492546 – sys-apps/openrc-0.11.8: grsec: denied exec of usermode helper binary /lib64/rc/sh/cgroup-release-agent.sh located outside of /sbin

Bug 492546 - sys-apps/openrc-0.11.8: grsec: denied exec of usermode helper binary /lib64/rc/sh/cgroup-release-agent.sh located outside of /sbin

Summary: sys-apps/openrc-0.11.8: grsec: denied exec of usermode helper binary /lib64/r...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-11-25 21:19 UTC by wbrana
Modified:	2013-12-01 19:41 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description wbrana 2013-11-25 21:19:41 UTC

with grsecurity-3.0-3.11.9-201311242034.patch
there is following line in kernel log repeated about 20 times
grsec: denied exec of usermode helper binary /lib64/rc/sh/cgroup-release-agent.sh located outside of /sbin

Comment 1 wbrana 2013-11-25 21:32:55 UTC

commit d4a9bb63091852b5b49ebd216796b374e5c0dc71 

Author: Brad Spengler 

Date: Sat Nov 23 16:33:20 2013 -0500 



limit all usermode helper binaries to /sbin, all other attempts will be logged and rejected 



kernel/kmod.c | 8 ++++++++ 

1 files changed, 8 insertions(+), 0 deletions(-)