grsecurity forums


https://forums.grsecurity.net./

-bash: /sbin/gradm: No such file or directory

https://forums.grsecurity.net./viewtopic.php?f=3&t=732

Page 1 of 1

-bash: /sbin/gradm: No such file or directory

PostPosted: Wed Mar 03, 2004 9:35 am
by sh4d0w
Hi for somereason evertime i start gradm it locks me out completely
can anyone tell why this is happening here is my acl it' s stipped down to almost nothing.

/ {
/ hrwx
/dev hrx
/opt hrx
/home hrwx
/mnt hrx
/dev/urandom hr
/dev/random hr
/dev/zero hrw
/dev/input hrw
/dev/psaux hrx
/dev/tty? hrw
/dev/console hrw
/dev/tty hrw
/dev/ttyp? hrw
/dev/pts hrw
/dev/ptmx hrw
/dev/dsp hrw
/dev/mixer hrw
/dev/fd0 hr
/dev/cdrom hr
/dev/mem h
/dev/kmem h
/dev/port h
/bin hrx
/sbin hrx
/lib hrx
/usr hrx
/etc hrx
/etc/ssh hrx
/proc hrx
/proc/kcore h
/proc/sys hr
/root hr
/tmp hrw
/var hrx
/var/tmp rw
/var/log hr
/boot h
/etc/grsec hrx
/usr/sbin hrx
/usr/local hrx
/usr/local/sbin hrx
/usr/local/bin hrx
/etc/passwd hrx
/var/run hrx
/var/lib hrx
/etc/shadow hrx
/dev/log hrx
/sbin/shutdown hr
/sbin/reboot hr
/usr/bin hr
/usr/bin/reboot hr
/usr/sbin/sshd hr
/usr/bin/ssh hr
/root/gradm hrx
/usr/bin/skill h
/usr/bin/pkill h

-CAP_SYS_TTY_CONFIG
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_MKNOD
-CAP_SYS_ADMIN
-CAP_SYS_RAWIO
-CAP_SYS_MODULE
-CAP_SYS_PTRACE
-CAP_NET_ADMIN
-CAP_NET_BIND_SERVICE
-CAP_SYS_CHROOT
Thank you

PostPosted: Wed Mar 03, 2004 11:00 am
by spender
You have "h" on every object, even if you want to allow reading and executing. Have you read the documentation?

-Brad

Yes I have

PostPosted: Thu Mar 04, 2004 1:11 am
by sh4d0w
Yes i've read the doc's diligently it's a little confusing for me i apologize i did not know that h makes'it un readable/executable. I thought it only hid it in the process list. Thanx alot

PostPosted: Thu Mar 04, 2004 3:51 am
by sh4d0w
How come then when i have...

/usr/bin/kill h
/bin/kill h
/bin/cat h
/bin/vi h
and when i run gradm -E i can still kill processes with kill
ei: kill -9 2334 although killall cat and vi do not work.

PostPosted: Thu Mar 04, 2004 10:44 am
by PaX Team
sh4d0w wrote:and when i run gradm -E i can still kill processes with kill
ei: kill -9 2334 although killall cat and vi do not work.
i don't know about other shells but bash has builtin commands, such as kill (see the manpage). try to execute \kill with your ACLs and see it fail.

PostPosted: Fri Mar 05, 2004 12:04 pm
by spender
regardless, the correct solution to prevent certain processes from being killed is to add to the subject mode of that process the "p" flag. otherwise someone can bypass your /usr/bin/kill h rules and write their own app that does the same thing.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/