]>
Commit | Line | Data |
---|---|---|
cab4bb15 | 1 | diff -urN linux/Documentation/Configure.help linux/Documentation/Configure.help\r |
2 | --- linux/Documentation/Configure.help Thu Nov 22 13:52:44 2001\r | |
3 | +++ linux/Documentation/Configure.help Mon Nov 26 10:37:55 2001\r | |
4 | @@ -19692,6 +19692,637 @@\r | |
5 | \r | |
6 | "Area6" will work for most boards. For ADX, select "Area5".\r | |
7 | \r | |
8 | +Grsecurity\r | |
9 | +CONFIG_GRKERNSEC\r | |
10 | + If you say Y here, you will be able to configure many features that\r | |
11 | + will enhance the security of your system. It is highly recommended\r | |
12 | + that you say Y here and read through the help for each option so\r | |
13 | + you fully understand what its doing and can evaluate its usefulness\r | |
14 | + for your machine.\r | |
15 | +\r | |
16 | +OpenWall Non-executable Stack\r | |
17 | +CONFIG_GRKERNSEC_STACK\r | |
18 | + If you say Y here, your system will not allow execution of\r | |
19 | + code on the stack, making buffer overflow exploitation more difficult.\r | |
20 | + The code for this protection is taken from the Openwall patch for\r | |
21 | + linux 2.2 by Solar Designer. You can view his projects at \r | |
22 | + http://www.openwall.com/linux.\r | |
23 | + Exploits against your machine with this protection will have to dabble \r | |
24 | + in more obscure methods of exploitation(bss,got,heap..)\r | |
25 | +\r | |
26 | +Gcc trampoline support\r | |
27 | +CONFIG_GRKERNSEC_STACK_GCC\r | |
28 | + If you say Y here, the system will support trampoline code along\r | |
29 | + with the stack protection. If you do not have any programs on\r | |
30 | + your system that require this (glibc 2.0 users must say YES to\r | |
31 | + this option) you may say no here.\r | |
32 | +\r | |
33 | +PaX protection\r | |
34 | +CONFIG_GRKERNSEC_PAX \r | |
35 | + By design the IA-32 architecture does not allow for protecting\r | |
36 | + memory pages against execution, i.e. if a page is readable (such\r | |
37 | + as the stack or heap) it is also executable. There is a well\r | |
38 | + known exploit technique that makes use of this fact and a common\r | |
39 | + programming mistake where an attacker can introduce executable\r | |
40 | + code of his choice somewhere in the attacked program's memory\r | |
41 | + (typically the stack or the heap) and then execute it. If the\r | |
42 | + attacked program was running with different (typically higher)\r | |
43 | + privileges than that of the attacker, then he can elevate his\r | |
44 | + own privilege level (e.g. get a root shell, write to files for\r | |
45 | + which he does not have write access to, etc).\r | |
46 | +\r | |
47 | + Since the implementation is software based, it comes with a\r | |
48 | + performance impact, you should evaluate your system carefully\r | |
49 | + before deciding to use this feature on production systems.\r | |
50 | +\r | |
51 | + Enabling this feature will enforce the non-executable flag on\r | |
52 | + memory pages thereby making it harder to execute 'foreign' code\r | |
53 | + in a program. This will also break programs that rely on the\r | |
54 | + old behaviour and expect that dynamically allocated memory via\r | |
55 | + the malloc() family of functions is executable (which it is not).\r | |
56 | + Notable examples are the XFree86 4.x server, the java runtime\r | |
57 | + and wine.\r | |
58 | +\r | |
59 | + NOTE: you can use the 'chpax' utility to enable/disable this\r | |
60 | + feature on a per file basis. chpax is available at\r | |
61 | + http://pageexec.virtualave.net\r | |
62 | +\r | |
63 | +Emulate trampolines\r | |
64 | +CONFIG_GRKERNSEC_PAX_EMUTRAMP\r | |
65 | + There are some programs and libraries that for one reason or\r | |
66 | + another attempt to execute special small code snippets from\r | |
67 | + non-executable memory pages. Most notable examples are the\r | |
68 | + signal handler return code generated by the kernel itself and\r | |
69 | + the GCC trampolines.\r | |
70 | +\r | |
71 | + If you enabled CONFIG_GRKERNSEC_PAX then such programs will no\r | |
72 | + longer work under your kernel. As a remedy you can say Y here\r | |
73 | + and use the 'chpax' utility to enable trampoline emulation for\r | |
74 | + the affected programs yet still have the protection provided by\r | |
75 | + CONFIG_GRKERNSEC_PAX. Alternatively you can say N here and use\r | |
76 | + the 'chpax' utility to disable CONFIG_GRKERNSEC_PAX for the\r | |
77 | + affected files. chpax is available at \r | |
78 | + http://pageexec.virtualave.net\r | |
79 | +\r | |
80 | + NOTE: enabling this feature *may* open up a loophole in the\r | |
81 | + protection provided by CONFIG_GRKERNSEC_PAX that an attacker\r | |
82 | + could abuse. Therefore the best solution is to not have any\r | |
83 | + files on your system that would require this option. This can\r | |
84 | + be achieved by not using libc5 (which relies on the kernel\r | |
85 | + signal handler return code) and not using or rewriting programs\r | |
86 | + that make use of the nested function implementation of GCC.\r | |
87 | + Skilled users can just fix GCC itself so that it implements\r | |
88 | + nested function calls in a way that does not interfere with PaX.\r | |
89 | +\r | |
90 | +Restrict mprotect()\r | |
91 | +CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
92 | + Enabling this option will prevent programs from changing the\r | |
93 | + executable status of memory pages that were not originally\r | |
94 | + created as executable. The kernel will also prevent programs\r | |
95 | + from making read-only executable pages writable again.\r | |
96 | +\r | |
97 | + You should say Y here to complete the protection provided by\r | |
98 | + the enforcement of the PAGE_EXEC flag (CONFIG_GRKERNSEC_PAX).\r | |
99 | +\r | |
100 | + NOTE: you can use the 'chpax' utility to enable/disable this\r | |
101 | + feature on a per file basis. chpax is available at\r | |
102 | + http://pageexec.virtualave.net\r | |
103 | +\r | |
104 | +Randomize mmap() base\r | |
105 | +CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
106 | + By saying Y here the kernel will somewhat randomize the address\r | |
107 | + space of programs at each execution (the top of the stack, the\r | |
108 | + base address for mmap() requests that do not specify one themselves\r | |
109 | + and the base address of dynamic ELF executables).\r | |
110 | +\r | |
111 | + As a result all dynamically loaded libraries will appear at random\r | |
112 | + addresses and therefore be harder to exploit by a technique where\r | |
113 | + an attacker attempts to execute library code for his purposes\r | |
114 | + (e.g. spawn a shell from an exploited program that is running at\r | |
115 | + an elevated privilege level).\r | |
116 | +\r | |
117 | + Furthermore, if a program is relinked as a dynamic ELF file, its\r | |
118 | + base address will be randomized as well, completing the full\r | |
119 | + randomization of the address space. Attacking such programs becomes\r | |
120 | + a guess game.\r | |
121 | +\r | |
122 | + It is strongly recommended to say Y here even if CONFIG_GRKERNSEC_PAX\r | |
123 | + is not enabled as address space randomization has negligible impact\r | |
124 | + on performance yet it provides a very effective protection.\r | |
125 | +\r | |
126 | + NOTE: you can use the 'chpax' utility to enable/disable this\r | |
127 | + feature on a per file basis. chpax is available at\r | |
128 | + http://pageexec.virtualave.net\r | |
129 | +\r | |
130 | +Proc Restrictions\r | |
131 | +CONFIG_GRKERNSEC_PROC\r | |
132 | + If you say Y here, the permissions of the /proc filesystem\r | |
