Listing 3. Virtual Spaces Example

// Whole file system is in virtual space 2 (10
// binary)
recursive for set "/"
vs=0b10;
// but /tmp is changed to be in VS 1 (01 binary)
recursive for set "/tmp"
vs=0b01;
// for deletion of /tmp/delme
for unlink "/tmp/delme" {
// Log process info for this attempt
log_proc;
// Apply next setting to this process (rm) parent
// (it's your shell)
apply = A_FOR_PARENT;
// or apply it for all processes with your login
// id (uid)
apply = A_FOR_LOGIN;
// Put parent/all processes to virtual space 2
vs=0b10;
// they can see (vss) just the second virtual
// space, that means not the first
vss=0b10;
// return success to calling process (rm), but do
// do not allow this operation. We are faking
// success, so attacker can think he is
// successful. To return error, use NO.
answer = SKIP;
}

Output Messages

[robo@unicorn /tmp]$ ls -l delme
-rw-rw-r--   1 robo     robo     28 Jan 20 22:34 delme
[robo@unicorn /tmp]$ id
uid=500(robo) gid=500(robo) groups=500(robo)
[robo@unicorn /tmp]$ rm delme
Medusa: Security d
ecap=00000000)  delme (/tmp/delme)
Medusa: Security d
ecap=00000000)  delme (/tmp/delme)
[robo@unicorn /tmp]$ ls -l
ls: .: Operation not permitted
[robo@unicorn /tmp]$ cd ..
[robo@unicorn /]$ cd /tmp
bash: /tmp: Operation not permitted