Rule Set Based Access Control (RSBAC) 1.3.5 has been released for both
Linux kernels 2.4.34.5 and 2.6.22.1.
You can download the new version from http://www.rsbac.org
RSBAC is one of the leading access control systems for the Linux
kernel with a good selection of access control models, see
http://www.rsbac.org/why for more details.
Important changes since 1.3.4:
* Fixes compilation errors with some configurations.
* Some safety measures with null pointers.
* Fixes an important bug with User Management password hashing,
introduced with newer 2.6 kernel crypto API.
Major improvements over the 1.2.x series:
Speed and scalability:
- Cache for inherited filesystem attribute values
- Automatically scaling hash tables for generic lists to minimize
list lookups
- Change network templates to handle up to 25 ip networks and up to
10 port ranges per template
- Various smaller optimizations
More control:
- Fine grained setuid control also in RC (type of the target user)
and ACL (acl at the target user) models
- UNIX sockets as new filesystem target type, thus more fine grained
control with RC types and ACLs
- Further improved IPC communication control
- RSBAC User Management password history with configurable length to
avoid password reuse.
- New request type AUTHENTICATE against USER targets. No
authentication against RSBAC UM without this right in RC and ACL, so
even harder to brute force attack
Rule Set Based Access Control (RSBAC) 1.3.5 has been released for both
Linux kernels 2.4.34.5 and 2.6.22.1.
You can download the new version from http://www.rsbac.org
RSBAC is one of the leading access control systems for the Linux
kernel with a good selection of access control models, see
http://www.rsbac.org/why for more details.
Important changes since 1.3.4:
* Fixes compilation errors with some configurations.
* Some safety measures with null pointers.
* Fixes an important bug with User Management password hashing,
introduced with newer 2.6 kernel crypto API.
Major improvements over the 1.2.x series:
Speed and scalability:
- Cache for inherited filesystem attribute values
- Automatically scaling hash tables for generic lists to minimize
list lookups
- Change network templates to handle up to 25 ip networks and up to
10 port ranges per template
- Various smaller optimizations
More control:
- Fine grained setuid control also in RC (type of the target user)
and ACL (acl at the target user) models
- UNIX sockets as new filesystem target type, thus more fine grained
control with RC types and ACLs
- Further improved IPC communication control
- RSBAC User Management password history with configurable length to
avoid password reuse.
- New request type AUTHENTICATE against USER targets. No
authentication against RSBAC UM without this right in RC and ACL, so
even harder to brute force attack
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
[ reply ]