133 | + will be altered to enhance system security and privacy. Depending\r | |
134 | + upon the options you choose, you can either restrict users to see\r | |
135 | + only the processes they themselves run, or choose a group that can\r | |
136 | + view all processes and files normally restricted to root if you choose\r | |
137 | + the "restrict to user only" option. NOTE: If you're running identd as \r | |
138 | + a non-root user, you will have to run it as the group you specify here.\r | |
139 | +\r | |
140 | +Restrict /proc to user only\r | |
141 | +CONFIG_GRKERNSEC_PROC_USER\r | |
142 | + If you say Y here, non-root users will only be able to view their own \r | |
143 | + processes, and restricts them from viewing network-related information, \r | |
144 | + running dmesg(8), and viewing kernel symbol and module information.\r | |
145 | +\r | |
146 | +Restrict /proc to user and group\r | |
147 | +CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
148 | + If you say Y here, you will be able to select a group that will be\r | |
149 | + able to view all processes, network-related information, and\r | |
150 | + kernel and symbol information. This option is useful if you want\r | |
151 | + to run identd as a non-root user.\r | |
152 | +\r | |
153 | +Linking restrictions\r | |
154 | +CONFIG_GRKERNSEC_LINK\r | |
155 | + If you say Y here, /tmp race exploits will be prevented, since users\r | |
156 | + will no longer be able to follow symlinks owned by other users in \r | |
157 | + world-writeable +t directories (i.e. /tmp), unless the owner of the \r | |
158 | + symlink is the owner of the directory. users will also not be\r | |
159 | + able to hardlink to files they do not own. If the sysctl option is\r | |
160 | + enabled, a sysctl option with name "linking_restrictions" is created.\r | |
161 | +\r | |
162 | +FIFO restrictions\r | |
163 | +CONFIG_GRKERNSEC_FIFO\r | |
164 | + If you say Y here, users will not be able to write to FIFOs they don't\r | |
165 | + own in world-writeable +t directories (i.e. /tmp), unless the owner of\r | |
166 | + the FIFO is the same owner of the directory it's held in. If the sysctl\r | |
167 | + option is enabled, a sysctl option with name "secure_fds" is created.\r | |
168 | +\r | |
169 | +Secure file descriptors\r | |
170 | +CONFIG_GRKERNSEC_FD\r | |
171 | + If you say Y here, set*id binaries will be protected from data spoofing\r | |
172 | + attacks (eg. making a program read /etc/shadow). The patches do this\r | |
173 | + by opening up /dev/null to any of the stdin, stdout, stderr file descriptors\r | |
174 | + for set*id binaries that are open and run by a user that is not the owner\r | |
175 | + of the file. If the sysctl option is enabled, a sysctl option with name\r | |
176 | + "secure_fds" is created.\r | |
177 | +\r | |
178 | +Exec process limiting\r | |
179 | +CONFIG_GRKERNSEC_EXECVE\r | |
180 | + If you say Y here, users with a resource limit on processes will\r | |
181 | + have the value checked during execve() calls. The current system\r | |
182 | + only checks the system limit during fork() calls. If the sysctl option\r | |
183 | + is enabled, a sysctl option with name "execve_limiting" is created.\r | |
184 | +\r | |
185 | +Fork-bombing protection\r | |
186 | +CONFIG_GRKERNSEC_FORKBOMB\r | |
187 | + If you say Y here, you will be able to configure a group to add to users\r | |
188 | + on your system that you want to be unable to fork-bomb the system.\r | |
189 | + You will be able to specify a maximum process limit for the user and\r | |
190 | + set a rate limit for all forks under their uid. (Fork-bombing is a\r | |
191 | + tactic used by attackers that can be enacted in two ways, (1) loading\r | |
192 | + up thousands of processes until the system can't take any more (this\r | |
193 | + method can be stopped outside of the kernel with PAM, however we place\r | |
194 | + protection for it in the kernel to be more complete and reduce overhead),\r | |
195 | + and (2), by forking processes at a rapid rate, and then killing them\r | |
196 | + off, which cannot be protected against in the same way at tactic 1)\r | |
197 | + The rate limit is specified in forks allowed per second. Set this\r | |
198 | + limit low enough to stop tactic 2, but high enough to allow for\r | |
199 | + normal operation. The protection will kill the offending process.\r | |
200 | + If the sysctl option is enabled, a sysctl option with name \r | |
201 | + "fork_bomb_prot" is created.\r | |
202 | +\r | |
203 | +Max processes for fork-bomb protection\r | |
204 | +CONFIG_GRKERNSEC_FORKBOMB_MAX\r | |
205 | + Here you can configure the maximum number of processes users in the\r | |
206 | + fork-bomb protected group can run. I would not recommend setting a\r | |
207 | + value lower than 8, since some programs like man(1) spawn up to 8\r | |
208 | + processes to run. The default value should be fine for most purposes.\r | |
209 | + If the sysctl option is enabled, a sysctl option with name\r | |
210 | + "fork_bomb_max" is created.\r | |
211 | +\r | |
212 | +Forks allowed per second\r | |
213 | +CONFIG_GRKERNSEC_FORKBOMB_SEC\r | |
214 | + Here you can specify the maximum number of forks allowed per second.\r | |
215 | + You don't want to set this value too low, or else you'll hinder\r | |
216 | + normal operation of your system. The default value should be fine for\r | |
217 | + most users. If the sysctl option is enabled, a sysctl option with name\r | |
218 | + "fork_bomb_sec" is created.\r | |
219 | +\r | |
220 | +Group for fork-bomb protection\r | |
221 | +CONFIG_GRKERNSEC_FORKBOMB_GID\r | |
222 | + Here you can choose the GID to enable fork-bomb protection for.\r | |
223 | + Remember to add the users you want protection enabled for to the GID \r | |
224 | + specified here. If the sysctl option is enabled, whatever you choose\r | |
225 | + here won't matter. You'll have to specify the GID in your bootup \r | |
226 | + script by echoing the GID to the proper /proc entry. View the help\r | |
227 | + on the sysctl option for more information. If the sysctl option is\r | |
228 | + enabled, a sysctl option with name "fork_bomb_gid" is created.\r | |
229 | +\r | |
230 | +Exec logging for all users\r | |
231 | +CONFIG_GRKERNSEC_EXECLOG\r | |
232 | + If you say Y here, all execve() calls will be logged (since the\r | |
233 | + other exec*() calls are frontends to execve(), all execution\r | |
234 | + will be logged). Useful for shell-servers that like to keep track\r | |
235 | + of their users. If the sysctl option is enabled, a sysctl option with\r | |
236 | + name "exec_logging" is created.\r | |
237 | + WARNING: This option when enabled will produce a LOT of logs, especially\r | |
238 | + on an active system.\r | |
239 | +\r | |
240 | +Exec logging for a single group\r | |
241 | +CONFIG_GRKERNSEC_EXECLOG_GROUP\r | |
242 | + If you say Y here, only execs by users in the group you specify will\r | |
243 | + be logged. Useful for shell-servers that like to keep track\r | |
244 | + of their users. If the sysctl option is enabled, a sysctl option with\r | |
245 | + name "exec_group logging" is created.\r | |
246 | + WARNING: Depending on the number of users in the group you specify,\r | |
247 | + this option could produce a lot of logs.\r | |
248 | + \r | |
249 | +Group for exec logging\r | |
250 | +CONFIG_GRKERNSEC_EXECLOG_GID\r | |
251 | + Here you can choose the GID to log all file executions for.\r | |
252 | + Remember to add the users you want to log to the GID specified here.\r | |
253 | + If the sysctl option is enabled, whatever you choose here won't matter. \r | |
254 | + You'll have to specify the GID in your bootup script by echoing the GID \r | |
