Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 492546

Summary: sys-apps/openrc-0.11.8: grsec: denied exec of usermode helper binary /lib64/rc/sh/cgroup-release-agent.sh located outside of /sbin
Product: Gentoo Linux Reporter: wbrana
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED UPSTREAM    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description wbrana 2013-11-25 21:19:41 UTC 
with grsecurity-3.0-3.11.9-201311242034.patch
there is following line in kernel log repeated about 20 times
grsec: denied exec of usermode helper binary /lib64/rc/sh/cgroup-release-agent.sh located outside of /sbin
Comment 1 wbrana 2013-11-25 21:32:55 UTC 
commit d4a9bb63091852b5b49ebd216796b374e5c0dc71 

Author: Brad Spengler 

Date: Sat Nov 23 16:33:20 2013 -0500 



limit all usermode helper binaries to /sbin, all other attempts will be logged and rejected 



kernel/kmod.c | 8 ++++++++ 

1 files changed, 8 insertions(+), 0 deletions(-)