[grsec] Re: Lost permissions.
John Logsdon
j.logsdon at quantex-research.com
Mon May 23 06:01:05 EDT 2005
I would have thought it was a wise procedure to reload RBAC automatically
whenever /etc/passwd or /etc/group is changed although the consequences
of not doing so had not struck me!
But if this can be added to grsec, even better :-)))
Best wishes
John
John Logsdon "Try to make things as simple
Quantex Research Ltd, Manchester UK as possible but not simpler"
j.logsdon at quantex-research.com a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com
On Fri, 20 May 2005, Brad Spengler wrote:
> On Fri, May 20, 2005 at 02:12:19PM -0700, John Anderson wrote:
> > I found out why this happened, but not how to fix it. Any time
> > /etc/passwd is altered without reloading gradm or stoping and starting
> > gradm, and program that accesses /etc/passwd is unable to do so until
> > gradm is restarted. For instance, Jed, another sysadmin logged into the
> > bastion, su'ed, gradm -a admin, then used useradd to add a new user to
> > the box. He then gradm -u exit, etc. After that, no programs could
> > access /etc/passwd until the box was rebooted (because we could no
> > longer su in order to restart gradm).
> >
> > Is this expected normal behavior? We can already work around this by
> > reloading/restarting gradm whenever /etc/{passwd,shadow,gshadow,group}
> > is altered.
>
> Looks like a problem with the policy recreation code (which is supposed
> to make sure that apps that work with /etc/passwd continue to work after
> it's modified/renamed/etc). Can you give me an strace of the
> application that modifies it so that I can try to duplicate the problem?
>
> -Brad
>
More information about the grsecurity
mailing list