Hi, i just installed gradm and grsecurity. I'm done with the learning but i have some minor problems. root can't write to /root/
How do i enable this? Do i start learning again, write to the directory and end learning? Or is there some other way to permit it?
new to gradm, permission denied
3 posts
• Page 1 of 1
new to gradm, permission denied
by jonta » Sat Sep 09, 2006 4:55 pm
- jonta
- Posts: 3
- Joined: Sat Sep 09, 2006 12:59 am
by Kp » Sat Sep 09, 2006 9:49 pm
You could modify the policy by hand and reload it. It is a text file with a reasonably obvious format. However, take care that your modifications do not grant system services write access to that directory, as a compromised service could then rewrite your .bashrc, .profile, .bash_logout, etc. to run code in a context other than that of the daemon itself. That you're even asking this suggests you intend to use the root account, which means that you have granted or plan to grant non-trivial access to shells run as root.
- Kp
- Posts: 46
- Joined: Tue Sep 20, 2005 12:56 am
by spender » Thu Sep 14, 2006 8:54 pm
Remember than in the RBAC system, you don't want to let root to be able to do things an administrator would do. Assume the root user is compromised when making your policy. This is why I suggest the use of the admin role for administrative tasks. /root should not be writable by the attacker, for the reasons you will see if you try to change the policy to allow it (the RBAC system enforces a certain level of policy security, and tells you why those decisions need to be made.)
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
3 posts
• Page 1 of 1