From: Amon Ott <ao@rsbac.org>
Subject: Re: colorizer and MAC trivial question...
Date: Tue, 29 Aug 2000 10:09:31 +0200
Next Article (by Subject): compiling problems "Tobi Klein"
Previous Article (by Subject): colorizer and MAC trivial question... Fabrice MARIE
Top of Thread: colorizer and MAC trivial question... Fabrice MARIE
Articles sorted by: [Date]
[Author]
[Subject]
On Die, 29 Aug 2000 Fabrice MARIE wrote: > I've attached a configuration file for colortail. > (http://freshmeat.net/projects/colortail/download/colortail-0.3.0.tar.gz) > This will allow you to colorize some keywords, IP addresses etc ... > This one colorize as well a couple of rsbac keywords, it becomes more easy to read. > Enjoy! > Enhancements of this conf file, etc.. are welcome!! Interesting. I will have a closer look. > The question of the day will be about MAC. > I'm having what I think is a trivial problem with MAC. > As a normal user, I cannot su. The MAC module deny su to change owner from 501 to 0. > Can anyone explain slowly how can I change this ? You are not allowed to change owner to an ID, whose security level you do not dominate. E.g, if 501 has sec_level 0 and root 252, this is not allowed. If 501 also had 252, it would work. Without this restriction, the security classification could be violated. You find the code in rsbac/adf/mac/mac_main.c, lines 1109-1134. You could change the returning of NOT_GRANTED to a warning message. > MAC is still very problematic for me. I'm still learning slowly :) I don't use it myself, because it is too restrictive and does not fit well into the Linux world. BTW, Stanislav has some patches to make MAC work better under Linux. Chris, where are your patches? Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): compiling problems "Tobi Klein"
Previous Article (by Subject): colorizer and MAC trivial question... Fabrice MARIE
Top of Thread: colorizer and MAC trivial question... Fabrice MARIE
Articles sorted by: [Date]
[Author]
[Subject]