19 Jun 2013 18:01
18 Jun 2013 07:35
kernel build
Jens Kasten <jens <at> kasten-edv.de>
2013-06-18 05:35:56 GMT
2013-06-18 05:35:56 GMT
Hi list, i try the latest kernel linux-3.9.y (.6) I got the follow compile errors. rsbac/adf/adf_main.c: In function ‘rsbac_fake_uid’: rsbac/adf/adf_main.c:3204:8: error: wrong type argument to unary exclamation mark rsbac/adf/adf_main.c:3207:7: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c:3213:9: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c:3225:9: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c:3233:11: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c: In function ‘rsbac_fake_euid’: rsbac/adf/adf_main.c:3243:8: error: wrong type argument to unary exclamation mark rsbac/adf/adf_main.c:3246:7: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c:3253:9: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c:3265:9: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c:3273:11: error: incompatible types when returning type ‘kuid_t’ but ‘rsbac_uid_t’ was expected rsbac/adf/adf_main.c: In function ‘rsbac_set_audit_uid’: rsbac/adf/adf_main.c:3322:21: error: invalid operands to binary == (have ‘rsbac_uid_t’ and ‘kuid_t’)(Continue reading)
4 Jun 2013 20:55
wrong load
Jens Kasten <jens <at> kasten-edv.de>
2013-06-04 18:55:49 GMT
2013-06-04 18:55:49 GMT
Hi list, I guess that the value what is showing by top is wrong. See attachment. Kernel: Linux jaschtschik 3.2.45-rsbac-3+ #4 SMP Mon Jun 3 11:26:41 CEST 2013 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ AuthenticAMD GNU/Linux Grüße Jens
_______________________________________________ rsbac mailing list rsbac <at> rsbac.org http://www.rsbac.org/mailman/listinfo/rsbac
3 Jun 2013 11:59
nfs
igraltist <igraltist <at> rsbac.org>
2013-06-03 09:59:33 GMT
2013-06-03 09:59:33 GMT
No, is the same. I also cannot kill this process with ctrl + c. Have on other shell kill this process. -- Regards, Jens Kasten http://www.rsbac.org/wiki/expierence/igraltist
strace touch /usr/portage/my_testfile
execve("/usr/bin/touch", ["touch", "/usr/portage/my_testfile"], [/* 26 vars */]) = 0
brk(0) = 0x7f55c35a6000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2f92000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=45926, ...}) = 0
mmap(NULL, 45926, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f55c2f86000
close(3) = 0
open("/lib64/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=35040, ...}) = 0
mmap(NULL, 2132528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f55c2b6a000
mprotect(0x7f55c2b71000, 2097152, PROT_NONE) = 0
mmap(0x7f55c2d71000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x7000) = 0x7f55c2d71000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
(Continue reading)
3 Jun 2013 09:21
nfs
Jens Kasten <igraltist <at> rsbac.org>
2013-06-03 07:21:53 GMT
2013-06-03 07:21:53 GMT
Hi list, I try on kernel 3.2.45 to get nfs working but its fail. So far all is working but when I on client side on the mounted area a strace touch /my/nfs/testfile its hangs on open the file. I get no errors in any logfile. Grüße Jens _______________________________________________ rsbac mailing list rsbac <at> rsbac.org http://www.rsbac.org/mailman/listinfo/rsbac
23 May 2013 05:25
Re: (no subject)
somayeh razeghi <razeghi79 <at> yahoo.com>
2013-05-23 03:25:23 GMT
2013-05-23 03:25:23 GMT
iLearn H0w t0 Make health 0nl1ne Fast http://classicthairidgeback.com/www.foxnews.com.addmoneynews.homebuisness3.php
22 May 2013 23:42
linux-3.9.y
Jens Kasten <jens <at> kasten-edv.de>
2013-05-22 21:42:30 GMT
2013-05-22 21:42:30 GMT
Hi, latest pull on linux-3.9.y(3.9.3) produce this error. rsbac/data_structures/gen_lists.c: In Funktion »rsbac_list_ta_commit«: rsbac/data_structures/gen_lists.c:8166:29: Fehler: Ungültige Operanden für binäres != (haben »rsbac_uid_t« und »kuid_t«) rsbac/data_structures/gen_lists.c: In Funktion »rsbac_list_ta_forget«: rsbac/data_structures/gen_lists.c:8276:29: Fehler: Ungültige Operanden für binäres != (haben »rsbac_uid_t« und »kuid_t«) rsbac/data_structures/gen_lists.c: In Funktion »rsbac_list_ta_refresh«: rsbac/data_structures/gen_lists.c:8381:29: Fehler: Ungültige Operanden für binäres != (haben »rsbac_uid_t« und »kuid_t«) rsbac/adf/adf_main.c: In Funktion »rsbac_fake_uid«: