SOURCES: grsecurity-2.1.9-2.4.33-200608131429.patch - adjusted for...
qboosh
qboosh at pld-linux.org
Wed Aug 16 15:04:17 CEST 2006
Author: qboosh Date: Wed Aug 16 13:04:17 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- adjusted for PLD kernel
---- Files affected:
SOURCES:
grsecurity-2.1.9-2.4.33-200608131429.patch (1.1 -> 1.2)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch
diff -u SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch:1.1 SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch:1.2
--- SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch:1.1 Wed Aug 16 14:03:05 2006
+++ SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch Wed Aug 16 15:04:11 2006
@@ -1301,9 +1301,9 @@
char * __devinit pcibios_setup(char *str)
diff -urNp linux-2.4.33/arch/i386/kernel/process.c linux-2.4.33/arch/i386/kernel/process.c
---- linux-2.4.33/arch/i386/kernel/process.c 2005-11-16 14:12:54.000000000 -0500
-+++ linux-2.4.33/arch/i386/kernel/process.c 2006-08-11 22:48:29.000000000 -0400
-@@ -153,7 +153,7 @@ static int __init idle_setup (char *str)
+--- linux-2.4.33/arch/i386/kernel/process.c.orig 2006-08-16 14:13:22.305971000 +0200
++++ linux-2.4.33/arch/i386/kernel/process.c 2006-08-16 14:16:15.235971000 +0200
+@@ -150,7 +150,7 @@ static int __init idle_setup (char *str)
__setup("idle=", idle_setup);
@@ -1312,7 +1312,7 @@
int reboot_thru_bios;
#ifdef CONFIG_SMP
-@@ -209,18 +209,18 @@ __setup("reboot=", reboot_setup);
+@@ -206,18 +206,18 @@ __setup("reboot=", reboot_setup);
doesn't work with at least one type of 486 motherboard. It is easy
to stop this code working; hence the copious comments. */
@@ -1336,7 +1336,7 @@
}
real_mode_gdt = { sizeof (real_mode_gdt_entries) - 1, real_mode_gdt_entries },
real_mode_idt = { 0x3ff, 0 },
-@@ -245,7 +245,7 @@ no_idt = { 0, 0 };
+@@ -242,7 +242,7 @@ no_idt = { 0, 0 };
More could be done here to set up the registers as if a CPU reset had
occurred; hopefully real BIOSs don't assume much. */
@@ -1345,7 +1345,7 @@
{
0x66, 0x0f, 0x20, 0xc0, /* movl %cr0,%eax */
0x66, 0x83, 0xe0, 0x11, /* andl $0x00000011,%eax */
-@@ -259,7 +259,7 @@ static unsigned char real_mode_switch []
+@@ -256,7 +256,7 @@ static unsigned char real_mode_switch []
0x24, 0x10, /* f: andb $0x10,al */
0x66, 0x0f, 0x22, 0xc0 /* movl %eax,%cr0 */
};
@@ -1354,7 +1354,7 @@
{
0xea, 0x00, 0x00, 0xff, 0xff /* ljmp $0xffff,$0x0000 */
};
-@@ -278,10 +278,14 @@ static inline void kb_wait(void)
+@@ -275,10 +275,14 @@ static inline void kb_wait(void)
* specified by the code and length parameters.
* We assume that length will aways be less that 100!
*/
@@ -1370,7 +1370,7 @@
cli();
/* Write zero to CMOS register number 0x0f, which the BIOS POST
-@@ -302,9 +306,17 @@ void machine_real_restart(unsigned char
+@@ -299,9 +303,17 @@ void machine_real_restart(unsigned char
from the kernel segment. This assumes the kernel segment starts at
virtual address PAGE_OFFSET. */
@@ -1388,7 +1388,7 @@
/* Make sure the first page is mapped to the start of physical memory.
