From: Stanislav Ievlev <inger@altlinux.ru>
Subject: Re: Válasz: Protect rc file(s) from manual running
Date: Tue, 02 Oct 2001 09:34:17 +0400
Next Article (by Date): Re: rsbac dir Stanislav Ievlev
Previous Article (by Date): Re: Válasz: Protect rc file(s) from manual running steve
Top of Thread: Re: Válasz: Protect rc file(s) from manual running steve
Next in Thread: Re: Válasz: Protect rc file(s) from manual running Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
--------------040608060509020505070601 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello friends! Arkady A Drovosekov wrote: >On Mon, Oct 01, 2001 at 05:35:13PM +0100, ghorvath@minolta.hu wrote: > >>Dear members, >> >>in the meantime the problem is solved with the help of Stanislav Ievlev. >>Many thanks for his help again. >> >Stanislav, could you give us little more details about this case? > ;) Well.... Problem with the scripts. Task: 1) I have some bash script (e.g. to configure Firewall) 2) This script uses some program (e.g. ipchains) for system configuration. 3) I'm want to protect this configuration and script from changes. Problem: I cannot use forced RC roles for the scripts, because when I start script I really start interpreter (bash) with my (not forced) role. Then this interpreter read data from the script and execute programs. Possible solution: To use some simple wrapper, that executes script. Wrapper can use forced role , therefore, script (for Firewall configuration) and program (ipchains) can be protected by RC. Only wrapper can run this program and read this script. P.S. May be Amon have better solution ? ------------------------------------------- With best regards Stanislav Ievlev --------------040608060509020505070601 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <html> <head> </head> <body> Hello friends!<br> <br> Arkady A Drovosekov wrote:<br> <blockquote type="cite" cite="mid:20011001231343.B869@pclin.suct.uu.ru"> <pre wrap="">On Mon, Oct 01, 2001 at 05:35:13PM +0100, <a class="moz-txt-link-abbreviated" href="mailto:ghorvath@minolta.hu">ghorvath@minolta.hu</a> wrote:<br></pre> <blockquote type="cite"> <pre wrap="">Dear members,<br><br>in the meantime the problem is solved with the help of Stanislav Ievlev.<br>Many thanks for his help again.<br></pre> </blockquote> <pre wrap=""><!---->Stanislav, could you give us little more details about this case?<br></pre> </blockquote> <br> ;)<br> <br> Well....<br> <br> Problem with the scripts.<br> <br> Task:<br> 1) I have some bash script (e.g. to configure Firewall)<br> 2) This script uses some program (e.g. ipchains) for system configuration.<br> 3) I'm want to protect this configuration and script from changes.<br> <br> Problem:<br> I cannot use forced RC roles for the scripts, because when I start script I really start interpreter (bash) with my (not forced) role. Then this interpreter read data from the script and execute programs.<br> <br> Possible solution:<br> To use some simple wrapper, that executes script.<br> <br> Wrapper can use forced role , therefore, script (for Firewall configuration) and program (ipchains) can be protected by RC.<br> Only wrapper can run this program and read this script.<br> <br> <br> P.S. May be Amon have better solution ?<br> <br> -------------------------------------------<br> With best regards<br> Stanislav Ievlev<br> <br> </body> </html> --------------040608060509020505070601-- - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: rsbac dir Stanislav Ievlev
Previous Article (by Date): Re: Válasz: Protect rc file(s) from manual running steve
Top of Thread: Re: Válasz: Protect rc file(s) from manual running steve
Next in Thread: Re: Válasz: Protect rc file(s) from manual running Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]