Arnaud Fontaine wrote:
Now i would like to use the GNU/Linux kernel with grsecurity patch. I
have compiled and installed this kernel but when i want to log into the
system via ssh (the service start also), i have the following error due
to grsecurity:
grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0)
EUID(0), parent (sshd:20587) UID(0) EUID(0)
The privilege separation code invokes chroot(), too.
Is there a do not create any new file descriptors process attribute in
grsecurity? If there is, OpenSSH should toggle instead of calling
chroot() to an empty directory, which is a poor replacement.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]