/proc/<pid>/ipaddr support

Discuss and suggest new grsecurity features

/proc/<pid>/ipaddr support

Postby spender » Sun May 04, 2003 9:16 pm

I've just added /proc/<pid>/ipaddr support to grsecurity 2.0.

www:~# cat /proc/self/ipaddr
192.168.1.1

www:~# ls -al /proc/self/ipaddr
-r-------- 1 root proc 0 May 4 21:18 /proc/self/ipaddr

This information can be useful for IDS/IPSes to perform remote response to local attacks. I think it may serve informational purposes for administrators as well.

What else do you forsee this being useful for?

(the code isn't a big deal, it took 2 minutes to write...I'm just curious how the feature could be used)

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby miha » Tue May 06, 2003 5:48 pm

that's a good feature actually! pretty useful to find out ddos attacks, as you said.
is it avaliable in cvs? and will you include it in the next release?

thanks,
Mikhail.
miha
 
Posts: 28
Joined: Sat Nov 30, 2002 9:09 am

Postby spender » Tue May 06, 2003 5:51 pm

It's in the cvs for grsecurity 2, since I'm not adding any new features to 1.9.9x at this point. It will be in the next release, 2.0-pre4, which willl be released soon (it has the new variable and set operation support as well).

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

IPaddr

Postby dermike » Sun Jan 25, 2004 2:40 am

Is there anyway to grab the IP-Address from within the running process?

I haven't looked much into it yet but thought it would be a neat addition to something like propolice and libsafe to have them dump the IP address assiociated with the process, if there is one.

Thanks for your time,
Mike
dermike
 
Posts: 6
Joined: Mon Mar 04, 2002 6:56 pm

Re: IPaddr

Postby PaX Team » Thu Jan 29, 2004 6:56 am

dermike wrote:Is there anyway to grab the IP-Address from within the running process?
the file /proc/self/ipaddr is at your disposal, just open it, if it succeeds, you can read it and log it whereever you want.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity development

cron