[grsec] denied rename with rwcd set?
Brad Spengler
spender at grsecurity.net
Thu Dec 16 18:37:51 EST 2004
> is there a special needed permission bit to be allowed to rename
> something?
No, however in this case, the binary is trying to replace itself,
which is a special (and rare) case. gradm automatically adds
an object for the binary of a subject if an object does not
exist for it (to ensure that the binary can't be overwritten by
the application itself). To override this, like in this case,
you need to add /usr/lib/AntiVir/antivir rwcd to the object list.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041216/b379786c/attachment.pgp
More information about the grsecurity
mailing list