Merge pull request #7069 from taktoa/master

Fixed grsecurity path patch for testing (3.19)
2015-03-30 02:36:34 -07:00 · 2015-03-30 02:36:34 -07:00 · c9bbf2228f
parent 7ed5918b6c d567e12eb7
commit c9bbf2228f
1 changed files with 7 additions and 6 deletions
--- a/pkgs/os-specific/linux/kernel/grsec-path.patch
+++ b/pkgs/os-specific/linux/kernel/grsec-path.patch
@ -1,17 +1,18 @@
 diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 67f7981..03f127d 100644
+index a26e825..29baec1 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -246,9 +246,9 @@ static int ____call_usermodehelper(void *data)
+@@ -294,10 +294,9 @@ static int ____call_usermodehelper(void *data)
 	   out the path to be used prior to this point and are now operating
 	   on that copy
 	*/
 -	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
 -	     strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
 -	     strncmp(sub_info->path, "/usr/libexec/", 13) &&
 -	     strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
-+	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
+        if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
-+	     strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) ||
+             strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) ||
-+	     strstr(sub_info->path, "..")) {
+             strstr(sub_info->path, "..")) {
 		printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path);
 		retval = -EPERM;
- 		goto fail;
+ 		goto out;