SOURCES (LINUX_2_6): linux-2.6-grsec-common.patch, linux-2.6-grsec-no-stupi...
adamg
adamg at pld-linux.org
Sun Jan 18 03:07:40 CET 2009
Author: adamg Date: Sun Jan 18 02:07:40 2009 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updated to 2.6.28
---- Files affected:
SOURCES:
linux-2.6-grsec-common.patch (1.1.2.2.2.9 -> 1.1.2.2.2.10) , linux-2.6-grsec-no-stupid-SoB.patch (1.1 -> 1.1.4.1)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec-common.patch
diff -u SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.9 SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.10
--- SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.9 Tue Oct 28 22:09:21 2008
+++ SOURCES/linux-2.6-grsec-common.patch Sun Jan 18 03:07:34 2009
@@ -37,23 +37,6 @@
current->flags |= PF_SUPERPRIV;
return 1;
===
-=== let vserver block signals before grsec
-===
---- a/kernel/signal.c 2007-10-02 00:08:49.954483500 +0200
-+++ b/kernel/signal.c 2007-10-02 00:24:31.969355750 +0200
-@@ -553,6 +553,11 @@ static int check_kill_permission(int sig
- sig, info, t, vx_task_xid(t), t->pid, current->xid);
- return error;
- }
-+
-+ error = -EPERM;
-+ if (gr_handle_signal(t, sig))
-+ return error;
-+
- skip:
- return security_task_kill(t, info, sig, 0);
- }
-===
=== vserver netlink protection
===
--- a/security/commoncap.c~ 2007-12-10 23:52:36.000000000 +0100
================================================================
Index: SOURCES/linux-2.6-grsec-no-stupid-SoB.patch
diff -u SOURCES/linux-2.6-grsec-no-stupid-SoB.patch:1.1 SOURCES/linux-2.6-grsec-no-stupid-SoB.patch:1.1.4.1
--- SOURCES/linux-2.6-grsec-no-stupid-SoB.patch:1.1 Mon Dec 1 23:26:21 2008
+++ SOURCES/linux-2.6-grsec-no-stupid-SoB.patch Sun Jan 18 03:07:34 2009
@@ -1,7 +1,7 @@
---- linux-2.6.27/init/Kconfig~ 2008-11-20 23:26:34.000000000 +0100
-+++ linux-2.6.27/init/Kconfig 2008-12-01 20:37:12.000000000 +0100
-@@ -781,8 +781,8 @@
- source "arch/Kconfig"
+--- linux-2.6.28/fs/proc/Kconfig~ 2008-11-20 23:26:34.000000000 +0100
++++ linux-2.6.28/fs/proc/Kconfig 2008-12-01 20:37:12.000000000 +0100
+@@ -59,8 +59,8 @@
+ limited in memory.
config PROC_PAGE_MONITOR
- default n
@@ -11,31 +11,23 @@
bool "Enable /proc page monitoring" if EMBEDDED
help
Various /proc files exist to monitor process memory utilization:
-@@ -798,9 +798,9 @@
+--- linux-2.6.28/mm/slab.c~ 2009-01-18 02:10:12.395711069 +0100
++++ linux-2.6.28/mm/slab.c 2009-01-18 02:18:05.632401077 +0100
+@@ -4496,8 +4496,15 @@
- config SLABINFO
- bool
-- depends on PROC_FS && !GRKERNSEC_PROC_ADD
-+ depends on PROC_FS
- depends on SLAB || SLUB_DEBUG
-- default n
-+ default y
-
- config RT_MUTEXES
- boolean
---- linux-2.6.27/fs/proc/proc_misc.c~ 2008-11-20 23:26:30.000000000 +0100
-+++ linux-2.6.27/fs/proc/proc_misc.c 2008-12-01 20:35:55.000000000 +0100
-@@ -934,8 +934,12 @@
- #endif
- proc_create("stat", 0, NULL, &proc_stat_operations);
- proc_create("interrupts", 0, NULL, &proc_interrupts_operations);
--#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
-+#ifdef CONFIG_SLABINFO
+ static int __init slab_proc_init(void)
+ {
+-#if !defined(CONFIG_GRKERNSEC_PROC_ADD)
+- proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations);
++ int gr_mode = S_IWUSR|S_IRUGO;
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ gr_mode = S_IRUSR;
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ gr_mode = S_IRUSR | S_IRGRP;
++#endif
++
+#ifdef CONFIG_GRKERNSEC_PROC_ADD
+ proc_create("slabinfo",gr_mode,NULL,&proc_slabinfo_operations);
-+#else
- proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations);
-+#endif
#ifdef CONFIG_DEBUG_SLAB_LEAK
proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
#endif
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec-common.patch?r1=1.1.2.2.2.9&r2=1.1.2.2.2.10&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec-no-stupid-SoB.patch?r1=1.1&r2=1.1.4.1&f=u
More information about the pld-cvs-commit
mailing list