Learning mode messing with /proc
Posted: Thu Aug 12, 2004 6:15 pmI've enabled learning mode for a home made program, like this :
Then I run :
gradm -L /etc/grsec/log -E
run /home/kyoshiro/projets/PW/src/wrapper-usage
- my program is frozen,
- I can't CTRL+C, I can't kill it (I tried all signals),
- ps hangs while reading /proc when it reaches the /proc/pid corresponding to my process. In fact, all programs trying to read /proc/pid/* for my learning mode program just hang.
- When not in root, I can list some files :
Learning log shows this (which was written just when I launched my program) :
I can't do anything to that process when I disable RBAC (gradm -D), neither when going in admin role. I think it's not really normal :p...
I must say that my program is not a common one... It sets uid, gid, rlimits, capabilities and then it does its work.... I've set up some debug printf, and while grsec's RBAC is disabled, it works correctly. When I enable RBAC, nothing is printed out, even while I've put some printf at the very start of the program....
Any idea ?
Each time I test this, I must reboot since I can't kill the process I launch, and I can't even use ps. Maybe I should tell ps/ls/pstree developpers to make non-blocking reads :p.
Sorry Iforgot to tell my version :
grsec 2 with current patch for linux 2.6.7
latest gradm
- Code: Select all
subject /home/kyoshiro/projets/PW/src/wrapper-usage l {
/ h
-CAP_ALL
RES_FSIZE 0 0
RES_DATA 0 0
RES_RSS 0 0
RES_NOFILE 0 0
RES_MEMLOCK 0 0
RES_STACK 0 0
RES_AS 0 0
RES_NPROC 0 0
RES_LOCKS 0 0
connect disabled
bind disabled
}
Then I run :
gradm -L /etc/grsec/log -E
run /home/kyoshiro/projets/PW/src/wrapper-usage
- my program is frozen,
- I can't CTRL+C, I can't kill it (I tried all signals),
- ps hangs while reading /proc when it reaches the /proc/pid corresponding to my process. In fact, all programs trying to read /proc/pid/* for my learning mode program just hang.
- When not in root, I can list some files :
- Code: Select all
-=( ~ )=- ls -l /proc/7152/
ls: cannot read symbolic link /proc/7152/cwd: Permission denied
ls: cannot read symbolic link /proc/7152/root: Permission denied
ls: cannot read symbolic link /proc/7152/exe: Permission denied
total 0
dr-xr-xr-x 2 root root 0 Aug 12 23:26 attr/
-r-------- 1 root root 0 Aug 12 23:22 auxv
-r--r--r-- 1 root root 0 Aug 12 23:22 cmdline
lrwxrwxrwx 1 root root 0 Aug 12 23:22 cwd
-r-------- 1 root root 0 Aug 12 23:22 environ
lrwxrwxrwx 1 root root 0 Aug 12 23:22 exe
dr-x------ 2 root root 0 Aug 12 23:26 fd/
-r-------- 1 root root 0 Aug 12 23:22 ipaddr
-r--r--r-- 1 root root 0 Aug 12 23:22 maps
-rw------- 1 root root 0 Aug 12 23:22 mem
-r--r--r-- 1 root root 0 Aug 12 23:22 mounts
lrwxrwxrwx 1 root root 0 Aug 12 23:22 root
-r--r--r-- 1 root root 0 Aug 12 23:19 stat
-r--r--r-- 1 root root 0 Aug 12 23:22 statm
-r--r--r-- 1 root root 0 Aug 12 23:22 status
dr-xr-xr-x 3 root root 0 Aug 12 23:26 task/
Learning log shows this (which was written just when I launched my program) :
- Code: Select all
default 20 4026428564 8 <NULL> 7 3409485824 3 3223175879.3615299760.7.3
I can't do anything to that process when I disable RBAC (gradm -D), neither when going in admin role. I think it's not really normal :p...
I must say that my program is not a common one... It sets uid, gid, rlimits, capabilities and then it does its work.... I've set up some debug printf, and while grsec's RBAC is disabled, it works correctly. When I enable RBAC, nothing is printed out, even while I've put some printf at the very start of the program....
Any idea ?
Each time I test this, I must reboot since I can't kill the process I launch, and I can't even use ps. Maybe I should tell ps/ls/pstree developpers to make non-blocking reads :p.
Sorry Iforgot to tell my version :
grsec 2 with current patch for linux 2.6.7
latest gradm