packages (GRSECURITY_RAW): kernel/kernel-grsec_full.patch - http://www.grse...
mguevara
mguevara at pld-linux.org
Sun Dec 6 00:53:32 CET 2009
Author: mguevara Date: Sat Dec 5 23:53:32 2009 GMT
Module: packages Tag: GRSECURITY_RAW
---- Log message:
- http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.31.6-200912051443.patch
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.3.2.21 -> 1.3.2.22)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.21 packages/kernel/kernel-grsec_full.patch:1.3.2.22
--- packages/kernel/kernel-grsec_full.patch:1.3.2.21 Sat Dec 5 20:06:27 2009
+++ packages/kernel/kernel-grsec_full.patch Sun Dec 6 00:53:22 2009
@@ -52759,7 +52759,7 @@
.release = ima_release_policy
diff -urNp linux-2.6.31.6/security/min_addr.c linux-2.6.31.6/security/min_addr.c
--- linux-2.6.31.6/security/min_addr.c 2009-11-09 19:32:31.000000000 -0500
-+++ linux-2.6.31.6/security/min_addr.c 2009-12-04 09:42:36.000000000 -0500
++++ linux-2.6.31.6/security/min_addr.c 2009-12-05 14:43:31.000000000 -0500
@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG
*/
static void update_mmap_min_addr(void)
@@ -52776,6 +52776,16 @@
}
/*
+@@ -33,6 +35,9 @@ int mmap_min_addr_handler(struct ctl_tab
+ {
+ int ret;
+
++ if (!capable(CAP_SYS_RAWIO))
++ return -EPERM;
++
+ ret = proc_doulongvec_minmax(table, write, filp, buffer, lenp, ppos);
+
+ update_mmap_min_addr();
diff -urNp linux-2.6.31.6/security/smack/smackfs.c linux-2.6.31.6/security/smack/smackfs.c
--- linux-2.6.31.6/security/smack/smackfs.c 2009-11-09 19:32:31.000000000 -0500
+++ linux-2.6.31.6/security/smack/smackfs.c 2009-12-04 09:42:36.000000000 -0500
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.21&r2=1.3.2.22&f=u
More information about the pld-cvs-commit
mailing list