grsec doesn't care about sysctl.conf and grkernsec_proc_gid
Posted: Mon Apr 14, 2014 4:24 pmHello!
Today I've compiled a 3.13.9 vanilla kernel with grsec patch set on my Debian Jessie and everything is working flawless except two very strange things I've never encountered with grsec
It's totally ignoring the fact that I'm in grsecex group, that should exclude me from /proc restrictions
[EDIT]
OK, I've probably messed something with CONFIG_GRKERNSEC_PROC_USER, I'll recompile it tomorrow and let you know
This problem remains:
And the second thing is that system do not load the contents of /etc/sysctl.conf, leaving no information in dmesg or syslog. Surprisingly it works if I do sysctl -p
Kind regards,
thatsstrange
Today I've compiled a 3.13.9 vanilla kernel with grsec patch set on my Debian Jessie and everything is working flawless except two very strange things I've never encountered with grsec
- Code: Select all
# cat /boot/config-3.13.9-hardened-grsec | grep GRKERNSEC_PROC_GID
CONFIG_GRKERNSEC_PROC_GID=2001
# id thatsstrange
uid=1000(thatsstrange) gid=1000(thatsstrange) grupy=1000(thatsstrange),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),103(fuse),105(scanner),108(lpadmin),110(bluetooth),112(netdev),113(kvm),124(debian-tor),126(clamav),69(wheel),134(wireshark),2001(grsecex)
It's totally ignoring the fact that I'm in grsecex group, that should exclude me from /proc restrictions
[EDIT]
OK, I've probably messed something with CONFIG_GRKERNSEC_PROC_USER, I'll recompile it tomorrow and let you know
This problem remains:
And the second thing is that system do not load the contents of /etc/sysctl.conf, leaving no information in dmesg or syslog. Surprisingly it works if I do sysctl -p
Kind regards,
thatsstrange