It is normally not mapped, to trap kernel NULL pointer dereferences. */
-@@ -321,7 +333,7 @@ void machine_real_restart(unsigned char
+@@ -318,7 +330,7 @@ void machine_real_restart(unsigned char
REBOOT.COM programs, and the previous reset routine did this
too. */
@@ -1397,7 +1397,7 @@
/* For the switch to real mode, copy some code to low memory. It has
to be in the first 64k because it is running in 16-bit mode, and it
-@@ -329,9 +341,9 @@ void machine_real_restart(unsigned char
+@@ -326,9 +338,9 @@ void machine_real_restart(unsigned char
off paging. Copy it near the end of the first page, out of the way
of BIOS variables. */
@@ -1409,7 +1409,7 @@
/* Set up the IDT for real mode. */
-@@ -414,7 +426,7 @@ void machine_restart(char * __unused)
+@@ -411,7 +423,7 @@ void machine_restart(char * __unused)
if(!reboot_thru_bios) {
/* rebooting needs to touch the page at absolute addr 0 */
@@ -1418,7 +1418,7 @@
for (;;) {
int i;
for (i=0; i<100; i++) {
-@@ -552,7 +564,7 @@ int copy_thread(int nr, unsigned long cl
+@@ -549,7 +561,7 @@ int copy_thread(int nr, unsigned long cl
{
struct pt_regs * childregs;
@@ -1427,7 +1427,7 @@
struct_cpy(childregs, regs);
childregs->eax = 0;
childregs->esp = esp;
-@@ -613,6 +625,19 @@ void dump_thread(struct pt_regs * regs,
+@@ -610,6 +622,19 @@ void dump_thread(struct pt_regs * regs,
dump->u_fpvalid = dump_fpu (regs, &dump->i387);
}
@@ -1447,7 +1447,7 @@
/*
* This special macro can be used to load a debugging register
*/
-@@ -650,12 +675,15 @@ void fastcall __switch_to(struct task_st
+@@ -647,12 +672,15 @@ void fastcall __switch_to(struct task_st
*next = &next_p->thread;
struct tss_struct *tss = init_tss + smp_processor_id();
@@ -1467,7 +1467,7 @@
/*
* Save away %fs and %gs. No need to save %es and %ds, as
-@@ -683,6 +711,15 @@ void fastcall __switch_to(struct task_st
+@@ -682,6 +710,15 @@ void fastcall __switch_to(struct task_st
loaddebug(next, 7);
}
@@ -1480,10 +1480,10 @@
+ */
+ tss->esp0 = next->esp0;
+
- if (prev->ioperm || next->ioperm) {
+ if (unlikely(prev->ioperm || next->ioperm)) {
if (next->ioperm) {
/*
-@@ -705,6 +742,11 @@ void fastcall __switch_to(struct task_st
+@@ -704,6 +741,11 @@ void fastcall __switch_to(struct task_st
*/
tss->bitmap = INVALID_IO_BITMAP_OFFSET;
}
@@ -1495,7 +1495,7 @@
}
asmlinkage int sys_fork(struct pt_regs regs)
-@@ -792,3 +834,43 @@ unsigned long get_wchan(struct task_stru
+@@ -791,3 +833,43 @@ unsigned long get_wchan(struct task_stru
}
#undef last_sched
#undef first_sched
@@ -7618,8 +7618,8 @@
}
diff -urNp linux-2.4.33/drivers/char/mem.c linux-2.4.33/drivers/char/mem.c
---- linux-2.4.33/drivers/char/mem.c 2004-08-07 19:26:04.000000000 -0400
-+++ linux-2.4.33/drivers/char/mem.c 2006-08-11 13:50:43.000000000 -0400
+--- linux-2.4.33/drivers/char/mem.c.orig 2006-08-16 14:13:22.855971000 +0200
++++ linux-2.4.33/drivers/char/mem.c 2006-08-16 14:17:16.085971000 +0200
@@ -22,6 +22,7 @@
#include <linux/tty.h>
#include <linux/capability.h>
@@ -7676,7 +7676,7 @@
if (p < (unsigned long) high_memory) {
wrote = count;
if (count > (unsigned long) high_memory - p)
-@@ -402,7 +423,23 @@ static inline size_t read_zero_pagealign
+@@ -404,7 +425,23 @@ static inline size_t read_zero_pagealign
count = size;
zap_page_range(mm, addr, count);
@@ -7701,7 +7701,7 @@
size -= count;
buf += count;
-@@ -525,6 +562,15 @@ static loff_t memory_lseek(struct file *
