New FF patch


From: Amon Ott <ao@rsbac.org>
Subject: New FF patch
Date: Thu, 14 Sep 2000 16:06:09 +0200

Next Article (by Author): Linux Kongress Amon Ott
Previous Article (by Author): REG documentation? Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Hi there!

This is the new FF bugfix to be applied against plain 1.0.9b
rsbac/adf/ff/ff_main.c. With this patch, DELETE is correctly denied on files
with read_only or execute_only set.

Amon.


--- ff_main.c.old	Thu Sep 14 16:04:12 2000
+++ ff_main.c	Thu Sep 14 16:02:49 2000
@@ -185,7 +185,6 @@
 
         /* Creating dir or (pseudo) file IN target dir! */
         case R_CREATE:
-        case R_DELETE:
         case R_MOUNT:
         case R_UMOUNT:
         case R_WRITE:
@@ -199,6 +198,21 @@
                 default: return(DO_NOT_CARE);
               }
 
+        /* Creating dir or (pseudo) file IN target dir! */
+        case R_DELETE:
+            switch(target)
+              {
+                case T_FILE: 
+                  return(check_flags_ff(target,tid,
+                                        FF_read_only | FF_execute_only));
+                case T_DIR: 
+                  return(check_flags_ff(target,tid,
+                                        FF_read_only | FF_search_only));
+
+                /* all other cases are undefined */
+                default: return(DO_NOT_CARE);
+              }
+
         case R_EXECUTE:
             switch(target)
               {
 
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Linux Kongress Amon Ott
Previous Article (by Author): REG documentation? Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.