Symlinks and busybox

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Symlinks and busybox

Postby gregkmoff » Wed Nov 12, 2014 12:58 pm

I have a dilemna.

In our embedded system we use busybox for many functions with symlinks to busybox.

/bin/cat -> /bin/busybox
/bin/ls -> /bin/busybox
etc...

I'm trying to make a policy where for a specific role, /bin/cat has different privileges than /bin/ls. Currently I'm only able to use /bin/busybox as the subject and can't seem to figure out how to differentiate /bin/cat vs /bin/ls.

Any help?
gregkmoff
 
Posts: 13
Joined: Mon Jul 14, 2014 2:35 pm

Re: Symlinks and busybox

Postby spender » Wed Nov 19, 2014 9:34 am

Can't you just make copies of the busybox binary to replace the symlinks? That would be the only possible way to enforce different subjects.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA


Return to RBAC policy development