1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
diff -Naur tomoyo-tools.orig/tomoyo_init_policy.c tomoyo-tools/tomoyo_init_policy.c
--- tomoyo-tools.orig/tomoyo_init_policy.c 2009-07-27 15:00:00.000000000 +0900
+++ tomoyo-tools/tomoyo_init_policy.c 2009-07-29 01:56:32.000000000 +0900
@@ -728,6 +728,15 @@
echo("file_pattern "
"/tmp/crontab.\\?\\?\\?\\?\\?\\?/crontab");
}
+ const char *exe = which("crontab");
+ if (!exe)
+ return;
+ if (fgrep("crontab.XXXXXXXXXX", exe))
+ echo("file_pattern /tmp/crontab.XXXX\\?\\?\\?\\?\\?\\?");
+ if (fgrep("crontab.XXXXXX", exe))
+ echo("file_pattern /tmp/crontab.\\?\\?\\?\\?\\?\\?");
+ if (fgrep("fcr-XXXXXX", exe))
+ echo("file_pattern /tmp/fcr-\\?\\?\\?\\?\\?\\?");
}
static void make_globally_readable_files(void)
@@ -737,6 +746,8 @@
"/etc/ld.so.cache", "/proc/meminfo",
"/proc/sys/kernel/version", "/etc/localtime",
"/usr/lib/gconv/gconv-modules.cache",
+ "/usr/lib32/gconv/gconv-modules.cache",
+ "/usr/lib64/gconv/gconv-modules.cache",
"/usr/share/locale/locale.alias"
};
int i;
@@ -813,6 +824,7 @@
"/sbin/syslogd",
"/sbin/udevd",
"/usr/X11R6/bin/xfs",
+ "/usr/bin/dbus-daemon",
"/usr/bin/dbus-daemon-1",
"/usr/bin/jserver",
"/usr/bin/mDNSResponder",
@@ -906,6 +918,11 @@
echo("file_pattern /var/spool/squid/\\*/\\*/");
echo("file_pattern /var/spool/squid/\\*/\\*/\\*");
}
+ if (!lstat("/var/cache/squid", &buf) && S_ISDIR(buf.st_mode)) {
+ echo("file_pattern /var/cache/squid/\\*/");
+ echo("file_pattern /var/cache/squid/\\*/\\*/");
+ echo("file_pattern /var/cache/squid/\\*/\\*/\\*");
+ }
}
static void make_patterns_for_spamd(void)
@@ -1059,6 +1076,10 @@
}
if (fgrep("/tmp/whatis.XXXXXX", exe))
echo("file_pattern /tmp/whatis.\\?\\?\\?\\?\\?\\?");
+ if (fgrep("/tmp/whatis.tmp.dir.$$", exe)) {
+ echo("file_pattern /tmp/whatis.tmp.dir\\$/");
+ echo("file_pattern /tmp/whatis.tmp.dir\\$/w");
+ }
}
static void make_patterns_for_automount(void)
@@ -1238,6 +1259,10 @@
echo("file_pattern /etc/gshadow.\\$");
echo("file_pattern /etc/passwd.\\$");
echo("file_pattern /etc/shadow.\\$");
+ echo("file_pattern /etc/group.edit");
+ echo("file_pattern /etc/gshadow.edit");
+ echo("file_pattern /etc/passwd.edit");
+ echo("file_pattern /etc/shadow.edit");
echo("file_pattern /var/cache/logwatch/logwatch.\\*/");
echo("file_pattern /var/cache/logwatch/logwatch.\\*/\\*");
echo("file_pattern /var/tmp/sqlite_\\*");
|