SOURCES (LINUX_2_6): linux-2.6-vs2.1.patch - fixes wrt minimal grsec

baggins baggins at pld-linux.org
Tue Nov 22 16:53:16 CET 2005 

Author: baggins                      Date: Tue Nov 22 15:53:16 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- fixes wrt minimal grsec

---- Files affected:
SOURCES:
   linux-2.6-vs2.1.patch (1.1.2.1 -> 1.1.2.2) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-vs2.1.patch
diff -u SOURCES/linux-2.6-vs2.1.patch:1.1.2.1 SOURCES/linux-2.6-vs2.1.patch:1.1.2.2
--- SOURCES/linux-2.6-vs2.1.patch:1.1.2.1	Tue Nov 22 16:31:34 2005
+++ SOURCES/linux-2.6-vs2.1.patch	Tue Nov 22 16:53:10 2005
@@ -6402,12 +6402,12 @@
  	if (!dir->i_op || !dir->i_op->link)
  		return -EPERM;
 @@ -2049,7 +2128,8 @@ asmlinkage long sys_link(const char __us
- 	new_dentry = lookup_create(&nd, 0);
- 	error = PTR_ERR(new_dentry);
- 	if (!IS_ERR(new_dentry)) {
--		error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
-+		error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
-+			new_dentry, &nd);
+ 		}
+ 		if (!error)
+ #endif
+-			error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
++			error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
++					new_dentry, &nd);
  		dput(new_dentry);
  	}
  	up(&nd.dentry->d_inode->i_sem);
@@ -7928,9 +7928,9 @@
  		}
  	}
 @@ -1297,6 +1315,7 @@ static struct inode *proc_pid_make_inode
- 		inode->i_uid = task->euid;
- 		inode->i_gid = task->egid;
- 	}
+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ 	inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
+ #endif
 +	inode->i_xid = vx_task_xid(task);
  	security_task_to_inode(task, inode);
  
@@ -8040,8 +8040,8 @@
  struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct nameidata *nd)
  {
 @@ -1952,13 +2012,14 @@ struct dentry *proc_pid_lookup(struct in
- 	if (!task)
- 		goto out;
+ 	}
+ #endif
  
 -	inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
 +	/* check for context visibility */
@@ -8056,9 +8056,9 @@
 -		put_task_struct(task);
 -		goto out;
 -	}
- 	inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
- 	inode->i_op = &proc_tgid_base_inode_operations;
- 	inode->i_fop = &proc_tgid_base_operations;
+ 
+ #ifdef CONFIG_GRKERNSEC_PROC_USER
+ 	inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
 @@ -1987,6 +2048,8 @@ struct dentry *proc_pid_lookup(struct in
  		goto out;
  	}
@@ -8103,7 +8103,7 @@
  		if (p && !thread_group_leader(p))
  			p = NULL;
  	}
-@@ -2069,11 +2137,15 @@ static int get_tgid_list(int index, unsi
+@@ -2069,19 +2137,23 @@ static int get_tgid_list(int index, unsi
  
  	for ( ; p != &init_task; p = next_task(p)) {
  		int tgid = p->pid;
@@ -8113,6 +8113,14 @@
 +		/* check for context visibility */
 +		if (!proc_pid_visible(p, tgid))
 +			continue;
+ #if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ 		if (tmp->uid && (p->uid != tmp->uid)
+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ 		    && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
+ #endif
+ 		)
+ 			continue;
+ #endif
  		if (--index >= 0)
  			continue;
 -		tgids[nr_tgids] = tgid;
@@ -8307,9 +8315,9 @@
  static struct super_block *proc_get_sb(struct file_system_type *fs_type,
  	int flags, const char *dev_name, void *data)
 @@ -77,6 +80,7 @@ void __init proc_root_init(void)
- 	proc_device_tree_init();
- #endif
+ #else
  	proc_bus = proc_mkdir("bus", NULL);
+ #endif
 +	proc_vx_init();
  }
  
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-vs2.1.patch?r1=1.1.2.1&r2=1.1.2.2&f=u

More information about the pld-cvs-commit mailing list