Where does GRSecurity keep it ACLs?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Where does GRSecurity keep it ACLs?

Postby Ribs » Wed Jan 07, 2004 5:41 pm

Hi,

I've been reading my newly purchased book (Hacking Linux Exposed, Second Edition, very nice for the clueless n00b like me who want to help keep crackers at bay). Under a section entitled "Proactive security measures", both LIDS and GrSecurity are mentioned. The author spends a great amount of time on LIDS, and only mentions GRSecurity briefly, as much of the ground of ACLs was already covered in the LIDS section.

Anyway, to the point. The author mentions that GrSecurity has ACLS like LIDS does, and to me, GRSecurity seems more 'complete'. But... the big but, the book also says "Unlike LIDS ACLs, which are all generated by successive executions of the lidsadm command [...] grsecurity keeps all of it's ACLs in files that are easy to read and manipulate." From what I understand, this means that a hacker may be able to get access to the ACL files and find out what restrictions are in place.

The book is a little out of date, I was wondering if this was still the case, or if the statement is even accurate.

Thanks in advance for your time.

-Ribs.

PS. Waiting for a patch for 2.6.0 kernel :D
Ribs
 
Posts: 8
Joined: Wed Jan 07, 2004 5:21 pm

Postby skruq » Wed Jan 07, 2004 5:46 pm

It depends of your ACL file, but the default is to set the /etc/grsec hidden
(/etc/grsec* h)
so, nobody can read this file except when you use gradm -a (admin mode).
skruq
 
Posts: 6
Joined: Sat Dec 20, 2003 7:39 pm


Return to grsecurity support

cron