Page 1 of 1

ACL Problem with /bin/sh --> /bin/bash

PostPosted: Mon Jan 12, 2004 5:19 am
by cco
I have the following acl error in my log file.


kernel: grsec: denied access to hidden file /bin/bash by (sh
:18870) UID(0) EUID(0), parent (cron:31871) UID(0) EUID(0)


The problem is that the /bin/sh is a symlink to /bin/bash. And you can't write acl rule for a symlink.
Cron has access to /bin rx
And /bin/bash has access to /bin too.

Can somebody help me to deal with this loop ?...

PostPosted: Thu Jan 15, 2004 3:00 pm
by birdo
Somehow there is security within symlinks afaik.
A dirty patch would be to copy the file instead using the symlink :-)

PostPosted: Sat Mar 13, 2004 5:12 am
by fwiffo
No symlinks in grsec's ACL, you'll have to write the rule for the original file the symlink is pointing to (that is, the symlink is treated like the original file and not as a file-per-se)