This new restriction is very intrusive. I try and use as much a non-privaledged access as possible when doing system administration. By requiring it to be read only I have to go into gradm administration mode to do anything in the root directory. Isnt this counter productive from a security stand point to always be doing things at the lowest security level?
The path exploitation issue is valid but there must be some better way to work around this. Perhaps by requiring gradm to make sure its being invoked by a absolute path "/sbin/gradm" rather than just "gradm".
This would teach people of the vulnerability and require them to take countermeasures against it without raising 50 other issues by requiring /root to be read only.
That or simply modify grsecurity so that it will ONLY run a process named "gradm" when it is located in /sbin. Path/trojan issue fixed.
-TGK
Read only /root.
2 posts
• Page 1 of 1
by spender » Thu Apr 03, 2003 11:43 am
You should never do any administration without being in admin mode. The point is that it requires an additional level of authentication, which separates you the administrator from an attacker who gained root by other means. If you can administer the server without being in admin mode, it means the attacker can too. BTW there's many other things that can be exploited if you allow /root to be writable. The enforcement isn't going to change.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
2 posts
• Page 1 of 1