255 | + to the proper /proc entry. View the help on the sysctl option for more \r | |
256 | + information. If the sysctl option is enabled, a sysctl option with name \r | |
257 | + "exec_logging_gid" is created.\r | |
258 | +\r | |
259 | +Set*id logging for all users\r | |
260 | +CONFIG_GRKERNSEC_SUID\r | |
261 | + If you say Y here, all set*id() calls will be logged. Such information\r | |
262 | + could be useful when detecting a possible intrusion attempt. This \r | |
263 | + option can produce a lot of logs on an active system. If the sysctl\r | |
264 | + option is enabled, a sysctl option with name "suid_logging" is created.\r | |
265 | +\r | |
266 | +Set*id logging for root\r | |
267 | +CONFIG_GRKERNSEC_SUID\r | |
268 | + If you say Y here, only set*id() calls where a user is changing to the\r | |
269 | + gid or uid of the root user will be logged. Such information\r | |
270 | + could be useful when detecting a possible intrusion attempt. This\r | |
271 | + option will produce less logs than logging all calls. If the sysctl\r | |
272 | + option is enabled, a sysctl option with name "suid_root_logging" is\r | |
273 | + created.\r | |
274 | +\r | |
275 | +Signal logging\r | |
276 | +CONFIG_GRKERNSEC_SIGNAL\r | |
277 | + If you say Y here, certain important signals will be logged, such as\r | |
278 | + SIGSEGV, which will as a result inform you of when a error in a program\r | |
279 | + occurred, which in some cases could mean a possible exploit attempt.\r | |
280 | + If the sysctl option is enabled, a sysctl option with name \r | |
281 | + "signal_logging" is created.\r | |
282 | +\r | |
283 | +BSD-style coredumps\r | |
284 | +CONFIG_GRKERNSEC_COREDUMP\r | |
285 | + If you say Y here, linux will use a style similar to BSD for\r | |
286 | + coredumps, core.processname. Not a security feature, just\r | |
287 | + a useful one. If the sysctl option is enabled, a sysctl option with \r | |
288 | + name "coredump" is created.\r | |
289 | +\r | |
290 | +Fork failure logging\r | |
291 | +CONFIG_GRKERNSEC_FORKFAIL\r | |
292 | + If you say Y here, all failed fork() attempts will be logged.\r | |
293 | + This could suggest a fork bomb, or someone attempting to overstep\r | |
294 | + their process limit. If the sysctl option is enabled, a sysctl option\r | |
295 | + with name "forkfail_logging" is created.\r | |
296 | +\r | |
297 | +Time change logging\r | |
298 | +CONFIG_GRKERNSEC_TIME\r | |
299 | + If you say Y here, any changes of the system clock will be logged.\r | |
300 | + If the sysctl option is enabled, a sysctl option with name \r | |
301 | + "timechange_logging" is created.\r | |
302 | +\r | |
303 | +Secure keymap loading\r | |
304 | +CONFIG_GRKERNSEC_KBMAP\r | |
305 | + If you say Y here, KDSKBENT and KDSKBSENT ioctl calls being\r | |
306 | + called by unprivileged users will be denied. If you answer N,\r | |
307 | + everyone with access to the console will be able to modify keyboard \r | |
308 | + bindings. If the sysctl option is enabled, a sysctl option with name\r | |
309 | + "secure_kbmap" is created.\r | |
310 | +\r | |
311 | +Enhanced network randomness\r | |
312 | +CONFIG_GRKERNSEC_RANDNET\r | |
313 | + If you say Y here, the functions controlling the randomness\r | |
314 | + of the Linux IP stack will be enhanced to decrease the chances\r | |
315 | + of being able to predict certain packets that require some\r | |
316 | + amount of randomness. If the sysctl option is enabled, a sysctl option\r | |
317 | + with name "rand_net" is created.\r | |
318 | +\r | |
319 | +Chroot jail restrictions\r | |
320 | +CONFIG_GRKERNSEC_CHROOT\r | |
321 | + If you say Y here, processes in a chrooted jail will be much more\r | |
322 | + difficult to break out of. It stops most generic ways of breaking\r | |
323 | + a chroot jail. Adding in chroot jail restrictions adds these\r | |
324 | + protective measures to the kernel:\r | |
325 | + No mknod()\r | |
326 | + No ptracing\r | |
327 | + No fchmod +s or chmod +s (usually used to create a rootshell)\r | |
328 | + No double chroots\r | |
329 | + Restricted signal sending to other processes\r | |
330 | + No mounting or remounting of devices\r | |
331 | + Enforced chdir("/") on all chroots\r | |
332 | + If the sysctl option is enabled, a sysctl option with name \r | |
333 | + "chroot_restrictions" is created.\r | |
334 | +\r | |
335 | +Log all execs within chroot\r | |
336 | +CONFIG_GRKERNSEC_CHROOT_EXECLOG\r | |
337 | + If you say Y here, all executions inside a chroot jail will be logged \r | |
338 | + to syslog. If the sysctl option is enabled, a sysctl option with name\r | |
339 | + "chroot_execlog" is created.\r | |
340 | +\r | |
341 | +Chroot jail capability restrictions\r | |
342 | +CONFIG_GRKERNSEC_CHROOT_CAPS\r | |
343 | + If you say Y here, the capabilities on all root processes within a\r | |
344 | + chroot jail will be lowered to stop module insertion, raw i/o,\r | |
345 | + system and net admin tasks, transferring capabilities, and\r | |
346 | + tty configuration tasks. This is left an option because it breaks\r | |
347 | + some apps. Disable this if your chrooted apps are having\r | |
348 | + problems performing those kinds of tasks. If the sysctl option is \r | |
349 | + enabled, a sysctl option with name "chroot_caps" is created.\r | |
350 | +\r | |
351 | +Trusted path execution\r | |
352 | +CONFIG_GRKERNSEC_TPE\r | |
353 | + If you say Y here, you will be able to choose a gid to add to the\r | |
354 | + supplementary groups of users you want to mark as "untrusted."\r | |
355 | + These users will not be able to execute any files that are not in\r | |
356 | + root-owned directories writeable only by root. If the sysctl option\r | |
357 | + is enabled, a sysctl option with name "tpe" is created.\r | |
358 | +\r | |
359 | +Group for trusted path execution\r | |
360 | +CONFIG_GRKERNSEC_TPE_GID\r | |
361 | + Here you can choose the GID to enable trusted path protection for.\r | |
362 | + Remember to add the users you want protection enabled for to the GID \r | |
363 | + specified here. If the sysctl option is enabled, whatever you choose\r | |
364 | + here won't matter. You'll have to specify the GID in your bootup \r | |
365 | + script by echoing the GID to the proper /proc entry. View the help\r | |
366 | + on the sysctl option for more information. If the sysctl option is\r | |
367 | + enabled, a sysctl option with name "tpe_gid" is created.\r | |
368 | +\r | |
369 | +Partially restrict non-root users\r | |
370 | +CONFIG_GRKERNSEC_TPE_ALL\r | |
371 | + If you say Y here, All other non-root users will only be allowed to\r | |
372 | + execute files in directories they own that are not group or\r | |
373 | + world-writeable, or in directories owned by root and writeable only by\r | |
374 | + root. If the sysctl option is enabled, a sysctl option with name \r | |
375 | + "tpe_restrict_all" is created.\r | |
376 | +\r | |
377 | +Trusted path execution glibc protection\r | |
378 | +CONFIG_GRKERNSEC_TPE_GLIBC\r | |
379 | + If you say Y here, all non-root users will not be able to execute\r | |
380 | + any files while glibc specific environment variables such as\r | |
381 | + LD_PRELOAD are set, which could be used to evade the trusted path \r | |
382 | + execution protection. It also protects against evasion through \r | |
383 | + /lib/ld-2.* It is recommended you say Y here also. If the sysctl option \r | |
384 | + is enabled, a sysctl option with name "tpe_glibc" is created.\r | |
385 | +\r | |
386 | +Restricted ptrace\r | |
387 | +CONFIG_GRKERNSEC_PTRACE\r | |
388 | + If you say Y here, no one but root will be able to ptrace processes.\r | |
