grsecurity forums

[ethan@plaxo.com]

Hi all,
I'm having problems getting strace to run correctly. I've gone as far as disabling grsec's ACL's completely with 'gradm -D', but I stil get the above error. I'm trying to strace the /usr/bin/updatedb command to figure out why (since installing grsec) it's seg faulting.

I have relatively liberal ACL's, and a gradm -T shows the following:
/sbin/gradm -T /usr/bin/strace /usr/bin/updatedb
Allowed access for /usr/bin/updatedb from /usr/bin/strace:
Read: yes
Write: no
Append: no
Execute: yes
Hidden: no
Inherit ACL on exec: no
Read-only ptrace: no
Audit reads: no
Audit writes: no
Audit execs: no
Audit appends: no
Audit finds: no
Audit inherits: no

In the / acl I have enabled CAP_SYS_PTRACE.

Any ideas on how to fix this problem?
Thanks,
Ethan

[spender]

It's not grsecurity causing the problem. I believe the new ptrace patch that is included in 1.9.9e caused that. I'm not aware of any workaround. If the ptrace patch causes problems where it shouldn't, they will (hopefully) be fixed before 2.4.21 final is released.

-Brad

[ethan@plaxo.com]

If the ptrace patch causes problems where it shouldn't, they will (hopefully) be fixed before 2.4.21 final is released.

So are you saying that this is a problem with the default Linux kernel? Is the ptrace patch included in a vanilla 2.4.20 kernel tarball?

Thanks,
Ethan

[spender]

No, it's due to the ptrace patch that was released recently to fix the local root ptrace hole in linux <= 2.4.21-pre5. So, a default 2.4.20 kernel won't have the problem you're experiencing, but it will have an easily exploitable local hole.

-Brad

[wwwhost]

hi all,
I have a similar problem afther upgrading to kernel 2.4.18-27.7.x

Using trace process (on a cPanel 6.2 server) i recive the following error:

trace: ptrace(PTRACE_SYSCALL, ...): Operation not permitted

not sure if this problem comes from the kernel it'selves....

[spender]

That kernel contains the same ptrace fix causing the problem above.

-Brad

[wwwhost]

ah.. ok thank you for this info.