grsecurity forums

[FRLinux]

Hello,

I have hit an issue with GRSec which i haven't seen before. I used a 2.4 kernel with exactly the same GRSec settings as the ones i now use on a 2.6 kernel but radvd (Router Advertisement for ipv6 networks) now fails with the following message :

radvd[10057]: version 0.7.3 started
radvd[10057]: can't open /proc/net/if_inet6: Permission denied
radvd[10057]: syntax error in config file: /etc/radvd.conf

Has anyone seen that ? I was on Debian woody and am now running sarge, on the same box, same grsec settings.

Cheers,
Steph

[Carceru]

I have the exact same problem. The reason is that the directory /proc/net is readable by root only (permissions: dr-x------) and radvd is running as the radvd user and needs to read /proc/net/if_inet6

My solution was to change radvd to run as root. A better solution is appreciated. I don't think this is related to GRSec. I was running with woody on a 2.6 kernel with GRSec without a problem. The problem only occured when I switched to sarge. Guess under woody radvd was running as root.

To make radvd run as root change the line

OPTIONS="-u radvd -p $PIDFILE"

in /etc/init.d/radvd to

OPTIONS="-u root -p $PIDFILE"

[FRLinux]

To make radvd run as root change the line
OPTIONS="-u radvd -p $PIDFILE"
in /etc/init.d/radvd to
OPTIONS="-u root -p $PIDFILE"

Oh nice one, thanks a lot for this.
And you are right, radvd on woody was running as root.

Steph

[FRLinux]

That's messy too though... and might not work well if you need to poll more often... and it will wear out the hdd more...

It will indeed, my little hdd is one of the first maxtor 40GB 5400rpm in a "no moving parts" router and it showed already some signs of growing bad sectors so i prefer to limit the number of writings i do on it

Steph

[peritus_]

Run it as root and set up a proper grsecurity RBAC configuration and everything will be just fine.