A bug was found in ccs-patch-2.6.32-grsecurity-201006011506.diff (included in ccs-patch-1.7.\*.tar.gz and ccs-patch-1.8.0-\*.tar.gz ). Incorrect location: error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS); if (error) goto dput_and_out; + if (ccs_chroot_permission(&path)) + goto dput_and_out; Correct location: error = -EPERM; if (!capable(CAP_SYS_CHROOT)) goto dput_and_out; + if (ccs_chroot_permission(&path)) + goto dput_and_out; This bug causes chroot() to do nothing and return 0 to the caller when permission was denied. I overlooked the patch command's output. If you are using ccs-patch-2.6.32-grsecurity-201006011506.diff , please update. Also, I refreshed the patch using 2.6.32.28+grsecurity-2.2.1 and 2.6.36.3+grsecurity-2.2.1 . Regards.
TOMOYO
Fork