Secunia: A security issue has been reported in grsecurity, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to an error in the RBAC system when enforcing the "user_transition_deny" and "user_transition_allow" rules. This can be exploited to bypass the affected rules in calls to "sys_setfsuid()" and "sys_setfsgid()". The security issue is reported in versions prior to 2.1.11-2.6.24.5 (2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21).
Created attachment 150781 [details, diff] Fix backported to 2.6.23 Status update: The patch uploaded with this posting will be included in the upcoming 2.6.23-r10 release, already in testing. The upcoming hardened-sources-2.6.24-r1 RC already has the latest grsec-2.1.11-2.6.24.5-200804211829.patch containing this fix and is also in testing since 2008-04-21. Both will be added to the tree soonish.
hardened-sources releases 2.6.23-r10 and 2.6.24-r1 are in the tree with this fix. Bug can be closed when 2.6.23-r10 goes stable on x86, amd64 and ppc.
Do you guys at hardened handle stabilization, or shall we add arches to the bug?
hardened-sources-2.6.23-r11 is marked stable on x86, amd64 and ppc. Closing bug.
