Home page logo

basics logo Security Basics mailing list archives

Mandrake Linux grsecurity question
From: "Lars Westergren" <Lars.Westergren () tpb se>
Date: Wed, 12 Nov 2003 10:17:49 +0100


A basic security question here, please be kind.

I have some problems with grsec and Mandrake 9.1. I downloaded Eclipse the IDE, and installed it in my home directory. 
I ran it as root to see that everything worked (it did), and then started configuring the system for more users. I 
chowned the whole Eclipse directory to a group I made for the programmers, and gave just about all permissions to User 
and Group with chmod.

However, I can still only run the program as root. Whenever I try to run it as another user, I get "Permission denied" 
in bash and the following message in the system log:

kernel: grsec: denied exec of ./eclipse by (bash:29587) UID(501) EUID(501), parent (bash:24566) UID(501) EUID(501) 
reason: untrusted

I have tried to lower my Mandrake msec persmissons temporarily from Higher to Poor, but I still get permission denied. 
Even if I put Eclipse in my home directory, change all permissions to me and give all rights to all users recursively 
for all files.

I have looked around a lot on Google. So far, I have found a handful of other people asking this same question in 
different forums (Always Mandrake 9.1 users in High security mode that I can see, though with other programs that they 
try to run), but none of them recieve any answers.

The documentation for msec from Mandrake is very sparse, they usually just say "use the drakperm tools to fine tune 
msec", but they don't say how. Looking up grsecurity manuals, they usually begin with "Edit your Acess Control List 
permissions in the directory /etc/grsec by..." but I don't have that directory, nor can I find it or anything relating 
to grsec anywhere on the machine, except in the log.

What to do? Have I missed something very basic with file permissions in Linux, does it have anything to do with PAM, or 
is there a bug that came when I downloaded all the Mandrake security patches? I guess I could compile my own kernel for 
the first time and make sure that grsec is out, but if there is any easier and safer solution...? I would be very 
grateful for any help.


The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]