Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
grsec pax kernel TPE
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
niceflower
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2017
Posts: 76

PostPosted: Tue Apr 18, 2017 10:13 pm    Post subject: grsec pax kernel TPE Reply with quote

from time to time i need to be able to execute some scripts with my user, however TPE (trusted path execution) and disallow unprivileged code injection modules in the kernel, stops this from happening.
so my personal work around is to disable TPE and disallow unprivileged code injection, but this reduces the functionality of grsec.

how can i remove my user from the TPE group so i can have TPE enabled, and still run code with my user?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13836

PostPosted: Wed Apr 19, 2017 1:39 am    Post subject: Reply with quote

As I understand it, TPE should not be blocking anything secure. What exactly are you doing that TPE interferes at all? What are the ownership and permissions on these problematic scripts?
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3686
Location: Hamburg

PostPosted: Wed Apr 19, 2017 7:08 pm    Post subject: Reply with quote

quick & dirty:
Code:
sysctl -w kernel.grsecurity.tpe = 0
and revert it after your task is done; for a long term solution take a look at these kernel vars:
Code:
zgrep TPE /proc/config.gz
CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=100
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum