grsecurity forums

[Alex]

Hi guys,
yesterday I compiled the new shinny grsec patch for linux 2.4.20 kernel, and I found out, that /proc access is different, even to the group that was supposed to see /proc as a normal kernel, with not enabled CONFIG_GRKERNSEC_PROC_USERGROUP=y
Now, the users in the group defined by CONFIG_GRKERNSEC_PROC_GID
cant see all processes, as they used to with the last patch for 2.4.19.
I checked out the changelog, and i came up with this:

2002-12-14 15:31 spender

* fs/proc/inode.c: fix proc restrictions

now, the question is, is it possible to still have a group to see all processes, and the rest of the users to see only their processes.


Thanks

[spender]

yes, just apply the changes to the files that I made in CVS.

-Brad

[Alex]

thanks for the fast replay, keep up the good work guys, and dont slow down even for a second:)

[spender]

don't worry, we're not

some good news for everyone, I've just looked into supporting the * wildcard in ACLs, and the change will be trivial. I'm also almost done rewriting the ACL parser, and then I'll begin writing the implementation of roles. 1.9.9 is actually already done. This weekend I will upload a release candidate for it. It has around 10,000 lines of changes

-Brad

[Alex]

I had a problem getting to the cvs:
root@eclipse:~/grsec# cvs -d :pserver:anonymous@grsecurity.net:/home/cvs login
Logging in to :pserver:anonymous@grsecurity.net:2401/home/cvs
CVS password:
cvs login: warning: failed to open /root/.cvspass for reading: No such file or directory

[spender]

that's a local error. Just touch /root/.cvspass

-Brad

[Alex]

thanks for the fast response (again:)), i will compile tomorrow.

Good luck with new releases!


Sincerely yours,
Alex Behar