From: Amon Ott <ao@rsbac.org>
Subject: Re: AUTH module - denying CHANGE_OWNER request?
Date: Thu, 6 Jul 2000 10:48:12 +0200
Next Article (by Author): Buglet in 1.0.9b data structures Amon Ott
Previous Article (by Author): 1.0.9b and kernels 2.4.xx Amon Ott
Top of Thread: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Articles sorted by: [Date]
[Author]
[Subject]
On Mit, 05 Jul 2000 pyromage@pyromage.net wrote: > > I suppose your log entry contains CHANGE_OWNER to target PROCESS, attr owner, > > attr_val 0 NOT_GRANTED by AUTH with caller_prog /bin/login. > > request CHANGE_OWNER, caller_pid 343, caller_prog_name login, caller_uid 0, > target-type PROCESS, tid 343, attr owner, value 1000, result NOT_GRANTED by > AUTH > > > What type of remote login do you use? > > Telnet and ssh (v1) Strange. So if this login program being called by telnetd is really /bin/login, and /bin/login has 1000 in its cap set, I don't know what happens here. What exactly is the cap set of /bin/login, meaning what does auth_set_cap FILE get /bin/login show? Or did you set auth_may_setuid on /bin/login? Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Buglet in 1.0.9b data structures Amon Ott
Previous Article (by Author): 1.0.9b and kernels 2.4.xx Amon Ott
Top of Thread: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Articles sorted by: [Date]
[Author]
[Subject]