linux-2.4.19-grsec-1.9.6 + Apache 2.0.40 + PHP 4.x + MySQL.
Posted: Mon Sep 09, 2002 6:21 pm
Hi there.
I have some troubles with apps (as in topic) running on Linux kernel version 2.4.19 patched with grsecurity 1.9.6...
Before upgrading this kernel, I have it working propertly, and now PHP says, that he couldn't connect to mysqld...
May it be caused by inpropetly use of grsec protections?
My sets are:
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y
#
# Buffer Overflow Protection
#
CONFIG_GRKERNSEC_STACK=y
CONFIG_GRKERNSEC_STACK_GCC=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_KSYMS=y
#
# ACL options
#
# CONFIG_GR_DEBUG is not set
# CONFIG_GRKERNSEC_ACL_CAPLOG is not set
CONFIG_GR_MAXTRIES=3
CONFIG_GR_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
I will try to rollback to kernel 2.4.18-grsec, but I will be happy to may use kernel 2.4.19-grsec ;)
Please for some advise...
I have some troubles with apps (as in topic) running on Linux kernel version 2.4.19 patched with grsecurity 1.9.6...
Before upgrading this kernel, I have it working propertly, and now PHP says, that he couldn't connect to mysqld...
May it be caused by inpropetly use of grsec protections?
My sets are:
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y
#
# Buffer Overflow Protection
#
CONFIG_GRKERNSEC_STACK=y
CONFIG_GRKERNSEC_STACK_GCC=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_KSYMS=y
#
# ACL options
#
# CONFIG_GR_DEBUG is not set
# CONFIG_GRKERNSEC_ACL_CAPLOG is not set
CONFIG_GR_MAXTRIES=3
CONFIG_GR_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
I will try to rollback to kernel 2.4.18-grsec, but I will be happy to may use kernel 2.4.19-grsec ;)
Please for some advise...