grsec_path: Update patch

2015-04-15 16:21:02 -07:00 · 2015-04-15 16:21:02 -07:00 · b46dae268a
commit b46dae268a
parent 0fd4774781
1 changed files with 6 additions and 7 deletions
--- a/pkgs/os-specific/linux/kernel/grsec-path.patch
+++ b/pkgs/os-specific/linux/kernel/grsec-path.patch
@ -1,18 +1,17 @@
 diff --git a/kernel/kmod.c b/kernel/kmod.c
-index a26e825..29baec1 100644
+index a689506..30747b4 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -294,10 +294,9 @@ static int ____call_usermodehelper(void *data)
+@@ -294,10 +294,8 @@ static int ____call_usermodehelper(void *data)
 	   out the path to be used prior to this point and are now operating
 	   on that copy
 	*/
 -	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
 -	     strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
-	     strncmp(sub_info->path, "/usr/libexec/", 13) &&
+-	     strncmp(sub_info->path, "/usr/libexec/", 13) && strncmp(sub_info->path, "/usr/bin/", 9) &&
 -	     strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
-+        if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
+	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
-+             strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) ||
+	     strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) || strstr(sub_info->path, "..")) {
-+             strstr(sub_info->path, "..")) {
+ 		printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of permitted system paths\n", sub_info->path);
 		printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path);
 		retval = -EPERM;
 		goto out;