hwclock and cron issue
Posted: Fri Feb 21, 2003 4:19 pm
Hi,
I have a problem with the execution of hwclock from within a cron job.
Cron runs under uid 0 and so does the script which calls hwclock.
When I execute the script on the console it works fine.
grsecurity 1.9.9c
kernel 2.4.20
os devil-linux current CVS version
acls are not used
grsec kernel options http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/devil-linux/build/scripts/config/config_grsecurity?rev=1.8&content-type=text/vnd.viewcvs-markup
grsec proc parameters http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/devil-linux/build/scripts/scripts/grsecurity.proc?rev=1.5&content-type=text/vnd.viewcvs-markup
Setting all proc parameters to 0 doesn't change anything
Thanks for the help
Heiko
Syslog output:
Feb 21 15:10:00 src@carina2 kernel: grsec: denied use of iopl() by (hwclock:22901) UID(0) EUID(0), parent (strace:17564)
UID(0) EUID(0)
strace output:
getuid32() = 0
open("/dev/rtc", O_RDONLY|O_LARGEFILE) = 0
open("/dev/tty1", O_RDONLY|O_LARGEFILE) = 3
ioctl(3, 0x4b50, 0xbc758ce0) = -1 EINVAL (Invalid argument)
iopl(0x3) = -1 EPERM (Operation not permitted)
working strace:
getuid32() = 0
open("/dev/rtc", O_RDONLY|O_LARGEFILE) = 3
close(3) = 0
I have a problem with the execution of hwclock from within a cron job.
Cron runs under uid 0 and so does the script which calls hwclock.
When I execute the script on the console it works fine.
grsecurity 1.9.9c
kernel 2.4.20
os devil-linux current CVS version
acls are not used
grsec kernel options http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/devil-linux/build/scripts/config/config_grsecurity?rev=1.8&content-type=text/vnd.viewcvs-markup
grsec proc parameters http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/devil-linux/build/scripts/scripts/grsecurity.proc?rev=1.5&content-type=text/vnd.viewcvs-markup
Setting all proc parameters to 0 doesn't change anything
Thanks for the help
Heiko
Syslog output:
Feb 21 15:10:00 src@carina2 kernel: grsec: denied use of iopl() by (hwclock:22901) UID(0) EUID(0), parent (strace:17564)
UID(0) EUID(0)
strace output:
getuid32() = 0
open("/dev/rtc", O_RDONLY|O_LARGEFILE) = 0
open("/dev/tty1", O_RDONLY|O_LARGEFILE) = 3
ioctl(3, 0x4b50, 0xbc758ce0) = -1 EINVAL (Invalid argument)
iopl(0x3) = -1 EPERM (Operation not permitted)
working strace:
getuid32() = 0
open("/dev/rtc", O_RDONLY|O_LARGEFILE) = 3
close(3) = 0