ACLs are being ignored?? kind of??!!
Posted: Wed Jan 22, 2003 12:33 amextremely weird problem here.
my ACL file follows:
/ {
/ r
/opt rx
/home rwx
/mnt rw
/dev
/dev/urandom r
/dev/random r
/dev/zero rw
/dev/input rw
/dev/psaux rw
/dev/null rw
/dev/tty0 rw
/dev/tty1 rw
/dev/tty2 rw
/dev/tty3 rw
/dev/tty4 rw
/dev/tty5 rw
/dev/tty6 rw
/dev/tty7 rw
/dev/tty8 rw
/dev/console rw
/dev/tty rw
/dev/pts rw
/dev/ptmx rw
/dev/dsp rw
/dev/mixer rw
/dev/ippp0 rw
/dev/ippp1 rw
/dev/ippp2 rw
/dev/ippp3 rw
/dev/ippp4 rw
/dev/ippp5 rw
/dev/ippp6 rw
/dev/ippp7 rw
/dev/initctl rw
/dev/fd0 r
/dev/cdrom r
/dev/mem h
/dev/kmem h
/dev/port h
/bin rx
/sbin rx
/lib rx
/usr rx
/etc rx
/proc rwx
/proc/kcore h
/proc/sys r
/root r
/tmp rw
/var rwx
/var/tmp rw
/var/log r
/boot r
/etc/grsec h
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_MKNOD
-CAP_SYS_RAWIO
-CAP_SYS_MODULE
}
/sbin/syslogd {
/dev/log rw
/var/log wo
}
/sbin/klogd {
/dev/log rw
}
/usr/sbin/cron {
/dev/log rw
}
/bin/login {
/dev/log rw
/var/log/wtmp rw
/var/log/lastlog rw
/var/log/faillog rw
}
/sbin/init {
/var/log/wtmp rw
}
/bin/bash {
/root/.bash_history ar
}
/sbin/agetty {
/var/log/wtmp rw
}
#/usr/sbin/sshd {
# /dev/log rw
#}
/usr/sbin/tcpd {
/dev/log rw
}
/usr/sbin/sshd poX {
/var/run
/var/run/sshd.pid rw
/var/run/utmp rw
/var/log/wtmp w
/var/log
/root
/proc
/dev
/dev/log rw
/dev/tty rw
/dev/null rw
/dev/pts rw
/dev/ptmx rw
/var/run/sshd
/var/mail
/var/log/lastlog rw
/usr/lib rx
/lib rx
/home
/etc r
/etc/grsec h
/bin/bash x
/usr/bin/sshd x
/tmp rw
/ r
-CAP_ALL
+CAP_CHOWN
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
+CAP_SYS_RESOURCE
+CAP_SYS_TTY_CONFIG
+CAP_DAC_OVERRIDE
RES_CRASH 1 10m
connect {
0.0.0.0/0:53 dgram udp
}
bind {
0.0.0.0/0:22 stream tcp
}
}
now, as you can see / is hidden from sshd
yet when i login through ssh i can still see / ??
but if i change / to h in the default ACL, and / r in sshd - sshd still doesnt see /
what the hell is going on here?
my ACL file follows:
/ {
/ r
/opt rx
/home rwx
/mnt rw
/dev
/dev/urandom r
/dev/random r
/dev/zero rw
/dev/input rw
/dev/psaux rw
/dev/null rw
/dev/tty0 rw
/dev/tty1 rw
/dev/tty2 rw
/dev/tty3 rw
/dev/tty4 rw
/dev/tty5 rw
/dev/tty6 rw
/dev/tty7 rw
/dev/tty8 rw
/dev/console rw
/dev/tty rw
/dev/pts rw
/dev/ptmx rw
/dev/dsp rw
/dev/mixer rw
/dev/ippp0 rw
/dev/ippp1 rw
/dev/ippp2 rw
/dev/ippp3 rw
/dev/ippp4 rw
/dev/ippp5 rw
/dev/ippp6 rw
/dev/ippp7 rw
/dev/initctl rw
/dev/fd0 r
/dev/cdrom r
/dev/mem h
/dev/kmem h
/dev/port h
/bin rx
/sbin rx
/lib rx
/usr rx
/etc rx
/proc rwx
/proc/kcore h
/proc/sys r
/root r
/tmp rw
/var rwx
/var/tmp rw
/var/log r
/boot r
/etc/grsec h
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_MKNOD
-CAP_SYS_RAWIO
-CAP_SYS_MODULE
}
/sbin/syslogd {
/dev/log rw
/var/log wo
}
/sbin/klogd {
/dev/log rw
}
/usr/sbin/cron {
/dev/log rw
}
/bin/login {
/dev/log rw
/var/log/wtmp rw
/var/log/lastlog rw
/var/log/faillog rw
}
/sbin/init {
/var/log/wtmp rw
}
/bin/bash {
/root/.bash_history ar
}
/sbin/agetty {
/var/log/wtmp rw
}
#/usr/sbin/sshd {
# /dev/log rw
#}
/usr/sbin/tcpd {
/dev/log rw
}
/usr/sbin/sshd poX {
/var/run
/var/run/sshd.pid rw
/var/run/utmp rw
/var/log/wtmp w
/var/log
/root
/proc
/dev
/dev/log rw
/dev/tty rw
/dev/null rw
/dev/pts rw
/dev/ptmx rw
/var/run/sshd
/var/mail
/var/log/lastlog rw
/usr/lib rx
/lib rx
/home
/etc r
/etc/grsec h
/bin/bash x
/usr/bin/sshd x
/tmp rw
/ r
-CAP_ALL
+CAP_CHOWN
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
+CAP_SYS_RESOURCE
+CAP_SYS_TTY_CONFIG
+CAP_DAC_OVERRIDE
RES_CRASH 1 10m
connect {
0.0.0.0/0:53 dgram udp
}
bind {
0.0.0.0/0:22 stream tcp
}
}
now, as you can see / is hidden from sshd
yet when i login through ssh i can still see / ??
but if i change / to h in the default ACL, and / r in sshd - sshd still doesnt see /
what the hell is going on here?