ACLs are being ignored?? kind of??!!

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

ACLs are being ignored?? kind of??!!

Postby vpolyakov » Wed Jan 22, 2003 12:33 am

extremely weird problem here.
my ACL file follows:

/ {
/ r
/opt rx
/home rwx
/mnt rw
/dev
/dev/urandom r
/dev/random r
/dev/zero rw
/dev/input rw
/dev/psaux rw
/dev/null rw
/dev/tty0 rw
/dev/tty1 rw
/dev/tty2 rw
/dev/tty3 rw
/dev/tty4 rw
/dev/tty5 rw
/dev/tty6 rw
/dev/tty7 rw
/dev/tty8 rw
/dev/console rw
/dev/tty rw
/dev/pts rw
/dev/ptmx rw
/dev/dsp rw
/dev/mixer rw
/dev/ippp0 rw
/dev/ippp1 rw
/dev/ippp2 rw
/dev/ippp3 rw
/dev/ippp4 rw
/dev/ippp5 rw
/dev/ippp6 rw
/dev/ippp7 rw
/dev/initctl rw
/dev/fd0 r
/dev/cdrom r
/dev/mem h
/dev/kmem h
/dev/port h
/bin rx
/sbin rx
/lib rx
/usr rx
/etc rx
/proc rwx
/proc/kcore h
/proc/sys r
/root r
/tmp rw
/var rwx
/var/tmp rw
/var/log r
/boot r
/etc/grsec h

-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_MKNOD
-CAP_SYS_RAWIO
-CAP_SYS_MODULE
}

/sbin/syslogd {
/dev/log rw
/var/log wo
}

/sbin/klogd {
/dev/log rw
}

/usr/sbin/cron {
/dev/log rw
}

/bin/login {
/dev/log rw
/var/log/wtmp rw
/var/log/lastlog rw
/var/log/faillog rw
}
/sbin/init {
/var/log/wtmp rw
}
/bin/bash {
/root/.bash_history ar
}
/sbin/agetty {
/var/log/wtmp rw
}
#/usr/sbin/sshd {
# /dev/log rw
#}

/usr/sbin/tcpd {
/dev/log rw
}
/usr/sbin/sshd poX {
/var/run
/var/run/sshd.pid rw
/var/run/utmp rw
/var/log/wtmp w
/var/log
/root
/proc
/dev
/dev/log rw
/dev/tty rw
/dev/null rw
/dev/pts rw
/dev/ptmx rw
/var/run/sshd
/var/mail
/var/log/lastlog rw
/usr/lib rx
/lib rx
/home
/etc r
/etc/grsec h
/bin/bash x
/usr/bin/sshd x
/tmp rw
/ r

-CAP_ALL
+CAP_CHOWN
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
+CAP_SYS_RESOURCE
+CAP_SYS_TTY_CONFIG
+CAP_DAC_OVERRIDE

RES_CRASH 1 10m

connect {
0.0.0.0/0:53 dgram udp
}

bind {
0.0.0.0/0:22 stream tcp
}
}


now, as you can see / is hidden from sshd
yet when i login through ssh i can still see / ??
but if i change / to h in the default ACL, and / r in sshd - sshd still doesnt see /
what the hell is going on here?
vpolyakov
 
Posts: 7
Joined: Tue Jan 21, 2003 12:36 pm

Postby spender » Wed Jan 22, 2003 3:19 pm

when you're logged in through ssh, it's the shell that is looking in / (or whatever app like ls that you used to try to look in it), not sshd itself. The ACL system is working like it's supposed to. Run pstree and familarize yourself with the process hierarchy.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support