grsecurity forums


http://forums.grsecurity.net./

Unexpected behavior of 's' (suppress logs) object flag

http://forums.grsecurity.net./viewtopic.php?f=5&t=1047

Page 1 of 1

Unexpected behavior of 's' (suppress logs) object flag

PostPosted: Tue Jan 11, 2005 9:42 pm
by Kyoshiro
It seems that when I add the 's' flag to any object, it gives full access.... For example, I set this subject :

Code: Select all
subject / {
        /               r
        /opt            rx
        /initrd         sh
        /root           sh
...
}


It gives full access to /root and /initrd the related role. I remove the 's' flags, and access is denied and logged.

Either I have misunderstood the suppress flag, or there's an issue in gradm/grsec here :p.

PS: I'm using latest grsec and gradm (v2.1.0) + kernel 2.4.28 + secfixes

PostPosted: Wed Jan 12, 2005 1:11 am
by spender
The suppress flag is broken in 2.1.0. I have fixed it in 2.1.1, a test release of which is available at http://grsecurity.net/~spender

-Brad

PostPosted: Wed Jan 12, 2005 6:02 am
by Kyoshiro
Thanks a lot, I'll wait for 2.1.1 to be released then :)
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/