grsecurity forums

[xor]

Hi all

I have a rather stock Ubuntu 6.06 system with kernel 2.6.19.2 and grsecurity /gradm 2.1.10. The ruleset works quite fine for the applications running.
In the policy file I allow only admin to reboot the box, even hiding /sbin/reboot and family from the default role.
The admin role basically looks like
role admin sA
+CAP_ALL

My problem now is that when rebooting the box as root/admin (gradm -a admin) when logged in over ssh, the stop scripts in /etc/init.d get executed under the admin role first, which is fine. But as soon as the ssh login shell the authentication took place in has been killed by the appropriate script, all further scripts are executed under the default role. And most of the capabilities to shut down the system further are not available to the default role, so the system just remains up, with no connectivity available from the outside.

Can anybody see a way to work around this problem other than granting all required privileges to the default role again?

thx /markus

[bplant]

Hi Markus,

I opted to deny execution of /sbin/reboot, /sbit/halt, etc in the admin role as a way of forcing the RBAC system to be turned off before the machine could be rebooted/halted. Similarly, the RBAC system isn't enabled until the system has finished booting. I admit its only 99.9% ideal, but in my opinion, the few seconds that the RBAC system is disabled for should be insignificant.

Cheers,

Brad