Hi,
I'm trying to use a perlscript, which itself loads some Crypto-perlmodules. When I execute it, I see the following message in the log:
Jan 22 19:48:41 tpol kernel: grsec: From *.*.*.*: attempt to mmap [03:06:193017] MD5.so executable by (note:4182) UID(1000) EUID(1000), parent (bash:5785) UID(1000) EUID(1000)
I added the following (test-) config to the acl:
/usr/bin/note XO {
/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so rx
+CAP_ALL
}
but this doesn't help. So - how can I get the script working ?
regards, scip
PS: grsec version: 1.9.8-2.4.20
how to allow mmap of perl module lib (MD5.so) ?
4 posts
• Page 1 of 1
how to allow mmap of perl module lib (MD5.so) ?
by scip » Wed Jan 22, 2003 2:59 pm
- scip
- Posts: 3
- Joined: Wed Jan 22, 2003 2:50 pm
by spender » Wed Jan 22, 2003 3:23 pm
The log is from the ACL system, so it should work if you did a valid gradm -D. Try using the learning mode on it. Using 1.9.9-rc3 (or current CVS) could also help you debug the problem, as it always logs full paths, so you don't have to deal with the inode/device numbers.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by scip » Wed Jan 22, 2003 6:08 pm
I tried the learning mode. Normally in learning mode, the program should work at all (I used the learning mode config example of the documentation, which worked so far for all other programs). But this doesn't really help me. I am getting the following log entry (shortened):
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193027:/usr/local/lib/perl/5.6.1/Digest/MD5.pm:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193027:/usr/local/lib/perl/5.6.1/Digest/MD5.pm:1
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193016:/usr/local/lib/perl/5.6.1/auto/Digest/MD5:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193025:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.bs:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:1
Jan 22 23:02:33 tpol kernel: grsec: From 217.80.251.119: attempt to mmap [03:06:193017] MD5.so executable by (note:8402) UID(1000) EUID(1000), parent (bash:26321) UID(1000) EUID(1000)
oh, and yes, I am very sure, I disabled successfully the acls using gradm -D, because other stuff which normally doesn't work if acls are enabled, worked very well.
- scip
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193027:/usr/local/lib/perl/5.6.1/Digest/MD5.pm:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193027:/usr/local/lib/perl/5.6.1/Digest/MD5.pm:1
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193016:/usr/local/lib/perl/5.6.1/auto/Digest/MD5:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193025:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.bs:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:1
Jan 22 23:02:33 tpol kernel: grsec: From 217.80.251.119: attempt to mmap [03:06:193017] MD5.so executable by (note:8402) UID(1000) EUID(1000), parent (bash:26321) UID(1000) EUID(1000)
oh, and yes, I am very sure, I disabled successfully the acls using gradm -D, because other stuff which normally doesn't work if acls are enabled, worked very well.
- scip
- scip
- Posts: 3
- Joined: Wed Jan 22, 2003 2:50 pm
4 posts
• Page 1 of 1