packages: kernel/kernel-grsec_fixes.patch grsec with no socket server group...
arekm
arekm at pld-linux.org
Tue Jul 6 14:53:47 CEST 2010
Author: arekm Date: Tue Jul 6 12:53:47 2010 GMT
Module: packages Tag: HEAD
---- Log message:
grsec with no socket server group blocks bind but we allow accept
---- Files affected:
packages/kernel:
kernel-grsec_fixes.patch (1.8 -> 1.9)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_fixes.patch
diff -u packages/kernel/kernel-grsec_fixes.patch:1.8 packages/kernel/kernel-grsec_fixes.patch:1.9
--- packages/kernel/kernel-grsec_fixes.patch:1.8 Tue Jul 6 14:01:36 2010
+++ packages/kernel/kernel-grsec_fixes.patch Tue Jul 6 14:53:42 2010
@@ -172,3 +172,24 @@
spin_unlock(&dev->count_lock);
return can_switch;
}
+--- linux-2.6.34/net/socket.c~ 2010-07-06 13:40:05.892545375 +0200
++++ linux-2.6.34/net/socket.c 2010-07-06 14:53:01.074608654 +0200
+@@ -1573,18 +1573,6 @@
+ newsock->type = sock->type;
+ newsock->ops = sock->ops;
+
+- if (gr_handle_sock_server_other(sock->sk)) {
+- err = -EPERM;
+- sock_release(newsock);
+- goto out_put;
+- }
+-
+- err = gr_search_accept(sock);
+- if (err) {
+- sock_release(newsock);
+- goto out_put;
+- }
+-
+ /*
+ * We don't need try_module_get here, as the listening socket (sock)
+ * has the protocol module (sock->ops->owner) held.
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_fixes.patch?r1=1.8&r2=1.9&f=u
More information about the pld-cvs-commit
mailing list