From: Amon Ott <ao@rsbac.org>
Subject: Re: access control by name, not inode
Date: Mon, 10 Dec 2001 18:47:51 +0100
Next Article (by Subject): RE: access control by name, not inode Jörgen_Sigvardsson
Previous Article (by Subject): access control by name, not inode Arkady A Drovosekov
Top of Thread: access control by name, not inode Arkady A Drovosekov
Next in Thread: RE: access control by name, not inode Jörgen_Sigvardsson
Articles sorted by: [Date]
[Author]
[Subject]
On Monday, 10. December 2001 14:29, Arkady A Drovosekov wrote: > Hi, > is it possible to control an access by name of entity? > e.g.: > 1 - I assign role to file A, > 2 - program B (it has rights to do anything with file A) deletes this file > 3 - program B create file with the same name A > 4 - at this point it seems file A has no assigned role > > passwd - such evil program ;-) , at least when you change password and > shadow file (the victim) is used Sorry, no. RSBAC is inode based, because several names can point to the same file. What I do is use a shell script wrapper around passwd, which gets a forced role, calls passwd and then sets the types for /etc/passwd etc. to the desired values. Ugly, but works. Amon. -- http://www.rsbac.org - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): RE: access control by name, not inode Jörgen_Sigvardsson
Previous Article (by Subject): access control by name, not inode Arkady A Drovosekov
Top of Thread: access control by name, not inode Arkady A Drovosekov
Next in Thread: RE: access control by name, not inode Jörgen_Sigvardsson
Articles sorted by: [Date]
[Author]
[Subject]