Page 1 of 1

sshd - acces to /

PostPosted: Mon Sep 28, 2009 1:47 pm
by Mrkva
Hi, each time I try to login over ssh, in log appears a new message:
Code: Select all
grsec: From 1.2.3.4: (default:D:/usr/sbin/sshd) denied access to hidden file / by /usr/sbin/sshd[sshd:32233] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:1471] uid/euid:0/0 gid/egid:0/0

Login works fine - I've tried to log in using password and key, both times was login successful. Should I allow this? And if I'll, will it have any impact on security?
Thanks

Re: sshd - acces to /

PostPosted: Mon Sep 28, 2009 4:51 pm
by spender
You can probably get away with replacing that rule with the following two rules, without sacrificing any security:

/
/* h

note the lack of an object mode on the "/" object, granting "find" access to it.

-Brad

Re: sshd - acces to /

PostPosted: Mon Sep 28, 2009 6:34 pm
by Mrkva
This won't work. I've tried also this:
Code: Select all
subject /usr/sbin/sshd dpo
/ r
/bin h
/boot h
...
- This works without any problems... But why sshd needs to access / ?

Re: sshd - acces to /

PostPosted: Mon Sep 28, 2009 7:51 pm
by spender
It could be caused by something as simple as a chdir("/");

It doesn't mean it was necessarily trying to list the directories contained within it, or read any files located in the / directory, only that the "/" name was looked up.

-Brad