<<< Date Index >>>     <<< Thread Index >>>

rsbac 1.2.3 jail security problems



Amon Ott has released a security bugfix for RSBAC 1.2.3. The problem was
discovered regarding to the RSBAC JAIL implementation. Please read the
attached original release note if interested.  The bugfix is available for
download at

 http://www.rsbac.org/download/bugfixes/

For beginners, RSBAC is:
-Free Open Source (GPL) Linux kernel security extension
-Independent of governments and big companies
-Implements several well-known and new security models, e.g. MAC, ACL and
RC
-Control over individual user and program network accesses
-Any combination of models possible
-Easily extensible: write your own model for runtime registration
-Support for current kernels
-Stable for production use

----------------------
>From ao<at@>rsbac.org Wed Jun 30 16:34:51 2004
Date: Wed, 30 Jun 2004 14:03:29 +0200
From: Amon Ott <ao<at@>rsbac.org>
Reply-To: RSBAC Discussion and Announcements <rsbac@xxxxxxxxx>
To: RSBAC Discussion and Announcements <rsbac@xxxxxxxxx>
Subject: [rsbac] Bugfix 1.2.3-3 / JAIL

Hi everyone,

here comes another bugfix. Thanks to Brad for providing details.

Because of this and other security relevant bugfixes contained in the
v1.2.3 release, all people using JAIL module are requested to update ASAP
to RSBAC v1.2.3 with this bugfix applied. Pre-patched kernel updates will
soon follow.

One important note: When upgrading from previous versions to v1.2.3, you
must change your calls to rsbac_jail, because the syntax has changed. I
also recommend to restrict the Linux capabilites available to your jailed
services with the new JAIL cap restriction feature.


3. JAIL: suid/sgid files can be created inside jail

    * Urgency: Medium.
    * What you see: Programs can create suid and sgid files with sys_creat,
sys_open and sys_mknod inside jails.
    * What is wrong: In the JAIL module CREATE check, the corresponding
mode values are not checked.
    * Implications: Possible indirect privilege escalation inside the jail.
    * Credits: Thanks to Brad Sprengler for reporting this bug.
    * RSBAC versions affected: 1.2.2-1.2.3.
    * What you should do: Apply this patch (MD5 / GnuPG Cert) to get the
bug corrected, recompile the kernel, reinstall and reboot.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
_______________________________________________
rsbac mailing list
rsbac<at.rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac