SOURCES: grsecurity-2.1.10-2.4.34-200701222213.patch - adapted
qboosh
qboosh at pld-linux.org
Mon Feb 19 13:44:53 CET 2007
Author: qboosh Date: Mon Feb 19 12:44:53 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- adapted
---- Files affected:
SOURCES:
grsecurity-2.1.10-2.4.34-200701222213.patch (1.1 -> 1.2)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-2.1.10-2.4.34-200701222213.patch
diff -u SOURCES/grsecurity-2.1.10-2.4.34-200701222213.patch:1.1 SOURCES/grsecurity-2.1.10-2.4.34-200701222213.patch:1.2
--- SOURCES/grsecurity-2.1.10-2.4.34-200701222213.patch:1.1 Mon Feb 19 12:48:50 2007
+++ SOURCES/grsecurity-2.1.10-2.4.34-200701222213.patch Mon Feb 19 13:44:48 2007
@@ -1380,10 +1380,9 @@
static struct {
unsigned long address;
unsigned short segment;
-diff -urNp linux-2.4.34/arch/i386/kernel/process.c linux-2.4.34/arch/i386/kernel/process.c
---- linux-2.4.34/arch/i386/kernel/process.c 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/arch/i386/kernel/process.c 2007-01-20 17:44:02.000000000 -0500
-@@ -153,7 +153,7 @@ static int __init idle_setup (char *str)
+--- linux-2.4.34/arch/i386/kernel/process.c.orig 2007-02-19 12:55:41.068134000 +0100
++++ linux-2.4.34/arch/i386/kernel/process.c 2007-02-19 12:58:38.668134000 +0100
+@@ -150,7 +150,7 @@ static int __init idle_setup (char *str)
__setup("idle=", idle_setup);
@@ -1392,7 +1391,7 @@
int reboot_thru_bios;
#ifdef CONFIG_SMP
-@@ -209,18 +209,18 @@ __setup("reboot=", reboot_setup);
+@@ -206,18 +206,18 @@ __setup("reboot=", reboot_setup);
doesn't work with at least one type of 486 motherboard. It is easy
to stop this code working; hence the copious comments. */
@@ -1416,7 +1415,7 @@
}
real_mode_gdt = { sizeof (real_mode_gdt_entries) - 1, real_mode_gdt_entries },
real_mode_idt = { 0x3ff, 0 },
-@@ -245,7 +245,7 @@ no_idt = { 0, 0 };
+@@ -242,7 +242,7 @@ no_idt = { 0, 0 };
More could be done here to set up the registers as if a CPU reset had
occurred; hopefully real BIOSs don't assume much. */
@@ -1425,7 +1424,7 @@
{
0x66, 0x0f, 0x20, 0xc0, /* movl %cr0,%eax */
0x66, 0x83, 0xe0, 0x11, /* andl $0x00000011,%eax */
-@@ -259,7 +259,7 @@ static unsigned char real_mode_switch []
+@@ -256,7 +256,7 @@ static unsigned char real_mode_switch []
0x24, 0x10, /* f: andb $0x10,al */
0x66, 0x0f, 0x22, 0xc0 /* movl %eax,%cr0 */
};
@@ -1434,7 +1433,7 @@
{
0xea, 0x00, 0x00, 0xff, 0xff /* ljmp $0xffff,$0x0000 */
};
-@@ -278,10 +278,14 @@ static inline void kb_wait(void)
+@@ -275,10 +275,14 @@ static inline void kb_wait(void)
* specified by the code and length parameters.
* We assume that length will aways be less that 100!
*/
@@ -1450,7 +1449,7 @@
cli();
/* Write zero to CMOS register number 0x0f, which the BIOS POST
-@@ -302,9 +306,17 @@ void machine_real_restart(unsigned char
+@@ -299,9 +303,17 @@ void machine_real_restart(unsigned char
from the kernel segment. This assumes the kernel segment starts at
virtual address PAGE_OFFSET. */
@@ -1468,7 +1467,7 @@
/* Make sure the first page is mapped to the start of physical memory.
It is normally not mapped, to trap kernel NULL pointer dereferences. */
-@@ -321,7 +333,7 @@ void machine_real_restart(unsigned char
+@@ -318,7 +330,7 @@ void machine_real_restart(unsigned char
REBOOT.COM programs, and the previous reset routine did this
too. */
@@ -1477,7 +1476,7 @@
/* For the switch to real mode, copy some code to low memory. It has
to be in the first 64k because it is running in 16-bit mode, and it
-@@ -329,9 +341,9 @@ void machine_real_restart(unsigned char
+@@ -326,9 +338,9 @@ void machine_real_restart(unsigned char
off paging. Copy it near the end of the first page, out of the way
of BIOS variables. */
@@ -1489,7 +1488,7 @@
/* Set up the IDT for real mode. */
-@@ -414,7 +426,7 @@ void machine_restart(char * __unused)
+@@ -411,7 +423,7 @@ void machine_restart(char * __unused)
if(!reboot_thru_bios) {
/* rebooting needs to touch the page at absolute addr 0 */
@@ -1498,7 +1497,7 @@
for (;;) {
int i;
for (i=0; i<100; i++) {
-@@ -552,7 +564,7 @@ int copy_thread(int nr, unsigned long cl
+@@ -549,7 +561,7 @@ int copy_thread(int nr, unsigned long cl
{
struct pt_regs * childregs;
@@ -1507,7 +1506,7 @@
struct_cpy(childregs, regs);
childregs->eax = 0;
childregs->esp = esp;
-@@ -613,6 +625,19 @@ void dump_thread(struct pt_regs * regs,
+@@ -610,6 +622,19 @@ void dump_thread(struct pt_regs * regs,
dump->u_fpvalid = dump_fpu (regs, &dump->i387);
}
@@ -1527,7 +1526,7 @@
/*
* This special macro can be used to load a debugging register
*/
-@@ -650,12 +675,15 @@ void fastcall __switch_to(struct task_st
+@@ -647,12 +672,15 @@ void fastcall __switch_to(struct task_st
*next = &next_p->thread;
struct tss_struct *tss = init_tss + smp_processor_id();
@@ -1547,7 +1546,7 @@
/*
* Save away %fs and %gs. No need to save %es and %ds, as
-@@ -683,6 +711,15 @@ void fastcall __switch_to(struct task_st
+@@ -682,6 +710,15 @@ void fastcall __switch_to(struct task_st
loaddebug(next, 7);
}
@@ -1560,10 +1559,10 @@
+ */
+ tss->esp0 = next->esp0;
+
- if (prev->ioperm || next->ioperm) {
+ if (unlikely(prev->ioperm || next->ioperm)) {
if (next->ioperm) {
/*
-@@ -705,6 +742,11 @@ void fastcall __switch_to(struct task_st
+@@ -704,6 +741,11 @@ void fastcall __switch_to(struct task_st
*/
tss->bitmap = INVALID_IO_BITMAP_OFFSET;
}
@@ -1575,7 +1574,7 @@
}
asmlinkage int sys_fork(struct pt_regs regs)
-@@ -792,3 +834,43 @@ unsigned long get_wchan(struct task_stru
+@@ -791,3 +833,43 @@ unsigned long get_wchan(struct task_stru
}
#undef last_sched
#undef first_sched
@@ -7407,9 +7406,8 @@
spec_fn_table[value]();
}
-diff -urNp linux-2.4.34/drivers/char/mem.c linux-2.4.34/drivers/char/mem.c
---- linux-2.4.34/drivers/char/mem.c 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/drivers/char/mem.c 2007-01-20 17:44:02.000000000 -0500
+--- linux-2.4.34/drivers/char/mem.c.orig 2007-02-19 12:55:43.368134000 +0100
++++ linux-2.4.34/drivers/char/mem.c 2007-02-19 12:59:16.568134000 +0100
@@ -22,6 +22,7 @@
#include <linux/tty.h>
#include <linux/capability.h>
@@ -7466,7 +7464,7 @@
if (p < (unsigned long) high_memory) {
wrote = count;
if (count > (unsigned long) high_memory - p)
-@@ -402,9 +423,25 @@ static inline size_t read_zero_pagealign
+@@ -404,9 +425,25 @@ static inline size_t read_zero_pagealign
count = size;
zap_page_range(mm, addr, count);
@@ -7493,7 +7491,7 @@
size -= count;
buf += count;
addr += count;
-@@ -526,6 +563,15 @@ static loff_t memory_lseek(struct file *
+@@ -528,6 +565,15 @@ static loff_t memory_lseek(struct file *
static int open_port(struct inode * inode, struct file * filp)
{
@@ -7509,7 +7507,7 @@
return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
}
-@@ -583,6 +629,11 @@ static int mmap_kmem(struct file * file,
+@@ -585,6 +631,11 @@ static int mmap_kmem(struct file * file,
unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
unsigned long size = vma->vm_end - vma->vm_start;
@@ -7521,7 +7519,7 @@
/*
* If the user is not attempting to mmap a high memory address then
* the standard mmap_mem mechanism will work. High memory addresses
-@@ -618,7 +669,6 @@ static int mmap_kmem(struct file * file,
+@@ -620,7 +671,6 @@ static int mmap_kmem(struct file * file,
#define full_lseek null_lseek
#define write_zero write_null
#define read_full read_zero
@@ -7529,9 +7527,9 @@
#define open_kmem open_mem
static struct file_operations mem_fops = {
-@@ -694,6 +744,11 @@ static int memory_open(struct inode * in
- case 9:
- filp->f_op = &urandom_fops;
+@@ -701,6 +751,11 @@ static int memory_open(struct inode * in
+ case 10:
+ filp->f_op = &anon_file_operations;
break;
+#ifdef CONFIG_GRKERNSEC
+ case 13:
@@ -7541,12 +7539,10 @@
default:
return -ENXIO;
}
-@@ -720,7 +775,10 @@ void __init memory_devfs_register (void)
- {5, "zero", S_IRUGO | S_IWUGO, &zero_fops},
- {7, "full", S_IRUGO | S_IWUGO, &full_fops},
+@@ -729,6 +784,9 @@ void __init memory_devfs_register (void)
{8, "random", S_IRUGO | S_IWUSR, &random_fops},
-- {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}
-+ {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
+ {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
+ {10, "anon", S_IRUGO | S_IWUSR, &anon_file_operations},
+#ifdef CONFIG_GRKERNSEC
+ {13,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}
+#endif
@@ -8836,9 +8832,8 @@
mod-subdirs := nls
obj-y := open.o read_write.o devices.o file_table.o buffer.o \
-diff -urNp linux-2.4.34/fs/namei.c linux-2.4.34/fs/namei.c
---- linux-2.4.34/fs/namei.c 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/fs/namei.c 2007-01-20 17:44:02.000000000 -0500
+--- linux-2.4.34/fs/namei.c.orig 2007-02-19 12:55:50.128134000 +0100
++++ linux-2.4.34/fs/namei.c 2007-02-19 13:04:11.818134000 +0100
@@ -22,6 +22,7 @@
#include <linux/dnotify.h>
#include <linux/smp_lock.h>
@@ -8900,7 +8895,7 @@
goto ok;
}
-@@ -1053,8 +1080,22 @@ do_last:
+@@ -1053,9 +1080,23 @@ do_last:
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
@@ -8915,15 +8910,16 @@
+ goto exit_dput;
+ }
+
- error = vfs_create(dir->d_inode, dentry,
- mode & ~current->fs->umask);
+ if (!IS_POSIXACL(dir->d_inode))
+ mode &= ~current->fs->umask;
+ error = vfs_create(dir->d_inode, dentry, mode);
+ if (!error)
+ gr_handle_create(dentry, nd->mnt);
+
up(&dir->d_inode->i_sem);
dput(nd->dentry);
nd->dentry = dentry;
-@@ -1069,6 +1110,27 @@ do_last:
+@@ -1070,6 +1111,27 @@ do_last:
/*
* It already exists.
*/
@@ -8951,7 +8947,7 @@
up(&dir->d_inode->i_sem);
error = -EEXIST;
-@@ -1158,7 +1220,7 @@ ok:
+@@ -1159,7 +1221,7 @@ ok:
if (!error) {
DQUOT_INIT(inode);
@@ -8960,7 +8956,7 @@
}
put_write_access(inode);
if (error)
-@@ -1189,6 +1251,13 @@ do_link:
+@@ -1190,6 +1252,13 @@ do_link:
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
*/
@@ -8974,9 +8970,9 @@
UPDATE_ATIME(dentry->d_inode);
mnt = mntget(nd->mnt);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
-@@ -1289,6 +1358,19 @@ asmlinkage long sys_mknod(const char * f
-
- mode &= ~current->fs->umask;
+@@ -1291,6 +1360,19 @@ asmlinkage long sys_mknod(const char * f
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
if (!IS_ERR(dentry)) {
+ if (gr_handle_chroot_mknod(dentry, nd.mnt, mode) ||
+ gr_handle_chroot_chmod(dentry, nd.mnt, mode)) {
@@ -8994,7 +8990,7 @@
switch (mode & S_IFMT) {
case 0: case S_IFREG:
error = vfs_create(nd.dentry->d_inode,dentry,mode);
-@@ -1302,8 +1384,13 @@ asmlinkage long sys_mknod(const char * f
+@@ -1304,8 +1386,13 @@ asmlinkage long sys_mknod(const char * f
default:
error = -EINVAL;
}
@@ -9008,26 +9004,26 @@
up(&nd.dentry->d_inode->i_sem);
path_release(&nd);
out:
-@@ -1355,8 +1442,17 @@ asmlinkage long sys_mkdir(const char * p
+@@ -1357,9 +1444,17 @@ asmlinkage long sys_mkdir(const char * p
dentry = lookup_create(&nd, 1);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
-- error = vfs_mkdir(nd.dentry->d_inode, dentry,
+ error = 0;
+
+ if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
+ error = -EACCES;
+
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
+- error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+ if(!error)
-+ error = vfs_mkdir(nd.dentry->d_inode, dentry,
- mode & ~current->fs->umask);
++ error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+ if(!error)
+ gr_handle_create(dentry, nd.mnt);
-+
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1440,6 +1536,8 @@ asmlinkage long sys_rmdir(const char * p
+@@ -1443,6 +1538,8 @@ asmlinkage long sys_rmdir(const char * p
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -9036,7 +9032,7 @@
name = getname(pathname);
if(IS_ERR(name))
-@@ -1464,7 +1562,22 @@ asmlinkage long sys_rmdir(const char * p
+@@ -1467,7 +1564,22 @@ asmlinkage long sys_rmdir(const char * p
dentry = lookup_hash(&nd.last, nd.dentry);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
@@ -9060,7 +9056,7 @@
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1515,6 +1628,8 @@ asmlinkage long sys_unlink(const char *
+@@ -1519,6 +1631,8 @@ asmlinkage long sys_unlink(const char *
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -9069,7 +9065,7 @@
name = getname(pathname);
if(IS_ERR(name))
-@@ -1533,7 +1648,21 @@ asmlinkage long sys_unlink(const char *
+@@ -1537,7 +1651,21 @@ asmlinkage long sys_unlink(const char *
/* Why not before? Because we want correct error value */
if (nd.last.name[nd.last.len])
goto slashes;
@@ -9092,7 +9088,7 @@
exit2:
dput(dentry);
}
-@@ -1597,7 +1726,15 @@ asmlinkage long sys_symlink(const char *
+@@ -1601,7 +1729,15 @@ asmlinkage long sys_symlink(const char *
dentry = lookup_create(&nd, 0);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
@@ -9109,7 +9105,7 @@
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1683,7 +1820,27 @@ asmlinkage long sys_link(const char * ol
+@@ -1687,7 +1823,27 @@ asmlinkage long sys_link(const char * ol
new_dentry = lookup_create(&nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
@@ -9138,7 +9134,7 @@
dput(new_dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1914,10 +2071,15 @@ static inline int do_rename(const char *
+@@ -1923,10 +2079,15 @@ static inline int do_rename(const char *
if (IS_ERR(new_dentry))
goto exit4;
@@ -18223,18 +18219,17 @@
#define THREAD_SIZE (2*PAGE_SIZE)
#define alloc_task_struct() ((struct task_struct *) __get_free_pages(GFP_KERNEL,1))
-diff -urNp linux-2.4.34/include/asm-i386/system.h linux-2.4.34/include/asm-i386/system.h
---- linux-2.4.34/include/asm-i386/system.h 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/include/asm-i386/system.h 2007-01-20 17:44:02.000000000 -0500
+--- linux-2.4.34/include/asm-i386/system.h.orig 2007-02-19 12:55:49.948134000 +0100
++++ linux-2.4.34/include/asm-i386/system.h 2007-02-19 13:04:49.148134000 +0100
@@ -12,6 +12,8 @@
struct task_struct; /* one of the stranger aspects of C forward declarations.. */
extern void FASTCALL(__switch_to(struct task_struct *prev, struct task_struct *next));
+void pax_switch_segments(struct task_struct *);
+
- #define prepare_to_switch() do { } while(0)
#define switch_to(prev,next,last) do { \
asm volatile("pushl %%esi\n\t" \
+ "pushl %%edi\n\t" \
diff -urNp linux-2.4.34/include/asm-i386/uaccess.h linux-2.4.34/include/asm-i386/uaccess.h
--- linux-2.4.34/include/asm-i386/uaccess.h 2006-12-23 15:34:20.000000000 -0500
+++ linux-2.4.34/include/asm-i386/uaccess.h 2007-01-20 17:44:02.000000000 -0500
@@ -20653,10 +20648,9 @@
extern struct page * vmalloc_to_page(void *addr);
#endif /* __KERNEL__ */
-diff -urNp linux-2.4.34/include/linux/sched.h linux-2.4.34/include/linux/sched.h
---- linux-2.4.34/include/linux/sched.h 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/include/linux/sched.h 2007-01-20 17:44:02.000000000 -0500
-@@ -27,6 +27,9 @@ extern unsigned long event;
+--- linux-2.4.34/include/linux/sched.h.orig 2007-02-19 12:55:41.188134000 +0100
++++ linux-2.4.34/include/linux/sched.h 2007-02-19 13:06:04.428134000 +0100
+@@ -28,6 +28,9 @@ extern unsigned long event;
#include <linux/securebits.h>
#include <linux/fs_struct.h>
@@ -20666,7 +20660,7 @@
struct exec_domain;
/*
-@@ -231,8 +234,33 @@ struct mm_struct {
+@@ -254,8 +257,33 @@ struct mm_struct {
/* Architecture-specific MM context */
mm_context_t context;
@@ -20700,7 +20694,7 @@
extern int mmlist_nr;
#define INIT_MM(name) \
-@@ -406,7 +434,7 @@ struct task_struct {
+@@ -422,7 +450,7 @@ struct task_struct {
int (*notifier)(void *priv);
void *notifier_data;
sigset_t *notifier_mask;
@@ -20709,7 +20703,7 @@
/* Thread group tracking */
u32 parent_exec_id;
u32 self_exec_id;
-@@ -415,6 +443,23 @@ struct task_struct {
+@@ -433,6 +461,23 @@ struct task_struct {
/* journalling filesystem info */
void *journal_info;
@@ -20733,7 +20727,7 @@
};
/*
-@@ -436,6 +481,22 @@ struct task_struct {
+@@ -454,6 +499,22 @@ struct task_struct {
#define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */
@@ -20756,16 +20750,16 @@
/*
* Ptrace flags
*/
-@@ -550,6 +611,8 @@ static inline void unhash_pid(struct tas
+@@ -574,6 +635,8 @@ static inline void unhash_pid(task_t *p)
*p->pidhash_pprev = p->pidhash_next;
}
+#include <asm/current.h>
+
- static inline struct task_struct *find_task_by_pid(int pid)
+ static inline task_t *find_task_by_pid(int pid)
{
- struct task_struct *p, **htable = &pidhash[pid_hashfn(pid)];
-@@ -557,6 +620,8 @@ static inline struct task_struct *find_t
+ task_t *p, **htable = &pidhash[pid_hashfn(pid)];
+@@ -581,6 +644,8 @@ static inline task_t *find_task_by_pid(i
for(p = *htable; p && p->pid != pid; p = p->pidhash_next)
;
@@ -20774,7 +20768,7 @@
return p;
}
-@@ -578,8 +643,6 @@ extern struct user_struct * alloc_uid(ui
+@@ -589,8 +654,6 @@ extern struct user_struct * alloc_uid(ui
extern void free_uid(struct user_struct *);
extern void switch_uid(struct user_struct *);
@@ -20783,7 +20777,7 @@
extern unsigned long volatile jiffies;
extern unsigned long itimer_ticks;
extern unsigned long itimer_next;
-@@ -743,7 +806,7 @@ static inline int fsuser(void)
+@@ -757,7 +820,7 @@ static inline int fsuser(void)
static inline int capable(int cap)
{
#if 1 /* ok now */
@@ -21076,18 +21070,69 @@
/* verify restrictions on target's new Inheritable set */
if (!cap_issubset(inheritable,
cap_combine(target->cap_inheritable,
-diff -urNp linux-2.4.34/kernel/exit.c linux-2.4.34/kernel/exit.c
---- linux-2.4.34/kernel/exit.c 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/kernel/exit.c 2007-01-20 17:44:02.000000000 -0500
-@@ -16,6 +16,7 @@
+--- linux-2.4.34/kernel/exit.c.orig 2007-02-19 13:15:00.198134000 +0100
++++ linux-2.4.34/kernel/exit.c 2007-02-19 13:20:33.798134000 +0100
+@@ -7,6 +7,7 @@
+ #include <linux/config.h>
+ #include <linux/slab.h>
+ #include <linux/interrupt.h>
++#include <linux/file.h>
+ #include <linux/smp_lock.h>
+ #include <linux/module.h>
+ #include <linux/completion.h>
+@@ -16,6 +17,11 @@
#ifdef CONFIG_BSD_PROCESS_ACCT
#include <linux/acct.h>
#endif
+#include <linux/grsecurity.h>
++
++#ifdef CONFIG_GRKERNSEC
++extern rwlock_t grsec_exec_file_lock;
++#endif
#include <asm/uaccess.h>
#include <asm/pgtable.h>
-@@ -439,10 +440,16 @@ fake_volatile:
+@@ -139,12 +145,23 @@ void reparent_to_init(void)
+ {
+ write_lock_irq(&tasklist_lock);
+
++#ifdef CONFIG_GRKERNSEC
++ write_lock(&grsec_exec_file_lock);
++ if (current->exec_file) {
++ fput(current->exec_file);
++ current->exec_file = NULL;
++ }
++ write_unlock(&grsec_exec_file_lock);
++#endif
++
+ /* Reparent to init */
+ REMOVE_LINKS(current);
+ current->p_pptr = child_reaper;
+ current->p_opptr = child_reaper;
+ SET_LINKS(current);
+
++ gr_set_kernel_label(current);
++
+ /* Set the exit signal to SIGCHLD so we signal init on exit */
+ current->exit_signal = SIGCHLD;
+
+@@ -173,6 +190,15 @@ void daemonize(void)
+ {
+ struct fs_struct *fs;
+
++#ifdef CONFIG_GRKERNSEC
++ write_lock(&grsec_exec_file_lock);
++ if (current->exec_file) {
++ fput(current->exec_file);
++ current->exec_file = NULL;
++ }
++ write_unlock(&grsec_exec_file_lock);
++#endif
++ gr_set_kernel_label(current);
+
+ /*
+ * If we were started as result of loading a module, close all of the
+@@ -485,10 +511,16 @@ fake_volatile:
#ifdef CONFIG_BSD_PROCESS_ACCT
acct_process(code);
#endif
@@ -21239,18 +21284,17 @@
lock_kernel();
for (mod = module_list, i = 0; mod; mod = mod->next) {
/* include the count for the module name! */
-diff -urNp linux-2.4.34/kernel/printk.c linux-2.4.34/kernel/printk.c
---- linux-2.4.34/kernel/printk.c 2006-12-23 15:34:20.000000000 -0500
-+++ linux-2.4.34/kernel/printk.c 2007-01-20 17:44:02.000000000 -0500
-@@ -26,6 +26,7 @@
- #include <linux/module.h>
+--- linux-2.4.34/kernel/printk.c.orig 2007-02-19 12:55:50.528134000 +0100
++++ linux-2.4.34/kernel/printk.c 2007-02-19 13:07:01.718134000 +0100
+@@ -27,6 +27,7 @@
#include <linux/interrupt.h> /* For in_interrupt() */
#include <linux/config.h>
+ #include <linux/delay.h>
+#include <linux/grsecurity.h>
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.10-2.4.34-200701222213.patch?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list