grsecurity forums

Alright I've been using grsecurity sense 2.4.20 (&27,29,31) and I got off my lazy bum and compiled 2.4.33.3 since I was using 2.4.31. I essentially kept my same .config from 2.4.31, just moved it over. I do remember adding a grsecurity option (something that made VM's possibly run slow)- but hey I'm not running a VM. Anyway I use grsecurity in an ipcop firewall that has a web interface. One of the web functions in the information page doesn't work with 2.4.33.3- It's a system call (ifconfig -a). Works fine with the 2.4.31 grsecurity kernel and the command works in a terminal. Absolutely no httpd errors or kernel message errors. I learned a long time ago to make user 'nobody' (99) special- so that ain't it (that'll break just about everything in the web interface- not just the ifconfig). Before I start tearing through the options and enabling/disabling things, has there been a change in grsecurity to cause this?

JLO wrote:One of the web functions in the information page doesn't work with 2.4.33.3- It's a system call (ifconfig -a). Works fine with the 2.4.31 grsecurity kernel and the command works in a terminal. Absolutely no httpd errors or kernel message errors. I learned a long time ago to make user 'nobody' (99) special- so that ain't it (that'll break just about everything in the web interface- not just the ifconfig). Before I start tearing through the options and enabling/disabling things, has there been a change in grsecurity to cause this?

i doubt it's UDEREF, but you can try to disable it. also, can you verify that ifconfig works under a vanilla 2.4.33.3 kernel at least? you could also record an strace run of the failing ifconfig and compare it against the working case, maybe that reveals something.

Alright, thanks for the reply. Admittedly I did just automatically place the blame on grsecurity although I'm using some other patches (openswan & POM). I will play with it some this week (and try just a plain vanilla) and get back this weekend and give an update.