Tab (no exec) triggers script on Bash on grsec admin

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

Tab (no exec) triggers script on Bash on grsec admin

Postby timbgo » Fri May 05, 2017 12:55 am

title: Tab (no exec) triggers script on Bash on grsec admin
(posting in a rush, the title may change yet)
This is also good for newbies, to see the great beneficial reporting that the
exec_logging feature of grsecurity does.

Pls. have a look at:

Strange script planted with Bash ... ange-bash/

and see the syslog excerpt there: ... 4_2155_g0n

Viewing the screencast: ... 1_g0n.webm

it can clearly be seen that no command was issued in the terminal. That
script (or whatever that is) was activated upon merely typing:

Code: Select all
rsync -nav <some-dir>/<some-dir>/

and pressing Tab.

And it tries to change conf files like /etc/ssh/ssh_config...

rsync is not executed at all. Only bash, and only bash tab.

I can almost clearly see that this is foreign meddling into my

There appear to be some interest on Gentoo User mailing list into this issue,
pls. see:

Inconsistent behavior in my Gentoo OS instance

If I don't post soon, I am likely building my system anew, and unavailable for

I welcome if anyone has some explanation and/or advice in regard to this
tab-triggering-script-on-bash situation.

Miroslav Rovis
Zagreb, Croatia
Try refute: rootkit hooks in kernel,
linux capabilities for intrusion? (Linus?)
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am
Location: Zagreb, Croatia

Return to grsecurity support