Page 1 of 1

ACL problems

PostPosted: Fri Apr 12, 2002 8:51 am
by Eoghan
Hi,

I am new to both grsecurity and linux, so please forgive any stupid mistakes.

I have compiled kernel version 2.4.18 with grsecurity 1.9.4, with most of the grsecurity options turned on.

I wrote a couple of very simple test programs so that I could become more familiar with the ACL system, but they both produce a Segmentation fault when the ACL stuff is turned on.

I have included what I hope is all the relevant info below.

Thanks,
Eoghan


My ACL files are as follows:

file.acl
/home/edoyle/dev/grsec/test.txt hrwx

proc.acl
/home/edoyle/dev/grsec/test1 {
/etc/ld.so.conf r
/etc/ld.so.preload r
/lib/i686/libc.so.6 r
/lib/ld-linux.so.2 r
/home/edoyle/dev/grsec/test.txt f
}

/home/edoyle/dev/grsec/test1 {
/etc/ld.so.conf r
/etc/ld.so.preload r
/lib/i686/libc.so.6 r
/lib/ld-linux.so.2 r
/home/edoyle/dev/grsec/test.txt f
}



The programs are:

test1.c
#include <stdio.h>
int main ()
{
FILE *f = fopen ( "test.txt", "w" );
char str[] = "This is a test.\n";

if ( !f )
{
printf ( "Failed to open file!\n" );
}
else
{
fwrite ( str, strlen ( str ), 1, f );
}
return 0;
}


test2.c
#include <stdio.h>
int main ()
{
FILE *f = fopen ( "test.txt", "r" );
char str[] = "This is a test.\n";

if ( !f )
{
printf ( "Failed to open file!\n" );
}
else
{
fread ( str, strlen ( str ), 1, f );
printf ( str );
}
return 0;
}

Tips

PostPosted: Sat Apr 13, 2002 4:33 am
by michaeld
Be sure to include a rule like
/ rwx
in file.acl just so it matches everything that none of the other rules do. Also please read the ACL documentation. And whenever you have a program acl(for 1.9.4 at least) you must
add the following like
<program name> rx

like

/bin/foo {
... (stuff like /lib rx and such)
/bin/foo rx
}

the /bin/foo rx is critical and is the source of your mmap problems, as a program must mmap itself to run. Hope I helped

Michael

Problem not resolved

PostPosted: Tue Apr 30, 2002 6:22 am
by Eoghan
Hi,

I tried your suggestions, but I was not able to resolve the problems!

I am puzzled as to why the programs cause a segmentation fault when the files are not available. I thought that the fopen function would fail and return a NULL file pointer, which is handled in my programs.

Thanks for your help.

Eoghan