[grsec] Re: Lost permissions.
Brad Spengler
spender at grsecurity.net
Fri May 20 17:16:41 EDT 2005
On Fri, May 20, 2005 at 02:12:19PM -0700, John Anderson wrote:
> I found out why this happened, but not how to fix it. Any time
> /etc/passwd is altered without reloading gradm or stoping and starting
> gradm, and program that accesses /etc/passwd is unable to do so until
> gradm is restarted. For instance, Jed, another sysadmin logged into the
> bastion, su'ed, gradm -a admin, then used useradd to add a new user to
> the box. He then gradm -u exit, etc. After that, no programs could
> access /etc/passwd until the box was rebooted (because we could no
> longer su in order to restart gradm).
>
> Is this expected normal behavior? We can already work around this by
> reloading/restarting gradm whenever /etc/{passwd,shadow,gshadow,group}
> is altered.
Looks like a problem with the policy recreation code (which is supposed
to make sure that apps that work with /etc/passwd continue to work after
it's modified/renamed/etc). Can you give me an strace of the
application that modifies it so that I can try to duplicate the problem?
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050520/044f5bb8/attachment.pgp
More information about the grsecurity
mailing list