Page 1 of 1

(::::kernel::::S:/) ?????

PostPosted: Wed Sep 15, 2004 9:19 am
by Kurodo
Hi!
I cannot understand what to do in this case:

kernel: grsec: (:::kernel::::S:/) denied open of /proc/bus/usb/002/002 for reading writing by /usr/sbin/usbmodules[usbmodules:264] uid/euid:0/0 gid/egid:0/0, parent /etc/hotplug/usb.agent[usb.agent:2824] uid/euid:0/0 gid/egid:0/0

Please. Help me.

PostPosted: Thu Sep 16, 2004 3:40 pm
by spender
This should be fixed in the current CVS of gradm2.

Try applying the following patch:

http://cvsweb.grsecurity.net/index.cgi/ ... 1=1.38&f=u

PostPosted: Fri Sep 17, 2004 5:07 am
by Kurodo
There it: "Content-type: text/plain"
It is such joke? A patch for my silly head?
:-(

PostPosted: Fri Sep 17, 2004 9:21 am
by spender
Sorry, had to install some more things on the new server (I transitioned to it yesterday). Reload the link, it'll work now.

-Brad

PostPosted: Fri Sep 17, 2004 1:35 pm
by Kurodo
Thank you, mr. Spengler. Good luck!

OpenCT problem.

PostPosted: Mon Sep 20, 2004 6:36 am
by Kurodo
Hi!
In continuation of a problem described earlier...
We Have:

kernel: grsec: (:::kernel::::S:/) denied open of /var/run/openct/status for reading writing by /usr/local/sbin/ifdhandler[ifdhandler:32186] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:14450] uid/euid:0/0 gid/egid:0/0

kernel: grsec: (:::kernel::::S:/) denied create of /var/run/openct/status.30186 for reading writing by /usr/local/sbin/ifdhandler[ifdhandler:30186] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:21043] uid/euid:0/0 gid/egid:0/0

kernel: grsec: (:::kernel::::S:/) denied unlink of /var/run/openct/0 by /usr/local/sbin/ifdhandler[ifdhandler:15876] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/ifdhandler[ifdhandler:30186] uid/euid:0/0 gid/egid:0/0

kernel: grsec: (:::kernel::::S:/) denied mknod of /var/run/openct/0 by /usr/local/sbin/ifdhandler[ifdhandler:15876] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0


Whether will be correct, by analogy with /proc/bus/usb, to make the following changes to an source code gradm_adm.c:

if (!add_proc_object_acl
(current_subject, "/var/run/openct", proc_object_mode_conv("rwcd"), GR_FEXIST))
exit(EXIT_FAILURE);

I have tried also it have worked, but is confident that you offer more correct and safe decision.

Thanks!
P.S. Excuse for bad language! :oops:

PostPosted: Thu Jan 20, 2005 10:57 am
by Kurodo
Hi!
When I use version 2.1.0, i have analogous problems again:

kurodo kernel: grsec: (:::kernel::::S:/) denied link of /var/run/openct/status.5577 to /var/run/openct/status.lock by /usr/local/sbin/ifdhandler[ifdhandler:5577] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:32109] uid/euid:0/0 gid/egid:0/0

Is true to accept this patch for correct?

Code: Select all
--- gradm_adm.c 2005-01-20 17:49:31.000000000 +0300
+++ gradm_adm.c 2005-01-20 17:43:18.000000000 +0300
@@ -117,7 +117,7 @@ add_kernel_acl(void)

        add_proc_subject_acl(current_role, "/", proc_subject_mode_conv("o"), 0);

-       add_proc_object_acl(current_subject, "/", proc_object_mode_conv("rwxcd"), GR_FEXIST);
+       add_proc_object_acl(current_subject, "/", proc_object_mode_conv("rwxcdl"), GR_FEXIST);
        add_proc_object_acl(current_subject, GRSEC_DIR, proc_object_mode_conv("h"), GR_FEXIST);

        return;


PostPosted: Fri Jan 21, 2005 11:23 am
by spender
Thanks, fixed.

-Brad

grsec: (:::kernel::::S:/) denied send of signal 14

PostPosted: Mon Jan 16, 2006 5:44 am
by Einon
Hi!

Recently the same kernel that is used for at least 6 month now started to produce these log messages:

Jan 16 07:57:14 vasquez kernel: grsec: (:::kernel::::S:/) denied send of signal 14 to protected task /usr/sbin/spamd[spamd:20704] uid/euid:8/8
gid/egid:8/8, parent /usr/sbin/spamd[spamd:28399] uid/euid:8/8 gid/egid:8/8 by /[nfsd:3336] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Any idea what is this, and how to solve it?

PostPosted: Mon Jan 16, 2006 12:45 pm
by spender
Upgrade to the latest version of grsecurity.

-Brad