SOURCES (hawk-LINUX_2_6): linux-2.6-grsec-vs-minimal.patch (NEW) -...
hawk
hawk at pld-linux.org
Sat Jan 27 15:06:40 CET 2007
Author: hawk Date: Sat Jan 27 14:06:40 2007 GMT
Module: SOURCES Tag: hawk-LINUX_2_6
---- Log message:
- minimal grsecurity for vserver patched kernel
---- Files affected:
SOURCES:
linux-2.6-grsec-vs-minimal.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec-vs-minimal.patch
diff -u /dev/null SOURCES/linux-2.6-grsec-vs-minimal.patch:1.1.2.1
--- /dev/null Sat Jan 27 15:06:40 2007
+++ SOURCES/linux-2.6-grsec-vs-minimal.patch Sat Jan 27 15:06:35 2007
@@ -0,0 +1,1316 @@
+diff -urNp linux-2.6.16.2/arch/sparc/Makefile linux-2.6.16.2/arch/sparc/Makefile
+--- linux-2.6.16.2/arch/sparc/Makefile 2006-04-07 12:56:47.000000000 -0400
++++ linux-2.6.16.2/arch/sparc/Makefile 2006-04-09 21:23:54.000000000 -0400
+@@ -34,7 +34,7 @@ libs-y += arch/sparc/prom/ arch/sparc/li
+ # Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-)
+ INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
+ CORE_Y := $(core-y)
+-CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
+ DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
+ NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
+diff -urN linux-2.6.16.2/Makefile linux-2.6.16.2-grsec/Makefile
+--- linux-2.6.16.2/Makefile 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/Makefile 2006-04-11 17:44:40.069707000 +0200
+@@ -556,7 +556,7 @@
+
+
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+
+ vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+diff -urN linux-2.6.16.2/drivers/char/keyboard.c linux-2.6.16.2-grsec/drivers/char/keyboard.c
+--- linux-2.6.16.2/drivers/char/keyboard.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/drivers/char/keyboard.c 2006-04-11 17:44:40.073707250 +0200
+@@ -607,6 +607,16 @@
+ kbd->kbdmode == VC_MEDIUMRAW) &&
+ value != KVAL(K_SAK))
+ return; /* SAK is allowed even in raw mode */
++
++#if defined(CONFIG_GRKERNSEC_PROC)
++ {
++ void *func = fn_handler[value];
++ if (func == fn_show_state || func == fn_show_ptregs ||
++ func == fn_show_mem)
++ return;
++ }
++#endif
++
+ fn_handler[value](vc);
+ }
+
+diff -urNp linux-2.6.16.2/drivers/pci/proc.c linux-2.6.16.2-grsec/drivers/pci/proc.c
+--- linux-2.6.16.2/drivers/pci/proc.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/drivers/pci/proc.c 2006-04-11 17:44:40.073707250 +0200
+@@ -467,7 +467,15 @@ static int __init pci_proc_init(void)
+ {
+ struct proc_dir_entry *entry;
+ struct pci_dev *dev = NULL;
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, proc_bus);
++#endif
++#else
+ proc_bus_pci_dir = proc_mkdir("pci", proc_bus);
++#endif
+ entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
+ if (entry)
+ entry->proc_fops = &proc_bus_pci_dev_operations;
+diff -urNp linux-2.6.16.2/fs/Kconfig linux-2.6.16.2-grsec/fs/Kconfig
+--- linux-2.6.16.2/fs/Kconfig 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/Kconfig 2006-04-11 17:44:40.073707250 +0200
+@@ -817,7 +817,7 @@ config PROC_FS
+
+ config PROC_KCORE
+ bool "/proc/kcore support" if !ARM
+- depends on PROC_FS && MMU
++ depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
+
+ config PROC_VMCORE
+ bool "/proc/vmcore support (EXPERIMENTAL)"
+diff -urN linux-2.6.16.2/fs/namei.c linux-2.6.16.2-grsec/fs/namei.c
+--- linux-2.6.16.2/fs/namei.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/namei.c 2006-04-11 18:10:35.961452750 +0200
+@@ -32,6 +32,7 @@
+ #include <linux/vs_tag.h>
+ #include <linux/vserver/debug.h>
+ #include <linux/vs_cowbl.h>
++#include <linux/grsecurity.h>
+ #include <asm/namei.h>
+ #include <asm/uaccess.h>
+
+@@ -608,6 +609,13 @@
+ err = security_inode_follow_link(path->dentry, nd);
+ if (err)
+ goto loop;
++
++ if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
++ path->dentry->d_inode, path->dentry, nd->mnt)) {
++ err = -EACCES;
++ goto loop;
++ }
++
+ current->link_count++;
+ current->total_link_count++;
+ nd->depth++;
+@@ -1647,6 +1655,13 @@
+ /*
+ * It already exists.
