grsecurity forums

Hi all,
I'm having problems getting strace to run correctly. I've gone as far as disabling grsec's ACL's completely with 'gradm -D', but I stil get the above error. I'm trying to strace the /usr/bin/updatedb command to figure out why (since installing grsec) it's seg faulting.

I have relatively liberal ACL's, and a gradm -T shows the following:
/sbin/gradm -T /usr/bin/strace /usr/bin/updatedb
Allowed access for /usr/bin/updatedb from /usr/bin/strace:
Read: yes
Write: no
Append: no
Execute: yes
Hidden: no
Inherit ACL on exec: no
Read-only ptrace: no
Audit reads: no
Audit writes: no
Audit execs: no
Audit appends: no
Audit finds: no
Audit inherits: no

In the / acl I have enabled CAP_SYS_PTRACE.

Any ideas on how to fix this problem?
Thanks,
Ethan

It's not grsecurity causing the problem. I believe the new ptrace patch that is included in 1.9.9e caused that. I'm not aware of any workaround. If the ptrace patch causes problems where it shouldn't, they will (hopefully) be fixed before 2.4.21 final is released.

-Brad

If the ptrace patch causes problems where it shouldn't, they will (hopefully) be fixed before 2.4.21 final is released.

So are you saying that this is a problem with the default Linux kernel? Is the ptrace patch included in a vanilla 2.4.20 kernel tarball?

Thanks,
Ethan

No, it's due to the ptrace patch that was released recently to fix the local root ptrace hole in linux <= 2.4.21-pre5. So, a default 2.4.20 kernel won't have the problem you're experiencing, but it will have an easily exploitable local hole.

-Brad

hi all,
I have a similar problem afther upgrading to kernel 2.4.18-27.7.x

Using trace process (on a cPanel 6.2 server) i recive the following error:

trace: ptrace(PTRACE_SYSCALL, ...): Operation not permitted

not sure if this problem comes from the kernel it'selves....

That kernel contains the same ptrace fix causing the problem above.

-Brad

ah.. ok thank you for this info.