Page 1 of 1

acl trouble

PostPosted: Sun Aug 08, 2004 12:06 pm
by Energ
I have popa3d server that starts as root:
Aug 8 20:08:27 ponch kernel: grsec: From 192.168.200.2: denied connect to the unix domain socket /dev/log by /usr/sbin/popa3d[popa3d:20358] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/popa3d[popa3d:16500] uid/euid:0/0 gid/egid:0/0
Aug 8 20:08:27 ponch kernel: grsec: From 192.168.200.2: denied access to hidden file /dev/log by /usr/sbin/popa3d[popa3d:16602] uid/euid:1001/1001 gid/egid:100/100, parent /usr/sbin/popa3d[popa3d:16500] uid/euid:0/0 gid/egid:0/0

I added /dev/log rw for /usr/sbin/popa3d subject but this messeges still drop into debug log.
If i adding it /dev/log rw for root role i got error from gradm about hole in my acl config. How to be?

PostPosted: Mon Aug 09, 2004 9:31 am
by spender
If you update to 2.0.1, the logs will give you more information that will help you solve your problem.

-Brad

PostPosted: Mon Aug 09, 2004 12:01 pm
by Energ
I just cant understand how it works.
---------------------------------------------
Aug 9 19:57:51 ponch kernel: grsec: From 10.3.1.200: (default:D:/) denied open of /var/log/vsftpd/vsftpd.log for appending by /usr/sbin/vsftpd[vsftpd:9737] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/vsftpd[vsftpd:8850] uid/euid:0/0 gid/egid:0/0

root role got "ra" access to /var/log/vsftpd/vsftpd.log and subject /usr/sbin/vsftpd got same perm. Aslo ftp user got "ra". But still this dropping to debug.
----------------------------------------------

Aug 9 19:55:59 ponch kernel: grsec: (default:D:/) use of CAP_SYS_MODULE denied for /sbin/modprobe[modprobe:7907] uid/euid:0/0 gid/egid:0/0, parent /sbin/devfsd[devfsd:153] uid/euid:0/0 gid/egid:0/0

root, /sbin/modprobe and /sbin/devfsd got +CAP_SYS_MODULE

----------------------------------------------
Aug 9 19:49:42 ponch kernel: grsec: From 192.168.200.2: (default:D:/) denied connect to the unix domain socket /dev/log by /usr/sbin/popa3d[popa3d:16752] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/popa3d[popa3d:20495] uid/euid:0/0 gid/egid:0/0

same trouble here. /usr/sbin/popa3d got "rw" for /dev/log and root got "r"
-----------------------------------------------

Plz, explian me, how solve this. May be there is special flug for subject or something esle.

PostPosted: Mon Aug 09, 2004 12:15 pm
by spender
Can you mail your policy to spender@grsecurity.net?

-Brad