[grsec] problematic /proc/net behavior in 2.4.26-grsec (bug?)
Horváth Ákos
maxx at covysoft.net
Tue Aug 3 07:47:10 EDT 2004
Hi all,
/proc/net seems to be sometimes fifo, sometimes unix socket:
[root at viper:~:13:35:51:604]
$ ls -ld /proc/net
srwxrwxrwx 4 mysql mysql 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:51:605]
$ ls -ld /proc/net
prw------- 4 root root 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:52:606]
$ ls -ld /proc/net
srwxrwxrwx 4 mysql mysql 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:52:607]
$ ls -ld /proc/net
prw------- 4 root root 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:53:608]
$ ls -ld /proc/net
srwxrwxrwx 4 mysql mysql 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:53:609]
$ ls -ld /proc/net
srwxrwxrwx 4 root root 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:53:610]
$ ls -ld /proc/net
prw------- 4 root root 0 Aug 3 13:35 /proc/net
[root at viper:~:13:35:54:611]
$
But if I do ls -l /proc|grep net, I become always
[root at viper:~:13:36:58:615]
$ ls -l /proc|grep net
dr-xr-xr-x 4 root root 0 Aug 3 13:36 net
[root at viper:~:13:36:58:616]
$
...and /proc/net is _always_ chdir()-able, but not always readdir()-able.
iptables-save sometimes works, sometimes fails with the following strace
output:
[...]
31957 old_mmap(0x2f44c000, 15584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_ANONYMOUS, -1, 0) = 0x2f44c000
31957 close(3) = 0
31957 munmap(0x2f318000, 8582) = 0
31957 brk(0) = 0x8062fe0
31957 brk(0x8063160) = 0x8063160
31957 brk(0x8064000) = 0x8064000
31957 open("/proc/net/ip_tables_names", O_RDONLY) = -1 EACCES (Permission
denied)
31957 _exit(1) = ?
The system is a debian woody with 2.4.26-grsec (i386 arch), but _before_ the
activation of any grsec functionality. Even gradm is not installed.
The kernel is a vanilla 2.4.26 patched with the latest stable grsec patch
downloadable at the homepage (04/18/2004). It was compiled with gcc-2.95
found in debian woody.
Any tips & tricks? What could be the problem?
thanks,
MaXX
More information about the grsecurity
mailing list