+ */
++
++ if (gr_handle_fifo(path.dentry, nd->mnt, dir, flag, acc_mode)) {
++ mutex_unlock(&dir->d_inode->i_mutex);
++ error = -EACCES;
++ goto exit_dput;
++ }
++
+ mutex_unlock(&dir->d_inode->i_mutex);
+ audit_inode_update(path.dentry->d_inode);
+
+@@ -1700,6 +1715,13 @@
+ error = security_inode_follow_link(path.dentry, nd);
+ if (error)
+ goto exit_dput;
++
++ if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode,
++ path.dentry, nd->mnt)) {
++ error = -EACCES;
++ goto exit_dput;
++ }
++
+ error = __do_follow_link(&path, nd);
+ if (error) {
+ /* Does someone understand code flow here? Or it is only
+@@ -2326,7 +2454,16 @@ asmlinkage long sys_linkat(int olddfd, c
+ error = PTR_ERR(new_dentry);
+ if (IS_ERR(new_dentry))
+ goto out_unlock;
++
++ if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
++ old_nd.dentry->d_inode,
++ old_nd.dentry->d_inode->i_mode, to)) {
++ error = -EACCES;
++ goto out_unlock_dput;
++ }
++
+ error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry, &nd);
++out_unlock_dput:
+ dput(new_dentry);
+ out_unlock:
+ mutex_unlock(&nd.dentry->d_inode->i_mutex);
+diff -urN linux-2.6.16.2/fs/proc/array.c linux-2.6.16.2-grsec/fs/proc/array.c
+--- linux-2.6.16.2/fs/proc/array.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/array.c 2006-04-11 17:44:40.077707500 +0200
+@@ -488,3 +488,14 @@
+ return sprintf(buffer,"%d %d %d %d %d %d %d\n",
+ size, resident, shared, text, lib, data, 0);
+ }
++
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++int proc_pid_ipaddr(struct task_struct *task, char * buffer)
++{
++ int len;
++
++ len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip));
++ return len;
++}
++#endif
++
+diff -urNp linux-2.6.16.2/fs/proc/inode.c linux-2.6.16.2-grsec/fs/proc/inode.c
+--- linux-2.6.16.2/fs/proc/inode.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/inode.c 2006-04-11 17:44:40.077707500 +0200
+@@ -166,7 +166,11 @@ struct inode *proc_get_inode(struct supe
+ if (de->mode) {
+ inode->i_mode = de->mode;
+ inode->i_uid = de->uid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ inode->i_gid = de->gid;
++#endif
+ }
+ if (de->vx_flags)
+ PROC_I(inode)->vx_flags = de->vx_flags;
+diff -urNp linux-2.6.16.2/fs/proc/internal.h linux-2.6.16.2-grsec/fs/proc/internal.h
+--- linux-2.6.16.2/fs/proc/internal.h 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/internal.h 2006-04-11 17:44:40.077707500 +0200
+@@ -36,6 +36,9 @@ extern int proc_tid_stat(struct task_str
+ extern int proc_tgid_stat(struct task_struct *, char *);
+ extern int proc_pid_status(struct task_struct *, char *);
+ extern int proc_pid_statm(struct task_struct *, char *);
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++extern int proc_pid_ipaddr(struct task_struct*,char*);
++#endif
+
+ extern struct file_operations proc_maps_operations;
+ extern struct file_operations proc_numa_maps_operations;
+diff -urN linux-2.6.16.2/fs/proc/proc_misc.c linux-2.6.16.2-grsec/fs/proc/proc_misc.c
+--- linux-2.6.16.2/fs/proc/proc_misc.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/proc_misc.c 2006-04-11 17:44:40.109709500 +0200
+@@ -670,6 +670,10 @@ void create_seq_entry(char *name, mode_t
+ void __init proc_misc_init(void)
+ {
+ struct proc_dir_entry *entry;
++#ifdef CONFIG_GRKERNSEC_PROC
++ int gr_mode = 0;
++#endif
++
+ static struct {
+ char *name;
+ int (*read_proc)(char*,char**,off_t,int,int*,void*);
+@@ -685,7 +687,9 @@ void __init proc_misc_init(void)
+ {"stram", stram_read_proc},
+ #endif
+ {"filesystems", filesystems_read_proc},
++#ifndef CONFIG_GRKERNSEC_PROC_ADD
+ {"cmdline", cmdline_read_proc},
++#endif
+ {"locks", locks_read_proc},
+ {"execdomains", execdomains_read_proc},
+ {NULL,}
+@@ -693,13 +697,26 @@ void __init proc_misc_init(void)
+ for (p = simple_ones; p->name; p++)
+ create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
