SOURCES (LINUX_2_6_22): linux-2.6-grsec_full.patch - merged change...
zbyniu
zbyniu at pld-linux.org
Sun Nov 4 23:31:42 CET 2007
Author: zbyniu Date: Sun Nov 4 22:31:42 2007 GMT
Module: SOURCES Tag: LINUX_2_6_22
---- Log message:
- merged changes from grsecurity-2.1.11-2.6.22.9-200710101250.patch
---- Files affected:
SOURCES:
linux-2.6-grsec_full.patch (1.1.2.24.2.3 -> 1.1.2.24.2.4)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.24.2.3 SOURCES/linux-2.6-grsec_full.patch:1.1.2.24.2.4
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.24.2.3 Mon Oct 15 17:17:51 2007
+++ SOURCES/linux-2.6-grsec_full.patch Sun Nov 4 23:31:36 2007
@@ -46,12 +46,14 @@
#include <asm/uaccess.h>
#include <asm/pgtable.h>
-@@ -289,6 +290,9 @@ do_sys_ptrace(long request, long pid, lo
+@@ -289,6 +290,11 @@ do_sys_ptrace(long request, long pid, lo
goto out;
}
-+ if (gr_handle_ptrace(child, request))
++ if (gr_handle_ptrace(child, request)) {
++ ret = -EPERM;
+ goto out;
++ }
+
if (request == PTRACE_ATTACH) {
ret = ptrace_attach(child);
@@ -2746,14 +2748,6 @@
diff -urNp linux-2.6.22.1/arch/i386/kernel/ptrace.c linux-2.6.22.1/arch/i386/kernel/ptrace.c
--- linux-2.6.22.1/arch/i386/kernel/ptrace.c 2007-07-10 14:56:30.000000000 -0400
+++ linux-2.6.22.1/arch/i386/kernel/ptrace.c 2007-08-02 11:38:45.000000000 -0400
-@@ -16,6 +16,7 @@
- #include <linux/audit.h>
- #include <linux/seccomp.h>
- #include <linux/signal.h>
-+#include <linux/grsecurity.h>
-
- #include <asm/uaccess.h>
- #include <asm/pgtable.h>
@@ -161,17 +162,20 @@ static unsigned long convert_eip_to_line
* and APM bios ones we just ignore here.
*/
@@ -3218,11 +3212,11 @@
const char *arch_vma_name(struct vm_area_struct *vma)
{
- if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
-+ if (vma->vm_start == vma->vm_mm->context.vdso)
++ if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
return "[vdso]";
+
+#ifdef CONFIG_PAX_SEGMEXEC
-+ if (vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
++ if (vma->vmm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
+ return "[vdso]";
+#endif
+
@@ -7587,7 +7581,7 @@
- PAGE_COPY_EXEC: PAGE_COPY;
+
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
-+ if (current-<mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++ if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
+ mpnt->vm_flags &= ~VM_EXEC;
+
+#ifdef CONFIG_PAX_MPROTECT
@@ -8076,17 +8070,6 @@
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
-diff -urNp linux-2.6.22.1/arch/parisc/kernel/ptrace.c linux-2.6.22.1/arch/parisc/kernel/ptrace.c
---- linux-2.6.22.1/arch/parisc/kernel/ptrace.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/parisc/kernel/ptrace.c 2007-08-02 11:09:14.000000000 -0400
-@@ -17,6 +17,7 @@
- #include <linux/security.h>
- #include <linux/compat.h>
- #include <linux/signal.h>
-+#include <linux/grsecurity.h>
-
- #include <asm/uaccess.h>
- #include <asm/pgtable.h>
diff -urNp linux-2.6.22.1/arch/parisc/kernel/sys_parisc.c linux-2.6.22.1/arch/parisc/kernel/sys_parisc.c
--- linux-2.6.22.1/arch/parisc/kernel/sys_parisc.c 2007-07-10 14:56:30.000000000 -0400
+++ linux-2.6.22.1/arch/parisc/kernel/sys_parisc.c 2007-08-02 11:38:46.000000000 -0400
@@ -10427,17 +10410,6 @@
- sp -= get_random_int() % 8192;
- return sp & ~0xf;
-}
-diff -urNp linux-2.6.22.1/arch/x86_64/kernel/ptrace.c linux-2.6.22.1/arch/x86_64/kernel/ptrace.c
---- linux-2.6.22.1/arch/x86_64/kernel/ptrace.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/x86_64/kernel/ptrace.c 2007-08-02 11:09:14.000000000 -0400
-@@ -18,6 +18,7 @@
- #include <linux/audit.h>
- #include <linux/seccomp.h>
- #include <linux/signal.h>
-+#include <linux/grsecurity.h>
-
- #include <asm/uaccess.h>
- #include <asm/pgtable.h>
diff -urNp linux-2.6.22.1/arch/x86_64/kernel/setup64.c linux-2.6.22.1/arch/x86_64/kernel/setup64.c
--- linux-2.6.22.1/arch/x86_64/kernel/setup64.c 2007-07-10 14:56:30.000000000 -0400
+++ linux-2.6.22.1/arch/x86_64/kernel/setup64.c 2007-08-02 11:38:46.000000000 -0400
@@ -13901,19 +13873,6 @@
(sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
/*
diff -urNp linux-2.6.22.1/fs/ext3/xattr.c linux-2.6.22.1/fs/ext3/xattr.c
---- linux-2.6.22.1/fs/ext3/xattr.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/fs/ext3/xattr.c 2007-08-02 11:38:47.000000000 -0400
-@@ -90,8 +90,8 @@
- printk("\n"); \
- } while (0)
- #else
--# define ea_idebug(f...)
--# define ea_bdebug(f...)
-+# define ea_idebug(f...) do {} while (0)
-+# define ea_bdebug(f...) do {} while (0)
- #endif
-
- static void ext3_xattr_cache_insert(struct buffer_head *);
diff -urNp linux-2.6.22.1/fs/fcntl.c linux-2.6.22.1/fs/fcntl.c
--- linux-2.6.22.1/fs/fcntl.c 2007-07-10 14:56:30.000000000 -0400
+++ linux-2.6.22.1/fs/fcntl.c 2007-08-02 11:09:15.000000000 -0400
@@ -21952,7 +21911,7 @@
diff -urNp linux-2.6.22.1/grsecurity/grsec_init.c linux-2.6.22.1/grsecurity/grsec_init.c
--- linux-2.6.22.1/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.22.1/grsecurity/grsec_init.c 2007-08-02 11:09:16.000000000 -0400
-@@ -0,0 +1,232 @@
+@@ -0,0 +1,230 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -22028,7 +21987,6 @@
+ int j;
+ /* create the per-cpu shared pages */
+
-+ preempt_disable();
+ for (j = 0; j < 4; j++) {
+ gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE);
+ if (gr_shared_page[j] == NULL) {
@@ -22036,7 +21994,6 @@
+ return;
+ }
+ }
-+ preempt_enable();
+
+ /* allocate log buffers */
+ gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
@@ -34342,6 +34299,35 @@
sbi->s_resuid, current->fsuid, cond?0:1);
return (cond ? 0 : 1);
+diff -urNp linux-2.6.22/fs/ext3/namei.c linux-2.6.22/fs/ext3/namei.c
+--- linux-2.6.22/fs/ext3/namei.c 2007-09-00 00:00:00.000000000 -0400
++++ linux-2.6.22/fs/ext3/namei.c 2007-09-00 00:00:00.000000000 -0400
+@@ -1178,9 +1178,9 @@ static struct ext3_dir_entry_2 *do_split
+ u32 hash2;
+ struct dx_map_entry *map;
+ char *data1 = (*bh)->b_data, *data2;
+- unsigned split, move, size, i;
++ unsigned split, move, size;
+ struct ext3_dir_entry_2 *de = NULL, *de2;
+- int err = 0;
++ int i, err = 0;
+
+ bh2 = ext3_append (handle, dir, &newblock, &err);
+ if (!(bh2)) {
+diff -urNp linux-2.6.22/fs/ext3/xattr.c linux-2.6.22/fs/ext3/xattr.c
+--- linux-2.6.22/fs/ext3/xattr.c 2007-09-00 00:00:00.000000000 -0400
++++ linux-2.6.22/fs/ext3/xattr.c 2007-09-00 00:00:00.000000000 -0400
+@@ -89,8 +89,8 @@
+ printk("\n"); \
+ } while (0)
+ #else
+-# define ea_idebug(f...)
+-# define ea_bdebug(f...)
++# define ea_idebug(f...) do {} while (0)
++# define ea_bdebug(f...) do {} while (0)
+ #endif
+
+ static void ext3_xattr_cache_insert(struct buffer_head *);
diff -urNp linux-2.6.22./fs/ext4/balloc.c linux-2.6.22/fs/ext4/balloc.c
--- linux-2.6.22./fs/ext4/balloc.c 2007-08-09 00:16:48.441145000 +0200
+++ linux-2.6.22/fs/ext4/balloc.c 2007-08-09 20:40:25.878090750 +0200
@@ -34362,3 +34348,18 @@
sbi->s_resuid, current->fsuid, cond?0:1);
return (cond ? 0 : 1);
+diff -urNp linux-2.6.22/fs/ext4/namei.c linux-2.6.22/fs/ext4/namei.c
+--- linux-2.6.22/fs/ext4/namei.c 2007-09-00 00:00:00.000000000 -0400
++++ linux-2.6.22/fs/ext4/namei.c 2007-09-00 00:00:00.000000000 -0400
+@@ -1176,9 +1176,9 @@ static struct ext4_dir_entry_2 *do_split
+ u32 hash2;
+ struct dx_map_entry *map;
+ char *data1 = (*bh)->b_data, *data2;
+- unsigned split, move, size, i;
++ unsigned split, move, size;
+ struct ext4_dir_entry_2 *de = NULL, *de2;
+- int err = 0;
++ int i, err = 0;
+
+ bh2 = ext4_append (handle, dir, &newblock, &err);
+ if (!(bh2)) {
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.24.2.3&r2=1.1.2.24.2.4&f=u
More information about the pld-cvs-commit
mailing list