GAC implementation has proved to be very efficient, especially in cases where there are hundreds of file accesses in a second, but it has the following restrictions:
GAC_root=1
The default value of the token is 0. To restore the default, set the token to 0, or remove the token.
Let us examine an example of how someone might try to take advantage of this loophole. User Tony is not authorized to access the file Accounts/tmp. So Tony surrogates (through /bin/su) to user Sandra, who is authorized to access Accounts/tmp. If Sandra has already accessed the Accounts/tmp file, the file appears in the do-not‑call‑me table with her UID. Tony, using Sandra's UID, is then permitted to access the file. This is because the kernel code does not maintain the history of UIDs.
However, if Sandra has not previously accessed the file, the access permissions are checked in the regular manner using seosd, and Tony is denied access to the file. To close this loophole, the ADMIN user must protect the SURROGATE objects in the database. For this example, the ADMIN could add the following rule to the database:
newres SURROGATE USER.Sandra default(N) owner(nobody)
This command ensures that Tony cannot use the su command to gain Sandra's access privileges.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|