grsecurity forums

Hi all,
I am trying to figure out how I can resolve this situation. Running osCommerce shopping cart with payflopro module for verisign. When I try to check out the binary module does not have permissions to executy. I get this in the error log files.
sh: /var/www/vhosts/mydomain.com/httpdocs/verisign/bin/pfpro: Permission denied

logas show this:
May 27 23:42:37 ns1 kernel: grsec: From xx.xx.xxx.233: denied untrusted exec of /var/www/vhosts/domain.com/httpdocs/verisign/bin/pfpro by /bin/bash[sh:5910] uid/euid:48/48 gid/egid:48/48, parent /usr/sbin/httpd[httpd:860] uid/euid:48/48 gid/egid:48/48

Any help will be appreciated.

That process is subject to TPE (Trusted Path Execution). The log message is originating from grsecurity/grsec_tpe.c. A quick survey of the code suggests that either the directory is not owned by root or the directory is writable by users other than root.

You can turn off TPE (bad idea), run the process as root (worse idea), or fix the permissions on the directory.

i moved the directory in /var/opt/ and chowned to root and I still get

ns1 kernel: grsec: From 69.84.110.233: denied untrusted exec of /var/opt/verisign/bin/pfpro by /bin/bash[sh:20444] uid/euid:48/48 gid/egid:48/48, parent /usr/sbin/httpd[httpd:31071] uid/euid:48/48 gid/egid:48/48

As it is apache that is trying to run it.

What is output when you run /bin/ls -la /var/opt/verisign /var/opt/verisign/bin?

/var/opt/verisign/bin:
total 60
drwxrwxrwx 3 root root 4096 May 28 01:44 .
drwxrwxrwx 7 root root 4096 Apr 28 14:51 ..
drwxrwxrwx 3 root root 4096 Apr 28 14:06 examples
-rwxrwxrwx 1 root root 7733 May 27 18:50 pfpro
-rwxrwxrwx 1 root root 4212 Apr 28 14:06 pfpro.c
-rwxrwxrwx 1 root root 8524 Apr 28 14:06 pfpro-file
-rwxrwxrwx 1 root root 514 Apr 28 14:06 pfpro.h
-rwxrwxrwx 1 root root 1162 Apr 28 14:06 readme.txt
-rwxrwxrwx 1 root root 934 Apr 28 15:07 test.sh
-rwxrwxrwx 1 root root 861 Apr 28 14:06 test-xml.sh
-rwxrwxrwx 1 root root 900 Apr 28 14:06 transaction.xml

Thanks for your effort by the way.

No wonder you're having problems. That directory is world-writable, which is extremely bad. TPE is rightly blocking you because anyone on the system, as well as any scripts running on behalf of anyone who accesses the webserver, can modify those files.

At the very least, you need to run /bin/chmod go-w /var/opt/verisign /var/opt/verisign/bin. You should probably chmod go-w /var /var/opt, and the files associated with this verisign package. For example, chmod go-w -R /var/opt/verisign will recursively remove "group" and "other" write permission for /var/opt/verisign and all directories under it. Unless you're extremely confident about the security of this box in other respects, I'd recommend just erasing the whole verisign package and reinstalling it with correct permissions, to be sure you get an installation that has not been modified by someone else on the system.

For reference, when I switch to bold, it usually indicates a command that I want you to type exactly. (In my last post, I asked for you to ls -la two directories, but you only posted one. That's OK in this case, because what you did show reveals the problem.) It should be possible just to paste the bold text directly from your browser into your shell and have it work. Also, you should exercise caution when running any commands found on an Internet forum. If you don't know what it's going to do, ask someone before you run it. Often, you can determine a command's general purpose by consulting the manual page for it. At a shell prompt, run man basename-of-command, for example man chmod. Modern desktop environments may also have built-in manpage viewers. KDE definitely has one. I don't know about GNOME.

Kp! I can not thank you enough. After following your instructions I got everything working. Thank you, thank you, thank you!
I really appreciate your help!