grsecurity forums

[Dwokfur]

Since I've upgraded to a kernel based on 2.6.27 (currently 2.6.27.5 using grsec-2.1.12-2.6.27.5-200811071900), some error messages are logged every time I authenticate myself as root.

Code: Select all

Nov 23 10:09:44 hostname grsec: (root:U:/sbin/gradm) denied access to hidden file /root by /sbin/gradm[gradm:7187] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:7033] uid/euid:0/0 gid/egid:0/0


Role flag "G" is specified for root in order to make this user able to authenticate using gradm. Some directories - including boot - are hidden. No matter if I replace "h" to "hs" for role root, these messages still get logged. If I try to create a policy for gradm, grsec reports, that I've tried to modify an already existing instance - which is probably included because Role flag "G", but the exact contents are hidden.
This behavior appeared recently.

Did I miss something?
Any ideas on this are greatly appreciated.

Is it discouraged to authenticate using gradm while logged in as root?

Regards,
Dw.

[spender]

gradm creates a least privilege policy for itself. What I think may be happening here is you are authenticating while in your home directory (/root) and your libc for some reason is making gradm access the current working directory. You could confirm this by stracing as much as you can of gradm -a admin while being in the admin role. Did you do any libc upgrades at the same time as the kernel upgrade?

-Brad