grsecurity forums

Hello. I have a debian grsec enabled, 2.4.21 kernel patched with grsec-1.9.11. I chose the "medium" range of grsec from the menuconfig.

Now I have a php app on my website which reads /proc/dev/net for giving some info on a webpage.
Since I enabled grsec in the kernel I have the following error :

Warning: file("/proc/net/dev") - Permission denied in /home/server/html/syscon/modules/mod_iflist.php on line 23

I added "/proc/net rwx" and "/proc/net/dev r" in the /etc/grsec/acl and ran gradm -E, but I still get the error... What did I forget ?

Thank you
Eric

You should have a look at CONFIG_GRSEC_PROC, CONFIG_GRSEC_PROC_USER and CONFIG_GRSEC_PROC_USERGROUP in the kernel config (located under grsecurity - filesystem protections, you must change to custom security level). The reason is that grsecurity has additional restrictions of /proc that not are covered by the acl system.

goodbyte wrote:You should have a look at CONFIG_GRSEC_PROC, CONFIG_GRSEC_PROC_USER and CONFIG_GRSEC_PROC_USERGROUP in the kernel config (located under grsecurity - filesystem protections, you must change to custom security level). The reason is that grsecurity has additional restrictions of /proc that not are covered by the acl system.

Thank you, I'm going to check and recompile my kernel. Now I have the same kind of problem with /dev/port, I guess this ithe same kind of problem (deny access to /dev/port option) ...