When starting grsecurity-1.9.8-rc2 with 'gradm -E'(gradm version is 1.6)
i get the error:
Viewing access is allowed to /dev/mem. This would allow an attacker to modify the code of programs running on your system.
While in acl i have
/ {
...
/dev/mem h
...
}
if i comment the '/dev/mem h' i get the error printed twice.
Thanks
strange error on /dev/mem in grsecurity-1.9.8-rc2
4 posts
• Page 1 of 1
strange error on /dev/mem in grsecurity-1.9.8-rc2
by piavka » Sun Dec 15, 2002 12:51 pm
- piavka
- Posts: 20
- Joined: Tue Jul 02, 2002 10:03 am
by piavka » Mon Dec 16, 2002 7:32 am
/etc/grsec#gradm -E
Viewing access is allowed to /dev/mem. This would allow an attacker to modify the code of programs running on your system.
There were 1 holes found in your ACL configuration. These must be fixed before the ACL system will be allowed to be enabled.
The / acl:
/ l {
/ r
/opt r
/home rx
/mnt r
/tmp rw
/boot r
/root r
/usr r
/usr/share/locale rx
/etc r
/etc/grsec h
/var r
/var/tmp rw
/var/log rw
/dev w
/dev/mem h
/dev/kmem h
/proc rw
/proc/sys r
/proc/kcore h
/lib rx
/usr/lib rx
/usr/local/lib rx
/usr/X11R6/lib rx
/bin rx
/sbin rx
/usr/bin rx
/usr/sbin rx
/usr/local/bin rx
/usr/X11R6/bin rx
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_SYS_MODULE
-CAP_SYS_RAWIO
-CAP_MKNOD
}
Viewing access is allowed to /dev/mem. This would allow an attacker to modify the code of programs running on your system.
There were 1 holes found in your ACL configuration. These must be fixed before the ACL system will be allowed to be enabled.
The / acl:
/ l {
/ r
/opt r
/home rx
/mnt r
/tmp rw
/boot r
/root r
/usr r
/usr/share/locale rx
/etc r
/etc/grsec h
/var r
/var/tmp rw
/var/log rw
/dev w
/dev/mem h
/dev/kmem h
/proc rw
/proc/sys r
/proc/kcore h
/lib rx
/usr/lib rx
/usr/local/lib rx
/usr/X11R6/lib rx
/bin rx
/sbin rx
/usr/bin rx
/usr/sbin rx
/usr/local/bin rx
/usr/X11R6/bin rx
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_SYS_MODULE
-CAP_SYS_RAWIO
-CAP_MKNOD
}
- piavka
- Posts: 20
- Joined: Tue Jul 02, 2002 10:03 am
4 posts
• Page 1 of 1