grsecurity && capsel

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

grsecurity && capsel

Postby xian » Mon Apr 08, 2002 12:26 pm

Hi
I found situation which I cannot solve by myself. I've used capsel security module (see cliph.linux.pl). This module provides security mechanisms based on capabilities, it DOES NOT modify any proc regarding functions. Compiling kernel eg 2.4.18 with grsecurity with or without grsecurity then insmod'ing capsel cause all files in /proc become root:root :evil: it brokes all functionality of /proc filesystem restricting user access to his file descriptors ...
I've contacted capsel developer , now I'm asking You for help.
Greetings
xian
xian
 
Posts: 1
Joined: Mon Apr 08, 2002 12:14 pm

capsel

Postby michaeld » Mon Apr 08, 2002 2:43 pm

Uh, capsel tries to do much of what grsecurity does, except we generally do it in a more robust manner. Perhaps the two are conflicting since we have overlapping features. I will examine it more closely tonight (although the /proc
modifications in grsec are not my domain heh :D).
michaeld
 
Posts: 37
Joined: Mon Feb 25, 2002 12:32 am


Return to grsecurity support