grsecurity forums

[chenull]

Dear,

i am new to grsec. i got problem that grsec made iptables ipt_owner modules doesn't work. failed with error:

Code: Select all

root@baron [~]# /sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT
ACCEPT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:25 OWNER UID match 0
iptables: Unknown error 4294967295


i've tried to choose compile [y] and module [m] in the kernel config. both didn't work. I've tried vanilla kernel in rpm.cormander.com too, but still didn't work. i am clueless, is it grsec issue or iptables issue ?

OS: Centos 5.4
Kernel: 2.6.32.10
grsec: grsecurity-2.1.14-2.6.32.10-201003211638.patch

[cormander]

I am able to reproduce this on a CentOS 5.4 box booting the vanilla kernel 2.6.32.10. This indicates that it's not a grsecurity problem.

I am not able to reproduce this problem on a Fedora 10 machine. So I had a look at iptables version:

Centos: iptables-1.3.5-5.3
Fedora 10: iptables-1.4.3.2

I downloaded the latest src.rpm for iptables from Fedora 12 (iptables-1.4.5) and recompiled it on the centos 5.4 machine, and installed it. The problem went away.

[chenull]

Yeah! you made my day Mr Henderson... thank you! say my hello to little Hazel

root@baron [~]# uname -a
Linux baron.idwebhost.com 2.6.32.10-grsec-idweb-0.5 #2 SMP Sat Apr 3 13:18:09 WIT 2010 i686 i686 i386 GNU/Linux
root@baron [~]# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing ipt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK

RESULT: csf should function on this server
root@baron [~]#