Subject: Re: veriexec: Incorrect access type.
To: Nino Dehne <ndehne@gmail.com>
From: Brett Lymn <blymn@baesystems.com.au>
List: current-users
Date: 07/27/2005 20:36:22
On Wed, Jul 27, 2005 at 12:52:01PM +0200, Nino Dehne wrote:
> 
> The shell scripts have no FILE flags. I used a slightly modified script
> based on the gen_* examples. The main logic is the same, though.
> 

Cool - that's what I suspected.  There is a small logic flaw in
enforcing how a file can be used, basically because /bin/sh is marked
as able to be executed directly but when it is used as a shell
interpreter it is seen as being executed indirectly so the usage
enforcement.  You could shut it up by marking /bin/sh as INDIRECT but
it means that you will get the same message if you ever try to execute
/bin/sh directly (i.e. type /bin/sh at a shell command  line).  If you
choose to do this and want to go securelevel 2 then make sure you
change the shell for any users that use /bin/sh as their login shell
otherwise they will not be able to log in.

This is what INDIRECT is meant for actually, if you mark an executable
INDIRECT then it can _only_ be used as a shell interpreter, not be
invoked on a command line.  So you can have scripts that are allowed
to run because they have fingerprints but the shell interpreter cannot
be misused by creating new scripts (no fingerprint, not allowed) or
redirecting input into an instance of the shell interpreter (not
allowed to run the interpreter directly...)

I will get a fix in and pulled up as soon as I can.

-- 
Brett Lymn