Re: Grsecurity and ssh
Arnaud Fontaine wrote: > Now i would like to use the GNU/Linux kernel with grsecurity patch. I > have compiled and installed this kernel but when i want to log into the > system via ssh (the service start also), i have the following error due > to grsecurity: > "grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0) > EUID(0), parent (sshd:20587) UID(0) EUID(0)" The privilege separation code invokes chroot(), too. Is there a "do not create any new file descriptors" process attribute in grsecurity? If there is, OpenSSH should toggle instead of calling chroot() to an empty directory, which is a poor replacement.
Grsecurity and ssh
Hello, I have built a chroot environment for ssh with makejail. I have had no problem to do that, i can log into the chroot environment. It works very well. :) Now i would like to use the GNU/Linux kernel with grsecurity patch. I have compiled and installed this kernel but when i want to log into the system via ssh (the service start also), i have the following error due to grsecurity: "grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0) EUID(0), parent (sshd:20587) UID(0) EUID(0)" I have seen an option about double chroot in the kernel but i would like to know how i can resolve this problem without deactivate this option. Have you an idea ? I have an another problem with pam. I have following the securing debian manual and put this line into /etc/pam.d/ssh : password required pam_cracklib.so retry=3 minlen=8 difok=3 password required pam_unix.so use_authok nullok md5 And commented this : password required pam_unix.so I have installed libpam_cracklib and i have choosen md5 password during the installation. But i have this error when i want to change a password : "passwd: Critical error - immediate abort" I have done a stupid error i think but if someone could explain me why i have this error ? ;) Thanks for your help... Arnaud Fontaine - signature Arnaud Fontaine <[EMAIL PROTECTED]> - http://www.andesi.org/ GnuPG Public Key available at http://www.andesi.org/gpg/dsdebian.asc Fingerprint: 22B6 B676 332E 23BC CA7D 174D 6D41 235A 23A2 500A -- fortune Momma always said: "There is only so much fortune a man really needs - and the rest is for showin' off" Forrest Gump pgpAwDasQzW6n.pgp Description: PGP signature
Re: Grsecurity and ssh
Arnaud Fontaine wrote: > Now i would like to use the GNU/Linux kernel with grsecurity patch. I > have compiled and installed this kernel but when i want to log into the > system via ssh (the service start also), i have the following error due > to grsecurity: > "grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0) > EUID(0), parent (sshd:20587) UID(0) EUID(0)" The privilege separation code invokes chroot(), too. Is there a "do not create any new file descriptors" process attribute in grsecurity? If there is, OpenSSH should toggle instead of calling chroot() to an empty directory, which is a poor replacement. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Grsecurity and ssh
Hello, I have built a chroot environment for ssh with makejail. I have had no problem to do that, i can log into the chroot environment. It works very well. :) Now i would like to use the GNU/Linux kernel with grsecurity patch. I have compiled and installed this kernel but when i want to log into the system via ssh (the service start also), i have the following error due to grsecurity: "grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0) EUID(0), parent (sshd:20587) UID(0) EUID(0)" I have seen an option about double chroot in the kernel but i would like to know how i can resolve this problem without deactivate this option. Have you an idea ? I have an another problem with pam. I have following the securing debian manual and put this line into /etc/pam.d/ssh : password required pam_cracklib.so retry=3 minlen=8 difok=3 password required pam_unix.so use_authok nullok md5 And commented this : password required pam_unix.so I have installed libpam_cracklib and i have choosen md5 password during the installation. But i have this error when i want to change a password : "passwd: Critical error - immediate abort" I have done a stupid error i think but if someone could explain me why i have this error ? ;) Thanks for your help... Arnaud Fontaine - signature Arnaud Fontaine <[EMAIL PROTECTED]> - http://www.andesi.org/ GnuPG Public Key available at http://www.andesi.org/gpg/dsdebian.asc Fingerprint: 22B6 B676 332E 23BC CA7D 174D 6D41 235A 23A2 500A -- fortune Momma always said: "There is only so much fortune a man really needs - and the rest is for showin' off" Forrest Gump pgp0.pgp Description: PGP signature