leak on entries in hidden dirs

Submit your RBAC policies or suggest policy improvements

leak on entries in hidden dirs

Postby jj » Fri Jan 14, 2005 8:06 am

I use the acl
{
/etc
/etc/grsec h
}

When i run the system with this,

`ls /etc/grsec` reports No such file or directory (which is correct),
however
`ls /etc/grsec/policy`reports Permission denied
while the answer should be 'No such file or directory' in the absence of a specific acl for /etc/grsec/policy.

I think this is a leak.
jj
 
Posts: 4
Joined: Wed Jan 12, 2005 5:23 pm

Postby vs » Fri Jan 14, 2005 8:42 am

This issue is fixed in the development version of grsecurity.

I've already posted this problem to the support forum.

-vs
vs
 
Posts: 22
Joined: Sun Jan 09, 2005 11:11 am

Postby jj » Sat Jan 15, 2005 10:42 am

No, the post you made does not refer to the same problem.
You are talking about the appearance of 'grsec' in the listing of /etc, which is of course a bug, but not the one i am talking about.

The bug i talk about was already present in the 2.0 if i remember correctly, and it is the fact that an attempt to acces an existing file in a hidden directory returns -EPERM instead of -ENOENT.
jj
 
Posts: 4
Joined: Wed Jan 12, 2005 5:23 pm

Postby vs » Sat Jan 15, 2005 11:57 am

Sorry, I've misunderstood you.

You're right, of course. It's another bug.

-vs
vs
 
Posts: 22
Joined: Sun Jan 09, 2005 11:11 am

Postby spender » Sun Jan 16, 2005 8:10 pm

That problem has been solved along with the other filldir problem however.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby jj » Mon Jan 17, 2005 11:22 am

Ok - i just didn't check.
jj
 
Posts: 4
Joined: Wed Jan 12, 2005 5:23 pm


Return to RBAC policy development