pipe rule
Posted:
Thu Jun 01, 2006 12:27 amby voron
- Code: Select all
grsec: (root:U:/usr/bin/mysql) denied access to hidden file pipe:/[41951261] by /usr/bin/mysql[mysql:18146] uid/euid:0/0 gid/egid:0/0, parent /var/spool/muskul2/update[update:5485] uid/euid:0/0 gid/egid:0/0
how to create rule for that? Lines are like
echo 123|mysql -e Number 41951261 every time is diffirent
Posted:
Thu Jun 01, 2006 4:11 pmby spender
As a workaround, does changing "/ h" for that subject to "/" fix the problem?
-Brad
Posted:
Thu Jun 01, 2006 4:42 pmby voron
spender wrote:As a workaround, does changing "/ h" for that subject to "/" fix the problem?
- Code: Select all
subject /usr/bin/mysql o {
/ r
...
}
works for me. Trying "/" without
r...
Posted:
Sun Jun 04, 2006 1:17 pmby spender
Which version of linux and grsecurity are you using?
-Brad
Posted:
Sun Jun 04, 2006 3:15 pmby voron
- Code: Select all
cat /etc/*-release
Gentoo Base System version 1.12.0_pre17
- Code: Select all
uname -rpm
2.6.16.9-grsec x86_64 AMD Sempron(tm) Processor 2800+
vanilla source from kernel.org
grsecurity-2.1.9-2.6.16.12-200605012018.patch
gradm-2.1.9-200602141850 from gentoo portage
don't know if it helps
Posted:
Tue Jun 06, 2006 6:54 amby voron
in learn for mysql I have lines like that
- Code: Select all
/[123628] r
/[176549] r
/[229654] r
/[287336] r
/[61052] r
/[621647] r
/[672684] r
/[717276] r
maybe globbing like
/[*] r will work?
Posted:
Tue Jun 13, 2006 10:05 pmby spender
I've updated the 2.4.32 patch in ~spender which should resolve this issue. Since filesystems like pipefs, shmfs, and sockfs aren't real filesystems, the RBAC system shouldn't deal with them. The latest patch corrects that. Can you give it a try and verify that it fixes the problem?
-Brad
Posted:
Tue Jul 04, 2006 12:10 amby spender
The latest 2.6.17.3 patch in ~spender includes the peudofs fix. Let me know if it doesn't correct your problem.
-Brad
