[grsec] Re: Lost permissions.
John Anderson
johnha at ccbill.com
Fri May 20 17:12:19 EDT 2005
I found out why this happened, but not how to fix it. Any time
/etc/passwd is altered without reloading gradm or stoping and starting
gradm, and program that accesses /etc/passwd is unable to do so until
gradm is restarted. For instance, Jed, another sysadmin logged into the
bastion, su'ed, gradm -a admin, then used useradd to add a new user to
the box. He then gradm -u exit, etc. After that, no programs could
access /etc/passwd until the box was rebooted (because we could no
longer su in order to restart gradm).
Is this expected normal behavior? We can already work around this by
reloading/restarting gradm whenever /etc/{passwd,shadow,gshadow,group}
is altered.
John Anderson wrote:
> After about three days of continuous operation our bastion host
> suddenly denies any read access to /etc/passwd. I can't explain it.
> Sshd runs just fine and allows login for a long time period, then it
> won't allow any new users to connect. Sshd won't allow anone to
> connect, I can't su, and no one can ssh out of the box. When I read
> messages I see that grsec is denying access to /etc/passwd for various
> roles and policies. I've attached the grsec specific output from
> /var/log/messages and I've attached my policies. Has anyone else
> seen this particular problem.
>
> Kernel - 2.6.11.8
> gradm - 2.1.5
> grsecurity-2.1.5-2.6.11.7-200504111924.patch (applied cleanly)
>
--
- John A.
Systems Administrator
CCBill, LLC.
More information about the grsecurity
mailing list