[grsec] Problem with protected tasks

Marc Schiffbauer marc at schiffbauer.net
Wed Dec 15 09:15:11 EST 2004 

* Brad Spengler schrieb am 15.12.04 um 14:18 Uhr:
> > "p  This process is protected;  it can only be killed by processes
> > with the k mode, or by processes within the same subject."
> > 
> > How can one explain that then: sshd can not send signals to itself
> > anymore?
> > 
> > grsec: From <ip>: (root:U:/usr/sbin/sshd) Attempted send of signal 1 to protected task /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4758] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4758] uid/euid:0/0 gid/egid:0/0
> > grsec: From <ip>: (root:U:/usr/sbin/sshd) Attempted send of signal 18 to protected task /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4758] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/sshd[sshd:9823] uid/euid:0/0 gid/egid:0/0, parent
> 
> I've fixed this in current CVS.

Ok I guess I will have to wait for 2.0.3 then to be able to use that
feature...

> 
> > grsec: From <ip>: (root:U:/usr/sbin/proftpd) Attempted send of signal 0 to protected task /usr/sbin/proftpd[proftpd:24513] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:12887] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/proftpd[proftpd:31797] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:12887] uid/euid:0/0 gid/egid:0/0
> 
> The null signal is used to check if a process with a given PID exists.

Aha, ok. And why does grsec not allow this? Does that mean i cannot
<p>rotect proftpd?

-Marc

-- 
######################################################
#   <Raize> can you guys see what I type?            #
#   <vecna> no, raize                                #
#   <Raize> How do I set it up so you can see it?    #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041215/39c4d4cf/attachment.pgp

More information about the grsecurity mailing list