ACL Problem with /bin/sh --> /bin/bash

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

ACL Problem with /bin/sh --> /bin/bash

Postby cco » Mon Jan 12, 2004 5:19 am

I have the following acl error in my log file.


kernel: grsec: denied access to hidden file /bin/bash by (sh
:18870) UID(0) EUID(0), parent (cron:31871) UID(0) EUID(0)


The problem is that the /bin/sh is a symlink to /bin/bash. And you can't write acl rule for a symlink.
Cron has access to /bin rx
And /bin/bash has access to /bin too.

Can somebody help me to deal with this loop ?...
cco
 
Posts: 1
Joined: Mon Jan 12, 2004 5:11 am

Postby birdo » Thu Jan 15, 2004 3:00 pm

Somehow there is security within symlinks afaik.
A dirty patch would be to copy the file instead using the symlink :-)
birdo
 
Posts: 1
Joined: Thu Jan 15, 2004 2:57 pm

Postby fwiffo » Sat Mar 13, 2004 5:12 am

No symlinks in grsec's ACL, you'll have to write the rule for the original file the symlink is pointing to (that is, the symlink is treated like the original file and not as a file-per-se)
fwiffo
 
Posts: 10
Joined: Fri Mar 12, 2004 6:50 pm


Return to RBAC policy development