- Code: Select all
Feb 00 00:00:00 blackdragon kernel: grsec: denied access to hidden file /etc/ld.so.cache by /sbin/gradm[gradm:0] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:0] uid/euid:0/0 gid/egid:0/0
solution, patch against gradm_adm.c:
- Code: Select all
diff -aur gradm-2rc5/gradm_adm.c gradm-2rc5/gradm_adm.c
--- gradm-2rc5/gradm_adm.c 2004-02-18 11:37:17.000000000 -0300
+++ gradm-2rc5/gradm_adm.c 2004-02-29 22:42:33.000000000 -0300
@@ -91,9 +91,14 @@
proc_object_mode_conv("rx"), GR_FEXIST))
exit(EXIT_FAILURE);
+ if (!add_proc_object_acl(current_subject, "/etc/ld.so.cache",
+ proc_object_mode_conv("r"), GR_FEXIST))
+ exit(EXIT_FAILURE);
+
if (!add_proc_object_acl(current_subject, gradm_name,
proc_object_mode_conv("x"), GR_FEXIST))
exit(EXIT_FAILURE);
+
add_cap_acl(current_subject, "-CAP_ALL");
add_cap_acl(current_subject, "+CAP_IPC_LOCK");
Only in gradm-2rc5: patch
Spender, good job with grsec, thanks.