From: Jörgen_Sigvardsson <jorgen@profitab.com>
Subject: RE: access control by name, not inode
Date: Tue, 11 Dec 2001 02:51:39 +0100
Next Article (by Subject): Re: access control by name, not inode Amon Ott
Previous Article (by Subject): Re: access control by name, not inode Amon Ott
Top of Thread: access control by name, not inode Arkady A Drovosekov
Next in Thread: Re: access control by name, not inode Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
one could however make an interface name based by resolving the name into an inode. (Should not be too much of a problem using ls and awk :) > -----Original Message----- > From: owner-rsbac@compuniverse.de > [mailto:owner-rsbac@compuniverse.de] On Behalf Of Amon Ott > Sent: den 10 december 2001 18:48 > To: RSBAC List > Subject: Re: access control by name, not inode > > > On Monday, 10. December 2001 14:29, Arkady A Drovosekov wrote: > > Hi, > > is it possible to control an access by name of entity? > > e.g.: > > 1 - I assign role to file A, > > 2 - program B (it has rights to do anything with file A) > deletes this > > file 3 - program B create file with the same name A 4 - at > this point > > it seems file A has no assigned role > > > > passwd - such evil program ;-) , at least when you change > password and > > shadow file (the victim) is used > > Sorry, no. RSBAC is inode based, because several names can > point to the same > file. > > What I do is use a shell script wrapper around passwd, which > gets a forced > role, calls passwd and then sets the types for /etc/passwd > etc. to the > desired values. Ugly, but works. > > Amon. > -- > http://www.rsbac.org > - > To unsubscribe from the rsbac list, send a mail to > majordomo@rsbac.org with unsubscribe rsbac as single line in the body. > - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: access control by name, not inode Amon Ott
Previous Article (by Subject): Re: access control by name, not inode Amon Ott
Top of Thread: access control by name, not inode Arkady A Drovosekov
Next in Thread: Re: access control by name, not inode Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]