| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Comments:
<0> ah
<1> if i disable that then the user can see all the procs and all the sockets :\
<0> did u patch kernel yet?
<1> i just emerged the gentoo-hardened
<0> ok
<1> is there more patches or something?
<0> http://www.grsecurity.net/grsecurity-2.1.9-2.4.33.3-200609031224.patch.gz
<0> latest on site
<1> does this have what I want?
<0> not sure, lemme check
<1> oh ****
<1> i'm running 2.6.16
<0> ah
<1> and i was looking at the 2.6.17 config hhe
<1> but it doesn't matter
<0> i'll have to see whats in the patches for the .16
<1> i'm tryin to look for soem sort of change log
<1> is that something that thy were working on or something?
<1> currently it just denies read to /proc/net/tcp
<0> just latest kernel patches
<1> what a hadache :\
<1> w/ freebsd it was easy lol
<0> lol
<1> psecurity.bsd.see_other_gids: 0
<1> security.bsd.see_other_uids: 0
<1> woops
<1> but yea
<1> that easy hehe
<0> lemme emerge sources
<1> I think it always denies /proc/net/tcp
<1> i thought -p showed the pid of the socket?
<1> for netstat
<1> oh nm
<1> i'm blind lol
<0> ha
<1> I have to use linux now
<1> be a bitch to use my reiserfs raid5 on fbsd ;\
<1> especially when i use mdad
<1> mdadm
<0> finally getting my other monitor back on fri
<1> cool
<0> http://m2it.org/images/house/office/IMG_0019.JPG
<0> yeah, little wierd w/ only 1
<0> haa
<1> I've sen that pick before
<1> man
<1> why can't the freebsd kernel have the linux userland
<0> yeah, took em when i was trying to figure out what was up w/ tha tline
<2> bitrot: you mean the GNU userland?
<1> CannedBar: yah
<1> i'm tired
<2> and it can :-)
<1> and pissed
<1> to an extent
<1> and i would always have to chroot
<1> and i couldn't use cool apps like htop lol
<0> http://www.wiredyne.com/software/downloads/chrootbuilder-0.2.tar.gz
<0> cool util
<1> hmm
<1> perhaps I may just do that...
<1> but man
<1> i would need to conver my freaking raid
<1> there is no way in hell I could do that
<1> unless I burn ****
<1> and i'm lazy
<1> bleh it has to be possible
<1> it has the pid
<1> why wouldn't it have the gid/uid
<0> try -g
<0> dont think netstat even shows gid/uid
<0> if your still trying that one
<1> no
<1> FreeBSD has sockstat, shows it per user
<4> in screen, how would i bind C-a TAB to do the same thing as C-a n ?
<1> ^a something heh
<1> Dr-Lol: do you know if it's possible to have users in linux only see the procs and only their sockets?
<1> like freebsd
<5> i know there is in BSD
<1> nyeah
<1> i want to use linux
<5> never thought to try it, but was kinda curious
<1> but it doesn't do what I want lol
<5> does it work with chroot?
<1> well doesn't seem that nestat shows the gids or uids
<1> eh?
<5> put the user in a chroot
<1> grsec limits the users /proc
<1> and seems to also deny /proc/net/tcp
<1> no access to /proc/dev/net either
<1> This angers me
<1> that's the only thing i really wanted lol
<1> and linux doesn't have it O.o
<6> bitrot: afaik you can set a group id which will have access to /proc
<1> i only want the user to see their own procs
<1> not the group procs
<1> giving a specific gid access to /proc will allow them to read everything yes?
<6> yep
<1> yeah
<1> not what i want at all :(
<6> afaik you can set it up so users only see their processes in ps output
<7> then grsec is nor for you my friend.
<7> not*
<1> yeah
<6> i do not know about /proc access, though
<1> i want proc and sockets
<1> anger
<7> as long as the "restrict proc to user" kernel flag is on, nothing can be read or written in proc, that's not about the actual user
<1> it denis the user to /proc/net/tcp
<1> to /proc/net actually
<7> yup.
<1> pointless
<1> user can't even see their own procs
<1> er sockets
<7> socket restrisctions can be deactivated though.
<7> restrictions*
<1> bjorn: yeah but then they will be able to see all procs.
<7> socket restrictions != proc restrictions
<1> yeah
<1> i dunno why i keep saying procs lol
<1> i meant sockets
<1> freebsd kernel does it pretty well all by uid
<1> well
<1> oh well i guess
<1> users have to suffer
<7> security > users
<1> why not on gentoo?
<1> bjorn: do you use RBAC?
<7> i tried to get it working
<7> gave up pretty quick
<7> as i couldn't figure out proper rules to make sshd work properly
<1> lame, itunes sorts the 'album view' by artist, so when i use the 'cover flow' view i have 23 covers for one album for the matrix reloaded soundtrack because the artists are different.
<7> hah
<1> did you get admin to auth while gradm was enabled?
<7> I did, actually
<1> hmmm
<1> i can't get that far :(
<7> don
<7> don't ask me how though
<1> i can auth admin while gradm is not enabled.
<1> and i ran gradm -P admin
<7> that's pointless
<1> i know it is lol
<1> no wait i can't run it whiel it's off nm
<1> i can disable gradm while it's running though
<1> with the p***word i setup using gradm -P admin
<8> http://www.bbspot.com/News/2006/09/microsoft-contentless-drm.html
Return to
#gentoo
or
Go to some related
logs:
#stocks
#delphi
#computers
red5 ebuild
#politics
#dsl
dd-wrt vs m0n0wall
#linux-noob
#netbsd
#politics
|
|
