Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 17793

Summary: Permission denied messages while root user, on two generic files in /root
Product: Gentoo Linux Reporter: Robin Johnson <robbat2>
Component: [OLD] Core systemAssignee: x86-kernel (DEPRECATED) <x86-kernel>
Status: VERIFIED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2003-03-18 22:15:09 UTC 
There are a pair of files in my /root directory that I created while installing 
a box that I can't touch by any means. Nothing I can do can seem to touch those 
files, even tho I am root. I can't reboot the box to get to single user and do 
any fscking for a while tho, however I don't think that is the problem. (It's 
running reiserfs).

parallelcard was just a file I dumped some notes into about a piece of parallel 
port hardware, and compile.binlist was the log output from a custom emerge 
automation tool I was hacking together.

It totally baffles me why the root user doesn't even have permission.

I read thru the other submitted bugs that are similiar to this, namely bug 
4268. I however do not have the same setup of grsecurity in my kernel (see the 
info below)

Reproducible: Always
Steps to Reproduce:
1. ls /root
2.
3.

Actual Results:  
server1 root # whoami
root
server1 root # ls /root
ls: /root/compile.binlist.20030221-100353.038472000: Permission denied
ls: /root/parallelcard: Permission denied
DOSWIN.ZIP              FAHlog.txt        client.cfg*             
diff             ntp.conf     qmail.antivirus  scripts/
Desktop/                apache2.conf.jon  commonapache2.conf.jon  
ebuildingfiles/  prelinklist  relaycheck.pl*   tmp/
FAH3Console-Linux.exe*  biglist.final     conf/                   
inst/            printer/     results          tmplist


Expected Results:  
Should have listed the two files

Portage 2.0.47-r10 (default-x86-1.4, gcc-3.2.2, glibc-2.3.2-r0)
=================================================================
System uname: 2.4.20-gentoo-r1 i686 Pentium III (Katmai)
GENTOO_MIRRORS="http://gentoo.oregonstate.edu "
CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share
/config /var/bind /usr/X11R6/lib/X11/xkb /usr/share/texmf/tex/generic/config/ /u
sr/share/texmf/tex/platex/config/ /usr/share/config"
CONFIG_PROTECT_MASK="/etc/gconf /etc/afs/C /etc/afs/afsws /etc/env.d"
PORTDIR="/usr/portage"
DISTDIR="/usr/portage/distfiles"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR_OVERLAY="/usr/local/portage"
USE="x86 libg++ -3dfx -3dnow aalib acl acpi afs alsa apache2 apm arts avi 
berkdb bonobo canna cdr cjk crypt cups dga directfb doc dvd encode esd ethereal 
evo fbcon flash freewnn gb gd ggi gif -gnome gphoto2 gps gtk -gtk2 gtkhtml 
guile imap imlib innodb ipv6 java jikes jpeg junit kde -kerberos lcms ldap leim 
libgda libwww maildir -matrox mbox mikmod motif mozilla mpeg -mule mysql nas 
nls oav -oci8 oggvorbis opengl oss -pcmcia -pda pdflib plotutils png pnp -
postgres qt -qtmt quicktime ruby samba sasl scanner sdl slp snmp socks5 spell 
sse svga tcltk tcpd tetex tiff truetype trusted usb -voodoo3 wavelan wmf X 
xface xml xml2 xmms xv gdbm gpm mmx ncurses pam perl pic python readline slang 
ssl zlib mozsvg mozcalendar mozaccess mozinterfaceinfo mozp3p mozxmlterm"
COMPILER="gcc3"
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
ACCEPT_KEYWORDS="x86 ~x86"
MAKEOPTS="-j2"
AUTOCLEAN="yes"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
FEATURES="buildpkg sandbox"

GrSecurity parts of the kernel:
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y
# CONFIG_GRKERNSEC_PAX_NOEXEC is not set
# CONFIG_GRKERNSEC_PAX_ASLR is not set
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
# CONFIG_GRKERNSEC_ACL_DEBUG is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
# CONFIG_GRKERNSEC_PROC is not set
# CONFIG_GRKERNSEC_LINK is not set
# CONFIG_GRKERNSEC_FIFO is not set
# CONFIG_GRKERNSEC_CHROOT is not set
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
# CONFIG_GRKERNSEC_RESLOG is not set
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
# CONFIG_GRKERNSEC_SIGNAL is not set
# CONFIG_GRKERNSEC_FORKFAIL is not set
# CONFIG_GRKERNSEC_TIME is not set
# CONFIG_GRKERNSEC_EXECVE is not set
# CONFIG_GRKERNSEC_DMESG is not set
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
CONFIG_GRKERNSEC_RANDPING=y
# CONFIG_GRKERNSEC_SOCKET is not set
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

grsecurity settings enabled (in /etc/conf.d/grsecurity):
altered_pings rand_ip_ids rand_pids rand_rpc rand_tcp_src_ports rand_ttl
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2003-04-05 02:02:15 UTC 
Doing fsck.reiserfs --rebuild-tree fixed it. Sorry about this.
Closing bug.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2003-08-12 01:29:18 UTC 
Closing old bugs.