HIDS 60227

From Atomicorp Wiki
Revision as of 15:30, 18 December 2011 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Example log message:

system kernel: grsec: denied RWX mprotect of <anonymous mapping> by /lib64/ld-2.5.so[ld-linux-x86-64:27597] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/prelink[prelink:25897] uid/euid:0/0 gid/egid:0/0

Explanation:

The kernel contains numerous protections against kernel and root level compromises. One of these is to [restrict the use of mprotect function], which can be used introduce new executable code into the task's address space. This method can be used to compromise some or all of the system.

If you see this alert, that means that an application is attempting to this. This can be caused by an insecure application attempting to use this insecure function legitimately, in which case we recommend you contact the developer and ask them to use a more secure method, or this may be an attempt to compromise your system.

If you wish to enable an application to use this unsafe function, then please the [mprotect FAQ article]. We do not recommend you enable an application to do this. It will open your system up to potential compromise that the kernel will not be able to protect you against, and may not be detectable by any rootkit detector.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_60227&oldid=2019"
Personal tools