grsecurity forums

[icc]

I belive this might be related to grsec so I posted it here.

I compiled the 2.6.23 with grsec and disabled vdso (ubuntu).
Now after adding a user, belive me I have no idea what so ever what has happend here, anyway the group ownership of entire /proc has been changed to the first user I added after I compiled and installed the new kernel

dr-xr-xr-x 1 root sunn 0 2007-10-24 06:25 sys

I hope someone has an idea on how to change this back since chown won't work on /proc. [/u]

[specs]

This would only be grsecurity related if the group is only changed to sunn when running the grsec-kernel. What happens when you start the default ubuntu kernel?

I wonder if somewhere during the startup the group is changed to sunn. Personally I'd search through the entire /etc directory and subdirectories with grep before claiming that the kernel would change the ownership.

[Kp]

Most likely, the GRsecurity kernel was configured to give /proc a particular group ID, but icc failed to configure the particular ID correctly. The newly created user happened to end up with a group that has the same ID as the one the kernel is configured to assign to /proc. The fix is to change the kernel configuration to choose a more useful group.

[icc]

Thanks, you seem to be spot on Kp!

[specs]

Cuurently I foudn some 6 group ID's in the config:
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_AUDIT_GID=1007
CONFIG_GRKERNSEC_TPE_GID=1005
CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002

Is somewhere a 7'th group configurable (1006 is missing)?

Also wonder if a more sane default value can be found.