389 | + Tracing syscalls inside the kernel will also be disabled. All allowed\r | |
390 | + ptraces will be logged when this option is enabled. If the sysctl\r | |
391 | + option is enabled, a sysctl option with name "restrict_ptrace" is\r | |
392 | + created.\r | |
393 | +\r | |
394 | +Allow ptrace for group\r | |
395 | +CONFIG_GRKERNSEC_PTRACE_GROUP\r | |
396 | + If you say Y here, you will be able to choose a GID of whose users\r | |
397 | + will be able to ptrace. If the sysctl option is enabled, a sysctl \r | |
398 | + option with name "allow_ptrace_group" is created.\r | |
399 | +\r | |
400 | +GID for ptrace\r | |
401 | +CONFIG_GRKERNSEC_PTRACE_GID\r | |
402 | + Here you can choose the GID of whose users will be able to ptrace.\r | |
403 | + Remember to add the users you want ptrace enabled for to the GID\r | |
404 | + specified here. If the sysctl option is enabled, whatever you choose\r | |
405 | + here won't matter. You'll have to specify the GID in your bootup\r | |
406 | + script by echoing the GID to the proper /proc entry. View the help\r | |
407 | + on the sysctl option for more information. If the sysctl option is\r | |
408 | + enabled, a sysctl option with name "ptrace_gid" is created.\r | |
409 | +\r | |
410 | +Randomized PIDs\r | |
411 | +CONFIG_GRKERNSEC_RANDPID\r | |
412 | + If you say Y here, all PIDs created on the system will be\r | |
413 | + pseudo-randomly generated. This is extremely effective along\r | |
414 | + with the /proc restrictions to disallow an attacker from guessing\r | |
415 | + pids of daemons, etc. PIDs are also used in some cases as part\r | |
416 | + of a naming system for temporary files, so this option would keep\r | |
417 | + those filenames from being predicted as well. We also use code\r | |
418 | + to make sure that PID numbers aren't reused too soon. If the sysctl\r | |
419 | + option is enabled, a sysctl option with name "rand_pids" is created.\r | |
420 | +\r | |
421 | +Randomized IP IDs\r | |
422 | +CONFIG_GRKERNSEC_RANDID\r | |
423 | + If you say Y here, all the id field on all outgoing packets\r | |
424 | + will be randomized. This hinders os fingerprinters and\r | |
425 | + keeps your machine from being used as a bounce for an untraceable\r | |
426 | + portscan. Ids are used for fragmented packets, fragments belonging\r | |
427 | + to the same packet have the same id. By default linux only\r | |
428 | + increments the id value on each packet sent to an individual host.\r | |
429 | + We use a port of the OpenBSD random ip id code to achieve the\r | |
430 | + randomness, while keeping the possibility of id duplicates to\r | |
431 | + near none. If the sysctl option is enabled, a sysctl option with name\r | |
432 | + "rand_ip_ids" is created.\r | |
433 | +\r | |
434 | +Randomized TCP source ports\r | |
435 | +CONFIG_GRKERNSEC_RANDSRC\r | |
436 | + If you say Y here, situations where a source port is generated on the\r | |
437 | + fly for the TCP protocol (ie. with connect() ) will be altered so that\r | |
438 | + the source port is generated at random, instead of a simple incrementing\r | |
439 | + algorithm. If the sysctl option is enabled, a sysctl option with name\r | |
440 | + "rand_tcp_src_ports" is created.\r | |
441 | +\r | |
442 | +Altered Ping IDs\r | |
443 | +CONFIG_GRKERNSEC_RANDPING\r | |
444 | + If you say Y here, the way Linux handles echo replies will be changed\r | |
445 | + so that the reply uses an ID equal to the ID of the echo request.\r | |
446 | + This will help in confusing OS detection. If the sysctl option is\r | |
447 | + enabled, a sysctl option with name "altered_pings" is created.\r | |
448 | +\r | |
449 | +Randomized TTL\r | |
450 | +CONFIG_GRKERNSEC_RANDTTL\r | |
451 | + If you say Y here, your TTL (time to live) for packets will be set at\r | |
452 | + random, with a base level you specify, to further confuse OS detection.\r | |
453 | + If the sysctl option is enabled, a sysctl option with name "rand_ttl"\r | |
454 | + is created.\r | |
455 | +\r | |
456 | +Randomized TTL threshold\r | |
457 | +CONFIG_GRKERNSEC_RANDTTL_THRESH\r | |
458 | + Here you can choose a base TTL for the randomization. The default value\r | |
459 | + for this setting is the Linux default TTL. Most users will want to \r | |
460 | + leave this setting as-is. The higher you set the base level (note that\r | |
461 | + you can't set it above 255) the more hops your packets will live. \r | |
462 | + If the sysctl option is enabled, whatever you choose here won't matter. \r | |
463 | + You'll have to specify the threshold in your bootup script by echoing \r | |
464 | + the threshold to the proper /proc entry. View the help on the sysctl \r | |
465 | + option for more information. If the sysctl option is enabled, a sysctl \r | |
466 | + option with name "rand_ttl_thresh" is created.\r | |
467 | +\r | |
468 | +Socket restrictions\r | |
469 | +CONFIG_GRKERNSEC_SOCKET\r | |
470 | + If you say Y here, you will be able to choose from several options.\r | |
471 | + If you assign a GID on your system and add it to the supplementary\r | |
472 | + groups of users you want to restrict socket access to, this patch\r | |
473 | + will perform up to three things, based on the option(s) you choose.\r | |
474 | +\r | |
475 | +Deny all socket access\r | |
476 | +CONFIG_GRKERNSEC_SOCKET_ALL\r | |
477 | + If you say Y here, you will be able to choose a GID of whose users will\r | |
478 | + be unable to connect to other hosts from your machine or run server\r | |
479 | + applications from your machine. If the sysctl option is enabled, a\r | |
480 | + sysctl option with name "socket_all" is created.\r | |
481 | +\r | |
482 | +Group for disabled socket access\r | |
483 | +CONFIG_GRKERNSEC_SOCKET_ALL_GID\r | |
484 | + Here you can choose the GID to disable socket access for. Remember to \r | |
485 | + add the users you want socket access disabled for to the GID \r | |
486 | + specified here. If the sysctl option is enabled, whatever you choose\r | |
487 | + here won't matter. You'll have to specify the GID in your bootup \r | |
488 | + script by echoing the GID to the proper /proc entry. View the help\r | |
489 | + on the sysctl option for more information. If the sysctl option is\r | |
490 | + enabled, a sysctl option with name "socket_all_gid" is created.\r | |
491 | +\r | |
492 | +Deny all client socket access\r | |
493 | +CONFIG_GRKERNSEC_SOCKET_CLIENT\r | |
494 | + If you say Y here, you will be able to choose a GID of whose users will\r | |
495 | + be unable to connect to other hosts from your machine, but will be\r | |
496 | + able to run servers. If this option is enabled, all users in the group\r | |
497 | + you specify will have to use passive mode when initiating ftp transfers\r | |
498 | + from the shell on your machine. If the sysctl option is enabled, a\r | |
499 | + sysctl option with name "socket_client" is created.\r | |
500 | +\r | |
501 | +Group for disabled client socket access\r | |
502 | +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID\r | |
503 | + Here you can choose the GID to disable client socket access for. \r | |
504 | + Remember to add the users you want client socket access disabled for to \r | |
505 | + the GID specified here. If the sysctl option is enabled, whatever you \r | |
506 | + choose here won't matter. You'll have to specify the GID in your bootup \r | |
507 | + script by echoing the GID to the proper /proc entry. View the help\r | |
508 | + on the sysctl option for more information. If the sysctl option is\r | |
509 | + enabled, a sysctl option with name "socket_client_gid" is created.\r | |
510 | +\r | |
511 | +Deny all server socket access\r | |
512 | +CONFIG_GRKERNSEC_SOCKET_SERVER\r | |
