| 1 |
Hi |
| 2 |
|
| 3 |
kakou wrote: |
| 4 |
> Hello, |
| 5 |
> |
| 6 |
> I have this error when I try to authenticate (when I send a mail) : |
| 7 |
> |
| 8 |
> grsec: From 10.0.0.10: denied untrusted exec of |
| 9 |
> /var/vpopmail/bin/vchkpw by |
| 10 |
> /var/qmail/bin/qmail-smtpd[qmail-smtpd:17267] uid/euid:201/201 |
| 11 |
> gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:18606] |
| 12 |
> uid/euid:201/201 gid/egid:200/200 |
| 13 |
> |
| 14 |
> How authorize /var/qmail/bin/qmail-smtpd to execute |
| 15 |
> /var/vpopmail/bin/vchkpw ? |
| 16 |
|
| 17 |
read the TPE-related config comments from the kernel sources |
| 18 |
|
| 19 |
____ |
| 20 |
CONFIG_GRKERNSEC_TPE_ALL: |
| 21 |
|
| 22 |
If you say Y here, All non-root users other than the ones in the group specified in the main TPE option will only be allowed to execute files in directories they own that are not group or world-writable, or in directories owned by root and writable only by root. If the sysctl option is enabled, a sysctl option with name "tpe_restrict_all" is created |
| 23 |
____ |
| 24 |
|
| 25 |
|
| 26 |
bye, |
| 27 |
peter |
| 28 |
|
| 29 |
-- |
| 30 |
petre rodan |
| 31 |
<kaiowas@g.o> |
| 32 |
Developer, |
| 33 |
Hardened Gentoo Linux |
Archives