FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 01-28-2012, 12:23 PM
Alex Efros
 
Default Security Level: high/server/workstation/virtualization

Hi!

On Sat, Jan 28, 2012 at 02:12:19PM +0200, pageexec@freemail.hu wrote:
> > $ dumpcap
> > dumpcap: Can't get list of interfaces: Can't open /sys/class/net: Permission denied
>
> i think it's GRKERNSEC_SYSFS_RESTRICT that could cause this, do you have it enabled?

Hmm. Sure. You think I shouldn't have it enabled?
dumpcap is suid, why it can't access it? Or it doesn't execute as root
already/yet at point when it try to enumerate available interfaces?
If this is the case, then it looks like one more bug to fix in dumpcap…

> > And one more questions - why core wasn't dumped here?
>
> check /proc/sys/fs/suid_dumpable

0. Thanks.

--
WBR, Alex.
 
Old 01-28-2012, 12:33 PM
Alex Efros
 
Default Security Level: high/server/workstation/virtualization

Hi!

On Sat, Jan 28, 2012 at 03:23:58PM +0200, Alex Efros wrote:
> > i think it's GRKERNSEC_SYSFS_RESTRICT that could cause this, do you have it enabled?
> Hmm. Sure. You think I shouldn't have it enabled?

Okay, I've disabled it: running wireshark as root probably create more
security risks than disabling this option. But this doesn't really solved
this issue:

$ dumpcap
dumpcap: Can't get list of interfaces: Can't open netlink socket 93:Protocol not supported

--
WBR, Alex.
 
Old 01-28-2012, 05:28 PM
 
Default Security Level: high/server/workstation/virtualization

On 28 Jan 2012 at 15:23, Alex Efros wrote:

> On Sat, Jan 28, 2012 at 02:12:19PM +0200, pageexec@freemail.hu wrote:
> > > $ dumpcap
> > > dumpcap: Can't get list of interfaces: Can't open /sys/class/net: Permission denied
> >
> > i think it's GRKERNSEC_SYSFS_RESTRICT that could cause this, do you have it enabled?
>
> Hmm. Sure. You think I shouldn't have it enabled?
> dumpcap is suid, why it can't access it? Or it doesn't execute as root
> already/yet at point when it try to enumerate available interfaces?
> If this is the case, then it looks like one more bug to fix in dumpcap...

you should at this point probably talk to spender or the grsecurity related
list/forum as all this is his stuff, not mine
 
Old 01-28-2012, 06:56 PM
Kevin Chadwick
 
Default Security Level: high/server/workstation/virtualization

On Fri, 27 Jan 2012 22:34:42 +0200
wrote:

> > > Core2Duo
> >
> > I don't know the details but according to OpenBSDs Theo, the Core2Duo
> > had some major design flaws that intel couldn't fix with microcode with
> > some security implications.
>
> yeah, Theo for president! of the lunatic asylum.


No need, especially as he's not here to defend himself, atleast he
offered info to backup his statements even if he didn't try to prove
anything.

"http://marc.info/?l=openbsd-misc&m=118296441702631"

"http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif"

p.s. It wasn't Theo that said anything about the malloc.conf flag for
clearing memory on free instead of re-use, possibly being less secure.


I'm no troll, though I may hijack a thread a little too often, sorry. I
can understand though don't agree with the tendency of Linux bashing
on the OpenBSD list as they're license/ideals mean they can't use GPLd
code and they have to deal with porting and other issues, of course some
of those ports wouldn't exist or be as good without Linux. I don't
understand the sensitivity to mentioning OpenBSD or Theo by the
minority here as Linux is free to and does use their code.

--
Kc
 
Old 02-10-2012, 06:07 AM
Alex Efros
 
Default Security Level: high/server/workstation/virtualization

Hi!

On Sat, Jan 28, 2012 at 03:33:51PM +0200, Alex Efros wrote:
> $ dumpcap
> dumpcap: Can't get list of interfaces: Can't open netlink socket 93:Protocol not supported

This one solved by enabling in kernel CONFIG_NF_CT_NETLINK.

Actually I think it needs CONFIG_NETFILTER_NETLINK, but to enable that
one we have to enable one of three other options, and all of them have
nothing with dumping packets at a glance.

--
WBR, Alex.
 

Thread Tools




All times are GMT. The time now is 11:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org