Grsecurity RBAC is an access control system developed on top of Linux systems, deployed as a patch to the OS kernel. It supports the definition and dynamic enforcement of fine-grained access control policies.
In a paper recentely accepted for presentation at IEEE CSF 2012, we formalize Grsecurity RBAC semantics and, based on that, we develop gran, a tool for checking security flaws on real Grsecurity policies.
We also provide a virtual machine for testing gran and Grsecurity RBAC. Instructions and credentials are in the README file shipped with the virtualbox ova file.
Resources:
- Paper: Gran: model checking grsecurity RBAC policies
- Gran webpage at GitHub
- VirtualBox image: gran_vm-20120625.tar.bz2, Jun 25, 2012 (md5sum: 48e1cd88684475ec9e15ca398ed5c7d7)
Challenge
There is a challenge inside the virtual image. After configuring the network, enable Grsecuriy RBAC by typing gradm -E as root and logout. Point your browser to http://virtual_machine_ip and read the service description. You are now ready to enjoy the service by connecting via ssh as user chuck (password: chuck). Your mission consists of retrieving the flag stored in /var/courses/compilers/flag.txt !