grsecurity forums

Skip to content

CONFIG_GRKERNSEC_PROC_GID not working anymore as before

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

CONFIG_GRKERNSEC_PROC_GID not working anymore as before

Postby cpc » Thu Apr 07, 2005 6:53 pm

CONFIG_GRKERNSEC_PROC_GID is used to setup restrictive permissions only allowing root and users with a specific GID to access entries in /proc.

I just came across the fact that the list of entries protected is different between 2.1.4-2.4.29 and 2.0.1-2.4.28.

Easy check is permissions for /proc/cpuinfo (440 for 2.0.1-2.4.28 and 444 for 2.1.4-2.4.29).

Config to reproduce:
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y

Why did the protected /proc list change? Is there any plan to reestablish the old list?
cpc
 
Posts: 2
Joined: Wed Jan 14, 2004 3:33 pm
Top

Postby spender » Sat Apr 09, 2005 11:59 am

/proc/cpuinfo is used by kde and other apps, and there was no good reason to restrict access to it, so it was removed from the list of restricted files.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group