+@@ -527,6 +564,15 @@ static loff_t memory_lseek(struct file *
static int open_port(struct inode * inode, struct file * filp)
{
@@ -7717,7 +7717,7 @@
return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
}
-@@ -582,6 +628,11 @@ static int mmap_kmem(struct file * file,
+@@ -584,6 +630,11 @@ static int mmap_kmem(struct file * file,
unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
unsigned long size = vma->vm_end - vma->vm_start;
@@ -7729,7 +7729,7 @@
/*
* If the user is not attempting to mmap a high memory address then
* the standard mmap_mem mechanism will work. High memory addresses
-@@ -617,7 +668,6 @@ static int mmap_kmem(struct file * file,
+@@ -619,7 +670,6 @@ static int mmap_kmem(struct file * file,
#define full_lseek null_lseek
#define write_zero write_null
#define read_full read_zero
@@ -7737,9 +7737,9 @@
#define open_kmem open_mem
static struct file_operations mem_fops = {
-@@ -693,6 +743,11 @@ static int memory_open(struct inode * in
- case 9:
- filp->f_op = &urandom_fops;
+@@ -700,6 +750,11 @@ static int memory_open(struct inode * in
+ case 10:
+ filp->f_op = &anon_file_operations;
break;
+#ifdef CONFIG_GRKERNSEC
+ case 13:
@@ -7749,12 +7749,10 @@
default:
return -ENXIO;
}
-@@ -719,7 +774,10 @@ void __init memory_devfs_register (void)
- {5, "zero", S_IRUGO | S_IWUGO, &zero_fops},
- {7, "full", S_IRUGO | S_IWUGO, &full_fops},
+@@ -728,6 +783,9 @@ void __init memory_devfs_register (void)
{8, "random", S_IRUGO | S_IWUSR, &random_fops},
-- {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}
-+ {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
+ {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
+ {10, "anon", S_IRUGO | S_IWUSR, &anon_file_operations},
+#ifdef CONFIG_GRKERNSEC
+ {13,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}
+#endif
@@ -9188,8 +9186,8 @@
obj-y := open.o read_write.o devices.o file_table.o buffer.o \
diff -urNp linux-2.4.33/fs/namei.c linux-2.4.33/fs/namei.c
---- linux-2.4.33/fs/namei.c 2006-08-11 00:18:20.000000000 -0400
-+++ linux-2.4.33/fs/namei.c 2006-08-11 13:50:43.000000000 -0400
+--- linux-2.4.33/fs/namei.c.orig 2006-08-16 14:13:33.945971000 +0200
++++ linux-2.4.33/fs/namei.c 2006-08-16 14:20:30.665971000 +0200
@@ -22,6 +22,7 @@
#include <linux/dnotify.h>
#include <linux/smp_lock.h>
@@ -9260,7 +9258,7 @@
goto ok;
}
-@@ -1053,8 +1080,22 @@ do_last:
+@@ -1053,9 +1080,23 @@ do_last:
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
@@ -9275,15 +9273,16 @@
+ goto exit_dput;
+ }
+
- error = vfs_create(dir->d_inode, dentry,
- mode & ~current->fs->umask);
+ if (!IS_POSIXACL(dir->d_inode))
+ mode &= ~current->fs->umask;
+ error = vfs_create(dir->d_inode, dentry, mode);
+ if (!error)
+ gr_handle_create(dentry, nd->mnt);
+
up(&dir->d_inode->i_sem);
dput(nd->dentry);
nd->dentry = dentry;
-@@ -1063,12 +1104,34 @@ do_last:
+@@ -1064,12 +1105,34 @@ do_last:
/* Don't check for write permission, don't truncate */
acc_mode = 0;
flag &= ~O_TRUNC;
@@ -9318,7 +9317,7 @@
up(&dir->d_inode->i_sem);
error = -EEXIST;
-@@ -1158,7 +1221,7 @@ ok:
+@@ -1159,7 +1222,7 @@ ok:
if (!error) {
DQUOT_INIT(inode);
@@ -9327,7 +9326,7 @@
}
put_write_access(inode);
if (error)
-@@ -1189,6 +1252,13 @@ do_link:
+@@ -1190,6 +1253,13 @@ do_link:
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
*/
@@ -9341,9 +9340,9 @@
UPDATE_ATIME(dentry->d_inode);
