/bin permission too open for TPE (grsecurity)
I've fired up a Devuan Jessie beta2 with a grsecurity enabled kernel, with TPE and PaX. The TPE part caused some trouble because everything was inside /bin was not executable by normal system users:
grsec: denied untrusted exec (due to file in group-writable directory) of /bin/dash by /bin/dash[cron:4425] uid/euid:112/112 gid/egid:118/118, parent /usr/sbin/cron[cron:4422] uid/euid:0/0 gid/egid:0/0
After a short investigation I've found that since Debian 8.0 the /bin directory have no more 755 permissions, but 775.
Devuan 8 / Debian 8 jessie:
# ls -la|grep bin drwxrwxr-x 2 root root 4096 gen 13 17:41 bin
On a Debian 7 wheezy:
# ls -la|grep bin drwxr-xr-x 2 root root 4096 set 28 19:26 bin
After a fast chmod 755 /bin everything back to normal and TPE don't is bothered anymore, and cron and the other tools inside /bin can works under system users as always.
I think that the cause of this permission change is for some obscure and related thing needed by systemd, otherwise I cannot find any other (good) reason.
Maybe we need to switch back to the old permission mask on Devuan?