[grsec] Re: grsec proc bug since 2.4.23 resurfaced

Auke Kok sofar at lunar-linux.org
Fri Dec 10 08:56:49 EST 2004 


After some logic I think the implementation of proc_mkdir() must be at 
fault. Here's some more data:

- proc/tty/driver also shows the problem
- proc/net too as said
- proc/sys too as said

but amazingly /proc/bus doesn't have the problem (I don't have 
CONFIG_GRKERNSEC_PROC_ADD set neither 
CONFIG_GRKERNSEC_PROC_USER/CONFIG_GRKERNSEC_PROC_USERGROUP).

a little hack: by changing the CONFIG_GRKERNSEC_PROC into 
CONFIG_GRKERNSEC_PROC_ADD in those 2 files 3x made the problem 
disappear. Apparently `proc_mkdir("sys", 0);` fails under normal 
circumstances. I have not found another directory under /proc that gives 
the same problems.

concluding: proc_mkdir fails somehow with CONFIG_GRKERNSEC_PROC set to 
create these dirs correctly....

sofar



Auke Kok wrote:

>
> Brad,
>
> back in 2.4.23 I reported a possible PROCFS bug related to grsecurity 
> with 2.4.23 and it's grsec patch
>
>    http://lkml.org/lkml/2003/12/14/87
>
> I fail to recall if I filed it with you or the grsec ML back then. I 
> think I did. I however notice this error report:
>
>    http://grsecurity.net/pipermail/grsecurity/2004-August/000020.html
>
> which seems awkwardly related to my problem ;^)
>
> The same behaviour has now resurfaced on a NEW machine (2.4.28 + 
> 2.0.2) and also on the old one too, so I have 3 cases of grsecurity (2 
> distinct releases) where this problem occurs.
>
> A demonstration:
>
> root at espresso /proc # while sleep 1 ; do ls -ld net sys ; done
> srwxrwxrwx  10 root  root  0 2004-12-10 11:57 sys
> srwxrwxrwx   4 httpd httpd 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root  root  0 2004-12-10 11:58 sys
> srwxrwxrwx   4 httpd httpd 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root  root  0 2004-12-10 11:58 sys
> srwxrwxrwx   4 httpd httpd 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root  root  0 2004-12-10 11:58 sys
> -r--r--r--   4 xfce xfce 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root root 0 2004-12-10 11:58 sys
> srwxrwxrwx   4 httpd httpd 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root  root  0 2004-12-10 11:58 sys
> -r--r--r--   4 olivier xfce 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root    root 0 2004-12-10 11:58 sys
> drwxr-xr-x   4 root root 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root root 0 2004-12-10 11:58 sys
> drwxr-xr-x   4 root root 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root root 0 2004-12-10 11:58 sys
> -r-xr-xr-x   4 lunar lunar 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root  root  0 2004-12-10 11:58 sys
> ?---------   4 root root 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root root 0 2004-12-10 11:58 sys
> ?---------   4 root root 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root root 0 2004-12-10 11:58 sys
> ?---------   4 root root 0 2004-12-10 11:58 net
> srwxrwxrwx  10 root root 0 2004-12-10 11:58 sys
> ?---------   4 root root 0 2004-12-10 11:58 net
>
>
> I believe that this is a consistent error and since I run plentyfull 
> other kernel patchsets around my suspicions are that the grsecurity 
> patch is the cause. I'll try myself to check the patch but I'm sure 
> you would know better where to look.
>
> sofar
>
> -- 
> Auke Kok - sofar at lunar-linux.org
> Lunar-Linux Project leader
>

More information about the grsecurity mailing list