There seems to be an information leakage introduced in current versions of grsecurity-2.1.0 (as published until 01/08/05):
As usual, I've placed a rule in my RBAC default policy to hide /etc/grsec, but it is not hidden completely as it was in grsecurity-2.0.1 (Linux 2.6.7) and grsecurity-2.0.2 (Linux 2.4.28).
I've tried the following commands on with Linux 2.4.28 and 2.6.10 together with grsecurity-2.1.0:
cd /etc
ls
The directory /etc/grsec is not visible in the directory listing, but an access attempt to the hidden directory has been logged (unwanted behaviour, since /etc/grsec was not accessed directly):
grsec: (default:D:/) denied access to hidden file /etc/grsec by /bin/ls[ls:17206] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:25250] uid/euid:0/0 gid/egid:0/0
Also, you are able to find out that /etc/grsec exists, if you use the filename completion of bash. Type in "ls /etc/g" + [Tab] to check that - /etc/grsec is visible in the completion list.
As expected, other commands (like "cd /etc/grsec") fail to access the hidden directory, so I assume that there may be something wrong in the way the ACLs are processed in system calls like readdir.
Any suggestions?