RE: access control by name, not inode

From: Jörgen_Sigvardsson <jorgen@profitab.com>
Subject: RE: access control by name, not inode
Date: Tue, 11 Dec 2001 02:51:39 +0100

Next Article (by Date): Re: access control by name, not inode Amon Ott
Previous Article (by Date): Re: access control by name, not inode Amon Ott
Top of Thread: access control by name, not inode Arkady A Drovosekov
Next in Thread: Re: access control by name, not inode Amon Ott
Articles sorted by: [Date] [Author] [Subject]

one could however make an interface name based by resolving the name
into an inode. (Should not be too much of a problem using ls and awk :)

> -----Original Message-----
> From: owner-rsbac@compuniverse.de 
> [mailto:owner-rsbac@compuniverse.de] On Behalf Of Amon Ott
> Sent: den 10 december 2001 18:48
> To: RSBAC List
> Subject: Re: access control by name, not inode
> 
> 
> On Monday, 10. December 2001 14:29, Arkady A Drovosekov wrote:
> > Hi,
> > is it possible to control an access by name of entity?
> > e.g.:
> > 1 - I assign role to file A,
> > 2 - program B (it has rights to do anything with file A) 
> deletes this 
> > file 3 - program B create file with the same name A 4 - at 
> this point 
> > it seems file A has no assigned role
> >
> > passwd - such evil program ;-) , at least when you change 
> password and 
> > shadow file (the victim) is used
> 
> Sorry, no. RSBAC is inode based, because several names can 
> point to the same 
> file.
> 
> What I do is use a shell script wrapper around passwd, which 
> gets a forced 
> role, calls passwd and then sets the types for /etc/passwd 
> etc. to the 
> desired values. Ugly, but works.
> 
> Amon.
> --
> http://www.rsbac.org
> -
> To unsubscribe from the rsbac list, send a mail to 
> majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
> 


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.