grsecurity forums


https://forums.grsecurity.net./

problem with grsec 2.1.0 and new learn_config

https://forums.grsecurity.net./viewtopic.php?f=3&t=1072

Page 1 of 1

problem with grsec 2.1.0 and new learn_config

PostPosted: Sat Jan 22, 2005 5:51 pm
by onyx
Hi!

I think there is something with the new learning introduced in 2.1.0. By default, this line is added to learn_config:

inherit-learn /etc/cron.daily

Then I had gradm -F ... run for a few days, then started gradm -F -L ... -O ...

The problem is, when I start the system with gradm -E, it says the following:

Code: Select all
# gradm -E
Duplicate object found for "/usr/lib/libsablot.so.0.100.0" in role root, subject /etc/cron.daily, on line 566 of /etc/grsec/policy.
"/usr/lib/libsablot.so.0.100.0" references the same object as the following object(s):
/usr/lib/libsablot.so.0
/usr/lib/libsablot.so
/usr/lib/libsablot.so.0.100.0


So it seems, that the new learning method doesn't recognise softlinks, and it adds all of theese entries to policy. I removed them, so that's not a problem, but I think this is not the normal behaviour :)

I didn't check, maybe it is already fixed in 2.1.1-pre, but I thought maybe you don't know about this.
Thank you,
Balint

PostPosted: Sat Jan 22, 2005 5:58 pm
by onyx
Hmm, next one, this is really odd:

I have the following as well in learn_config:
inherit-learn /usr/local/munin

Then gradm generated the following:

Code: Select all
[...]
/ld-2                           h
/ld-2/bin/wc
[...]
//bin/wc
/dev
/dev/                           h
/dev//bin/wc                    r
[...]
/www.mydomain.hu-df-_dev_hdb1-g.rrd     xi


so they seem to be a little buggy. Could you spender check what's wrong?

Thank you again,
Balint

ps: maybe munin creates temporary files in the root directory? (for the last entry)

now, i have more of theese, hope this helps:

Code: Select all
        /sbin                           h
       /sbin/syslog-ng                 xi
    /var/lib/munin/mydomain.hu/www.mydomain.hu-df_inode-_dev_hdb1-g.rrd
       //lib/l/dev/urandom             xi
        /dev
        /dev/null                       w
        /dev/tty                        rw
        /dev/urandom                    r
        /dev/grsec                      h
        /dev/mem                        h
        /dev/kmem                       h
        /dev/port                       h
        /dev/log                        h
        /home
        /lib                            rxi
        /proc                           r
        /proc/kcore                     h
        /proc/bus                       h
        /sys                            r
       /urandom                        xi

PostPosted: Sun Jan 23, 2005 1:25 am
by spender
can you mail your learning log to spender@grsecurity.net?

-Brad

PostPosted: Sun Jan 23, 2005 7:01 am
by onyx
The log is ~1gb, 23 Mb bzipped, so I uploaded it somewhere. I've sent the download link to you by email.

Thank you in advance,

Balint

PostPosted: Sun Jan 23, 2005 1:12 pm
by spender
Are you using 2.4 or 2.6?
If you're using 2.6, are you using preempt also?

-Brad

PostPosted: Sun Jan 23, 2005 2:09 pm
by onyx
2.6, and yes, I do use preempt.
Grsec is 2.1.0, with gradm-2.1.0-200501071935

PostPosted: Sun Jan 23, 2005 2:50 pm
by spender
The problem is fixed in 2.1.1

-Brad

PostPosted: Sun Jan 23, 2005 3:00 pm
by onyx
Thank you, altough I can't try it till it gets stable.

And by the way, you did a great job with grsec :)

Balint
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/