SOURCES (LINUX_2_6): linux-2.6-grsec_full.patch - changes for vs2....

Thu Sep 20 15:49:24 CEST 2007

Author: zbyniu                       Date: Thu Sep 20 13:49:24 2007 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- changes for vs2.3.0.22; cleanups

---- Files affected:
SOURCES:
   linux-2.6-grsec_full.patch (1.1.2.20 -> 1.1.2.21) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.20 SOURCES/linux-2.6-grsec_full.patch:1.1.2.21

--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.20	Sat Sep  8 17:59:23 2007
+++ SOURCES/linux-2.6-grsec_full.patch	Thu Sep 20 15:49:19 2007
@@ -2611,7 +2611,7 @@
  
  /*
 @@ -306,7 +308,7 @@ void show_regs(struct pt_regs * regs)
- 	printk("EIP: %04x:[<%08lx>] CPU: %d\n",0xffff & regs->xcs,regs->eip, smp_processor_id());
+ 		0xffff & regs->xcs,regs->eip, smp_processor_id());
  	print_symbol("EIP is at %s\n", regs->eip);
  
 -	if (user_mode_vm(regs))
@@ -9337,7 +9337,7 @@
  #include <asm/pgtable.h>
  #include <asm/system.h>
 @@ -303,6 +304,11 @@ asmlinkage void do_ptrace(struct pt_regs
- 		goto out;
+ 		goto out_tsk;
  	}
  
 +	if (gr_handle_ptrace(child, request)) {
@@ -9720,7 +9720,7 @@
  #include <asm/asi.h>
  #include <asm/pgtable.h>
 @@ -216,6 +217,11 @@ asmlinkage void do_ptrace(struct pt_regs
- 		goto out;
+ 		goto out_tsk;
  	}
  
 +	if (gr_handle_ptrace(child, (long)request)) {
@@ -14312,7 +14312,7 @@
 +
  	if (flags & MS_REMOUNT)
  		retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
- 				    data_page);
+ 				    data_page, tag);
 @@ -1441,6 +1452,9 @@ long do_mount(char *dev_name, char *dir_
  				      dev_name, data_page);
  dput_out:
@@ -14356,10 +14356,10 @@
 +	struct nfs4_exception exception = {0, 0};
  	int err;
  	do {
- 		err = _nfs4_do_open_reclaim(sp, state, dentry);
+ 		err = _nfs4_do_open_reclaim(ctx, state);
 @@ -538,7 +538,7 @@ static int _nfs4_open_delegation_recall(
  
- int nfs4_open_delegation_recall(struct dentry *dentry, struct nfs4_state *state)
+ int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
  {
 -	struct nfs4_exception exception = { };
 +	struct nfs4_exception exception = {0, 0};
@@ -14667,7 +14667,7 @@
  	newattrs.ia_valid = ATTR_SIZE | time_attrs;
  	if (filp) {
 @@ -400,6 +404,9 @@ asmlinkage long sys_faccessat(int dfd, c
- 	if(IS_RDONLY(nd.dentry->d_inode))
+ 	if(IS_RDONLY(nd.dentry->d_inode) || MNT_IS_RDONLY(nd.mnt))
  		res = -EROFS;
  
 +	if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode))
@@ -14810,7 +14810,7 @@
 --- linux-2.6.22.1/fs/proc/array.c	2007-07-10 14:56:30.000000000 -0400
 +++ linux-2.6.22.1/fs/proc/array.c	2007-08-02 11:38:47.000000000 -0400
 @@ -291,6 +291,21 @@ static inline char *task_cap(struct task
- 			    cap_t(p->cap_effective));
+ 		(unsigned)vx_info_mbcap(vxi, p->cap_effective));
  }
  
 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
@@ -15030,17 +15030,22 @@
  		}
  	}
  	rcu_read_unlock();
-@@ -1101,11 +1136,26 @@ static int pid_revalidate(struct dentry 
+@@ -1101,6 +1136,12 @@ static int pid_revalidate(struct dentry 
  {
  	struct inode *inode = dentry->d_inode;
  	struct task_struct *task = get_proc_task(inode);
 +
 +	if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
 +		put_task_struct(task);
-+		goto out;
++		goto drop;
 +	}
 +
  	if (task) {
+ 		unsigned pid = name_to_int(dentry);
+ 		if (pid != ~0U && pid != vx_map_pid(task->pid)) {
+@@ -1151,9 +1194,18 @@ static int pid_revalidate(struct dentry
+ 		}
+ 
  		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
 +#ifdef CONFIG_GRKERNSEC_PROC_USER
 +		    (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
@@ -15057,15 +15062,7 @@
  		} else {
  			inode->i_uid = 0;
  			inode->i_gid = 0;
-@@ -1115,6 +1165,7 @@ static int pid_revalidate(struct dentry 
- 		put_task_struct(task);
- 		return 1;
- 	}
-+out:
- 	d_drop(dentry);
- 	return 0;
- }
-@@ -1371,6 +1422,9 @@ static struct dentry *proc_lookupfd_comm
+@@ -1371,6 +1435,9 @@ static struct dentry *proc_lookupfd_comm
  	if (fd == ~0U)
  		goto out;
  
@@ -30179,7 +30176,7 @@
  #include <linux/compat.h>
  #include <linux/syscalls.h>
 @@ -641,6 +642,12 @@ static int set_one_prio(struct task_stru
- 		error = -EACCES;
+ 			error = -EACCES;
  		goto out;
  	}
 +
@@ -30192,7 +30189,7 @@
  	if (no_nice) {
  		error = no_nice;
 @@ -697,10 +704,10 @@ asmlinkage long sys_setpriority(int whic
- 				if ((who != current->uid) && !(user = find_user(who)))
+ 					!(user = find_user(vx_current_xid(), who)))
  					goto out_unlock;	/* No processes for this user */
  
 -			do_each_thread(g, p)
@@ -30205,7 +30202,7 @@
  				free_uid(user);		/* For find_user() */
  			break;
 @@ -759,13 +766,13 @@ asmlinkage long sys_getpriority(int whic
- 				if ((who != current->uid) && !(user = find_user(who)))
+ 					!(user = find_user(vx_current_xid(), who)))
  					goto out_unlock;	/* No processes for this user */
  
 -			do_each_thread(g, p)
@@ -33271,9 +33268,9 @@
 --- linux-2.6.22.1/net/ipv4/udp.c	2007-07-10 14:56:30.000000000 -0400
 +++ linux-2.6.22.1/net/ipv4/udp.c	2007-08-02 11:28:52.000000000 -0400
 @@ -97,12 +97,19 @@
+ #include <linux/skbuff.h>
  #include <linux/proc_fs.h>
  #include <linux/seq_file.h>
- // #include <linux/vs_inet.h>
 +#include <linux/grsecurity.h>
  #include <net/icmp.h>
  #include <net/route.h>
@@ -33443,8 +33440,8 @@
  #include <asm/uaccess.h>
  #include <asm/unistd.h>
 @@ -93,6 +94,21 @@
- #include <net/sock.h>
- #include <linux/netfilter.h>
+ #include <linux/vs_inet.h>
+ #include <linux/vs_inet6.h>
  
 +extern void gr_attach_curr_ip(const struct sock *sk);
 +extern int gr_handle_sock_all(const int family, const int type,
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.20&r2=1.1.2.21&f=u

