CONFIG_GRKERNSEC_PROC_MEMMAP partially breaks lsof

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

CONFIG_GRKERNSEC_PROC_MEMMAP partially breaks lsof

Postby AverageUser » Fri Oct 04, 2002 2:36 pm

Configure.help says this about CONFIG_GRKERNSEC_PROC_MEMMAP:

CONFIG_GRKERNSEC_PROC_MEMMAP
If you say Y here, the /proc/<pid>/mem and /proc/<pid>/maps files
will no longer be accessible. If you use PaX it is greatly
recommended that you say Y here as it closes up a hole that makes the
full ASLR useless for suid binaries. No legitimate programs should have
to use either of the two files.

Well, I've come across one: lsof. :)

With CONFIG_GRKERNSEC_PROC_MEMMAP enabled, lsof no longer lists shared libraries that are in use. Perhaps it would be a good idea to change "No legitimate programs" to "No legitimate programs other than lsof". It took me a while to narrow this down...
AverageUser
 
Posts: 7
Joined: Sun Aug 25, 2002 1:58 pm

Return to grsecurity support

cron