some of the installed dirs containing binaries (and libraries) are 775. on some systems that use grsecurity with the following flags enabled: CONFIG_GRKERNSEC_TPE CONFIG_GRKERNSEC_TPE_ALL the execution of the binaries will be stopped by the system. for instance: Aug 4 20:37:58 [kernel] grsec: denied untrusted exec of /opt/Acrobat5/Browsers/intellinux/nppdf.so by (mozilla-bin:27472) UID(1000) EUID(1000), parent (wmaker:26706) UID(1000) EUID(1000) quick solution: find /opt/Acrobat5 -type d -exec bash -c 'chmod 755 {}' \; Reproducible: Always Steps to Reproduce: 0. use grsecurity with CONFIG_GRKERNSEC_TPE{,_ALL}=y 1. rsync 2. emerge acroread 3. acroread 4. tail /var/log/everything/current 5. find /opt/Acrobat5 -type d -exec bash -c 'chmod 755 {}' \; 6. acoread # now it works Actual Results: Aug 4 20:37:58 [kernel] grsec: denied untrusted exec of /opt/Acrobat5/Browsers/intellinux/nppdf.so by (mozilla-bin:27472) UID(1000) EUID(1000), parent (wmaker:26706) UID(1000) EUID(1000) Expected Results: emerge acroread should remove the group writable atribute (755). Portage 2.0.48-r5 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1) ================================================================= System uname: 2.4.21 i686 Intel(R) Pentium(R) 4 CPU 1.80GHz GENTOO_MIRRORS="ftp://193.230.245.6/pub/mirrors/gentoo" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/confi g /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" PORTDIR="/usr/portage" DISTDIR="/usr/portage/distfiles" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/public/tmp" PORTDIR_OVERLAY="" USE="x86 oss 3dnow apm avi crypt cups encode foomaticdb gif jpeg libg++ mad mikm od mpeg ncurses nls pdflib png quicktime truetype xml2 xmms xv zlib gdbm berkdb slang readline tetex svga tcltk java mysql sdl gpm tcpd pam libwww perl python e sd imlib oggvorbis mozilla cdr X gtk -gnome -alsa -kde -qt -arts opengl ssl mmx -motif -spell -emacs" COMPILER="gcc3" CHOST="i686-pc-linux-gnu" CFLAGS="-march=i686 -O3 -pipe -fomit-frame-pointer" CXXFLAGS="-march=i686 -O3 -pipe -fomit-frame-pointer" ACCEPT_KEYWORDS="x86" MAKEOPTS="-j2" AUTOCLEAN="yes" SYNC="rsync://193.230.245.6/gentoo-portage" FEATURES="sandbox ccache"
Fixed. Thanks.