cron and grsec(2.0-pre1 and 1.9.9f)
Posted: Mon Apr 14, 2003 9:02 am
Hi ... i have little problem with cron
all works fine to moment when i patch kernel (2.4.20) with grsec2.0-pre1 (the same problem with 1.9.9f)
all work fine with old kernels and patches: example my old kernel 2.4.20 was patched with grsecurity-1.9.9c.
gradm is Disabled
i can't use cron from root or user level
Debian 3.0
cron ver 3.0pl1-72
/var/log.auth.log show me
---
Apr 14 14:55:01 bitchx cron(pam_unix)[11155]: session opened for user root by (uid=0)
Apr 14 14:55:01 bitchx CRON[11155]: Permission denied
---
my kernel config (the same for 1.9.9.c , 1.9.9f and 2.0-pre1):
---
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_PAX_NOEXEC=y
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
CONFIG_GRKERNSEC_PAX_EMUTRAMP=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=50
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=50
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_FLOODTIME=1
CONFIG_GRKERNSEC_FLOODBURST=4
---
rest is not set for Grsecurity
all works fine to moment when i patch kernel (2.4.20) with grsec2.0-pre1 (the same problem with 1.9.9f)
all work fine with old kernels and patches: example my old kernel 2.4.20 was patched with grsecurity-1.9.9c.
gradm is Disabled
i can't use cron from root or user level
Debian 3.0
cron ver 3.0pl1-72
/var/log.auth.log show me
---
Apr 14 14:55:01 bitchx cron(pam_unix)[11155]: session opened for user root by (uid=0)
Apr 14 14:55:01 bitchx CRON[11155]: Permission denied
---
my kernel config (the same for 1.9.9.c , 1.9.9f and 2.0-pre1):
---
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_PAX_NOEXEC=y
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
CONFIG_GRKERNSEC_PAX_EMUTRAMP=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=50
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=50
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_FLOODTIME=1
CONFIG_GRKERNSEC_FLOODBURST=4
---
rest is not set for Grsecurity