grsecurity forums

Does anyone have any idea HOW THE HELL Mandrake expects users to configure grsecurity? They don't include any tools to configure it like gradm or anything.

Any help would be appreciated. grsec keeps denying me permission to run certain programs on my own server.

Thanks.

I wish I knew the answer. Mandrake never responds to my repeated mails.

-Brad

One of the guys on Mandrakeclub.com has finished a patch for the secure kernel, and will be releasing it public soon. A good FTP site to get it from will be: ftp://mirrors.secsup.org/pub/linux/mand ... /9.1/i586/

It's called Kernel-with-acl-support or something. Should be available in the next day or two.

It's just under 4 months since the original post on this thread, and I can not find anything useful on the net about managing GRSecurity under Mandrake. Well, not anything that WORKS. I have found at least 4 "incidents" (not counting my own) on mandrakeexperts.com that are related to Mandrake's version of grsec being broke, with no responses from their experts.

Today, I got a suggestion of editing my ".config" file to enable sysctl, but I can't find one of those on any of the systems involved. I just want to make it possible for apache to run a couple of CGI programs... Why does it have to be so hard?

Is there a way to manage Mandrake's version of GRSecurity without recompiling the kernel to install the latest from source?

I found an RPM for mandrake that worked for me.

http://www.deserve-it.com/Cooker/SRPMS/ ... dk.src.rpm

http://www.deserve-it.com/Cooker/RPMS/g ... k.i586.rpm

I hope this helps.

Thanks - I'll check them out. It's been a very frustrating 3 weeks here, since I've also been making updates to the affected program, so having Mandrake barf all over it at the same time was trying my sanity... And the near total lack of anyone willing to answer how to fix it made it maddening!

I'll check back in after I test things. I thought I'd tripped over an answer in the acl package that comes with MDK, but it doesn't do much more than chmod can do.

Jeff

espicom wrote:And the near total lack of anyone willing to answer how to fix it made it maddening!

maybe the following will sound a bit disappointing to you, but the fact is that grsecurity is supported on exactly one kernel version: vanilla from kernel.org. every other combination is the responsibility of the respective party who makes it (well, more or less, we do try to support some other patches as well, but only when they use the latest version which is not true for Mandrake). Mandrake's case is particularly painful as spender did try to tell them a while ago to keep using the latest versions, all in vain as you had to find it out the hard way. if the vanilla kernel is ok for you, please use it by all means, then we can actually support you, should you still run into problems.

the fact is that grsecurity is supported on exactly one kernel version: vanilla from kernel.org.

This does not surprise me. What does surprise me, though, is that Mandrake would make anything a key part of their security model, and yet not provide any configuration utilities or even information on it...

More surprising has been the fact that it is so difficult to find help; typically, if I type the text of an error message into Google, I can find many sites that have answers to my problem. In this case, it took visits to several dozen sites to find out that "grsec" refered to "grsecurity", and a few more sites to get a link to this site.

And, for the record, it has now been 12 days since I posted my problem on mandrakeexpert.com, and it still has not been "reviewed by an expert"!

Hi espicom,

I came by this thread via the same tortuous path as you...frustrating google searches.

I'm wondering: what solution have you gone with since your last post? The vanilla kernel from kernel.org? The non-secure Mandrake kernel? A recompile of the secure mdk kernel?

I *used* to really dig Mandrake...until entering this world of pain with 2.4.22-10mdksecure

*sigh*

rpm --rebuild gradm.....src.rpm does it all
doesn't mather which version off gradm you take, i recompiled the latest
which is 2.0.4mdk-something.