513 | + If you say Y here, you will be able to choose a GID of whose users will\r | |
514 | + be unable to run server applications from your machine. If the sysctl \r | |
515 | + option is enabled, a sysctl option with name "socket_server" is created.\r | |
516 | +\r | |
517 | +Group for disabled server socket access\r | |
518 | +CONFIG_GRKERNSEC_SOCKET_SERVER_GID\r | |
519 | + Here you can choose the GID to disable server socket access for. \r | |
520 | + Remember to add the users you want server socket access disabled for to \r | |
521 | + the GID specified here. If the sysctl option is enabled, whatever you \r | |
522 | + choose here won't matter. You'll have to specify the GID in your bootup \r | |
523 | + script by echoing the GID to the proper /proc entry. View the help\r | |
524 | + on the sysctl option for more information. If the sysctl option is\r | |
525 | + enabled, a sysctl option with name "socket_server_gid" is created.\r | |
526 | +\r | |
527 | +Stealth network enhancements\r | |
528 | +CONFIG_GRKERNSEC_STEALTH\r | |
529 | + If you say Y here, you will enable several enhancements that will\r | |
530 | + improve your system's protection against portscans.\r | |
531 | + Enabling these options and filtering all open ports should make\r | |
532 | + your machine very hard to detect, while not interfering with (most)\r | |
533 | + normal operation. All the stealth options break RFC, so there's always the\r | |
534 | + possibility that it might affect how certain network applications react\r | |
535 | + to your system. \r | |
536 | +\r | |
537 | +Do not RSTs on unserved TCP\r | |
538 | +CONFIG_GRKERNSEC_STEALTH_RST\r | |
539 | + If you say Y here, your machine will not send RSTs (connection resets)\r | |
540 | + on unserved TCP ports. This will slow down portscanners a great deal,\r | |
541 | + since it has the same effect as dropping all packets to unserved TCP\r | |
542 | + ports. It will also force clients connecting to a non-open port to\r | |
543 | + time out instead of immediately stating "connection refused." If the\r | |
544 | + sysctl option is enabled, a sysctl option with name "stealth_rst" is\r | |
545 | + created.\r | |
546 | +\r | |
547 | +Do not reply to UDP with ICMP unreachables\r | |
548 | +CONFIG_GRKERNSEC_STEALTH_UDP\r | |
549 | + If you say Y here, your machine will not reply with ICMP unreachable\r | |
550 | + packets (type 3) on UDP ports not waiting for data. This hinders\r | |
551 | + portscanners from scanning your UDP ports. Enabling the UDP stealth \r | |
552 | + options is known to slow down SSH connection times, and may also \r | |
553 | + interfere with other protocols as well. Packets travelling across the\r | |
554 | + local loopback interface will not be tampered with. If the sysctl \r | |
555 | + option is enabled, a sysctl option with name "stealth_udp" is created.\r | |
556 | +\r | |
557 | +Do not process ICMP packets\r | |
558 | +CONFIG_GRKERNSEC_STEALTH_ICMP\r | |
559 | + If you say Y here, your machine will drop all ICMP packets but\r | |
560 | + echo-reply (Which allows you to ping from your machine, while not\r | |
561 | + allowing your machine to be pinged). Since ICMP packets can be spoofed\r | |
562 | + and are commonly used in Denial of Service attacks, it is recommended\r | |
563 | + that you say Y here. Theoretically, it is possible that this option \r | |
564 | + could hinder your ability to connect to certain hosts since it also \r | |
565 | + blocks "packet too large" icmp messages, though in reality this \r | |
566 | + occurance is rare. Packets travelling across the local loopback \r | |
567 | + interface will not be tampered with. If the sysctl option is enabled, a \r | |
568 | + sysctl option with name "stealth_icmp" is created.\r | |
569 | +\r | |
570 | +Do not reply to IGMP requests\r | |
571 | +CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
572 | + If you say Y here, your machine will drop all IGMP packets. IGMP\r | |
573 | + stands for Internet Group Management Protocol. Most users should\r | |
574 | + enable this option, unless you are actually connected to a multicast\r | |
575 | + network, which IGMP is used for. If the sysctl option is enabled, a \r | |
576 | + sysctl option with name "stealth_igmp" is created.\r | |
577 | +\r | |
578 | +Drop packets with illegitimate flags\r | |
579 | +CONFIG_GRKERNSEC_STEALTH_FLAGS\r | |
580 | + If you say Y here, your machine will drop packets with TCP flags that\r | |
581 | + are never used in normal communication. Such packets are used in\r | |
582 | + "stealth" scans, and should not be allowed. It is recommended that\r | |
583 | + you say Y here. If the sysctl option is enabled, a sysctl option with\r | |
584 | + name "stealth_flags" is created.\r | |
585 | +\r | |
586 | +Log requests to unserved TCP ports\r | |
587 | +CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
588 | + If you say Y here, your machine will log requests to unserved TCP ports.\r | |
589 | + If the sysctl option is enabled, a sysctl option with name \r | |
590 | + "stealth_rst_log" is created.\r | |
591 | +\r | |
592 | +Log requests to unserved UDP ports\r | |
593 | +CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r | |
594 | + If you say Y here, your machine will log packets to UDP ports on your\r | |
595 | + system that are not waiting for data. Packets travelling across the\r | |
596 | + local loopback interface will not be logged. If the sysctl option is \r | |
597 | + enabled, a sysctl option with name "stealth_udp_log" is created.\r | |
598 | +\r | |
599 | +Log ICMP packets\r | |
600 | +CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r | |
601 | + If you say Y here, your machine will log all ICMP packets but\r | |
602 | + echo-reply. Packets travelling across the local loopback interface\r | |
603 | + will not be logged. If the sysctl option is enabled, a sysctl option \r | |
604 | + with name "stealth_icmp_log" is created.\r | |
605 | +\r | |
606 | +Log packets with illegitimate flags\r | |
607 | +CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r | |
608 | + If you say Y here, your machine will log packets with TCP flags that\r | |
609 | + are never used in normal communication. Such packets are used in\r | |
610 | + "stealth" scans, and should not be allowed. If the sysctl option is \r | |
611 | + enabled, a sysctl option with name "stealth_flags_log" is created.\r | |
612 | +\r | |
613 | +Sysctl support\r | |
614 | +CONFIG_GRKERNSEC_SYSCTL\r | |
615 | + If you say Y here, you will be able to change the options that\r | |
616 | + grsecurity runs with at bootup, without having to recompile your\r | |
617 | + kernel. You can echo values to files in /proc/sys/kernel/grsecurity\r | |
618 | + to enable (1) or disable (0) various features. All the sysctl entries\r | |
619 | + are mutable until the "grsec_lock" entry is set to a non-zero value.\r | |
620 | + All features are disabled by default. Please note that this option could \r | |
621 | + reduce the effectiveness of the added security of this patch if an ACL \r | |
622 | + system is not put in place. Your init scripts should be read-only, and \r | |
623 | + root should not have access to adding modules or performing raw i/o \r | |
624 | + operations. All options should be set at startup, and the grsec_lock \r | |
625 | + entry should be set to a non-zero value after all the options are set. \r | |
626 | + *THIS IS EXTREMELY IMPORTANT*\r | |
627 | +\r | |
628 | +Oblivion ACL System\r | |
629 | +CONFIG_OBV_PROC\r | |
630 | + If you say Y here, you enable the Access Control List system for \r | |
631 | + grsecurity called Oblivion. Oblivion is a very advanced ACL system\r | |
