[grsec] Strange effects after upgrade to 2.1.0
Marc Schiffbauer
marc at schiffbauer.net
Mon Jan 17 19:24:07 EST 2005
Hi,
after upgradeing from grsec 2.0.2 to 2.1.0 I discovered some strange
grsec denies...
* the daemons were not able anymore to bind to their ports
grsec: From 1.2.3.4: (root:U:/usr/sbin/proftpd) attempted bind to x.x.x.x port 46304 sock type stream protocol tcp by /usr/sbin/proftpd[proftpd:27198] uid/euid:0/104 gid/egid:65534/65534, parent /usr/sbin/inetd[inetd:538] uid/euid:0/0 gid/egid:0/0
my ACL says:
bind 0.0.0.0/32:0 dgram ip
bind x.x.x.x/32 stream tcp
bind x.x.x.x/32:20 stream tcp
What has changed here?
* denied unlink of ... to ... ?!?
^^^^^^ ^^
grsec: (cyrus:U:/usr/lib/cyrus/bin/lmtpd) denied link of /var/spool/cyrus/mail/stage./... to /var/spool/cyrus/mail/j/user/.... by /usr/lib/cyrus/bin/lmtpd[lmtpd:20753] uid/euid:101/101 gid/egid:8/8,parent /usr/sbin/cyrmaster[cyrmaster:25802] uid/euid:101/101 gid/egid:8/8
ACL says:
/var/spool/cyrus/mail rwcd
What does "unlink .. to .." mean? Why is it denied?
* Several denies to /proc/sys/kernel/version
(I did not change the policy...)
What do I have to take care of when migrating to 2.1.0?
-Marc
--
<NES> *lol* I download something from Napster
<NES> And the same guy I downloaded it from starts downloading it from me when I'm done
<NES> I message him and say "What are you doing? I just got that from you"
<NES> "getting my song back fscker"
More information about the grsecurity
mailing list