+
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ gr_mode = S_IRUSR;
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ gr_mode = S_IRUSR | S_IRGRP;
++#endif
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++ create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL);
++#endif
++
+ proc_symlink("mounts", NULL, "self/mounts");
+
+ /* And now for trickier ones */
+ entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
+ if (entry)
+ entry->proc_fops = &proc_kmsg_operations;
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++ create_seq_entry("devices", gr_mode, &proc_devinfo_operations);
++#else
+ create_seq_entry("devices", 0, &proc_devinfo_operations);
++#endif
+ create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
+ #ifdef CONFIG_BLOCK
+ create_seq_entry("partitions", 0, &proc_partitions_operations);
+@@ -707,7 +724,11 @@ void __init proc_misc_init(void)
+ create_seq_entry("stat", 0, &proc_stat_operations);
+ create_seq_entry("interrupts", 0, &proc_interrupts_operations);
+ #ifdef CONFIG_SLAB
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++ create_seq_entry("slabinfo",S_IWUSR|gr_mode,&proc_slabinfo_operations);
++#else
+ create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations);
++#endif
+ #ifdef CONFIG_DEBUG_SLAB_LEAK
+ create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations);
+ #endif
+@@ -724,7 +745,7 @@ void __init proc_misc_init(void)
+ #ifdef CONFIG_SCHEDSTATS
+ create_seq_entry("schedstat", 0, &proc_schedstat_operations);
+ #endif
+-#ifdef CONFIG_PROC_KCORE
++#if defined(CONFIG_PROC_KCORE) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
+ if (proc_root_kcore) {
+ proc_root_kcore->proc_fops = &proc_kcore_operations;
+diff -urN linux-2.6.16.2/fs/proc/root.c linux-2.6.16.2-grsec/fs/proc/root.c
+--- linux-2.6.16.2/fs/proc/root.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/root.c 2006-04-11 17:44:40.113709750 +0200
+@@ -53,7 +53,13 @@
+ return;
+ }
+ proc_misc_init();
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR, NULL);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
++#else
+ proc_net = proc_mkdir("net", NULL);
++#endif
+ proc_net_stat = proc_mkdir("net/stat", NULL);
+
+ #ifdef CONFIG_SYSVIPC
+@@ -77,7 +83,15 @@
+ #ifdef CONFIG_PROC_DEVICETREE
+ proc_device_tree_init();
+ #endif
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
++#endif
++#else
+ proc_bus = proc_mkdir("bus", NULL);
++#endif
+ proc_vx_init();
+ }
+
+diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
+--- linux-2.6.16.2/grsecurity/Kconfig 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/Kconfig 2006-04-11 19:03:04.020561250 +0200
+@@ -0,0 +1,135 @@
++#
++# grecurity configuration
++#
++
++menu "Grsecurity"
++
++config GRKERNSEC
++ bool "Grsecurity"
++ select CRYPTO
++ select CRYPTO_SHA256
++ help
++ If you say Y here, you will be able to configure many features
++ that will enhance the security of your system. It is highly
++ recommended that you say Y here and read through the help
++ for each option so that you fully understand the features and
++ can evaluate their usefulness for your machine.
++
++menu "Filesystem Protections"
++depends on GRKERNSEC
++
++config GRKERNSEC_PROC
++ bool "Proc restrictions"
++ help
++ If you say Y here, the permissions of the /proc filesystem
++ will be altered to enhance system security and privacy. You MUST
++ choose either a user only restriction or a user and group restriction.
++ Depending upon the option you choose, you can either restrict users to
++ see only the processes they themselves run, or choose a group that can
++ view all processes and files normally restricted to root if you choose
++ the "restrict to user only" option. NOTE: If you're running identd as
++ a non-root user, you will have to run it as the group you specify here.
