Grsec configuration?

hlozo · 04-26-2004, 09:32 AM

Hi,
I updated from 9.1 to 9.2 and now I'm unable to run cgi anywhere else than the apache root cgi-bin directory...

I scanned grsecurity.net but didn't find anything useful with mandrake...

Has anybody a clue how could I tell the grsec to allow some other dirs to be 'trusted' to run cgi? Because now I get:

Apr 26 15:08:49 ns kernel: grsec: From x.x.x.x: denied exec of /var/neomail/checklogin.pl by (perl5.8.1:11054) UID(72) EUID(72), parent (perl5.8.1:30068) UID(72) EUID(72) reason: untrusted

Thanks, Matej

BTW: 2.4.21-0.13mdksecure, that's my kernel

unSpawn · 04-26-2004, 12:14 PM

Are you running Grsec ACL's? Did you enable learning mode?

hlozo · 05-08-2004, 10:55 AM

I couldn't find any config files - neither those which are described on grsec's page, nor any others...

I searched the web and saw that grsec is implemented some other than the 'normal' way in mdk-secure kernels, but i couldn't find any answer how to configure it.

i realized that it is grsec who's doing the trouble only when i searched my logs...