Re: Mandrake Linux grsecurity question

[Pierre BETOUIN <info16 () ifrance com>]

It's just the result of grsecurity configuration.
To confirme that, check, using make menuconfig, your grsec
configuration.

In fact, grsec can be used to restrict actions (mounting, attaching
process with ptrace, etc...), and especially for a special group (the
"untrusted group").

Change it and recompile your kernel, or change your user's group.
You can also use ACL to fix a more secure policy
(http://www.grsecurity.org).

I think you're running the "kernel-secure" under mandrake.

        Pierre

Le mer 12/11/2003 à 10:17, Lars Westergren a écrit :
> Hi,
>
> A basic security question here, please be kind.
> :-)
>
> I have some problems with grsec and Mandrake 9.1. I downloaded Eclipse the IDE, and installed it in my home 
> directory. I ran it as root to see that everything worked (it did), and then started configuring the system for more 
> users. I chowned the whole Eclipse directory to a group I made for the programmers, and gave just about all 
> permissions to User and Group with chmod.
>
> However, I can still only run the program as root. Whenever I try to run it as another user, I get "Permission 
> denied" in bash and the following message in the system log:
>
> kernel: grsec: denied exec of ./eclipse by (bash:29587) UID(501) EUID(501), parent (bash:24566) UID(501) EUID(501) 
> reason: untrusted
>
> I have tried to lower my Mandrake msec persmissons temporarily from Higher to Poor, but I still get permission 
> denied. Even if I put Eclipse in my home directory, change all permissions to me and give all rights to all users 
> recursively for all files.
>
> I have looked around a lot on Google. So far, I have found a handful of other people asking this same question in 
> different forums (Always Mandrake 9.1 users in High security mode that I can see, though with other programs that 
> they try to run), but none of them recieve any answers.
>
> The documentation for msec from Mandrake is very sparse, they usually just say "use the drakperm tools to fine tune 
> msec", but they don't say how. Looking up grsecurity manuals, they usually begin with "Edit your Acess Control List 
> permissions in the directory /etc/grsec by..." but I don't have that directory, nor can I find it or anything 
> relating to grsec anywhere on the machine, except in the log.
>
>
> What to do? Have I missed something very basic with file permissions in Linux, does it have anything to do with PAM, 
> or is there a bug that came when I downloaded all the Mandrake security patches? I guess I could compile my own 
> kernel for the first time and make sure that grsec is out, but if there is any easier and safer solution...? I would 
> be very grateful for any help.
>
> Thanks,
> Lars
>
>
> ---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services security to 
> simplify the management and deployment of PGP and reduce overall PGP costs 
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial - 
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
> ----------------------------------------------------------------------------
>
> _____________________________________________________________________
> Envie de discuter en "live" avec vos amis ? Tlcharger MSN Messenger
> http://www.ifrance.com/_reloc/m la 1re messagerie instantane de France
-- 
Pierre BETOUIN
        http://securitech.homeunix.org
        http://www.challenge-securitech.com
GnuPG key :
lynx -dump securitech.homeunix.org/pbetouin.asc | gpg --import

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée