SOURCES (LINUX_2_6): linux-2.6-grsec-common.patch - updated for 2.6.27.4

zbyniu zbyniu at pld-linux.org
Tue Oct 28 22:09:27 CET 2008 

Author: zbyniu                       Date: Tue Oct 28 21:09:27 2008 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- updated for 2.6.27.4

---- Files affected:
SOURCES:
   linux-2.6-grsec-common.patch (1.1.2.2.2.8 -> 1.1.2.2.2.9) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec-common.patch
diff -u SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.8 SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.9
--- SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.8	Mon Sep  8 21:55:15 2008
+++ SOURCES/linux-2.6-grsec-common.patch	Tue Oct 28 22:09:21 2008
@@ -33,7 +33,7 @@
  {
 +	if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
 +		return 0;
- 	if ((security_capable(current, cap) == 0) && gr_is_capable_nolog(cap)) {
+ 	if (has_capability(current, cap) && gr_is_capable_nolog(cap)) {
  		current->flags |= PF_SUPERPRIV;
  		return 1;
 ===
@@ -67,18 +67,24 @@
  	return 0;
  }
  
---- i/grsecurity/gracl_shm.c~	2008-09-08 17:28:55.000000000 +0200
-+++ i/grsecurity/gracl_shm.c	2008-09-08 17:29:39.004293022 +0200
-@@ -17,10 +17,10 @@
- 	if (!gr_acl_is_enabled())
- 		return 1;
- 
--	task = find_task_by_pid(shm_cprid);
-+	task = find_task_by_real_pid(shm_cprid);
+===
+=== vserver hooks in cap_capable_nolog
+===
+--- i/security/commoncap.c1	2008-10-28 21:28:07.873037469 +0100
++++ i/security/commoncap.c	2008-10-28 21:36:20.429660261 +0100
+@@ -76,8 +76,14 @@ int cap_capable (struct task_struct *tsk
  
- 	if (unlikely(!task))
--		task = find_task_by_pid(shm_lapid);
-+		task = find_task_by_real_pid(shm_lapid);
+ int cap_capable_nolog (struct task_struct *tsk, int cap)
+ {
++	struct vx_info *vxi = tsk->vx_info;
++	/* special case SETUP */  /* co to jest? - zbyniu */
++	if (vx_info_flags(vxi, VXF_STATE_SETUP, 0) &&
++		cap_raised(tsk->cap_effective, cap))
++		return 0;
++
+ 	/* tsk = current for all callers */
+-	if (cap_raised(tsk->cap_effective, cap) && gr_is_capable_nolog(cap))
++	if (vx_cap_raised(vxi, tsk->cap_effective, cap) && gr_is_capable_nolog(cap))
+ 		return 0;
  
- 	if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
- 			      (task->pid == shm_lapid)) &&
+ 	return -EPERM;
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec-common.patch?r1=1.1.2.2.2.8&r2=1.1.2.2.2.9&f=u

More information about the pld-cvs-commit mailing list