grsecurity forums


https://forums.grsecurity.net./

how to allow mmap of perl module lib (MD5.so) ?

https://forums.grsecurity.net./viewtopic.php?f=3&t=280

Page 1 of 1

how to allow mmap of perl module lib (MD5.so) ?

PostPosted: Wed Jan 22, 2003 2:59 pm
by scip
Hi,

I'm trying to use a perlscript, which itself loads some Crypto-perlmodules. When I execute it, I see the following message in the log:

Jan 22 19:48:41 tpol kernel: grsec: From *.*.*.*: attempt to mmap [03:06:193017] MD5.so executable by (note:4182) UID(1000) EUID(1000), parent (bash:5785) UID(1000) EUID(1000)

I added the following (test-) config to the acl:

/usr/bin/note XO {
/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so rx
+CAP_ALL
}

but this doesn't help. So - how can I get the script working ?

regards, scip
PS: grsec version: 1.9.8-2.4.20

PostPosted: Wed Jan 22, 2003 3:06 pm
by scip
it does even not work if I disable the acl's globally (gradm -D), so this seems to be a kernel issue...

PostPosted: Wed Jan 22, 2003 3:23 pm
by spender
The log is from the ACL system, so it should work if you did a valid gradm -D. Try using the learning mode on it. Using 1.9.9-rc3 (or current CVS) could also help you debug the problem, as it always logs full paths, so you don't have to deal with the inode/device numbers.

-Brad

PostPosted: Wed Jan 22, 2003 6:08 pm
by scip
I tried the learning mode. Normally in learning mode, the program should work at all (I used the learning mode config example of the documentation, which worked so far for all other programs). But this doesn't really help me. I am getting the following log entry (shortened):

Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193027:/usr/local/lib/perl/5.6.1/Digest/MD5.pm:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193027:/usr/local/lib/perl/5.6.1/Digest/MD5.pm:1
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193016:/usr/local/lib/perl/5.6.1/auto/Digest/MD5:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193025:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.bs:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:16
Jan 22 23:02:33 tpol kernel: grsec: LEARN:774:240758:774:193017:/usr/local/lib/perl/5.6.1/auto/Digest/MD5/MD5.so:1
Jan 22 23:02:33 tpol kernel: grsec: From 217.80.251.119: attempt to mmap [03:06:193017] MD5.so executable by (note:8402) UID(1000) EUID(1000), parent (bash:26321) UID(1000) EUID(1000)

oh, and yes, I am very sure, I disabled successfully the acls using gradm -D, because other stuff which normally doesn't work if acls are enabled, worked very well.


- scip
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/