_mac_auto:
                 case A_mac_trusted:
+                case A_mac_trusted_for_user:
                 case A_mac_check:
                 case A_log_array_low:
                 case A_log_array_high:
@@ -1737,6 +1738,7 @@
                 case A_max_read_open:
                 case A_mac_auto:
                 case A_mac_trusted:
+                case A_mac_trusted_for_user:
                 case A_mac_check:
                 case A_log_array_low:
                 case A_log_array_high:

--
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

[prev in list] [next in list] [prev in thread] [next in thread]