A bug was found in ccs-patch-2.6.32-grsecurity-201006011506.diff
(included in ccs-patch-1.7.\*.tar.gz and ccs-patch-1.8.0-\*.tar.gz ).
Incorrect location:
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
if (error)
goto dput_and_out;
+ if (ccs_chroot_permission(&path))
+ goto dput_and_out;
Correct location:
error = -EPERM;
if (!capable(CAP_SYS_CHROOT))
goto dput_and_out;
+ if (ccs_chroot_permission(&path))
+ goto dput_and_out;
This bug causes chroot() to do nothing and return 0 to the caller when
permission was denied. I overlooked the patch command's output.
If you are using ccs-patch-2.6.32-grsecurity-201006011506.diff ,
please update. Also, I refreshed the patch using 2.6.32.28+grsecurity-2.2.1
and 2.6.36.3+grsecurity-2.2.1 .
Regards.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
