Steffen Schuetz wrote on 02/09/2006 22:47:
>> "native-getuid: permit as root" doesn't work in a systrace policy
>
> You should try "true then permit as root"
yes, that's it.
have forgotten the true :)
thanks
Regards
Julien
On Saturday 02 September 2006 12:14, Julien TOUCHE wrote:
[cut]
>
> i don't get it ???
>
> "native-getuid: permit as root" doesn't work in a systrace policy
You should try "true then permit as root"
> $ sudo /bin/systrace -a -c 556:556 /usr/local/sbin/fping localhost
> syntax error
> /etc/systrac
Ted Unangst wrote on 01/09/2006 23:54:
>> isn't it limited to a deny (returning an errorcode) ? so how ?
>>
>> native-getuid: permit
>>
>> native-getuid: permit[0] => error
>> native-getuid: permit as root => error
>
> yeah, actually i think you want "as root", but for geteuid or whatever
> the ri
On 9/1/06, Julien TOUCHE <[EMAIL PROTECTED]> wrote:
> tried setting the policy to have getuid return an error of 0?
>
>
isn't it limited to a deny (returning an errorcode) ? so how ?
native-getuid: permit
native-getuid: permit[0] => error
native-getuid: permit as root => error
yeah, actually
Ted Unangst wrote on 01/09/2006 21:21:
>> seems fping runs a root check which cannot be overcome by a switch (at
>> least in man)
>> even if the policy of fping is with "as root" for everything it can't
>> run ...
>> anything beyond editing the code ?
>
> tried setting the policy to have getuid re
On 9/1/06, Julien TOUCHE <[EMAIL PROTECTED]> wrote:
i want to use fping with with nrpe/nagios. as security doc of OpenBSD
state, i want to use systrace privilege elevation but ...
$ sudo /bin/systrace -a -c 556:556 /usr/local/sbin/fping localhost
This program can only be run by root, or it must
i want to use fping with with nrpe/nagios. as security doc of OpenBSD
state, i want to use systrace privilege elevation but ...
$ sudo /bin/systrace -a -c 556:556 /usr/local/sbin/fping localhost
This program can only be run by root, or it must be setuid root.
$ sudo /bin/systrace -a /usr/local/sbi
7 matches
Mail list logo
