From: Amon Ott <ao@rsbac.org>
Subject: New FF patch
Date: Thu, 14 Sep 2000 16:06:09 +0200
Next Article (by Subject): New list location at compuniverse.de root
Previous Article (by Subject): New Article. staringer
Articles sorted by: [Date]
[Author]
[Subject]
Hi there!
This is the new FF bugfix to be applied against plain 1.0.9b
rsbac/adf/ff/ff_main.c. With this patch, DELETE is correctly denied on files
with read_only or execute_only set.
Amon.
--- ff_main.c.old Thu Sep 14 16:04:12 2000
+++ ff_main.c Thu Sep 14 16:02:49 2000
@@ -185,7 +185,6 @@
/* Creating dir or (pseudo) file IN target dir! */
case R_CREATE:
- case R_DELETE:
case R_MOUNT:
case R_UMOUNT:
case R_WRITE:
@@ -199,6 +198,21 @@
default: return(DO_NOT_CARE);
}
+ /* Creating dir or (pseudo) file IN target dir! */
+ case R_DELETE:
+ switch(target)
+ {
+ case T_FILE:
+ return(check_flags_ff(target,tid,
+ FF_read_only | FF_execute_only));
+ case T_DIR:
+ return(check_flags_ff(target,tid,
+ FF_read_only | FF_search_only));
+
+ /* all other cases are undefined */
+ default: return(DO_NOT_CARE);
+ }
+
case R_EXECUTE:
switch(target)
{
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Subject): New list location at compuniverse.de root
Previous Article (by Subject): New Article. staringer
Articles sorted by: [Date]
[Author]
[Subject]