Page 1 of 1
strange error on /dev/mem in grsecurity-1.9.8-rc2
Posted:
Sun Dec 15, 2002 12:51 pmby piavka
When starting grsecurity-1.9.8-rc2 with 'gradm -E'(gradm version is 1.6)
i get the error:
Viewing access is allowed to /dev/mem. This would allow an attacker to modify the code of programs running on your system.
While in acl i have
/ {
...
/dev/mem h
...
}
if i comment the '/dev/mem h' i get the error printed twice.
Thanks
Posted:
Sun Dec 15, 2002 7:30 pmby spender
could you paste the whole ACL for /, and paste a session of you enabling the ACL system and the error?
-Brad
Posted:
Mon Dec 16, 2002 7:32 amby piavka
/etc/grsec#gradm -E
Viewing access is allowed to /dev/mem. This would allow an attacker to modify the code of programs running on your system.
There were 1 holes found in your ACL configuration. These must be fixed before the ACL system will be allowed to be enabled.
The / acl:
/ l {
/ r
/opt r
/home rx
/mnt r
/tmp rw
/boot r
/root r
/usr r
/usr/share/locale rx
/etc r
/etc/grsec h
/var r
/var/tmp rw
/var/log rw
/dev w
/dev/mem h
/dev/kmem h
/proc rw
/proc/sys r
/proc/kcore h
/lib rx
/usr/lib rx
/usr/local/lib rx
/usr/X11R6/lib rx
/bin rx
/sbin rx
/usr/bin rx
/usr/sbin rx
/usr/local/bin rx
/usr/X11R6/bin rx
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_SYS_MODULE
-CAP_SYS_RAWIO
-CAP_MKNOD
}
Posted:
Mon Dec 16, 2002 12:23 pmby spender
Sorry, the problem was due to a typo on my part. The error should read "/dev/port", not "/dev/mem". Just add /dev/port h to your ACL and you'll be fine.
-Brad