2.4.23 with grsec and (not all) proc restrictions breaks
Posted: Tue Dec 16, 2003 2:45 pmWe have a debian woody box with a fresh 2.4.23-grsec install. When we built with the 'first' proc restriction option on and nothing else in that section checked, our /proc acted very odd... also netstat would break. When we recompiled with restrict user only on in addition, everything started working.
The odd behavior is as follows:
Netstat would claim that ip was not installed on the machine, but then at random, would work.
Cd in the proc fs would produce odd results if you cd .. -- you would end up with paths like /proc/sys/kernel/../../../# or similar.
echoing vals to proc variables IN a shell would work, in a shell script, would fail with permission denied. Sysctl could not write values either. Both sysctl and the shell scripts that I had setup (to change shmmax) would work fine only just after you cat the variable in question in the proc file system.
Once again, when we turned on the user restriction option it cleared things up -- so it looks like there is some breakage if you just enable the first option alone.
Wayne
The odd behavior is as follows:
Netstat would claim that ip was not installed on the machine, but then at random, would work.
Cd in the proc fs would produce odd results if you cd .. -- you would end up with paths like /proc/sys/kernel/../../../# or similar.
echoing vals to proc variables IN a shell would work, in a shell script, would fail with permission denied. Sysctl could not write values either. Both sysctl and the shell scripts that I had setup (to change shmmax) would work fine only just after you cat the variable in question in the proc file system.
Once again, when we turned on the user restriction option it cleared things up -- so it looks like there is some breakage if you just enable the first option alone.
Wayne