Hi!
I cannot understand what to do in this case:
kernel: grsec: (:::kernel::::S:/) denied open of /proc/bus/usb/002/002 for reading writing by /usr/sbin/usbmodules[usbmodules:264] uid/euid:0/0 gid/egid:0/0, parent /etc/hotplug/usb.agent[usb.agent:2824] uid/euid:0/0 gid/egid:0/0
Please. Help me.
(::::kernel::::S:/) ?????
10 posts
• Page 1 of 1
(::::kernel::::S:/) ?????
by Kurodo » Wed Sep 15, 2004 9:19 am
- Kurodo
- Posts: 9
- Joined: Wed Sep 15, 2004 9:05 am
by spender » Thu Sep 16, 2004 3:40 pm
This should be fixed in the current CVS of gradm2.
Try applying the following patch:
http://cvsweb.grsecurity.net/index.cgi/ ... 1=1.38&f=u
Try applying the following patch:
http://cvsweb.grsecurity.net/index.cgi/ ... 1=1.38&f=u
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
OpenCT problem.
by Kurodo » Mon Sep 20, 2004 6:36 am
Hi!
In continuation of a problem described earlier...
We Have:
kernel: grsec: (:::kernel::::S:/) denied open of /var/run/openct/status for reading writing by /usr/local/sbin/ifdhandler[ifdhandler:32186] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:14450] uid/euid:0/0 gid/egid:0/0
kernel: grsec: (:::kernel::::S:/) denied create of /var/run/openct/status.30186 for reading writing by /usr/local/sbin/ifdhandler[ifdhandler:30186] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:21043] uid/euid:0/0 gid/egid:0/0
kernel: grsec: (:::kernel::::S:/) denied unlink of /var/run/openct/0 by /usr/local/sbin/ifdhandler[ifdhandler:15876] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/ifdhandler[ifdhandler:30186] uid/euid:0/0 gid/egid:0/0
kernel: grsec: (:::kernel::::S:/) denied mknod of /var/run/openct/0 by /usr/local/sbin/ifdhandler[ifdhandler:15876] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Whether will be correct, by analogy with /proc/bus/usb, to make the following changes to an source code gradm_adm.c:
if (!add_proc_object_acl
(current_subject, "/var/run/openct", proc_object_mode_conv("rwcd"), GR_FEXIST))
exit(EXIT_FAILURE);
I have tried also it have worked, but is confident that you offer more correct and safe decision.
Thanks!
P.S. Excuse for bad language!
In continuation of a problem described earlier...
We Have:
kernel: grsec: (:::kernel::::S:/) denied open of /var/run/openct/status for reading writing by /usr/local/sbin/ifdhandler[ifdhandler:32186] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:14450] uid/euid:0/0 gid/egid:0/0
kernel: grsec: (:::kernel::::S:/) denied create of /var/run/openct/status.30186 for reading writing by /usr/local/sbin/ifdhandler[ifdhandler:30186] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:21043] uid/euid:0/0 gid/egid:0/0
kernel: grsec: (:::kernel::::S:/) denied unlink of /var/run/openct/0 by /usr/local/sbin/ifdhandler[ifdhandler:15876] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/ifdhandler[ifdhandler:30186] uid/euid:0/0 gid/egid:0/0
kernel: grsec: (:::kernel::::S:/) denied mknod of /var/run/openct/0 by /usr/local/sbin/ifdhandler[ifdhandler:15876] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Whether will be correct, by analogy with /proc/bus/usb, to make the following changes to an source code gradm_adm.c:
if (!add_proc_object_acl
(current_subject, "/var/run/openct", proc_object_mode_conv("rwcd"), GR_FEXIST))
exit(EXIT_FAILURE);
I have tried also it have worked, but is confident that you offer more correct and safe decision.
Thanks!
P.S. Excuse for bad language!
Last edited by Kurodo on Fri Jan 21, 2005 2:56 am, edited 2 times in total.
- Kurodo
- Posts: 9
- Joined: Wed Sep 15, 2004 9:05 am
by Kurodo » Thu Jan 20, 2005 10:57 am
Hi!
When I use version 2.1.0, i have analogous problems again:
kurodo kernel: grsec: (:::kernel::::S:/) denied link of /var/run/openct/status.5577 to /var/run/openct/status.lock by /usr/local/sbin/ifdhandler[ifdhandler:5577] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:32109] uid/euid:0/0 gid/egid:0/0
Is true to accept this patch for correct?
When I use version 2.1.0, i have analogous problems again:
kurodo kernel: grsec: (:::kernel::::S:/) denied link of /var/run/openct/status.5577 to /var/run/openct/status.lock by /usr/local/sbin/ifdhandler[ifdhandler:5577] uid/euid:0/0 gid/egid:0/0, parent /usr/local/sbin/openct-control[openct-control:32109] uid/euid:0/0 gid/egid:0/0
Is true to accept this patch for correct?
- Code: Select all
--- gradm_adm.c 2005-01-20 17:49:31.000000000 +0300
+++ gradm_adm.c 2005-01-20 17:43:18.000000000 +0300
@@ -117,7 +117,7 @@ add_kernel_acl(void)
add_proc_subject_acl(current_role, "/", proc_subject_mode_conv("o"), 0);
- add_proc_object_acl(current_subject, "/", proc_object_mode_conv("rwxcd"), GR_FEXIST);
+ add_proc_object_acl(current_subject, "/", proc_object_mode_conv("rwxcdl"), GR_FEXIST);
add_proc_object_acl(current_subject, GRSEC_DIR, proc_object_mode_conv("h"), GR_FEXIST);
return;
- Kurodo
- Posts: 9
- Joined: Wed Sep 15, 2004 9:05 am
grsec: (:::kernel::::S:/) denied send of signal 14
by Einon » Mon Jan 16, 2006 5:44 am
Hi!
Recently the same kernel that is used for at least 6 month now started to produce these log messages:
Jan 16 07:57:14 vasquez kernel: grsec: (:::kernel::::S:/) denied send of signal 14 to protected task /usr/sbin/spamd[spamd:20704] uid/euid:8/8
gid/egid:8/8, parent /usr/sbin/spamd[spamd:28399] uid/euid:8/8 gid/egid:8/8 by /[nfsd:3336] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Any idea what is this, and how to solve it?
Recently the same kernel that is used for at least 6 month now started to produce these log messages:
Jan 16 07:57:14 vasquez kernel: grsec: (:::kernel::::S:/) denied send of signal 14 to protected task /usr/sbin/spamd[spamd:20704] uid/euid:8/8
gid/egid:8/8, parent /usr/sbin/spamd[spamd:28399] uid/euid:8/8 gid/egid:8/8 by /[nfsd:3336] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Any idea what is this, and how to solve it?
- Einon
- Posts: 10
- Joined: Tue Mar 22, 2005 6:40 am
10 posts
• Page 1 of 1