Hi!
Is it true, that ELF binaries will be executed in a child-process by gradm when enabling -E, reloading -R or testing -T the ACLs? If yes, why?
I use samhain and I'd like to protect it with grsec. So I added these lines to /etc/grsec/acl:
/ {
...
/path/to/samhain h
/path/to/samhain/sbin/samhain rx
}
/path/to/samhain/sbin/samhain phv {
/ rxo
/path/to/samhain rwxo
}
"gradm -T /path/to/samhain/sbin/samhain /sbin" executes the samhain binary. The gradm hangs while samhain is running.
execl() in gradm_adm.c[59] function add_binary_libs()
3 posts
• Page 1 of 1
execl() in gradm_adm.c[59] function add_binary_libs()
by messi » Wed Aug 21, 2002 4:17 pm
- messi
- Posts: 2
- Joined: Wed Aug 21, 2002 3:10 pm
by spender » Wed Aug 21, 2002 9:23 pm
it executes it with a special trace objects environment variable that gives the names of libraries it uses (not including ones used through dl_open). The actual code of the binary doesn't get executed. The code I use is basically what the ldd script does. I'm going to rewrite the code to grab this info from the binary itself without executing it, however, which should solve your problem, and be cleaner in general.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
statically linked binaries
by messi » Thu Aug 22, 2002 4:36 pm
Okay, thank you !!
Btw, my samhain is statically linked and it seems ldd checks this first. Maybe gradm just needs this check.
Btw, my samhain is statically linked and it seems ldd checks this first. Maybe gradm just needs this check.
- messi
- Posts: 2
- Joined: Wed Aug 21, 2002 3:10 pm
3 posts
• Page 1 of 1