632 | + that is optimized for speed and correctness of ACLS. Unlike many \r | |
633 | + other popular ACL systems, it allows both process and file ACLs.\r | |
634 | + To use the ACL system, you must also download the userspace code\r | |
635 | + and documentation off the grsecurity website: http://grsecurity.net\r | |
636 | + You will then need to run obvadm setup to set your password and create \r | |
637 | + your config files.\r | |
638 | + \r | |
639 | #\r | |
640 | # m68k-specific kernel options\r | |
641 | # Documented by Chris Lawrence <mailto:quango@themall.net> et al.\r | |
cab4bb15 | 642 | diff -urN linux/arch/alpha/config.in linux/arch/alpha/config.in\r |
643 | --- linux/arch/alpha/config.in Tue Nov 20 18:49:31 2001\r | |
644 | +++ linux/arch/alpha/config.in Mon Nov 26 10:37:56 2001\r | |
645 | @@ -393,3 +393,12 @@\r | |
646 | fi\r | |
647 | \r | |
648 | endmenu\r | |
649 | +\r | |
650 | +mainmenu_option next_comment\r | |
651 | +comment 'Grsecurity'\r | |
652 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
653 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
654 | + source grsecurity/Config.in\r | |
655 | +fi\r | |
656 | +endmenu\r | |
657 | +\r | |
658 | diff -urN linux/arch/arm/config.in linux/arch/arm/config.in\r | |
659 | --- linux/arch/arm/config.in Fri Nov 9 16:58:02 2001\r | |
660 | +++ linux/arch/arm/config.in Mon Nov 26 10:37:56 2001\r | |
661 | @@ -606,3 +606,12 @@\r | |
662 | dep_bool ' Kernel low-level debugging messages via footbridge serial port' CONFIG_DEBUG_DC21285_PORT $CONFIG_DEBUG_LL $CONFIG_FOOTBRIDGE\r | |
663 | dep_bool ' kernel low-level debugging messages via UART2' CONFIG_DEBUG_CLPS711X_UART2 $CONFIG_DEBUG_LL $CONFIG_ARCH_CLPS711X\r | |
664 | endmenu\r | |
665 | +\r | |
666 | +mainmenu_option next_comment\r | |
667 | +comment 'Grsecurity'\r | |
668 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
669 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
670 | + source grsecurity/Config.in\r | |
671 | +fi\r | |
672 | +endmenu\r | |
673 | +\r | |
674 | diff -urN linux/arch/cris/config.in linux/arch/cris/config.in\r | |
675 | --- linux/arch/cris/config.in Mon Oct 15 16:42:14 2001\r | |
676 | +++ linux/arch/cris/config.in Mon Nov 26 10:37:56 2001\r | |
677 | @@ -251,3 +251,12 @@\r | |
678 | int ' Profile shift count' CONFIG_PROFILE_SHIFT 2\r | |
679 | fi\r | |
680 | endmenu\r | |
681 | +\r | |
682 | +mainmenu_option next_comment\r | |
683 | +comment 'Grsecurity'\r | |
684 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
685 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
686 | + source grsecurity/Config.in\r | |
687 | +fi\r | |
688 | +endmenu\r | |
689 | +\r | |
690 | diff -urN linux/arch/i386/config.in linux/arch/i386/config.in\r | |
691 | --- linux/arch/i386/config.in Mon Nov 12 14:58:08 2001\r | |
692 | +++ linux/arch/i386/config.in Mon Nov 26 10:37:56 2001\r | |
693 | @@ -410,3 +410,12 @@\r | |
694 | fi\r | |
695 | \r | |
696 | endmenu\r | |
697 | +\r | |
698 | +mainmenu_option next_comment\r | |
699 | +comment 'Grsecurity'\r | |
700 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
701 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
702 | + source grsecurity/Config.in\r | |
703 | +fi\r | |
704 | +endmenu\r | |
705 | +\r | |
706 | diff -urN linux/arch/i386/kernel/entry.S linux/arch/i386/kernel/entry.S\r | |
707 | --- linux/arch/i386/kernel/entry.S Fri Nov 2 20:18:49 2001\r | |
708 | +++ linux/arch/i386/kernel/entry.S Mon Nov 26 10:37:57 2001\r | |
709 | @@ -45,6 +45,7 @@\r | |
710 | #include <linux/linkage.h>\r | |
711 | #include <asm/segment.h>\r | |
712 | #include <asm/smp.h>\r | |
713 | +#include <asm/page.h>\r | |
714 | \r | |
715 | EBX = 0x00\r | |
716 | ECX = 0x04\r | |
717 | @@ -381,8 +382,52 @@\r | |
718 | jmp error_code\r | |
719 | \r | |
720 | ENTRY(page_fault)\r | |
721 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
722 | + ALIGN\r | |
723 | + pushl $ SYMBOL_NAME(pax_do_page_fault)\r | |
724 | + pushl %ds\r | |
725 | + pushl %eax\r | |
726 | + xorl %eax,%eax\r | |
727 | + pushl %ebp\r | |
728 | + pushl %edi\r | |
729 | + pushl %esi\r | |
730 | + pushl %edx\r | |
731 | + decl %eax # eax = -1\r | |
732 | + pushl %ecx\r | |
733 | + pushl %ebx\r | |
734 | + cld\r | |
735 | + movl %es,%ecx\r | |
736 | + movl ORIG_EAX(%esp), %esi # get the error code\r | |
737 | + movl ES(%esp), %edi # get the function address\r | |
738 | + movl %eax, ORIG_EAX(%esp)\r | |
739 | + movl %ecx, ES(%esp)\r | |
740 | + movl %esp,%edx\r | |
741 | + pushl %esi # push the error code\r | |
742 | + pushl %edx # push the pt_regs pointer\r | |
743 | + movl $(__KERNEL_DS),%edx\r | |
744 | + movl %edx,%ds\r | |
745 | + movl %edx,%es\r | |
746 | + GET_CURRENT(%ebx)\r | |
747 | + call *%edi\r | |
748 | + addl $8,%esp\r | |
749 | + decl %eax\r | |
750 | + jnz ret_from_exception\r | |
751 | +\r | |
752 | + popl %ebx\r | |
753 | + popl %ecx\r | |
754 | + popl %edx\r | |
755 | + popl %esi\r | |
756 | + popl %edi\r | |
757 | + popl %ebp\r | |
758 | + popl %eax\r | |
759 | + popl %ds\r | |
760 | + popl %es\r | |
761 | + addl $4,%esp\r | |
762 | + jmp system_call\r | |
763 | +#else\r | |
764 | pushl $ SYMBOL_NAME(do_page_fault)\r | |
765 | jmp error_code\r | |
766 | +#endif\r | |
767 | \r | |
768 | ENTRY(machine_check)\r | |
769 | pushl $0\r | |
770 | diff -urN linux/arch/i386/kernel/head.S linux/arch/i386/kernel/head.S\r | |
771 | --- linux/arch/i386/kernel/head.S Wed Jun 20 14:00:53 2001\r | |
772 | +++ linux/arch/i386/kernel/head.S Mon Nov 26 10:37:57 2001\r | |
773 | @@ -433,7 +433,11 @@\r | |
774 | .quad 0x0000000000000000 /* not used */\r | |
775 | .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */\r | |
776 | .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */\r | |
777 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
778 | + .quad 0x00cbfa000000f7ff /* 0x23 user 3GB-8MB code at 0 */\r | |
779 | +#else\r | |
780 | .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */\r | |
781 | +#endif\r | |
782 | .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */\r | |
783 | .quad 0x0000000000000000 /* not used */\r | |
784 | .quad 0x0000000000000000 /* not used */\r | |
785 | diff -urN linux/arch/i386/kernel/ptrace.c linux/arch/i386/kernel/ptrace.c\r | |
786 | --- linux/arch/i386/kernel/ptrace.c Wed Nov 21 13:42:41 2001\r | |
787 | +++ linux/arch/i386/kernel/ptrace.c Mon Nov 26 11:47:35 2001\r | |
788 | @@ -21,6 +21,12 @@\r | |
789 | #include <asm/i387.h>\r | |
790 | #include <asm/debugreg.h>\r | |
791 | \r | |
792 | +#if defined(CONFIG_GRKERNSEC_CHROOT) || defined(CONFIG_GRKERNSEC_PTRACE)\r | |
793 | +#include <linux/grsecurity.h>\r | |
794 | +#endif\r | |
795 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
796 | +extern struct task_struct *child_reaper;\r | |
797 | +#endif\r | |
798 | /*\r | |
799 | * does not yet catch signals sent when the child dies.\r | |
800 | * in exit.c or in signal.c.\r | |
801 | @@ -177,6 +183,32 @@\r | |
802 | if (pid == 1) /* you may not mess with init */\r | |
803 | goto out_tsk;\r | |
804 | \r | |
805 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
806 | + if(grsec_enable_ptrace && current->uid\r | |
807 | +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r | |
808 | + && ((grsec_enable_ptrace_group && !in_group_p(grsec_ptrace_gid))\r | |
809 | + || !grsec_enable_ptrace_group)\r | |
810 | +#endif\r | |
811 | + ) {\r | |
812 | + security_alert("denied ptrace of (%.16s:%d) by " DEFAULTSECMSG,\r | |
813 | + "denied ptraces", child->comm, child->pid, DEFAULTSECARGS);\r | |
814 | + goto out_tsk;\r | |
815 | + }\r | |
816 | + security_alert("ptrace of (%.16s:%d) by " DEFAULTSECMSG,\r | |
817 | + "ptraces", child->comm, child->pid, DEFAULTSECARGS);\r | |
