grsecurity.vim VIM Syntax file for GRSecurity Policy

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

grsecurity.vim VIM Syntax file for GRSecurity Policy

Postby lobo » Thu Dec 11, 2008 11:48 am

Hi Everybody,

I wrote a couple of month ago a very basic VIM syntax file for the GRSecurity policy and uploaded it yesterday to vim.org. At the moment, basic syntax highlighting and folding is working. It would be great if there are some VIM users out there who could test it and send their complaints and bug reports to me ;-) Does anyone know if there is already a VIM syntax file for grsec somewhere on the web, because I coudln't find one?

http://www.vim.org/scripts/script.php?script_id=2479

Sorry for the shameless self-promotion, but maybe there is someone out here who finds this useful ;-)

regards,

jochen
lobo
 
Posts: 6
Joined: Sat Apr 15, 2006 8:33 pm
Location: Germany / Bavaria

Re: grsecurity.vim VIM Syntax file for GRSecurity Policy

Postby cormander » Thu Dec 11, 2008 4:27 pm

This looks nice!

Here is my feedback (in the form of a patch, in the spirit of grsecurity patches):

Code: Select all
diff -r ed50fc87b660 grsecurity.vim
--- a/grsecurity.vim    Wed Dec 10 22:15:13 2008 +0100
+++ b/grsecurity.vim    Thu Dec 11 15:24:40 2008 -0500
@@ -23,7 +23,10 @@

 syn keyword grsecCap           CAP_ALL CAP_CHOWN CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_TTY_CONFIG
 syn keyword grsecCap           CAP_FOWNER CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_SYS_RESOURCE CAP_IPC_LOCK
-syn keyword grsecCap           CAP_KILL CAP_NET_ADMIN
+syn keyword grsecCap           CAP_KILL CAP_NET_ADMIN CAP_LINUX_IMMUTABLE CAP_NET_RAW CAP_MKNOD
+syn keyword grsecCap           CAP_SYS_ADMIN CAP_SYS_RAWIO CAP_SYS_MODULE CAP_SYS_PTRACE CAP_NET_BIND_SERVICE
+syn keyword grsecCap           CAP_NET_RAW CAP_SYS_BOOT PAX_SEGMEXEC PAX_PAGEEXEC PAX_MPROTECT
+

 syn match grsecObjFlags                /\s[acdhilmprstwx]*$/
 syn match grsecRoleFlags       /\s[suAG]*$/


The Copy/paste probably causes whitespace issues... so apply patch with --ignore-whitespace. Also not sure if phpbb does patches justice ... but you get the idea. You didn't syn highlight all the possible CAPS (and I might have missed a few myself)
cormander
 
Posts: 154
Joined: Tue Jan 29, 2008 12:51 pm
Location: Utah

Re: grsecurity.vim VIM Syntax file for GRSecurity Policy

Postby lobo » Sat Dec 13, 2008 12:05 pm

Hi Corey,

thanks for the patch. I have applied your patch and added some more capabilities after having a look at the gradm2 source.

http://www.bitbucket.org/lobo/grsecurit ... curity.vim

Thx.

-jochen
lobo
 
Posts: 6
Joined: Sat Apr 15, 2006 8:33 pm
Location: Germany / Bavaria


Return to RBAC policy development

cron