Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 26244 - sysctl(2) in gentoo-sources fails with EACCES when grsecurity is *disabled*
Summary: sysctl(2) in gentoo-sources fails with EACCES when grsecurity is *disabled*
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: x86-kernel@gentoo.org (DEPRECATED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-08-08 21:53 UTC by Malte Starostik
Modified: 2003-09-21 23:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Malte Starostik 2003-08-08 21:53:54 UTC 
The gr_handle_sysctl() stub in grsecurity/grsec_disabled.c has a wrong signature compared to the implementation in grsecurity/gracl.c and the extern decl in kernel/sysctl.c. This results in sysctl() always failing with EACCES when called with a NULL read address. The correct signature is __u32 gr_handle_sysctl(const struct ctl_table *table, const void *oldval, const void *newval) while grsec_disabled.c implements the stub as __u32 r_handle_sysctl(const struct ctl_table * table, __u32 mode) {        return mode; } effectifely returning 0 (deny) whenever oldval (incorrectly treated as mode here) is NULL.

Reproducible: Always
Steps to Reproduce:
1.emerge lm-sensors and configure it such that sensors(1) works for reading values. 2.Run sensors -s to see it fail (asks to be run as root) 3.
Actual Results:  
sensors(1) isn't able to set the sensor parameters while write access via /proc works fine. sysctl(8) also works correctly, as opposed to sysctl(2)

Expected Results:  
The kernel should have allowed the write access since grsecurity is disabled and the /proc file in question has write permissions for root.

Portage 2.0.48-r7 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1) ================================================================= System uname: 2.4.20-gentoo-r6 i686 AMD Athlon(tm) XP 2400+ GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" PORTDIR="/usr/portage" DISTDIR="/usr/portage/distfiles" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR_OVERLAY="" USE="x86 oss 3dnow apm arts avi crypt cups encode foomaticdb gif imlib jpeg kde libg++ libwww mad mikmod mmx motif mpeg ncurses nls oggvorbis pdflib png qt quicktime sdl spell truetype xml2 xmms xv zlib gdbm berkdb slang readline svga java X gpm tcpd pam perl python opengl acl alsa attr -gnome -gtk ipv6 ssl slp zsh" COMPILER="gcc3" CHOST="i686-pc-linux-gnu" CFLAGS="-mcpu=athlon-xp -O3 -pipe" CXXFLAGS="-mcpu=athlon-xp -O3 -pipe" ACCEPT_KEYWORDS="x86 ~x86" MAKEOPTS="-j2" AUTOCLEAN="yes" SYNC="rsync://rsync.gentoo.org/gentoo-portage" FEATURES="sandbox ccache userpriv"
Comment 1 Malte Starostik 2003-08-08 22:03:01 UTC 
Sorry for the nonexistant line-breaks, they're links's fault :-(
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2003-09-21 23:56:17 UTC 
I stuck that patch in a while ago in gentoo-sources-r7.

Resolving as fixed...