bind 0.0.0.0 does not allow bind to any IP address (?)

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

bind 0.0.0.0 does not allow bind to any IP address (?)

Postby bearclaw » Mon Apr 17, 2006 11:14 am

Trying to setup network ACLs, I have the following problem:
Code: Select all
role default G
role_transitions admin
subject /
 ...
  bind disabled
subject /usr/sbin/vsftpd p
        /var/log/vsftpd.log a
        /srv/http/www   rwcd
        +CAP_SYS_CHROOT
        bind MYIP stream tcp  #atempt 1
        bind 0.0.0.0 stream tcp              #atempt 2


using attempt #1 works(with MYIP being my eth0 ip address), but attempts #2 fails, I get

(default:D:/usr/sbin/vsftpd) denied bind() to MYIP port 54167 sock type stream protocol tcp by /usr/sbin/vsftpd[vsftpd:1744] uid/euid:1008/1008 gid/egid:1008/1008, parent /usr/sbin/vsftpd[vsftpd:1769] uid/euid:65534/65534 gid/egid:65534/65534


Any idea what's going wrong? Or is this the expected behavior?
bearclaw
 
Posts: 7
Joined: Mon Nov 29, 2004 6:41 pm

Postby bearclaw » Wed Apr 19, 2006 2:32 pm

Replying to myself (instead of removing as others can do the same mistake)
default mask is 32, not 0, what I wanted was "0.0.0.0/0"
bearclaw
 
Posts: 7
Joined: Mon Nov 29, 2004 6:41 pm


Return to RBAC policy development

cron