grsecurity forums


https://forums.grsecurity.net./

Problem with role transition and nested subjects?

https://forums.grsecurity.net./viewtopic.php?f=3&t=1198

Page 1 of 1

Problem with role transition and nested subjects?

PostPosted: Mon May 16, 2005 4:55 am
by chrlin
Why do I get a denied execution of /opt/java?

Code: Select all
subject /opt/start.sh
        /bin/su                 rx
        /dev/log                rw
        /etc/shadow             r
        /var/run/utmp           rw
        /var/log/faillog        rwc
        /root                   r
        /root/.xauth*           rwcd
        +CAP_SYS_TTY_CONFIG
subject /opt/start.sh:/bin/su
        /bin/bash               rxi
subject /opt/start.sh:/bin/su:/bin/bash
        /opt/java   rx


Output from exec_logging
    grsec: From XX: (root:/opt/start.sh) exec of /bin/su (su user -c /opt/java -Xve) by /opt/start.sh [start.sh:15931] uid/euid:0/0 gid/egid:0/0, parent /opt/start.sh [start.sh:14053] uid/euid:0/0 gid/egid:0/0

    grsec: From XX: (wbs:/) exec of /bin/bash (sh -c /opt/java -Xverify:none ) by /bin/su[su:21653] uid/euid:540/540 gid/egid:518/518, parent /bin/su[su:15931] uid/euid:0/0 gid/egid:0/0

    grsec: From XX: (wbs:G:/) denied execution of /opt/java by /bin/bash[sh:21653] uid/euid:540/540 gid/egid:518/518, parent /bin/su[su:15931] uid/euid:0/0 gid/egid:0/0


Role root and role wbs include the acl.

Gradm version:gradm v2.0.1
grsec patch:grsecurity-2.0.1-2.4.27.patch på kernel 2.4.27

PostPosted: Sat May 28, 2005 10:37 pm
by bplant
I have the same problem, with a different app though. Did you find a solution/reason for the problem?

Cheers,

Brad

PostPosted: Mon May 30, 2005 2:01 am
by chrlin
Unfortunately I did not find any solution or reason for the problem. Please post if you come up with something.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/