[grsec] attempted socket(inet,stream,ip) ?
Marc Schiffbauer
marc at schiffbauer.net
Tue Dec 21 20:15:44 EST 2004
Hi all,
does anybody know: What is being really denied here?
grsec: (root:U:/usr/lib/cgi-bin/awstats.pl) attempted socket(inet,stream,ip)
by /usr/lib/cgi-bin/awstats.pl[awstats.pl:22937] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:29005] uid/euid:0/0 gid/egid:0/0
acl looks like this:
subject /usr/lib/cgi-bin/awstats.pl o {
/ h
/etc r
/etc/ssh h
/etc/grsec h
/etc/shadow h
/etc/passwd h
/home r
/lib rx
/usr h
/usr/bin h
/usr/bin/perl x
/usr/lib h
/usr/lib/cgi-bin h
/usr/lib/cgi-bin/awstats.pl r
/usr/lib/perl rx
/usr/share r
/var rwcd
-CAP_ALL
+CAP_DAC_OVERRIDE
bind 0.0.0.0/32:0 dgram ip
connect 127.0.0.1/32:53 dgram udp
}
-Marc
--
-------------------------------------------
Take back the Net! http://www.anti-dmca.org
-------------------------------------------
More information about the grsecurity
mailing list