Summary: | /proc error with grsecurity 1.99g + gentoo 2.4.20r5 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Parker Dexter <gentoo-bugzilla> |
Component: | [OLD] Core system | Assignee: | solar (RETIRED) <solar> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | CC: | iggy, pfeifer |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
URL: | http://forums.grsecurity.net/viewtopic.php?t=437 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Parker Dexter
2003-05-31 15:00:44 UTC
I've just run into this bug myself when using the acl features of grsecurity. /proc/mounts was hidden per my acl setup. /etc/fstab hidden /etc/mtab hidden I typed mount and noticed I was able to see my mounts when they should be hidden. I then ran "strace -eopen mount" and saw the open("/proc/mounts", succeed Tested gentoo-hardened-r2(grsecuirty-1.9.9g) and my files were hidden as expected. This is a serious security flaw and should be fixed right away. Tests not preformed vanilla kernel with grsecurity-1.9.9h. Note: There was recent security fix for grsecurity ALSR leakage. (I think this is what we are encountering) -- This bug seems to be present in grsecurity out of the box. Downloaded linux-2.4.20.tar.gz, grsecurity-1.9.9h.patch (No other patches at all) Recompiled and tested. Got the same results so I emailing spender (Grsecuirty Author) explaining this. spender mail server is broke or rejecting mail. Will try again later. This should be fixed in gentoo-sources-2.4.20-r6 also note we have grsec-sources now in portage which will try to keep current to Brad's code upstream Tried with gentoo-sources-r7 still the same problem, /proc/sys is not accessible. After a while (sorry can't define the time) it is accessible. /proc/sys is not accessible to root? Best thing I can say here is give grsec-sources a try.. If the problem exists still then we have a grsec problems vs a gentoo one. If the problem goes away then the best I can do here is to make a fuss with our current gentoo-sources maintainers. Please use an updated sources. Can anybody confirm if this is happening with a vanilla grsec-sources or is/was this happening only in the gentoo-sources? changing resolution to WORKSFORSOME |