grsecurity: Fix grsec-path.patch to apply with newest patches

2014-03-15 17:31:39 +01:00 · 2014-03-15 17:31:39 +01:00 · e76c059b23
commit e76c059b23
parent 7f39579931
1 changed files with 6 additions and 4 deletions
--- a/pkgs/os-specific/linux/kernel/grsec-path.patch
+++ b/pkgs/os-specific/linux/kernel/grsec-path.patch
@ -1,15 +1,17 @@
 diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 3227c2c..f32c944 100644
+index 67f7981..03f127d 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -246,8 +246,8 @@ static int ____call_usermodehelper(void *data)
+@@ -246,9 +246,9 @@ static int ____call_usermodehelper(void *data)
 	   out the path to be used prior to this point and are now operating
 	   on that copy
 	*/
 -	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
-	     strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7)) || strstr(sub_info->path, "..")) {
+-	     strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
 -	     strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
 +	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
-+	     strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) || strstr(sub_info->path, "..")) {
+	     strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) ||
 +	     strstr(sub_info->path, "..")) {
 		printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path);
 		retval = -EPERM;
 		goto fail;