The gr_handle_sysctl() stub in grsecurity/grsec_disabled.c has a wrong signature compared to the implementation in grsecurity/gracl.c and the extern decl in kernel/sysctl.c. This results in sysctl() always failing with EACCES when called with a NULL read address. The correct signature is __u32 gr_handle_sysctl(const struct ctl_table *table, const void *oldval, const void *newval) while grsec_disabled.c implements the stub as __u32 r_handle_sysctl(const struct ctl_table * table, __u32 mode) { return mode; } effectifely returning 0 (deny) whenever oldval (incorrectly treated as mode here) is NULL. Reproducible: Always Steps to Reproduce: 1.emerge lm-sensors and configure it such that sensors(1) works for reading values. 2.Run sensors -s to see it fail (asks to be run as root) 3. Actual Results: sensors(1) isn't able to set the sensor parameters while write access via /proc works fine. sysctl(8) also works correctly, as opposed to sysctl(2) Expected Results: The kernel should have allowed the write access since grsecurity is disabled and the /proc file in question has write permissions for root. Portage 2.0.48-r7 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1) ================================================================= System uname: 2.4.20-gentoo-r6 i686 AMD Athlon(tm) XP 2400+ GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" PORTDIR="/usr/portage" DISTDIR="/usr/portage/distfiles" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR_OVERLAY="" USE="x86 oss 3dnow apm arts avi crypt cups encode foomaticdb gif imlib jpeg kde libg++ libwww mad mikmod mmx motif mpeg ncurses nls oggvorbis pdflib png qt quicktime sdl spell truetype xml2 xmms xv zlib gdbm berkdb slang readline svga java X gpm tcpd pam perl python opengl acl alsa attr -gnome -gtk ipv6 ssl slp zsh" COMPILER="gcc3" CHOST="i686-pc-linux-gnu" CFLAGS="-mcpu=athlon-xp -O3 -pipe" CXXFLAGS="-mcpu=athlon-xp -O3 -pipe" ACCEPT_KEYWORDS="x86 ~x86" MAKEOPTS="-j2" AUTOCLEAN="yes" SYNC="rsync://rsync.gentoo.org/gentoo-portage" FEATURES="sandbox ccache userpriv"
Sorry for the nonexistant line-breaks, they're links's fault :-(
I stuck that patch in a while ago in gentoo-sources-r7. Resolving as fixed...