[grsec] logging of "create SUID" errors
Brant Williams
brant at tnarb.net
Fri Nov 10 16:56:04 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As your log indicates, cron is running as the "default" role. You
probably need to create a role where cron (and cp) are allowed the
permissions they need. I'd suggest running gradm's learning mode before
the cron job; this way, you can create an appropriate role (apart from
"default") which has the correct permissions so that cron (and cp) can do
its thing.
Public GPG/PGP key for Brant Williams: 0x88E1AA9E.
Available at your friendly local public keyserver.
On Fri, 10 Nov 2006, Matija Nalis wrote:
> Would it be possible to mark differently deny errors for normal create
> (c object flag) and create SUID/SGID (m object flag) ?
>
> Currently (grsecurity-2.1.9-2.6.18) it looks like this for SUID/SGID create,
> and was very confusing as the object has "rwcdl" flags (sure, I'll probably
> be smarter and get this faster next time, but I'm not the only one out there :)
>
> grsec: From 192.168.1.8: (default:D:/etc/cron.daily/backup) denied create of /back/tmp/tmp.mondo.3679/tmp.mondo.11346/mindilinux/2108/bigdir/bin/ping
> for writing by /bin/cp[cp:18037] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/mindi[mindi:2108] uid/euid:0/0 gid/egid:0/0
>
>
>
> --
> Opinions above are GNU-copylefted.
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFVPWBYfOV94jhqp4RAphzAJ44f8qFFB4/JbtQLpj87grcnVQVoQCgk0eB
+S8TZvm3KV+9D6Tf+9ixsww=
=e3OO
-----END PGP SIGNATURE-----
More information about the grsecurity
mailing list