grsecurity forums

[phrozen]

hi!

i would love if someone could tell me how to get back the standard user account without any permission denied on /proc/net/tcp and without 'secured' w, ps, netstat, wget and stuff.. i tried to change the id number in /etc/passwd, but i think that isn't a point

thanks!

[miha]

if you enabled "GID for special group" under Filesystem Protections in grsecurity section of kernel config (CONFIG_GRKERNSEC_PROC_GID), then add the user to that group.

regards,

[phrozen]

if you enabled "GID for special group" under Filesystem Protections in grsecurity section of kernel config (CONFIG_GRKERNSEC_PROC_GID), then add the user to that group.

regards,

i have enabled the "GID for special group" in kernel config and i have added my account to that group. this group is called 'hi'. but i still have a protected, not fully functional shell :/

--
phrozen@spark:~$ cat /etc/group | grep phrozen
hi:x:112:phrozen
phrozen@spark:~$ id
uid=12367(phrozen) gid=100(users) groups=100(users),112(hi)
phrozen@spark:~$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
/proc/net/tcp: Permission denied
phrozen@spark:~$ wget
-bash: /usr/bin/wget: Permission denied
phrozen@spark:~$
--

[spender]

ls -al /proc, paste the output, so we can see what the special group is.

-Brad

[phrozen]

ls -al /proc, paste the output, so we can see what the special group is.

-Brad

phrozen@spark:~$ ls -la /proc/
total 4
drwxr-xr-x 86 root root 0 Oct 6 1997 ./
drwxr-xr-x 18 root root 4096 Oct 23 16:07 ../
dr-x------ 3 phrozen users 0 Oct 27 15:54 22727/
dr-x------ 3 phrozen users 0 Oct 27 15:54 22728/
dr-x------ 3 phrozen users 0 Oct 27 15:54 22739/
dr-x------ 3 phrozen users 0 Oct 27 15:54 24161/
dr-xr-xr-x 4 root root 0 Oct 27 15:54 bus/
-r--r--r-- 1 root root 0 Oct 27 15:54 cmdline
-r--r--r-- 1 root root 0 Oct 27 15:54 cpuinfo
-r--r--r-- 1 root root 0 Oct 27 15:54 crypto
-r--r--r-- 1 root root 0 Oct 27 15:54 devices
-r--r--r-- 1 root root 0 Oct 27 15:54 dma
dr-xr-xr-x 2 root root 0 Oct 27 15:54 driver/
-r--r--r-- 1 root root 0 Oct 27 15:54 execdomains
-r--r--r-- 1 root root 0 Oct 27 15:54 fb
-r--r--r-- 1 root root 0 Oct 27 15:54 filesystems
dr-xr-xr-x 2 root root 0 Oct 27 15:54 fs/
dr-xr-xr-x 4 root root 0 Oct 27 15:54 ide/
-r--r--r-- 1 root root 0 Oct 27 15:54 interrupts
-r--r--r-- 1 root root 0 Oct 27 15:54 iomem
-r--r--r-- 1 root root 0 Oct 27 15:54 ioports
dr-xr-xr-x 18 root root 0 Oct 27 15:54 irq/
-rw-r--r-- 1 root root 0 Oct 27 15:54 isapnp
-r-------- 1 root root 100667392 Oct 27 15:54 kcore
-r-------- 1 root root 0 Sep 30 16:19 kmsg
-r-------- 1 root root 0 Oct 27 15:54 ksyms
-r--r--r-- 1 root root 0 Oct 27 15:54 loadavg
-r--r--r-- 1 root root 0 Oct 27 15:54 locks
-r--r--r-- 1 root root 0 Oct 27 15:54 meminfo
-r--r--r-- 1 root root 0 Oct 27 15:54 misc
-r-------- 1 root root 0 Oct 27 15:54 modules
lrwxrwxrwx 1 root root 11 Oct 27 15:54 mounts -> self/mounts
dr-x------ 4 root root 0 Oct 27 15:54 net/
-r--r--r-- 1 root root 0 Oct 27 15:54 partitions
-r--r--r-- 1 root root 0 Oct 27 15:54 pci
dr-xr-xr-x 3 root root 0 Oct 27 15:54 scsi/
lrwxrwxrwx 1 root root 64 Oct 27 15:52 self -> 22739/
-rw-r--r-- 1 root root 0 Oct 27 15:54 slabinfo
-r--r--r-- 1 root root 0 Oct 27 15:54 stat
-r--r--r-- 1 root root 0 Oct 27 15:54 swaps
dr-x------ 11 root root 0 Oct 27 15:54 sys/
--w------- 1 root root 0 Oct 27 15:54 sysrq-trigger
dr-xr-xr-x 2 root root 0 Oct 27 15:54 sysvipc/
dr-xr-xr-x 4 root root 0 Oct 27 15:54 tty/
-r--r--r-- 1 root root 0 Oct 27 15:54 uptime
-r--r--r-- 1 root root 0 Oct 27 15:54 version

that's all

[spender]

Can you double check that the kernel you are running has the "allow special group" option enabled? Your /proc listing shows that it isn't the case.

-Brad

[phrozen]

as far i know the installation type of the kernel was medium or middle..