Re: Bug#211213: grsecurity 1.9.12 for debian kernel 2.4.22

To: debian-devel@lists.debian.org
Subject: Re: Bug#211213: grsecurity 1.9.12 for debian kernel 2.4.22
From: Mario Vukelic <mario.vukelic@dantian.org>
Date: Tue, 16 Sep 2003 21:34:23 +0200
Message-id: <[🔎] 1063740862.452.122.camel@sonic.home>
In-reply-to: <[🔎] 20030916145358.GA849@filibusta.crema.unimi.it>
References: <[🔎] 20030916145358.GA849@filibusta.crema.unimi.it>

On Die, 2003-09-16 at 16:53, Domenico Andreoli wrote:
> Package: kernel-patch-2.4-grsecurity
> Version: N/A
> Severity: wishlist

Just a note to the paranoid :)
The grsecurity stuff prevents a lot in Debian from functioning
correctly, even if only medium security is selected (which claims in the
kernel help "These features provide even more security to your system,
though in rare cases they may be incompatible with very old or poorly
written software."). 
However, e.g., poff won't work from a user account, because it uses
pidoff, but can't read the pid with medium security enabled. Also,
nautilus-cd-burner won't work, because it needs to read /proc/sys, which
is group owned by gid 10 with medium security. (Disclaimer: I don't know
if the gid was changed for the Debian patch. 10 is used by upstream's
grsecurity, because it wants to use wheel really. In Debian, however,
gid 10 is uucp, which gives you very wrong permissions)

That's just the stuff I came across personally, I have no idea what else
may be affected

Reply to:

References:
- Bug#211213: grsecurity 1.9.12 for debian kernel 2.4.22
  - From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)

Prev by Date: Bug#198158: Oops
Next by Date: Bug#211253: ITP: SETIcon -- Non-cluttering console program for tracking multiple SETI@Home clients
Previous by thread: Bug#211213: grsecurity 1.9.12 for debian kernel 2.4.22
Next by thread: Re: Bug#211206: argouml: Cannot install version 0.14-1
Index(es):
- Date
- Thread