[grsec] Problem with protected tasks
Brad Spengler
spender at grsecurity.net
Wed Dec 15 09:43:43 EST 2004
> > > grsec: From <ip>: (root:U:/usr/sbin/proftpd) Attempted send of signal 0 to protected task /usr/sbin/proftpd[proftpd:24513] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:12887] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/proftpd[proftpd:31797] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:12887] uid/euid:0/0 gid/egid:0/0
> >
> > The null signal is used to check if a process with a given PID exists.
>
> Aha, ok. And why does grsec not allow this? Does that mean i cannot
> <p>rotect proftpd?
This is the same case as sshd, it's sending a signal within its subject.
As a workaround of sorts if you don't want to use CVS, you can add "k"
to the subject's mode, which would mean though that ssh could kill
proftpd and proftpd could kill ssh, but nothing else could kill either.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041215/cef8b68b/attachment.pgp
More information about the grsecurity
mailing list