sshd - acces to /

Submit your RBAC policies or suggest policy improvements

sshd - acces to /

Postby Mrkva » Mon Sep 28, 2009 1:47 pm

Hi, each time I try to login over ssh, in log appears a new message:
Code: Select all
grsec: From 1.2.3.4: (default:D:/usr/sbin/sshd) denied access to hidden file / by /usr/sbin/sshd[sshd:32233] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:1471] uid/euid:0/0 gid/egid:0/0

Login works fine - I've tried to log in using password and key, both times was login successful. Should I allow this? And if I'll, will it have any impact on security?
Thanks
Mrkva
 
Posts: 10
Joined: Sun Feb 17, 2008 12:01 pm

Re: sshd - acces to /

Postby spender » Mon Sep 28, 2009 4:51 pm

You can probably get away with replacing that rule with the following two rules, without sacrificing any security:

/
/* h

note the lack of an object mode on the "/" object, granting "find" access to it.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: sshd - acces to /

Postby Mrkva » Mon Sep 28, 2009 6:34 pm

This won't work. I've tried also this:
Code: Select all
subject /usr/sbin/sshd dpo
/ r
/bin h
/boot h
...
- This works without any problems... But why sshd needs to access / ?
Mrkva
 
Posts: 10
Joined: Sun Feb 17, 2008 12:01 pm

Re: sshd - acces to /

Postby spender » Mon Sep 28, 2009 7:51 pm

It could be caused by something as simple as a chdir("/");

It doesn't mean it was necessarily trying to list the directories contained within it, or read any files located in the / directory, only that the "/" name was looked up.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development