mnt = mntget(nd->mnt);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
-@@ -1289,6 +1359,19 @@ asmlinkage long sys_mknod(const char * f
-
- mode &= ~current->fs->umask;
+@@ -1291,6 +1361,19 @@ asmlinkage long sys_mknod(const char * f
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
if (!IS_ERR(dentry)) {
+ if (gr_handle_chroot_mknod(dentry, nd.mnt, mode) ||
+ gr_handle_chroot_chmod(dentry, nd.mnt, mode)) {
@@ -9361,7 +9360,7 @@
switch (mode & S_IFMT) {
case 0: case S_IFREG:
error = vfs_create(nd.dentry->d_inode,dentry,mode);
-@@ -1302,8 +1385,13 @@ asmlinkage long sys_mknod(const char * f
+@@ -1304,8 +1387,13 @@ asmlinkage long sys_mknod(const char * f
default:
error = -EINVAL;
}
@@ -9375,26 +9374,28 @@
up(&nd.dentry->d_inode->i_sem);
path_release(&nd);
out:
-@@ -1355,8 +1443,17 @@ asmlinkage long sys_mkdir(const char * p
+@@ -1357,9 +1445,19 @@ asmlinkage long sys_mkdir(const char * p
dentry = lookup_create(&nd, 1);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
-- error = vfs_mkdir(nd.dentry->d_inode, dentry,
+ error = 0;
+
+ if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
+ error = -EACCES;
+
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
+- error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+ if(!error)
-+ error = vfs_mkdir(nd.dentry->d_inode, dentry,
- mode & ~current->fs->umask);
++ error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
++
+ if(!error)
+ gr_handle_create(dentry, nd.mnt);
+
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1440,6 +1537,8 @@ asmlinkage long sys_rmdir(const char * p
+@@ -1443,6 +1541,8 @@ asmlinkage long sys_rmdir(const char * p
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -9403,7 +9404,7 @@
name = getname(pathname);
if(IS_ERR(name))
-@@ -1464,7 +1563,22 @@ asmlinkage long sys_rmdir(const char * p
+@@ -1467,7 +1567,22 @@ asmlinkage long sys_rmdir(const char * p
dentry = lookup_hash(&nd.last, nd.dentry);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
@@ -9427,7 +9428,7 @@
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1515,6 +1629,8 @@ asmlinkage long sys_unlink(const char *
+@@ -1519,6 +1634,8 @@ asmlinkage long sys_unlink(const char *
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -9436,7 +9437,7 @@
name = getname(pathname);
if(IS_ERR(name))
-@@ -1533,7 +1649,21 @@ asmlinkage long sys_unlink(const char *
+@@ -1537,7 +1654,21 @@ asmlinkage long sys_unlink(const char *
/* Why not before? Because we want correct error value */
if (nd.last.name[nd.last.len])
goto slashes;
@@ -9459,7 +9460,7 @@
exit2:
dput(dentry);
}
-@@ -1597,7 +1727,15 @@ asmlinkage long sys_symlink(const char *
+@@ -1601,7 +1732,15 @@ asmlinkage long sys_symlink(const char *
dentry = lookup_create(&nd, 0);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
@@ -9476,7 +9477,7 @@
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1683,7 +1821,27 @@ asmlinkage long sys_link(const char * ol
+@@ -1687,7 +1826,27 @@ asmlinkage long sys_link(const char * ol
new_dentry = lookup_create(&nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
@@ -9505,7 +9506,7 @@
dput(new_dentry);
}
up(&nd.dentry->d_inode->i_sem);
-@@ -1914,10 +2072,15 @@ static inline int do_rename(const char *
+@@ -1923,10 +2082,15 @@ static inline int do_rename(const char *
if (IS_ERR(new_dentry))
goto exit4;
@@ -18685,17 +18686,17 @@
#define THREAD_SIZE (2*PAGE_SIZE)
