[grsec] Terminal being sniffed
Jarek Kajdas
amibios at wp.pl
Mon Feb 28 14:40:53 EST 2005
Hi,
Example:
My computer IP: 192.168.1.20 (mapped two SMB drive) Other computer IP:
192.168.1.3 Server IP: 192.168.1.1 (kernel 2.4.29 , grsec 2.1.1)
Grsecurity: enabled
When I log on first SSH terminal from 192.168.1.20 and then when trying to
log on to the admin role I have following message:
The terminal you are using is unsafe for this operation. Use another
terminal.
DMESG:
grsec: From 192.168.1.20: (root:U:/sbin/gradm) terminal being sniffed by
IP:192.168.1.20
/usr/local/courier/libexec/authlib/authdaemond.mysql[authdaemond.mys:25066],
parent
/usr/local/courier/libexec/authlib/authdaemond.mysql[authdaemond.mys:1918]
against /sbin/gradm[gradm:475] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:16611] uid/euid:0/0 gid/egid:0/0
When I log on second SSH terminal (then admin role), everything is alright
When I close first terminal (second is still open) and then I log on (from
192.168.1.3) first (trying admin role) I have following message:
The terminal you are using is unsafe for this operation. Use another
terminal.
DMESG:
grsec: From 192.168.1.3: (root:U:/sbin/gradm) terminal being sniffed by
IP:192.168.1.20 /usr/sbin/named[named:13641], parent /sbin/init[init:1]
against /sbin/gradm[gradm:3789] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:30387] uid/euid:0/0 gid/egid:0/0
3,4 SSH terminal the same effect (sometimes log messages are different),
4 terminal everything alright.
I don't understand this, what is going on ?, with kernel 2.4.21, grsec
2.0rc2 everything was alright.
DuDuS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://grsecurity.net/pipermail/grsecurity/attachments/20050228/a4dba66b/attachment.htm
More information about the grsecurity
mailing list