Full learning quirks in 2.0.2 was: Re: [grsec] Reboot problem
Jonas Jakobsson
jonas at update.uu.se
Mon Dec 13 14:56:30 EST 2004
* John Logsdon (j.logsdon at quantex-research.com) wrote:
> And if I reboot, I still can't ssh in to any user.
This is not really related to the above, but i also had problems to ssh
to my machine. It turned out this rule (created by gradm on full system
learning) was at fault:
subject /path/to/sshd o {
...
/dev/pts/0 rw
/dev/pts/1 rw
/dev/pts/2 rw
/dev/pts/3 rw
...
}
Which should be:
subject /path/to/sshd o {
...
/dev/pts rw
...
}
Probably since pts/X does not exist when enabling the access control.
Another quirk after a full system learning is that the rules have to be
edited by hand, especially to take away some /proc/PID rules. Even after
more that 4 runs with 4 different pids, all pids are listed, most of the
time at least.
It would be nice if the documentation stated clearly that
/etc/grsec/policy is the place for the acl.
It took some time for me to discover that :-)
--
/Jonas
HP: http://www.update.uu.se/~jonas
PK fingerprint: D617 0029 A992 1E68 E981 055B 0BAE 3888 3997 24A6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041213/e1d62a58/attachment.pgp
More information about the grsecurity
mailing list