/[linux-patches]/hardened/2.6/trunk/2.6.14/4906_grsec-2.1.8-disable_modules-fix.patch
Gentoo

Contents of /hardened/2.6/trunk/2.6.14/4906_grsec-2.1.8-disable_modules-fix.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 309 - (show annotations) (download)
Wed Feb 8 17:47:23 2006 UTC (8 years, 8 months ago) by johnm
File size: 980 byte(s)
4906 fixes bug #121250 - _MODSTOP locking down other tunables. 4907 fixes bug #99413 - _PROC_MEMMAP RAND_FLAGS bug
1 When the new GRKERNSEC_MODSTOP feature is built in and the feature activated by
2 setting the kernel.grsecurity.disable_modules sysctl, it erroneously locks down
3 all of the other sysctl/proc tunables too (as would happen when setting
4 grsec_lock = 1). This was first reported by Alex Efros in gentoo bug #121250.
5
6 More info: http://grsecurity.net/pipermail/grsecurity/2006-February/000703.html
7
8 --- linux-2.6.14-grsec-2.1.8-2.6.14.6-200601211647/grsecurity/grsec_sysctl.c 2006-02-05 23:18:05.000000000 -0500
9 +++ linux-2.6.14-grsec-2.1.8-2.6.14.7-200602052251/grsecurity/grsec_sysctl.c 2006-02-05 23:18:35.000000000 -0500
10 @@ -18,7 +18,8 @@ gr_handle_sysctl_mod(const char *dirname
11 }
12 #endif
13 #ifdef CONFIG_GRKERNSEC_MODSTOP
14 - if (!strcmp(dirname, "grsecurity") && grsec_modstop && (op & 002)) {
15 + if (!strcmp(dirname, "grsecurity") && !strcmp(name, "disable_modules") &&
16 + grsec_modstop && (op & 002)) {
17 gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
18 return -EACCES;
19 }

  ViewVC Help
Powered by ViewVC 1.1.20