[grsec] full learning sets O flag for every subject
Marc Schiffbauer
marc at schiffbauer.net
Tue Mar 22 09:33:20 EST 2005
Hi Brad,
in the 2.1.3 Announcement you said:
> During the audit, a critical vulnerability was found in the RBAC
> system that effectively gave every subject the "O" flag, allowing
> a root user for instance to gain the privileges of any other
> process through LD_PRELOAD or ptrace.
Now if I do a full learning on a log I recorded the resulting policy
has the "O" flag set for any subject in any role.
The roles are users, system services like MTA, MDA, cron jobs etc...
Is that intended?
-Marc
--
-------------------------------------------
Take back the Net! http://www.anti-dmca.org
-------------------------------------------
More information about the grsecurity
mailing list