++
++config GRKERNSEC_PROC_USER
++ bool "Restrict /proc to user only"
++ depends on GRKERNSEC_PROC
++ help
++ If you say Y here, non-root users will only be able to view their own
++ processes, and restricts them from viewing network-related information,
++ and viewing kernel symbol and module information.
++
++config GRKERNSEC_PROC_USERGROUP
++ bool "Allow special group"
++ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
++ help
++ If you say Y here, you will be able to select a group that will be
++ able to view all processes, network-related information, and
++ kernel and symbol information. This option is useful if you want
++ to run identd as a non-root user.
++
++config GRKERNSEC_PROC_GID
++ int "GID for special group"
++ depends on GRKERNSEC_PROC_USERGROUP
++ default 1001
++
++config GRKERNSEC_PROC_ADD
++ bool "Additional restrictions"
++ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
++ help
++ If you say Y here, additional restrictions will be placed on
++ /proc that keep normal users from viewing device information and
++ slabinfo information that could be useful for exploits.
++
++config GRKERNSEC_LINK
++ bool "Linking restrictions"
++ help
++ If you say Y here, /tmp race exploits will be prevented, since users
++ will no longer be able to follow symlinks owned by other users in
++ world-writable +t directories (i.e. /tmp), unless the owner of the
++ symlink is the owner of the directory. users will also not be
++ able to hardlink to files they do not own. If the sysctl option is
++ enabled, a sysctl option with name "linking_restrictions" is created.
++
++config GRKERNSEC_FIFO
++ bool "FIFO restrictions"
++ help
++ If you say Y here, users will not be able to write to FIFOs they don't
++ own in world-writable +t directories (i.e. /tmp), unless the owner of
++ the FIFO is the same owner of the directory it's held in. If the sysctl
++ option is enabled, a sysctl option with name "fifo_restrictions" is
++ created.
++
++endmenu
++
++config GRKERNSEC_PROC_IPADDR
++ depends on GRKERNSEC
++ bool "/proc/<pid>/ipaddr support"
++ help
++ If you say Y here, a new entry will be added to each /proc/<pid>
++ directory that contains the IP address of the person using the task.
++ The IP is carried across local TCP and AF_UNIX stream sockets.
++ This information can be useful for IDS/IPSes to perform remote response
++ to a local attack. The entry is readable by only the owner of the
++ process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
++ the RBAC system), and thus does not create privacy concerns.
++
++config GRKERNSEC_SHM
++ depends on GRKERNSEC
++ bool "Destroy unused shared memory"
++ depends on SYSVIPC
++ help
++ If you say Y here, shared memory will be destroyed when no one is
++ attached to it. Otherwise, resources involved with the shared
++ memory can be used up and not be associated with any process (as the
++ shared memory still exists, and the creating process has exited). If
++ the sysctl option is enabled, a sysctl option with name
++ "destroy_unused_shm" is created.
++
++config GRKERNSEC_SYSCTL
++ depends on GRKERNSEC && SYSCTL
++ bool "Sysctl support"
++ help
++ If you say Y here, you will be able to change the options that
++ grsecurity runs with at bootup, without having to recompile your
++ kernel. You can echo values to files in /proc/sys/kernel/grsecurity
++ to enable (1) or disable (0) various features. All the sysctl entries
++ are mutable until the "grsec_lock" entry is set to a non-zero value.
++ All features enabled in the kernel configuration are disabled at boot
++ if you do not say Y to the "Turn on features by default" option.
++ All options should be set at startup, and the grsec_lock entry should
++ be set to a non-zero value after all the options are set.
++ *THIS IS EXTREMELY IMPORTANT*
++
++config GRKERNSEC_SYSCTL_ON
++ bool "Turn on features by default"
++ depends on GRKERNSEC_SYSCTL
++ help
++ If you say Y here, instead of having all features enabled in the
++ kernel configuration disabled at boot time, the features will be
++ enabled at boot time. It is recommended you say Y here unless
++ there is some reason you would want all sysctl-tunable features to
++ be disabled by default. As mentioned elsewhere, it is important
++ to enable the grsec_lock entry once you have finished modifying
++ the sysctl entries.
