Help! Help! I am Stucking!!!
Posted: Thu May 08, 2003 3:03 pm
Fakt in the ACL for ... doesnt matter for what ...
i hide a file like
/ h
/root h
What happens:
May 8 20:51:08 router kernel: grsec: From 192.168.0.5: denied access to hidden file / by (rbash:5262) UID(501) EUID(501), parent (sshd:5260) UID(0) EUID(0)
Cool seams to work ... shocking reality
# ls /
bin dev home media mnt proc sbin usr www
cdrom etc lib mldonkey opt root tmp var
# cd /
Restricted ...
nothing is hidden damn
but why ?
it seams like always files defined in
/ {
section
}
are hidden but in no other sektion ... ?!?
oh cool
cd / says file not exist but lt works ... but why ?
heres the acl:
/bin/rbash {
/ h
/mnt rw
/dev
/dev/urandom r
/dev/random r
/dev/zero rw
/dev/input rw
/dev/psaux rw
/dev/null rw
/dev/tty0 rw
/dev/tty1 rw
/dev/tty2 rw
/dev/tty3 rw
/dev/tty4 rw
/dev/tty5 rw
/dev/tty6 rw
/dev/tty7 rw
/dev/tty8 rw
/dev/tty9 rw
/dev/console rw
/dev/tty rw
/dev/ttyp0 rw
/dev/ttyp1 rw
/dev/ttyp2 rw
/dev/ttyp3 rw
/dev/ttyp4 rw
/dev/ttyp5 rw
/dev/ttyp6 rw
/dev/ttyp7 rw
/dev/ttyp8 rw
/dev/ttyp9 rw
/dev/ttypa rw
/dev/ttypb rw
/dev/ttypc rw
/dev/ttypd rw
/dev/ttype rw
/dev/ttypf rw
/dev/pts rw
/dev/ptmx rw
/dev/hdd r
/dev/mem h
/dev/kmem h
/dev/tty rw
/dev/ttyp0 rw
/dev/ttyp1 rw
/dev/ttyp2 rw
/dev/ttyp3 rw
/dev/ttyp4 rw
/dev/ttyp5 rw
/dev/ttyp6 rw
/dev/ttyp7 rw
/dev/ttyp8 rw
/dev/ttyp9 rw
/dev/ttypa rw
/dev/ttypb rw
/dev/ttypc rw
/dev/ttypd rw
/dev/ttype rw
/dev/ttypf rw
/dev/pts rw
/dev/ptmx rw
/dev/hdd r
/dev/mem h
/dev/kmem h
/dev/port h
/lib rx
/proc rxw
/proc/kcore h
/proc/sys r
/mldonkey h
/tmp rw
/var rxw
/var/tmp rw
/var/log r
/bin rx
/bin/ash h
/bin/bash h
/bin/csh h
/bin/ksh h
/bin/sh h
/usr rx
/usr/bin/passwd h
/usr/bin/bash h
/usr/bin/rbash h
/usr/bin/zsh h
/etc rx
/etc/rc.d h
/etc/passwd h
/etc/passwd- h
/etc/passwd.YaST2save h
/etc/shadow h
/etc/shadow- h
/etc/shells h
/etc/grsec h
/home/maulwurf rxw
-CAP_ALL
RES_FSIZE 50208 50208
RES_DATA 2100960 2100960
RES_STACK 29672 29672
RES_RSS 0 0
RES_NPROC 4 4
RES_NOFILE 260 260
RES_MEMLOCK 0 0
RES_AS 6461408 6461408
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
before u say oh what a dumbass *g* i also tried to do it simpler way hiding just /root .... also dont worked :| dunno why
Stanadrt Suse-Linux 8.0-Prof. with current GrSec. on an reiserfs ( or was it ext2 .. cant remember +g+)
i hide a file like
/ h
/root h
What happens:
May 8 20:51:08 router kernel: grsec: From 192.168.0.5: denied access to hidden file / by (rbash:5262) UID(501) EUID(501), parent (sshd:5260) UID(0) EUID(0)
Cool seams to work ... shocking reality
# ls /
bin dev home media mnt proc sbin usr www
cdrom etc lib mldonkey opt root tmp var
# cd /
Restricted ...
nothing is hidden damn
but why ?
it seams like always files defined in
/ {
section
}
are hidden but in no other sektion ... ?!?
oh cool
cd / says file not exist but lt works ... but why ?
heres the acl:
/bin/rbash {
/ h
/mnt rw
/dev
/dev/urandom r
/dev/random r
/dev/zero rw
/dev/input rw
/dev/psaux rw
/dev/null rw
/dev/tty0 rw
/dev/tty1 rw
/dev/tty2 rw
/dev/tty3 rw
/dev/tty4 rw
/dev/tty5 rw
/dev/tty6 rw
/dev/tty7 rw
/dev/tty8 rw
/dev/tty9 rw
/dev/console rw
/dev/tty rw
/dev/ttyp0 rw
/dev/ttyp1 rw
/dev/ttyp2 rw
/dev/ttyp3 rw
/dev/ttyp4 rw
/dev/ttyp5 rw
/dev/ttyp6 rw
/dev/ttyp7 rw
/dev/ttyp8 rw
/dev/ttyp9 rw
/dev/ttypa rw
/dev/ttypb rw
/dev/ttypc rw
/dev/ttypd rw
/dev/ttype rw
/dev/ttypf rw
/dev/pts rw
/dev/ptmx rw
/dev/hdd r
/dev/mem h
/dev/kmem h
/dev/tty rw
/dev/ttyp0 rw
/dev/ttyp1 rw
/dev/ttyp2 rw
/dev/ttyp3 rw
/dev/ttyp4 rw
/dev/ttyp5 rw
/dev/ttyp6 rw
/dev/ttyp7 rw
/dev/ttyp8 rw
/dev/ttyp9 rw
/dev/ttypa rw
/dev/ttypb rw
/dev/ttypc rw
/dev/ttypd rw
/dev/ttype rw
/dev/ttypf rw
/dev/pts rw
/dev/ptmx rw
/dev/hdd r
/dev/mem h
/dev/kmem h
/dev/port h
/lib rx
/proc rxw
/proc/kcore h
/proc/sys r
/mldonkey h
/tmp rw
/var rxw
/var/tmp rw
/var/log r
/bin rx
/bin/ash h
/bin/bash h
/bin/csh h
/bin/ksh h
/bin/sh h
/usr rx
/usr/bin/passwd h
/usr/bin/bash h
/usr/bin/rbash h
/usr/bin/zsh h
/etc rx
/etc/rc.d h
/etc/passwd h
/etc/passwd- h
/etc/passwd.YaST2save h
/etc/shadow h
/etc/shadow- h
/etc/shells h
/etc/grsec h
/home/maulwurf rxw
-CAP_ALL
RES_FSIZE 50208 50208
RES_DATA 2100960 2100960
RES_STACK 29672 29672
RES_RSS 0 0
RES_NPROC 4 4
RES_NOFILE 260 260
RES_MEMLOCK 0 0
RES_AS 6461408 6461408
RES_LOCKS 0 0
connect {
disabled
}
bind {
disabled
}
}
before u say oh what a dumbass *g* i also tried to do it simpler way hiding just /root .... also dont worked :| dunno why
Stanadrt Suse-Linux 8.0-Prof. with current GrSec. on an reiserfs ( or was it ext2 .. cant remember +g+)