grsecurity forums

[Mrkva]

Hi, each time I try to login over ssh, in log appears a new message:

Code: Select all

grsec: From 1.2.3.4: (default:D:/usr/sbin/sshd) denied access to hidden file / by /usr/sbin/sshd[sshd:32233] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:1471] uid/euid:0/0 gid/egid:0/0

Login works fine - I've tried to log in using password and key, both times was login successful. Should I allow this? And if I'll, will it have any impact on security?
Thanks

[spender]

You can probably get away with replacing that rule with the following two rules, without sacrificing any security:

/
/* h

note the lack of an object mode on the "/" object, granting "find" access to it.

-Brad

[Mrkva]

This won't work. I've tried also this:

Code: Select all

subject /usr/sbin/sshd dpo
/ r
/bin h
/boot h
...


- This works without any problems... But why sshd needs to access / ?

[spender]

It could be caused by something as simple as a chdir("/");

It doesn't mean it was necessarily trying to list the directories contained within it, or read any files located in the / directory, only that the "/" name was looked up.

-Brad