softmode vs. PM and RSBAC backup.

From: Stanislav Ievlev <inger@altlinux.ru>
Subject: softmode vs. PM and RSBAC backup.
Date: Wed, 13 Jun 2001 14:27:37 +0400

Next Article (by Subject): Re: softmode vs. PM and RSBAC backup. Amon Ott
Previous Article (by Subject): Re: soft mode Jörgen Sigvardsson
Next in Thread: Re: softmode vs. PM and RSBAC backup. Amon Ott
Articles sorted by: [Date] [Author] [Subject]

This is a multi-part message in MIME format.
--------------010108080302010909010704
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello!
There are two little problems:

1. Backup in RSBAC:
We must turn off all modules for backup procedure now. But it's is not 
secure. What about special role for backup (like in Windows NT). This 
role must be only for special backup program, no for real users.

2. Soft mode:
I need more rights in soft_mode. RC working in "hard" mode under "soft" 
mode now. Most RC operations  permitted only for role_admin. I apply 
patch for it.

----------------------
With best regards
Stanislav Ievlev
<inger@altlinux.ru>

--------------010108080302010909010704
Content-Type: text/plain;
 name="rsbac-rcsoftmode.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="rsbac-rcsoftmode.patch"

--- linux/rsbac/adf/rc/rc_main.c.orig	Fri Apr 27 17:09:34 2001
+++ linux/rsbac/adf/rc/rc_main.c	Wed Jun 13 12:40:53 2001
@@ -249,7 +249,13 @@
         return -RSBAC_EREADFAILED;
       }
     /* allow, if t_role contained in admin_roles */
-    if (i_rc_item_val1.admin_roles & ((rsbac_rc_role_vector_t) 1 << t_role) )
+    if (i_rc_item_val1.admin_roles & ((rsbac_rc_role_vector_t) 1 << t_role) 
+	#ifdef CONFIG_RSBAC_SOFTMODE
+	|| (   rsbac_softmode 
+	    && (i_rc_item_val1.admin_type == RC_system_admin)
+	   )
+	#endif
+	)
       return 0;
     else
       return -EPERM;
@@ -455,6 +461,11 @@
         || (   !modify
             && (i_rc_item_val1.admin_type == RC_system_admin)
            )
+        #ifdef CONFIG_RSBAC_SOFTMODE
+	|| (   rsbac_softmode 
+	    && (i_rc_item_val1.admin_type == RC_system_admin)
+	   )
+	#endif
        )
       return 0;
     else

--------------010108080302010909010704--

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: softmode vs. PM and RSBAC backup. Amon Ott
Previous Article (by Subject): Re: soft mode Jörgen Sigvardsson
Next in Thread: Re: softmode vs. PM and RSBAC backup. Amon Ott
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.