#define alloc_task_struct() ((struct task_struct *) __get_free_pages(GFP_KERNEL,1))
diff -urNp linux-2.4.33/include/asm-i386/system.h linux-2.4.33/include/asm-i386/system.h
---- linux-2.4.33/include/asm-i386/system.h 2005-11-16 14:12:54.000000000 -0500
-+++ linux-2.4.33/include/asm-i386/system.h 2006-08-11 13:50:43.000000000 -0400
+--- linux-2.4.33/include/asm-i386/system.h.orig 2006-08-16 14:13:33.755971000 +0200
++++ linux-2.4.33/include/asm-i386/system.h 2006-08-16 14:21:14.845971000 +0200
@@ -12,6 +12,8 @@
struct task_struct; /* one of the stranger aspects of C forward declarations.. */
extern void FASTCALL(__switch_to(struct task_struct *prev, struct task_struct *next));
+void pax_switch_segments(struct task_struct *);
+
- #define prepare_to_switch() do { } while(0)
#define switch_to(prev,next,last) do { \
asm volatile("pushl %%esi\n\t" \
+ "pushl %%edi\n\t" \
diff -urNp linux-2.4.33/include/asm-i386/uaccess.h linux-2.4.33/include/asm-i386/uaccess.h
--- linux-2.4.33/include/asm-i386/uaccess.h 2003-06-13 10:51:38.000000000 -0400
+++ linux-2.4.33/include/asm-i386/uaccess.h 2006-08-11 13:50:43.000000000 -0400
@@ -21190,9 +21191,9 @@
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
diff -urNp linux-2.4.33/include/linux/sched.h linux-2.4.33/include/linux/sched.h
---- linux-2.4.33/include/linux/sched.h 2005-01-19 09:10:12.000000000 -0500
-+++ linux-2.4.33/include/linux/sched.h 2006-08-11 13:50:43.000000000 -0400
-@@ -27,6 +27,9 @@ extern unsigned long event;
+--- linux-2.4.33/include/linux/sched.h.orig 2006-08-16 14:13:22.455971000 +0200
++++ linux-2.4.33/include/linux/sched.h 2006-08-16 14:21:52.555971000 +0200
+@@ -28,6 +28,9 @@ extern unsigned long event;
#include <linux/securebits.h>
#include <linux/fs_struct.h>
@@ -21202,7 +21203,7 @@
struct exec_domain;
/*
-@@ -227,12 +230,37 @@ struct mm_struct {
+@@ -250,12 +253,37 @@ struct mm_struct {
unsigned long cpu_vm_mask;
unsigned long swap_address;
@@ -21241,7 +21242,7 @@
extern int mmlist_nr;
#define INIT_MM(name) \
-@@ -406,7 +434,7 @@ struct task_struct {
+@@ -422,7 +450,7 @@ struct task_struct {
int (*notifier)(void *priv);
void *notifier_data;
sigset_t *notifier_mask;
@@ -21250,7 +21251,7 @@
/* Thread group tracking */
u32 parent_exec_id;
u32 self_exec_id;
-@@ -415,6 +443,23 @@ struct task_struct {
+@@ -433,6 +461,23 @@ struct task_struct {
/* journalling filesystem info */
void *journal_info;
@@ -21274,7 +21275,7 @@
};
/*
-@@ -436,6 +481,22 @@ struct task_struct {
+@@ -454,6 +499,22 @@ struct task_struct {
#define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */
@@ -21297,16 +21298,16 @@
/*
* Ptrace flags
*/
-@@ -550,6 +611,8 @@ static inline void unhash_pid(struct tas
+@@ -574,6 +635,8 @@ static inline void unhash_pid(task_t *p)
*p->pidhash_pprev = p->pidhash_next;
}
+#include <asm/current.h>
+
- static inline struct task_struct *find_task_by_pid(int pid)
+ static inline task_t *find_task_by_pid(int pid)
{
- struct task_struct *p, **htable = &pidhash[pid_hashfn(pid)];
-@@ -557,6 +620,8 @@ static inline struct task_struct *find_t
+ task_t *p, **htable = &pidhash[pid_hashfn(pid)];
+@@ -581,6 +644,8 @@ static inline task_t *find_task_by_pid(i
for(p = *htable; p && p->pid != pid; p = p->pidhash_next)
;
@@ -21315,7 +21316,7 @@
return p;
}
-@@ -578,8 +643,6 @@ extern struct user_struct * alloc_uid(ui
+@@ -589,8 +654,6 @@ extern struct user_struct * alloc_uid(ui
