Help! Help! I am Stucking!!!

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Help! Help! I am Stucking!!!

Postby Dorty » Thu May 08, 2003 3:03 pm

Fakt in the ACL for ... doesnt matter for what ...

i hide a file like

/ h
/root h

What happens:

May 8 20:51:08 router kernel: grsec: From 192.168.0.5: denied access to hidden file / by (rbash:5262) UID(501) EUID(501), parent (sshd:5260) UID(0) EUID(0)

Cool seams to work ... shocking reality
# ls /
bin dev home media mnt proc sbin usr www
cdrom etc lib mldonkey opt root tmp var
# cd /
Restricted ...

nothing is hidden :( damn
but why ?
it seams like always files defined in
/ {
section
}

are hidden but in no other sektion ... ?!?
oh cool
cd / says file not exist ;) but lt works ... :roll: but why ?


heres the acl:
/bin/rbash {
/ h
/mnt rw
/dev
/dev/urandom r
/dev/random r
/dev/zero rw
/dev/input rw
/dev/psaux rw
/dev/null rw
/dev/tty0 rw
/dev/tty1 rw
/dev/tty2 rw
/dev/tty3 rw
/dev/tty4 rw
/dev/tty5 rw
/dev/tty6 rw
/dev/tty7 rw
/dev/tty8 rw
/dev/tty9 rw
/dev/console rw
/dev/tty rw
/dev/ttyp0 rw
/dev/ttyp1 rw
/dev/ttyp2 rw
/dev/ttyp3 rw
/dev/ttyp4 rw
/dev/ttyp5 rw
/dev/ttyp6 rw
/dev/ttyp7 rw
/dev/ttyp8 rw
/dev/ttyp9 rw
/dev/ttypa rw
/dev/ttypb rw
/dev/ttypc rw
/dev/ttypd rw
/dev/ttype rw
/dev/ttypf rw
/dev/pts rw
/dev/ptmx rw
/dev/hdd r
/dev/mem h
/dev/kmem h

/dev/tty rw
/dev/ttyp0 rw
/dev/ttyp1 rw
/dev/ttyp2 rw
/dev/ttyp3 rw
/dev/ttyp4 rw
/dev/ttyp5 rw
/dev/ttyp6 rw
/dev/ttyp7 rw
/dev/ttyp8 rw
/dev/ttyp9 rw
/dev/ttypa rw
/dev/ttypb rw
/dev/ttypc rw
/dev/ttypd rw
/dev/ttype rw
/dev/ttypf rw
/dev/pts rw
/dev/ptmx rw
/dev/hdd r
/dev/mem h
/dev/kmem h
/dev/port h

/lib rx

/proc rxw
/proc/kcore h
/proc/sys r

/mldonkey h

/tmp rw

/var rxw
/var/tmp rw
/var/log r

/bin rx
/bin/ash h
/bin/bash h
/bin/csh h
/bin/ksh h
/bin/sh h

/usr rx
/usr/bin/passwd h
/usr/bin/bash h
/usr/bin/rbash h
/usr/bin/zsh h

/etc rx
/etc/rc.d h
/etc/passwd h
/etc/passwd- h
/etc/passwd.YaST2save h
/etc/shadow h
/etc/shadow- h
/etc/shells h
/etc/grsec h

/home/maulwurf rxw
-CAP_ALL
RES_FSIZE 50208 50208
RES_DATA 2100960 2100960
RES_STACK 29672 29672
RES_RSS 0 0
RES_NPROC 4 4
RES_NOFILE 260 260
RES_MEMLOCK 0 0
RES_AS 6461408 6461408
RES_LOCKS 0 0

connect {
disabled
}

bind {
disabled
}

}


before u say oh what a dumbass *g* i also tried to do it simpler way hiding just /root .... also dont worked :| dunno why

Stanadrt Suse-Linux 8.0-Prof. with current GrSec. on an reiserfs ( or was it ext2 .. cant remember +g+)
Dorty
 
Posts: 3
Joined: Thu May 08, 2003 2:53 pm

Postby goodbyte » Fri May 09, 2003 2:25 am

From what I can remember, there are problems hiding mountpoints, since they have two different inode numbers (one in the mounted filesystem and one in the parent filesystem).

Though it seem strange that you have problems hiding root (unless that also is a separate filesystem).
goodbyte
 
Posts: 32
Joined: Sun May 12, 2002 4:33 am

Strange is the Point :)

Postby Dorty » Fri May 09, 2003 1:58 pm

The Linux-System is not newly installed and not really old ..... max. 1,5 months and so i understand why its .... all i want is to solve the problem :) but how ?
dont think recompiling the kernel would solve anything...
and reinstallation ... no ... *damdumdamdidumdam*
and what now ? :cry:
Dorty
 
Posts: 3
Joined: Thu May 08, 2003 2:53 pm


Return to grsecurity support