Summary: | Problem with grsecurity | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Francois Meehan <francois> |
Component: | [OLD] Core system | Assignee: | Brandon Low (RETIRED) <lostlogic> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | vapier |
Priority: | High | ||
Version: | 1.0 | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Francois Meehan
2002-10-14 18:38:29 UTC
grsecurity is actively maintained ... that means anything that is not grabbed from CVS is old ;) lostlogic: i thought we talked and you were gonna use 1.9.7 in -r9 of gentoo sources ? -r9 had 1.9.6, it was released LONG before grsecurity 1.9.7 -r10 whch has still 1 thing needing fixing before unmasking has 1.9.7, please test it. (the ont thing to be fixed is some weird issue with FORKing on mjc's system, that he hasn't gotten back to me) weird i could have sworn -r9 was gonna have it ... mjc is a wanker, dont tell him i said that ;x check out latest lolo-sources, now with grsecurity-1.9.7c (although the merge is missing one part which makes grsecurity PaX slightly less secure than it should be) Hi, did install latest lolo-sources, when running makemenuconfig, under grsecurity, there no option "Access Control Lists --->", instead there is an "ACL options --->" but that is of no use if we don't have ACL's therefore we are back to square one. I did recompile the kernel anyway, and this is what I got: /proc/sys/kernel/grsecurity/acl does not exist. Please recompile your kernel with grsecurity's ACL system. Regards, Francois ACL = Access Control Lists. Brandon, here is the menuconfig screen with your 2.4.20-lolo-r1_pre1 [*] Grsecurity Brandon, here is the menuconfig screen with your 2.4.20-lolo-r1_pre1 [*] Grsecurity (Customized) Security level Buffer Overflow Protection ---> ACL options ---> Filesystem Protections ---> Kernel Auditing ---> Executable Protections ---> Network Protections ---> Sysctl support ---> Miscellaneous Features ---> Now same screen with v2.4.19-gentoo-r7 [*] Grsecurity (Customized) Security level Buffer Overflow Protection ---> Access Control Lists ---> Filesystem Protections ---> Kernel Auditing ---> Executable Protections ---> Network Protections ---> Sysctl support ---> Miscellaneous Features ---> Unless I am missing something very obvious (ACL = Access Control Lists!!!), I can't get ACL to work with your mod. Furthermore, with v2.4.19-gentoo-r7, after selecting Access Control Lists ---> this is what we should see: [*] Grsecurity ACL system (NEW) [ ] ACL Debugging Messages (NEW) [ ] Denied capability logging (NEW) Path to gradm: "/sbin/gradm" (NEW) (3) Maximum tries before password lockout (NEW) (30) Time to wait after max password tries, in seconds (NEW) Regards, Francois hmm... all I've done is upgrade tot he latest grsecurity, I'll check the patch... Thats just the way it is in the grsecurity patch lately... ask brad@grsecurity.net about it, this is NOT a bug in our kernels. this is me checking this in the official unmodified patch, just to verify. this is me verifying that the official patch looks JUST LIKE MINE (not to sound annoyed, but you went over my head, and frankly that bothers me, because I had told you the proper resolution to this bug) http://www.lostlogicx.com/images/grsec-ss.jpg shows a screenshot of the OFFICIAL linux-2.4.19-grsec configuration screen. Hi Brandon, I am very sorry if you feel annoyed because of the e-mail that I sent to Daniel, but before I have submitted that problem, I did contact the Grsec people, which said the problem is with Gentoo, and you saying the problem is with them... So it's a dead end. Can't win them all, so I'll forget ACL's for a while. Thanks again for your help blah... I dun get it... if brad changed that option setup, there has to be a reason for it... I'll e-mail him... I e-mailed brad, he said "yeah it is on by default now, make sure user has the latest gradm tools" |