818 | +#endif \r | |
819 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
820 | + if(grsec_enable_chroot && proc_is_chrooted(current) &&\r | |
821 | + have_same_root(current,child)) {\r | |
822 | + security_alert("denied ptrace of process(%.16s:%d) within chroot jail "\r | |
823 | + "(%.32s:%lu) by " DEFAULTSECMSG, \r | |
824 | + "ptrace from chroot",\r | |
825 | + child->comm,child->pid,kdevname(current->fs->root->d_inode->i_dev),\r | |
826 | + current->fs->root->d_inode->i_ino, \r | |
827 | + DEFAULTSECARGS);\r | |
828 | + goto out_tsk;\r | |
829 | + }\r | |
830 | +#endif\r | |
831 | if (request == PTRACE_ATTACH) {\r | |
832 | ret = ptrace_attach(child);\r | |
833 | goto out_tsk;\r | |
834 | @@ -439,11 +471,23 @@\r | |
835 | return ret;\r | |
836 | }\r | |
837 | \r | |
838 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
839 | +asmlinkage void syscall_trace(int unused)\r | |
840 | +#else\r | |
841 | asmlinkage void syscall_trace(void)\r | |
842 | +#endif\r | |
843 | {\r | |
844 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
845 | + struct pt_regs *regs = (struct pt_regs *) &unused;\r | |
846 | +#endif\r | |
847 | +\r | |
848 | if ((current->ptrace & (PT_PTRACED|PT_TRACESYS)) !=\r | |
849 | (PT_PTRACED|PT_TRACESYS))\r | |
850 | return;\r | |
851 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
852 | + if(!user_mode(regs))\r | |
853 | + return;\r | |
854 | +#endif\r | |
855 | /* the 0x80 provides a way for the tracing parent to distinguish\r | |
856 | between a syscall stop and SIGTRAP delivery */\r | |
857 | current->exit_code = SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)\r | |
858 | diff -urN linux/arch/i386/kernel/signal.c linux/arch/i386/kernel/signal.c\r | |
859 | --- linux/arch/i386/kernel/signal.c Fri Sep 14 17:15:40 2001\r | |
860 | +++ linux/arch/i386/kernel/signal.c Mon Nov 26 10:37:58 2001\r | |
861 | @@ -7,6 +7,7 @@\r | |
862 | * 2000-06-20 Pentium III FXSR, SSE support by Gareth Hughes\r | |
863 | */\r | |
864 | \r | |
865 | +#include <linux/config.h>\r | |
866 | #include <linux/sched.h>\r | |
867 | #include <linux/mm.h>\r | |
868 | #include <linux/smp.h>\r | |
869 | @@ -421,11 +422,15 @@\r | |
870 | if (ka->sa.sa_flags & SA_RESTORER) {\r | |
871 | err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);\r | |
872 | } else {\r | |
873 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
874 | + err |= __put_user(MAGIC_SIGRETURN, &frame->pretcode);\r | |
875 | +#else\r | |
876 | err |= __put_user(frame->retcode, &frame->pretcode);\r | |
877 | /* This is popl %eax ; movl $,%eax ; int $0x80 */\r | |
878 | err |= __put_user(0xb858, (short *)(frame->retcode+0));\r | |
879 | err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2));\r | |
880 | err |= __put_user(0x80cd, (short *)(frame->retcode+6));\r | |
881 | +#endif\r | |
882 | }\r | |
883 | \r | |
884 | if (err)\r | |
885 | @@ -496,11 +501,15 @@\r | |
886 | if (ka->sa.sa_flags & SA_RESTORER) {\r | |
887 | err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);\r | |
888 | } else {\r | |
889 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
890 | + err |= __put_user(MAGIC_RT_SIGRETURN, &frame->pretcode);\r | |
891 | +#else\r | |
892 | err |= __put_user(frame->retcode, &frame->pretcode);\r | |
893 | /* This is movl $,%eax ; int $0x80 */\r | |
894 | err |= __put_user(0xb8, (char *)(frame->retcode+0));\r | |
895 | err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1));\r | |
896 | err |= __put_user(0x80cd, (short *)(frame->retcode+5));\r | |
897 | +#endif\r | |
898 | }\r | |
899 | \r | |
900 | if (err)\r | |
901 | @@ -557,6 +566,18 @@\r | |
902 | regs->eip -= 2;\r | |
903 | }\r | |
904 | }\r | |
905 | +\r | |
906 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
907 | + /* PaX: clean up as our trace attempt became obsolete */\r | |
908 | + if ((current->flags & PF_PAX_PAGEEXEC) && (current->ptrace & PT_PAX_TRACE)) {\r | |
909 | + if (!(current->ptrace & PT_PAX_OLDTF)) {\r | |
910 | + regs->eflags &= ~TF_MASK;\r | |
911 | + }\r | |
912 | + current->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r | |
913 | + current->thread.pax_faults.eip = 0;\r | |
914 | + current->thread.pax_faults.count = 0;\r | |
915 | + }\r | |
916 | +#endif\r | |
917 | \r | |
918 | /* Set up the stack frame */\r | |
919 | if (ka->sa.sa_flags & SA_SIGINFO)\r | |
920 | diff -urN linux/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c\r | |
921 | --- linux/arch/i386/kernel/traps.c Sun Sep 30 15:26:08 2001\r | |
922 | +++ linux/arch/i386/kernel/traps.c Mon Nov 26 10:37:58 2001\r | |
923 | @@ -49,6 +49,9 @@\r | |
924 | \r | |
925 | #include <linux/irq.h>\r | |
926 | #include <linux/module.h>\r | |
927 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
928 | +#include <linux/grsecurity.h>\r | |
929 | +#endif\r | |
930 | \r | |
931 | asmlinkage int system_call(void);\r | |
932 | asmlinkage void lcall7(void);\r | |
933 | @@ -348,14 +351,183 @@\r | |
934 | DO_ERROR(12, SIGBUS, "stack segment", stack_segment)\r | |
935 | DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, get_cr2())\r | |
936 | \r | |
937 | +#if defined(CONFIG_GRKERNSEC_STACK) && defined(CONFIG_GRKERNSEC_STACK_GCC)\r | |
938 | +static unsigned long *get_reg(struct pt_regs *regs, unsigned char regnum)\r | |
939 | +{\r | |
940 | + switch (regnum) {\r | |
941 | + case 0: return ®s->eax;\r | |
942 | + case 1: return ®s->ecx;\r | |
943 | + case 2: return ®s->edx;\r | |
944 | + case 3: return ®s->ebx;\r | |
945 | + case 4: return ®s->esp;\r | |
946 | + case 5: return ®s->ebp;\r | |
947 | + case 6: return ®s->esi;\r | |
948 | + case 7: return ®s->edi;\r | |
949 | + }\r | |
950 | + return NULL;\r | |
951 | +}\r | |
952 | +static unsigned long get_modrm(struct pt_regs *regs, int *err)\r | |
953 | +{\r | |
954 | + unsigned char modrm, sib;\r | |
955 | + signed char rel8;\r | |
956 | + unsigned long rel32;\r | |
957 | + int size, regnum, scale;\r | |
958 | + unsigned long index, base, addr, value;\r | |
959 | +\r | |
960 | + *err |= __get_user(modrm, (unsigned char *)(regs->eip + 1));\r | |
961 | + size = 2;\r | |
962 | + regnum = modrm & 7;\r | |
963 | + addr = *get_reg(regs, regnum);\r | |
964 | + if (regnum == 4 && (modrm & 0xC0) != 0xC0) {\r | |
965 | + *err |= __get_user(sib, (unsigned char *)(regs->eip + 2));\r | |
966 | + size = 3;\r | |
967 | + scale = sib >> 6;\r | |
968 | + index = *get_reg(regs, (sib >> 3) & 7);\r | |
969 | + base = *get_reg(regs, sib & 7);\r | |
970 | + addr = base + (index << scale);\r | |
971 | + }\r | |
972 | +\r | |
973 | + switch (modrm & 0xC0) {\r | |
974 | + case 0x00:\r | |
975 | + if (regnum == 5) {\r | |
976 | + *err |= __get_user(addr,\r | |
977 | + (unsigned long *)(regs->eip + 2));\r | |
978 | + size = 6;\r | |
979 | + }\r | |
980 | + *err |= __get_user(value, (unsigned long *)addr);\r | |
981 | + break;\r | |
982 | +\r | |
983 | + case 0x40:\r | |
984 | + *err |= __get_user(rel8, (signed char *)(regs->eip + size));\r | |
985 | + size++;\r | |
986 | + addr += rel8;\r | |
987 | + *err |= __get_user(value, (unsigned long *)addr);\r | |
988 | + break;\r | |
989 | +\r | |
990 | + case 0x80:\r | |
991 | + *err |= __get_user(rel32, (unsigned long *)(regs->eip + size));\r | |
992 | + size += 4;\r | |
993 | + addr += rel32;\r | |
994 | + *err |= __get_user(value, (unsigned long *)addr);\r | |
995 | + break;\r | |
996 | +\r | |
997 | + case 0xC0:\r | |
998 | + default:\r | |
999 | + value = addr;\r | |
1000 | + }\r | |
1001 | +\r | |
1002 | + if (*err) return 0;\r | |
1003 | + regs->eip += size;\r | |
1004 | + return value;\r | |
1005 | +}\r | |
1006 | +#endif\r | |
1007 | asmlinkage void do_general_protection(struct pt_regs * regs, long error_code)\r | |
