Bug 25931 - bad directory permissions in acroread 5.07
Bug#: 25931 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: usata@gentoo.org Reported By: kaiowas@gentoo.org
Component: Ebuilds
URL: 
Summary: bad directory permissions in acroread 5.07
Keywords:  
Status Whiteboard: 
Opened: 2003-08-04 23:02 0000
Description:   Opened: 2003-08-04 23:02 0000 
some of the installed dirs containing binaries (and libraries) are 775.
on some systems that use grsecurity with the following flags enabled:

CONFIG_GRKERNSEC_TPE
CONFIG_GRKERNSEC_TPE_ALL

the execution of the binaries will be stopped by the system.
for instance:

Aug  4 20:37:58 [kernel] grsec: denied untrusted exec of
/opt/Acrobat5/Browsers/intellinux/nppdf.so by (mozilla-bin:27472) UID(1000)
EUID(1000), parent (wmaker:26706) UID(1000) EUID(1000)

quick solution:

find /opt/Acrobat5 -type d -exec bash -c 'chmod 755 {}' \;



Reproducible: Always
Steps to Reproduce:
0. use grsecurity with CONFIG_GRKERNSEC_TPE{,_ALL}=y
1. rsync
2. emerge acroread
3. acroread
4. tail /var/log/everything/current
5. find /opt/Acrobat5 -type d -exec bash -c 'chmod 755 {}' \;
6. acoread # now it works

Actual Results:  
Aug  4 20:37:58 [kernel] grsec: denied untrusted exec of
/opt/Acrobat5/Browsers/intellinux/nppdf.so by (mozilla-bin:27472) UID(1000)
EUID(1000), parent (wmaker:26706) UID(1000) EUID(1000)

Expected Results:  
emerge acroread should remove the group writable atribute (755).

Portage 2.0.48-r5 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1)
=================================================================
System uname: 2.4.21 i686 Intel(R) Pentium(R) 4 CPU 1.80GHz
GENTOO_MIRRORS="ftp://193.230.245.6/pub/mirrors/gentoo"
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/confi
g /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
PORTDIR="/usr/portage"
DISTDIR="/usr/portage/distfiles"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/public/tmp"
PORTDIR_OVERLAY=""
USE="x86 oss 3dnow apm avi crypt cups encode foomaticdb gif jpeg libg++ mad mikm
od mpeg ncurses nls pdflib png quicktime truetype xml2 xmms xv zlib gdbm berkdb 
slang readline tetex svga tcltk java mysql sdl gpm tcpd pam libwww perl python e
sd imlib oggvorbis mozilla cdr X gtk -gnome -alsa -kde -qt -arts opengl ssl mmx 
-motif -spell -emacs"
COMPILER="gcc3"
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=i686 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i686 -O3 -pipe -fomit-frame-pointer"
ACCEPT_KEYWORDS="x86"
MAKEOPTS="-j2"
AUTOCLEAN="yes"
SYNC="rsync://193.230.245.6/gentoo-portage"
FEATURES="sandbox ccache"

------- Comment #1 From Mamoru KOMACHI (RETIRED) 2003-08-11 10:23:17 0000 ------- 
Fixed.  Thanks.