rsbac/adf/adf_main.c:3204:8: Fehler: Argument falschen Typs für unäres Ausrufungszeichen rsbac/adf/adf_main.c:3207:7: Fehler: unverträgliche Typen bei Rückgabe von Typ »kuid_t«, aber »rsbac_uid_t« wurde erwartet rsbac/adf/adf_main.c:3213:9: Fehler: unverträgliche Typen bei Rückgabe von Typ »kuid_t«, aber »rsbac_uid_t« wurde erwartet rsbac/adf/adf_main.c:3225:9: Fehler: unverträgliche Typen bei Rückgabe von Typ »kuid_t«, aber »rsbac_uid_t« wurde erwartet rsbac/adf/adf_main.c:3233:11: Fehler: unverträgliche Typen bei Rückgabe von Typ »kuid_t«, aber »rsbac_uid_t« wurde erwartet rsbac/adf/adf_main.c: In Funktion »rsbac_fake_euid«: rsbac/adf/adf_main.c:3243:8: Fehler: Argument falschen Typs für unäres Ausrufungszeichen rsbac/adf/adf_main.c:3246:7: Fehler: unverträgliche Typen bei Rückgabe von Typ »kuid_t«, aber »rsbac_uid_t« wurde erwartet rsbac/adf/adf_main.c:3253:9: Fehler: unverträgliche Typen bei Rückgabe(Continue reading)
18 May 2013 03:25
CVE-2013-2094: Linux privilege escalation
Mikko Rinne <blackop <at> blackop.net>
2013-05-18 01:25:14 GMT
2013-05-18 01:25:14 GMT
Hi, few days ago a quite serious linux kernel vulnerability was announced that goes all the way from 2.6.37 to 3.8.9; - https://isc.sans.edu/diary/CVE-2013-2094%3A+Linux+privilege+escalation/15803 Has this been fixed in RSBAC enabled kernels?
13 May 2013 14:23
A problem when pulling linux-3.8.y
Mikko Rinne <blackop <at> blackop.net>
2013-05-13 12:23:08 GMT
2013-05-13 12:23:08 GMT
Hey, I just ran in to a small problem when trying to clone linux-3.8.y; # git clone git://rsbac.org/linux-3.8.y linux-3.8 Cloning into 'linux-3.8'... remote: fatal: Out of memory, realloc failed remote: aborting due to possible repository corruption on the remote side. fatal: early EOF fatal: index-pack failed I tried cloning with two different comps, both saying that. But when pulling down linux-3.7.y, that one works. Still thought to mention this, Regards, Mikko Rinne
24 Apr 2013 00:25
PaX options required by clamav
Javier Juan Martínez Cabezón <tazok.id0 <at> gmail.com>
2013-04-23 22:25:27 GMT
2013-04-23 22:25:27 GMT
After almost being crazy because of this question I finished with my Dazuko problems related, CONFIG_PAX_USERCOPY and CONFIG_PAX_MEMORY_UDEREF must be disabled in the kernel config. I think this point should be introduced in the handbook in DAZ module, until this will be truth, I expect this could serve as a substitution if someone search info related about this. Thanks a lot Amon for your points I got disoriented at all before this. PD: I think that PaX Softmode should be put in the handbook too, at least a point that it does only permit anyone to set/read PaX Flags until my Known without disabling any functionality (one softmode approach could be for example setting all flags to permxs, but others as uderef, usercopy etc etc got free to kill whatever they want) Another question useful to the handbook (I will not finish until our beloved "handbook" would need 300 kg of paper to print....at least) is some tips about configuration of su, removing for example pam_rootok (incompatible with the following configuration), removing CHANGE_OWNER against USER right and all AUTH caps and grant only CHANGE_AUTHED_OWNER of course with UM and permiting AUTH to suid all authed uid and GID. I think this is the most secure approach and because of this a serious candidate to the handbook. The same with login. ssh is a bit trickier, with the permanently_set[uid] from the damned uidswap.c, and their demonical setresuid() calls when I got one nice(Continue reading)
26 Feb 2013 01:16
Invitation to connect on LinkedIn
Asaf Gery <asaf.gery <at> gmail.com>
2013-02-26 00:16:17 GMT
2013-02-26 00:16:17 GMT
LinkedIn ------------ RSBAC, I'd like to add you to my professional network on LinkedIn. - Asaf Asaf Gery Consultant at My own business Israel Confirm that you know Asaf Gery: https://www.linkedin.com/e/-2xixxg-hdmb1u6n-5m/isd/11294769667/eBlYdvLF/?hs=false&tok=3ZPu5aEmhgllE1 -- You are receiving Invitation to Connect emails. Click to unsubscribe: http://www.linkedin.com/e/-2xixxg-hdmb1u6n-5m/XL-ahFm3iL_xijDWcV-GJPBJCJ/goo/rsbac%40rsbac%2Eorg/20061/I3736010279_1/?hs=false&tok=0C90nlhZxgllE1 (c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA.
RSS Feed