Cold Fusion ACL

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Cold Fusion ACL

Postby scattergold » Fri Mar 21, 2003 10:05 am

Hello
I am having problems setting acls for colfusion

I am usign this learning mode :
/opt/coldfusion/ lo {
/ h
-CAP_ALL
}

also tried
/opt/coldfusion/bin/cfserver lo {
/ h
-CAP_ALL
}

and
/opt/coldfusion lo {
/ h
-CAP_ALL
}

But it blocks on
denied load of writable library /dev/zero by (cfserver:1798) UID(99) EUID(99),parent (cfserver:1792) UID(99) EUID(99)

99 = nobody the user cold fusion is run under
same as the apache server

if any idea thx
scattergold
 
Posts: 1
Joined: Fri Mar 21, 2003 10:00 am

Postby spender » Fri Mar 21, 2003 10:24 am

You'll have to add "O" (capital oh) to the subject mode. The problem is actually because cold fusion is being silly and mmap'ing /dev/zero with write and execute.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support