grsecurity forums


http://forums.grsecurity.net./

ACL for Create and Unlink

http://forums.grsecurity.net./viewtopic.php?f=5&t=81

Page 1 of 1

ACL for Create and Unlink

PostPosted: Wed Jul 03, 2002 3:41 am
by \etron
I would like to see, as far as the acls go, the ability to allow or deny creating files in a directory.
So, for example, in /dev (a common place for hiding intruder log files, programs etc), you allow reading to and from devices, allow reading the contents of the directory, but do not allow creating new files.
Basically, have an acl for allowing/denying sys_creat and sys_open, also, perhaps for more fine grained access, denying sys_unlink as well.

PostPosted: Thu Jul 04, 2002 6:04 pm
by spender
that falls under write mode....if you can write, you can create or remove. The problem with making a specific flag for removing files is that with having write access, you can truncate(0) the file...the only difference between that and unlink(2) is that with unlink the file is gone.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/