Re: AUTH module - denying CHANGE_OWNER request?


From: Amon Ott <ao@rsbac.org>
Subject: Re: AUTH module - denying CHANGE_OWNER request?
Date: Thu, 6 Jul 2000 10:48:12 +0200

Next Article (by Subject): AUTH problems Shaun Savage
Previous Article (by Subject): Re: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Top of Thread: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Articles sorted by: [Date] [Author] [Subject]


On Mit, 05 Jul 2000 pyromage@pyromage.net wrote:
> > I suppose your log entry contains CHANGE_OWNER to target PROCESS, attr owner,
> > attr_val 0 NOT_GRANTED by AUTH with caller_prog /bin/login.
> 
> request CHANGE_OWNER, caller_pid 343, caller_prog_name login, caller_uid 0,
> target-type PROCESS, tid 343, attr owner, value 1000, result NOT_GRANTED by
> AUTH
> 
> > What type of remote login do you use? 
> 
> Telnet and ssh (v1)

Strange. So if this login program being called by telnetd is really /bin/login,
and /bin/login has 1000 in its cap set, I don't know what happens here.

What exactly is the cap set of /bin/login, meaning what does
auth_set_cap FILE get /bin/login
show? Or did you set auth_may_setuid on /bin/login?

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): AUTH problems Shaun Savage
Previous Article (by Subject): Re: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Top of Thread: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.