Arnaud Fontaine wrote: > Now i would like to use the GNU/Linux kernel with grsecurity patch. I > have compiled and installed this kernel but when i want to log into the > system via ssh (the service start also), i have the following error due > to grsecurity: > "grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0) > EUID(0), parent (sshd:20587) UID(0) EUID(0)"
The privilege separation code invokes chroot(), too. Is there a "do not create any new file descriptors" process attribute in grsecurity? If there is, OpenSSH should toggle instead of calling chroot() to an empty directory, which is a poor replacement. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]