Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 Jul 2018 03:37:16 +0000 (UTC)
From: vapnik spaknik <vapniks@...oo.com>
To: "lkrg-users@...ts.openwall.com" <lkrg-users@...ts.openwall.com>
Subject: Fw: firejail and grsecurity compatibility

OK, here is a further update on my previous message:I tried killing all programs running in firejails, but one of the firejails persisted. Running "firejail --list" indicated it containing chromium-browser which was running pulseaudio even though I had killed all chromium-browser processes and there were no instances of chromium-browser listed by "sudo pgrep chromium" or "sudo ps -e | grep chromium".
The lkrg "Exploit Detection" messages continued while this firejail was still running.After rebooting the machine, and reloading lkrg I have not seen any more "Exploit" messages.So.. could it be that I bumped into some exploit code while browsing the web? I can't remember all of the websites I visited, but I've tried revisiting those that I can remember, and have not seen any more "Exploit" messages from lkrg.   

     On Monday, July 30, 2018 10:27 PM, vapnik spaknik <vapniks@...oo.com> wrote:
 

 I am getting a lot of warning messages for firejail (https://firejail.wordpress.com/):

Jul 30 22:19:09 computer kernel: [p_lkrg] <Exploit Detection> Detected pointer swapping attack!process[19677 | firejail] has different 'cred' pointJul 30 22:19:09 computer kernel: [p_lkrg] <Exploit Detection> Detected pointer swapping attack!process[19677 | firejail] has different 'real_cred' Jul 30 22:19:09 computer kernel: [p_lkrg] <Exploit Detection> process[19677 | firejail] has different EGID! 1000 vs 0Jul 30 22:19:09 computer kernel: [p_lkrg] <Exploit Detection> process[19677 | firejail] has different FSGID! 1000 vs 0Jul 30 22:19:09 computer kernel: [p_lkrg] <Exploit Detection> Trying to kill process[firejail | 19677]!
should I be worried?
Also, is lkrg compatible with grsecurity?and finally, have you tried running it on android?
Thankyou for your time.

   
Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