Problem with symlink

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Problem with symlink

Postby kakou » Thu Nov 23, 2006 1:25 pm

I have problem with cron and symlink :

Nov 23 19:07:02 wakka grsec: From 10.0.0.6: (root:U:/bin/ln) denied symlink from 5557 to /var/spool/cron/lastrun/lock by /bin/ln[ln:29143] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:5557] uid/euid:0/0 gid/egid:0/0
Nov 23 19:07:02 wakka grsec: From 10.0.0.6: (root:U:/bin/ln) denied symlink from 5557 to /var/spool/cron/lastrun/lock by /bin/ln[ln:7763] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:5557] uid/euid:0/0 gid/egid:0/0
Nov 23 19:08:02 wakka grsec: From 10.0.0.6: (root:U:/bin/ln) denied symlink from 8796 to /var/spool/cron/lastrun/lock by /bin/ln[ln:3409] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:8796] uid/euid:0/0 gid/egid:0/0
Nov 23 19:08:02 wakka grsec: From 10.0.0.6: (root:U:/bin/ln) denied symlink from 8796 to /var/spool/cron/lastrun/lock by /bin/ln[ln:10018] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:8796] uid/euid:0/0 gid/egid:0/0


As you can see, there are no source (what is 8796?).
So I try to add
/var/spool/cron/lastrun/lock lrdwc
to /bin/ln subject but it doesn't work.
How to fix this?
kakou
 
Posts: 2
Joined: Sun May 21, 2006 3:58 pm

Postby spender » Sun Nov 26, 2006 11:07 pm

Symlinking only requires create + write permission, not hardlink permission. I'll see if I can modify the symlink log so that it reports a full pathname for the filename pointed to by the symlink, but the modification you noted should have fixed the problem if it was placed in the right role/subject.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA


Return to RBAC policy development

cron