[grsec] Problem with protected tasks
Brad Spengler
spender at grsecurity.net
Wed Dec 15 08:18:24 EST 2004
> "p This process is protected; it can only be killed by processes
> with the k mode, or by processes within the same subject."
>
> How can one explain that then: sshd can not send signals to itself
> anymore?
>
> grsec: From <ip>: (root:U:/usr/sbin/sshd) Attempted send of signal 1 to protected task /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4758] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4758] uid/euid:0/0 gid/egid:0/0
> grsec: From <ip>: (root:U:/usr/sbin/sshd) Attempted send of signal 18 to protected task /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4758] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent
I've fixed this in current CVS.
> grsec: From <ip>: (root:U:/usr/sbin/proftpd) Attempted send of signal 0 to protected task /usr/sbin/proftpd[proftpd:24513] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:12887] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/proftpd[proftpd:31797] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:12887] uid/euid:0/0 gid/egid:0/0
The null signal is used to check if a process with a given PID exists.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041215/45b85daa/attachment.pgp
More information about the grsecurity
mailing list