++
++endmenu
+diff -urN linux-2.6.16.2/grsecurity/Makefile linux-2.6.16.2-grsec/grsecurity/Makefile
+--- linux-2.6.16.2/grsecurity/Makefile 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/Makefile 2006-04-11 19:03:17.509404250 +0200
+@@ -0,0 +1,11 @@
++# All code in this directory and various hooks inserted throughout the kernel
++# are copyright Brad Spengler, and released under the GPL v2 or higher
++
++obj-y = grsec_fifo.o grsec_sock.o grsec_sysctl.o grsec_link.o
++
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o
++
++ifndef CONFIG_GRKERNSEC
++obj-y += grsec_disabled.o
++endif
++
+diff -urN linux-2.6.16.2/grsecurity/grsec_disabled.c linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c
+--- linux-2.6.16.2/grsecurity/grsec_disabled.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c 2006-04-11 17:44:40.113709750 +0200
+@@ -0,0 +1,5 @@
++void
++grsecurity_init(void)
++{
++ return;
++}
+diff -urN linux-2.6.16.2/grsecurity/grsec_fifo.c linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c
+--- linux-2.6.16.2/grsecurity/grsec_fifo.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c 2006-04-11 19:04:02.872239250 +0200
+@@ -0,0 +1,20 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/fs.h>
++#include <linux/file.h>
++#include <linux/grinternal.h>
++
++int
++gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
++ const struct dentry *dir, const int flag, const int acc_mode)
++{
++#ifdef CONFIG_GRKERNSEC_FIFO
++ if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
++ !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
++ (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
++ (current->fsuid != dentry->d_inode->i_uid)) {
++ return -EACCES;
++ }
++#endif
++ return 0;
++}
+diff -urN linux-2.6.16.2/grsecurity/grsec_init.c linux-2.6.16.2-grsec/grsecurity/grsec_init.c
+--- linux-2.6.16.2/grsecurity/grsec_init.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_init.c 2006-04-11 19:04:24.693603000 +0200
+@@ -0,0 +1,33 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/smp_lock.h>
++#include <linux/slab.h>
++#include <linux/vmalloc.h>
++#include <linux/percpu.h>
++
++int grsec_enable_shm;
++int grsec_enable_link;
++int grsec_enable_fifo;
++int grsec_lock;
++
++void
++grsecurity_init(void)
++{
++#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
++#ifndef CONFIG_GRKERNSEC_SYSCTL
++ grsec_lock = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_SHM
++ grsec_enable_shm = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_LINK
++ grsec_enable_link = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_FIFO
++ grsec_enable_fifo = 1;
++#endif
++#endif
++
++ return;
++}
+diff -urN linux-2.6.16.2/grsecurity/grsec_link.c linux-2.6.16.2-grsec/grsecurity/grsec_link.c
+--- linux-2.6.16.2/grsecurity/grsec_link.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_link.c 2006-04-11 19:04:40.258575750 +0200
+@@ -0,0 +1,37 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/fs.h>
++#include <linux/file.h>
++#include <linux/grinternal.h>
++
++int
++gr_handle_follow_link(const struct inode *parent,
++ const struct inode *inode,
++ const struct dentry *dentry, const struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_LINK
++ if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
++ (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
++ (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) {
++ return -EACCES;
++ }
++#endif
++ return 0;
++}
++
++int
++gr_handle_hardlink(const struct dentry *dentry,
++ const struct vfsmount *mnt,
++ struct inode *inode, const int mode, const char *to)
++{
++#ifdef CONFIG_GRKERNSEC_LINK
++ if (grsec_enable_link && current->fsuid != inode->i_uid &&
++ (!S_ISREG(mode) || (mode & S_ISUID) ||
++ ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
++ (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) &&
++ !capable(CAP_FOWNER) && current->uid) {
++ return -EPERM;
++ }
++#endif
++ return 0;
++}
+diff -urN linux-2.6.16.2/grsecurity/grsec_sock.c linux-2.6.16.2-grsec/grsecurity/grsec_sock.c
+--- linux-2.6.16.2/grsecurity/grsec_sock.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_sock.c 2006-04-11 19:20:18.301199750 +0200
+@@ -0,0 +1,164 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/net.h>
++#include <linux/in.h>
++#include <linux/ip.h>
++#include <net/sock.h>
++#include <net/inet_sock.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++#ifdef CONFIG_GRKERNSEC
++#define gr_conn_table_size 32749
++struct conn_table_entry {
++ struct conn_table_entry *next;
++ struct signal_struct *sig;
++};
++
++struct conn_table_entry *gr_conn_table[gr_conn_table_size];
++spinlock_t gr_conn_table_lock = SPIN_LOCK_UNLOCKED;
++
++static __inline__ int
++conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
++{
++ return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list