grsecurity forums


https://forums.grsecurity.net./

chrooted ssh and grsec

https://forums.grsecurity.net./viewtopic.php?f=3&t=722

Page 1 of 1

chrooted ssh and grsec

PostPosted: Thu Feb 26, 2004 3:34 pm
by polarfox
Hello,

I tried to run chrooted SSH, but I cant connect to that ssh daemon because of this message in kern.log:

Code: Select all
Feb 26 21:14:50 alus kernel: grsec: From 192.168.1.2: denied attempt to double chroot to /chroot/ministerija/var/run/sshd by (sshd:14373) UID(0) EUID(0), parent (sshd:563) UID(0) EUID(0)


Just cant find how to fix this. Can anybody help?
Thanks

PostPosted: Fri Feb 27, 2004 3:30 am
by siti
In the menuconfig of the kernel configuration -> GrSecurity -> Filesystem Protections -> Deny double-chroots (make sure this option is disabled).

PostPosted: Fri Feb 27, 2004 4:11 am
by polarfox
Thanks.

Maybe there is some other way to override kernel grsec settings for double chroot without recompiling kernel?

PostPosted: Sat Feb 28, 2004 7:51 am
by sig
If you have enabled sysctl support in grsec section in kernel config, you can disable double chroot:

Code: Select all
echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_chroot


Although this doesn't work if you have enabled /proc/sys/kernel/grsecurity/grsec_lock (the value is set to 1).

PostPosted: Tue Mar 02, 2004 8:52 am
by raphinou
I think you can also disable privilege separation in the sshd config.

Raph
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/