extern void free_uid(struct user_struct *);
extern void switch_uid(struct user_struct *);
@@ -21324,7 +21325,7 @@
extern unsigned long volatile jiffies;
extern unsigned long itimer_ticks;
extern unsigned long itimer_next;
-@@ -743,7 +806,7 @@ static inline int fsuser(void)
+@@ -757,7 +820,7 @@ static inline int fsuser(void)
static inline int capable(int cap)
{
#if 1 /* ok now */
@@ -21618,17 +21619,62 @@
if (!cap_issubset(inheritable,
cap_combine(target->cap_inheritable,
diff -urNp linux-2.4.33/kernel/exit.c linux-2.4.33/kernel/exit.c
---- linux-2.4.33/kernel/exit.c 2002-11-28 18:53:15.000000000 -0500
-+++ linux-2.4.33/kernel/exit.c 2006-08-11 13:50:43.000000000 -0400
-@@ -16,6 +16,7 @@
+--- linux-2.4.33/kernel/exit.c.orig 2006-08-16 14:13:33.745971000 +0200
++++ linux-2.4.33/kernel/exit.c 2006-08-16 14:50:35.525971000 +0200
+@@ -16,6 +16,12 @@
#ifdef CONFIG_BSD_PROCESS_ACCT
#include <linux/acct.h>
#endif
++#include <linux/file.h>
+#include <linux/grsecurity.h>
++
++#ifdef CONFIG_GRKERNSEC
++extern rwlock_t grsec_exec_file_lock;
++#endif
#include <asm/uaccess.h>
#include <asm/pgtable.h>
-@@ -439,10 +440,16 @@ fake_volatile:
+@@ -139,12 +145,23 @@ void reparent_to_init(void)
+ {
+ write_lock_irq(&tasklist_lock);
+
++#ifdef CONFIG_GRKERNSEC
++ write_lock(&grsec_exec_file_lock);
++ if (current->exec_file) {
++ fput(current->exec_file);
++ current->exec_file = NULL;
++ }
++ write_unlock(&grsec_exec_file_lock);
++#endif
++
+ /* Reparent to init */
+ REMOVE_LINKS(current);
+ current->p_pptr = child_reaper;
+ current->p_opptr = child_reaper;
+ SET_LINKS(current);
+
++ gr_set_kernel_label(current);
++
+ /* Set the exit signal to SIGCHLD so we signal init on exit */
+ current->exit_signal = SIGCHLD;
+
+@@ -173,6 +190,15 @@ void daemonize(void)
+ {
+ struct fs_struct *fs;
+
++#ifdef CONFIG_GRKERNSEC
++ write_lock(&grsec_exec_file_lock);
++ if (current->exec_file) {
++ fput(current->exec_file);
++ current->exec_file = NULL;
++ }
++ write_unlock(&grsec_exec_file_lock);
++#endif
++ gr_set_kernel_label(current);
+
+ /*
+ * If we were started as result of loading a module, close all of the
+@@ -485,10 +511,16 @@ fake_volatile:
#ifdef CONFIG_BSD_PROCESS_ACCT
acct_process(code);
#endif
@@ -21800,17 +21846,17 @@
for (mod = module_list, i = 0; mod; mod = mod->next) {
/* include the count for the module name! */
diff -urNp linux-2.4.33/kernel/printk.c linux-2.4.33/kernel/printk.c
---- linux-2.4.33/kernel/printk.c 2004-11-17 06:54:22.000000000 -0500
-+++ linux-2.4.33/kernel/printk.c 2006-08-11 13:50:43.000000000 -0400
-@@ -26,6 +26,7 @@
- #include <linux/module.h>
+--- linux-2.4.33/kernel/printk.c.orig 2006-08-16 14:13:34.565971000 +0200
++++ linux-2.4.33/kernel/printk.c 2006-08-16 14:22:36.675971000 +0200
+@@ -27,6 +27,7 @@
#include <linux/interrupt.h> /* For in_interrupt() */
#include <linux/config.h>
+ #include <linux/delay.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
-@@ -299,6 +300,11 @@ out:
+@@ -300,6 +301,11 @@ out:
asmlinkage long sys_syslog(int type, char * buf, int len)
{
@@ -21823,29 +21869,17 @@
return -EPERM;
return do_syslog(type, buf, len);
diff -urNp linux-2.4.33/kernel/sched.c linux-2.4.33/kernel/sched.c
---- linux-2.4.33/kernel/sched.c 2004-11-17 06:54:22.000000000 -0500
-+++ linux-2.4.33/kernel/sched.c 2006-08-11 13:50:43.000000000 -0400
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list