[gentoo-hardened] Grsec and shutdown (unable to umount / )

[gentoo-hardened] Grsec and shutdown (unable to umount / )

[Ow Mun Heng]

Hi All,

	I do believe that this is an unsolved issue. I've search through the
grsec forums and according to it, There is a need to do a gradm -D (to
disable) gradm prior to be able to do a shutdown.  (I've not tried it as
I don't have access to the system now)

I just want to verify if there is anyone here who also suffers this and
what are the proper/needed steps to avoid this? (it's really painful to
have to remember this and do a gradm -D each time)

Note : Granted the server rebooting cycle isn't near in between. :-)


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 10:48:56 up 1:49, 6 users, load average: 1.48, 1.36, 1.36 


-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] Grsec and shutdown (unable to umount / )

[Ow Mun Heng]

On Mon, 2006-02-06 at 20:44 +0000, andrewg@felinemenace.org wrote:
> On Mon, Feb 06, 2006 at 10:51:59AM +0800, Ow Mun Heng wrote:
> > Hi All,
> > 
> > 	I do believe that this is an unsolved issue. I've search through the
> > grsec forums and according to it, There is a need to do a gradm -D (to
> > disable) gradm prior to be able to do a shutdown.  (I've not tried it as
> > I don't have access to the system now)

Okay.. I went back and tried. gradm supposedly isn't set up yet. 

#gradm -S 
GRSEC is disabled

So that's not the issue

> > 
> > I just want to verify if there is anyone here who also suffers this and
> > what are the proper/needed steps to avoid this? (it's really painful to
> > have to remember this and do a gradm -D each time)
> >
> 
> If you have the sshd flag marked as protected 

Huh. Please elaborate. I'm new to using a hardened kernel/toolchain etc.
(but not new to gentoo)


> (in the subject line, put
> p or so iirc),

Again. I don't understand.
>  it can't kill the ssh process, thus hopefully giving you
> a second chance to login and set things right. (Yes, this has saved me
> in the past.)

I get it. I didn't try to see if SSHD was still running. I'll give it
another go when I get a chance.

Many Thanks

-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 08:33:12 up 23:33, 3 users, load average: 0.96, 5.45, 9.78 


-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] Grsec and shutdown (unable to umount / )

[andrewg]

> > > 
> > > I just want to verify if there is anyone here who also suffers this and
> > > what are the proper/needed steps to avoid this? (it's really painful to
> > > have to remember this and do a gradm -D each time)
> > >
> > 
> > If you have the sshd flag marked as protected 
> 
> Huh. Please elaborate. I'm new to using a hardened kernel/toolchain etc.
> (but not new to gentoo)
> 

http://grsecurity.net/gracldoc.htm

>From the sample policy file that ships with grsec,

# the d flag protects /proc fd and mem entries for sshd
# all daemons should have 'p' in their subject mode to prevent
# an attacker from killing the service (and restarting it with trojaned
# config file or taking the port it reserved to run a trojaned service)

subject /usr/sbin/sshd dpo

> 
> I get it. I didn't try to see if SSHD was still running. I'll give it
> another go when I get a chance.
>

Thanks,
Andrew Griffiths
-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] Grsec and shutdown (unable to umount / ) - Problem with Cron and PS

[Ow Mun Heng]

On Tue, 2006-02-07 at 11:31 +0000, andrewg@felinemenace.org wrote:
> > > > 
> > > > I just want to verify if there is anyone here who also suffers this and
> > > > what are the proper/needed steps to avoid this? (it's really painful to
> > > > have to remember this and do a gradm -D each time)
> > > >
> > > 

Digging deeper, I found that the system would _be_ able to shutdown when
it has just been rebooted and a user's cron script has not started
executing. 

When the cron script has been executed, it will refuse to shutdown
cleanly and I end up having error messages thrown at me.

"/ is busy, unable to unmount"
/usr etc...etc..

What does the script do?

User = ipaudit
Cron = Runs a monitoring script (ipaudit - see freshmeat) for 30
minutes. At each 30 minutes, it will do a "kill -2 script.pid". Upon
which it will exit and then process the resulting data.

The problem here is that, as "user" he can't view it's own processes.
Meaning, with grsec enabled and with PS listing restricted, it will only
be able to see the parent process, (which is correct, but killing the
parent process will not stop the data collection and continue
processing.

As a means to sidestep this, I found out that one can actually pass a -2
signal to the process since there's a process id logged. (user can't see
this process, but has access to it if he knows the pid)

After doing that, then the system refuses to shutdown cleanly.




-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 13:48:46 up 1:36, 2 users, load average: 0.64, 1.02, 1.06 


-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] Grsec and shutdown (unable to umount / )

[Petre Rodan]

[-- Attachment #1: Type: text/plain, Size: 730 bytes --]


Hi,

On Mon, Feb 06, 2006 at 10:51:59AM +0800, Ow Mun Heng wrote:
> Hi All,
> 
> 	I do believe that this is an unsolved issue. I've search through the
> grsec forums and according to it, There is a need to do a gradm -D (to
> disable) gradm prior to be able to do a shutdown.  (I've not tried it as
> I don't have access to the system now)
> 
> I just want to verify if there is anyone here who also suffers this and
> what are the proper/needed steps to avoid this? (it's really painful to
> have to remember this and do a gradm -D each time)
> 
> Note : Granted the server rebooting cycle isn't near in between. :-)

please have a look at

http://bugs.gentoo.org/show_bug.cgi?id=99413#c16

cheers,
peter

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]