Page 1 of 1

Grsec Enabled. Enforcing existing processes.

PostPosted: Fri May 30, 2008 6:15 am
by hmhansolo
Hello,
Quick question. I notice that when grsec starts, some processes are allowed some accesses, if the process existed before grsec was enabled. For example.

Run `tail -f /var/log/kern.log`

Run `gradm -E`

the above tail keeps working. If you run the tail command again, it won't work.

I am thinking this is likely the case, because tail already has been given a handle to the resource. It would be rather difficult i guess to, at the start of grsec, go through all allocated resources and check if they violate the acl, and if so pull them..

just curious.. i'd imagine that this would be prohibitively difficult, and can be overcome by running `gradm -E` as early as possible in system startup



One other question is this:

is it possible to see which processes have an elevated privilege? like if in a cmd prompt, i do `gradm -a admin` or `gradm -a mysql`.. from another elevated console, can i see all processes that are elevated and which role they are in?

thanks