grsecurity forums

[protoloco]

well, i hope somebody can help me.
i installed the kernell-patch-grsecurity that comes in debian,
and i did it
doing apt-get install kernell-patch-grsecurity and apt installed it,
but somebody told me that first i had to re-configure my kernell and re-compile it, to enable grsecurity something like that and i think so
that patch grsecurity took out the patch of ptrace, yeah i had ptrace patched from the resent bug like 3 months ago, now i use the exploit of ptrace to get root to my system and it gets root. so i think grsecurity took off the patch of ptrace, now what i have to do ? to patch against the ptrace bug and what to do to install Grsecurity WELL without errors like this one. Now ptrace is vulnerable or the old bug. or you seggest to install a new kernell i have the 2.4.17, i could update > to 2.4.20 ?. or what . Other thing.

And in Gentoo i enabled the grsecurity option in the kernell so that means that is installed ? now what i have to do ??
read the manuals that comes here ??? or i have to activate something in somewhere inside gentoo ??

well i hope so somebody can help me!

see you later from Mexico!


poncho

[thomasko]

you should install latest kernel and patch it with latest grsecurity patch. grsecurity in woody is in version 1.9.4, which is pretty old now .

btw: are you sure, that your system was not vulnerable to ptrace exploit *before* you "installed" grsecurity?

i also recommend you to read some how-to about kernel compiling, because it seems to me, that you don't understand the process of building and installing new kernel very well. after doing so, you'll understand that doing only 'apt-get install kernel-patch-2.4-grsecurity' is *not* enough for installing grsecurity.

note: look at package make-kpgk in your debian system, it could help you with kernel compilation.

th.

[protoloco]

thanks thomasko. More suggestions about my case, Yes
i had patched my kernell of ptrace.
i have the kernell 2.4.18-bf24 of debian woody 3.0.
but somebody told me try if the patch if already there, and it wasnt cuz
the exploit was getting again root!.
But well. Somebody can Suggest me a good manual of install grsecurity ?
cuz that one that comes here is pretty hard to a newbie. how can i know if grsecurity is activated ?, And to see the logs of the commands that type and user exe() ?.
well i have many doubts! how you can see so i need a very well manual explained about grsecurity.
well see you later!

Bye!

help!

[spender]

What probably happened, if indeed you are using the latest version of grsecurity, is the exploit that has been distributed modifies itself after you run it successfuly so that it is setuid root. Thus, any time you execute it after that, it will appear to succeed every time. Check the setuid bit on the exploit.

-Brad

[thomasko]

brad: yes, you're right.

protoloco: remove exploit binary before trying again and recompile.
btw. apt-get install grsec-patch *does not* patch your kernel, it only fetch patch sources and maybe automatically patch kernel sources, but you still have to compile and install new kernel.

try 'uname -r' to see what version of kernel you're running. it should be something like 2.4.XX-grsec, if you patched kernel correctly.

th.

[dhldns]

Dumb question maybe, but does the ptrace patch and grsecurity have to be applied or does grsecurity include a patch for the ptrace exploit too?

[spender]

grsecurity includes the patch. The next release will be for the 2.4.21 kernel, and thus won't need it.

-Brad

[dhldns]

Awesome, thank you