when i start it now i cant login with ssh...
Dec 13 23:11:50 [kernel] grsec: From 127.0.0.1: use of CAP_FOWNER denied for (sshd:28023) UID(0) EUID(0), parent (sshd:25696) UID(0) EUID(0)
Debian and grsec.
22 posts
• Page 2 of 2 • 1, 2
grsecurity (for 2.4.20)
by krupps » Sat Dec 14, 2002 4:46 am
I was not able to start my
XFree86 Version 4.2.1.1 (Debian 4.2.1-4 20021123003806 branden@debian.org) using a brand new and clean kernel 2.4.20 patched with the grsecurity-1.9.8-rc1-2.4.20.patch
and configured with the default setting (HIGH).
My XFree86.log don't shows any error messages (EE).
Switching to the default grsec config. LOW solved the problem.
Now i'm a little bit confused because the official statement seems to be "there is no problem with XFree86 v.4".
What's wrong?
Regards
krupps
XFree86 Version 4.2.1.1 (Debian 4.2.1-4 20021123003806 branden@debian.org) using a brand new and clean kernel 2.4.20 patched with the grsecurity-1.9.8-rc1-2.4.20.patch
and configured with the default setting (HIGH).
My XFree86.log don't shows any error messages (EE).
Switching to the default grsec config. LOW solved the problem.
Now i'm a little bit confused because the official statement seems to be "there is no problem with XFree86 v.4".
What's wrong?
Regards
krupps
- krupps
- Posts: 3
- Joined: Sat Dec 14, 2002 4:33 am
in addition some line from kern.log
by krupps » Sat Dec 14, 2002 5:11 am
Dec 14 04:43:15 krupps kernel: PAX: terminating task: /usr/X11R6/bin/XFree86(XFree86):14292, uid/euid: 0/0, EIP: 0820FD90, ESP: 5B0502FC
Dec 14 04:43:15 krupps kernel: PAX: bytes at EIP: 55 89 e5 83 ec 08 8b 45 08 a3 00 fe 20 08 83 c4 f4 68 f8 fd
Dec 14 04:43:15 krupps kernel: grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (XFree86:14292) UID(0) EUID(0), parent (gdm:24127) UID(0) EUID(0)
Dec 14 04:43:15 krupps kernel: PAX: bytes at EIP: 55 89 e5 83 ec 08 8b 45 08 a3 00 fe 20 08 83 c4 f4 68 f8 fd
Dec 14 04:43:15 krupps kernel: grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (XFree86:14292) UID(0) EUID(0), parent (gdm:24127) UID(0) EUID(0)
- krupps
- Posts: 3
- Joined: Sat Dec 14, 2002 4:33 am
by spender » Sat Dec 14, 2002 10:05 am
you need to download http://pageexec.virtualave.net/chpax.c
compile it
chpax -s /usr/X11R6/bin/XFree86
chpax -p /usr/X11R6/bin/XFree86
-Brad
compile it
chpax -s /usr/X11R6/bin/XFree86
chpax -p /usr/X11R6/bin/XFree86
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: grsecurity (for 2.4.20)
by PaX Team » Sat Dec 14, 2002 6:25 pm
low turns off PaX (non-executable pages in particular) which makes XFree86 happier. besides using chpax to disable these protections you could also just compile/link a static server and then you can leave all protections enabled on it. i think i posted the details on how to do that somewhere here or on the mailinglist.krupps wrote:Switching to the default grsec config. LOW solved the problem.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
22 posts
• Page 2 of 2 • 1, 2