1008 | {\r | |
1009 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
1010 | + unsigned long addr;\r | |
1011 | +#ifdef CONFIG_GRKERNSEC_STACK_GCC\r | |
1012 | + unsigned char insn;\r | |
1013 | + int err, count;\r | |
1014 | +#endif\r | |
1015 | +#endif\r | |
1016 | if (regs->eflags & VM_MASK)\r | |
1017 | goto gp_in_vm86;\r | |
1018 | \r | |
1019 | if (!(regs->xcs & 3))\r | |
1020 | goto gp_in_kernel;\r | |
1021 | \r | |
1022 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
1023 | +/* Check if it was return from a signal handler */\r | |
1024 | + if ((regs->xcs & 0xFFFF) == __USER_CS)\r | |
1025 | + if (*(unsigned char *)regs->eip == 0xC3)\r | |
1026 | + if (!__get_user(addr, (unsigned long *)regs->esp)) {\r | |
1027 | + if ((addr & 0xFFFFFFFE) == MAGIC_SIGRETURN) {\r | |
1028 | +/* Call sys_sigreturn() or sys_rt_sigreturn() to restore the context */\r | |
1029 | + regs->esp += 8;\r | |
1030 | + __asm__("movl %3,%%esi\n\t"\r | |
1031 | + "subl %1,%%esp\n\t"\r | |
1032 | + "movl %2,%%ecx\n\t"\r | |
1033 | + "movl %%esp,%%edi\n\t"\r | |
1034 | + "rep; movsl\n\t"\r | |
1035 | + "testl $1,%4\n\t"\r | |
1036 | + "jnz 1f\n\t"\r | |
1037 | + "call sys_sigreturn\n\t"\r | |
1038 | + "leal %3,%%edi\n\t"\r | |
1039 | + "jmp 2f\n\t"\r | |
1040 | + "1:\n\t"\r | |
1041 | + "call sys_rt_sigreturn\n\t"\r | |
1042 | + "leal %3,%%edi\n\t"\r | |
1043 | + "2:\n\t"\r | |
1044 | + "addl %1,%%edi\n\t"\r | |
1045 | + "movl %%esp,%%esi\n\t"\r | |
1046 | + "movl %2,%%ecx\n\t"\r | |
1047 | + "movl (%%edi),%%edi\n\t"\r | |
1048 | + "rep; movsl\n\t"\r | |
1049 | + "movl %%esi,%%esp"\r | |
1050 | + :\r | |
1051 | +/* %eax is returned separately */\r | |
1052 | + "=a" (regs->eax)\r | |
1053 | + :\r | |
1054 | + "i" (sizeof(*regs)),\r | |
1055 | + "i" (sizeof(*regs) >> 2),\r | |
1056 | + "m" (regs),\r | |
1057 | + "r" (addr)\r | |
1058 | + :\r | |
1059 | + "cx", "dx", "si", "di", "cc", "memory");\r | |
1060 | + return;\r | |
1061 | + }\r | |
1062 | +/*\r | |
1063 | + * * Check if we're returning to the stack area, which is only likely to happen\r | |
1064 | + * * when attempting to exploit a buffer overflow.\r | |
1065 | + * */\r | |
1066 | + if ((addr & 0xFF800000) == 0xBF800000 ||\r | |
1067 | + (addr >= PAGE_OFFSET - _STK_LIM && addr < PAGE_OFFSET))\r | |
1068 | + security_alert("return onto stack by " DEFAULTSECMSG,\r | |
1069 | + "returns onto stack", DEFAULTSECARGS);\r | |
1070 | + }\r | |
1071 | + \r | |
1072 | +#ifdef CONFIG_GRKERNSEC_STACK_GCC\r | |
1073 | +/* Check if it could have been a trampoline call */\r | |
1074 | + if ((regs->xcs & 0xFFFF) == __USER_CS)\r | |
1075 | + if (*(unsigned char *)regs->eip == 0xFF)\r | |
1076 | + if (!__get_user(insn, (unsigned char *)(regs->eip + 1)))\r | |
1077 | + if ((insn & 0x38) == 0x10 && insn != 0xD4) { /* call mod r/m */\r | |
1078 | +/* First, emulate the call */\r | |
1079 | + err = 0;\r | |
1080 | + addr = get_modrm(regs, &err);\r | |
1081 | + if (!err) {\r | |
1082 | + regs->esp -= 4;\r | |
1083 | + err = __put_user(regs->eip, (unsigned long *)regs->esp);\r | |
1084 | + regs->eip = addr;\r | |
1085 | + } \r | |
1086 | +/* Then, start emulating the trampoline itself */\r | |
1087 | + count = 0;\r | |
1088 | + while (!err && !__get_user(insn, (unsigned char *)regs->eip++))\r | |
1089 | + if ((insn & 0xF8) == 0xB8) { /* movl imm32,%reg */\r | |
1090 | +/* We only have 8 GP registers, no reason to initialize one twice */\r | |
1091 | + if (count++ >= 8) break;\r | |
1092 | + err |= __get_user(addr, (unsigned long *)regs->eip);\r | |
1093 | + regs->eip += 4;\r | |
1094 | + *get_reg(regs, insn & 7) = addr;\r | |
1095 | + } else\r | |
1096 | + if (insn == 0xFF) {\r | |
1097 | + err |= __get_user(insn, (unsigned char *)regs->eip);\r | |
1098 | + if ((insn & 0xF8) == 0xE0) { /* jmp *%reg */\r | |
1099 | + regs->eip = *get_reg(regs, insn & 7);\r | |
1100 | + if (err) break; else return;\r | |
1101 | + }\r | |
1102 | + break;\r | |
1103 | + } else\r | |
1104 | + if (insn == 0xE9) { /* jmp rel32 */\r | |
1105 | + err |= __get_user(addr, (unsigned long *)regs->eip);\r | |
1106 | + if (err) break;\r | |
1107 | + regs->eip += 4 + addr;\r | |
1108 | + return;\r | |
1109 | + } else\r | |
1110 | + break;\r | |
1111 | + } \r | |
1112 | +#endif\r | |
1113 | +#endif\r | |
1114 | current->thread.error_code = error_code;\r | |
1115 | current->thread.trap_no = 13;\r | |
1116 | force_sig(SIGSEGV, current);\r | |
1117 | @@ -452,6 +624,10 @@\r | |
1118 | inb(0x71); /* dummy */\r | |
1119 | }\r | |
1120 | \r | |
1121 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
1122 | +void pax_handle_ptes(struct task_struct *tsk);\r | |
1123 | +#endif\r | |
1124 | +\r | |
1125 | /*\r | |
1126 | * Our handling of the processor debug registers is non-trivial.\r | |
1127 | * We do not clear them on entry and exit from the kernel. Therefore\r | |
1128 | @@ -482,6 +658,22 @@\r | |
1129 | \r | |
1130 | __asm__ __volatile__("movl %%db6,%0" : "=r" (condition));\r | |
1131 | \r | |
1132 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
1133 | + /* PaX: clean up */\r | |
1134 | + if ((tsk->flags & PF_PAX_PAGEEXEC) && (condition & DR_STEP) && (tsk->ptrace & PT_PAX_TRACE)) {\r | |
1135 | + tsk->ptrace &= ~PT_PAX_TRACE;\r | |
1136 | + pax_handle_ptes(tsk);\r | |
1137 | + if (!(tsk->ptrace & PT_PAX_KEEPTF) && !(tsk->ptrace & PT_PAX_OLDTF))\r | |
1138 | + regs->eflags &= ~TF_MASK;\r | |
1139 | + tsk->ptrace &= ~PT_PAX_KEEPTF;\r | |
1140 | + if (!(tsk->ptrace & PT_PAX_OLDTF)) {\r | |
1141 | + condition &= ~DR_STEP;\r | |
1142 | + if (!(condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)))\r | |
1143 | + return;\r | |
1144 | + }\r | |
1145 | + tsk->ptrace &= ~PT_PAX_OLDTF;\r | |
1146 | + }\r | |
1147 | +#endif\r | |
1148 | /* Mask out spurious debug traps due to lazy DR7 setting */\r | |
1149 | if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {\r | |
1150 | if (!tsk->thread.debugreg[7])\r | |
1151 | diff -urN linux/arch/i386/mm/fault.c linux/arch/i386/mm/fault.c\r | |
1152 | --- linux/arch/i386/mm/fault.c Tue Oct 9 18:13:03 2001\r | |
1153 | +++ linux/arch/i386/mm/fault.c Mon Nov 26 10:37:58 2001\r | |
1154 | @@ -4,6 +4,7 @@\r | |
1155 | * Copyright (C) 1995 Linus Torvalds\r | |
1156 | */\r | |
1157 | \r | |
1158 | +#include <linux/config.h>\r | |
1159 | #include <linux/signal.h>\r | |
1160 | #include <linux/sched.h>\r | |
1161 | #include <linux/kernel.h>\r | |
1162 | @@ -19,6 +20,9 @@\r | |
1163 | #include <linux/init.h>\r | |
1164 | #include <linux/tty.h>\r | |
1165 | #include <linux/vt_kern.h> /* For unblank_screen() */\r | |
1166 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_RANDMMAP)\r | |
1167 | +#include <linux/unistd.h>\r | |
1168 | +#endif\r | |
1169 | \r | |
1170 | #include <asm/system.h>\r | |
1171 | #include <asm/uaccess.h>\r | |
1172 | @@ -146,23 +150,31 @@\r | |
1173 | * bit 1 == 0 means read, 1 means write\r | |
1174 | * bit 2 == 0 means kernel, 1 means user-mode\r | |
1175 | */\r | |
1176 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
1177 | +asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address)\r | |
1178 | +#else\r | |
1179 | asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)\r | |
1180 | +#endif\r | |
1181 | {\r | |
1182 | struct task_struct *tsk;\r | |
1183 | struct mm_struct *mm;\r | |
1184 | struct vm_area_struct * vma;\r | |
1185 | +#ifndef CONFIG_GRKERNSEC_PAX\r | |
1186 | unsigned long address;\r | |
1187 | +#endif\r | |
1188 | unsigned long page;\r | |
1189 | unsigned long fixup;\r | |
1190 | int write;\r | |
1191 | siginfo_t info;\r | |
1192 | \r | |
1193 | +#ifndef CONFIG_GRKERNSEC_PAX\r | |
1194 | /* get the address */\r | |
1195 | __asm__("movl %%cr2,%0":"=r" (address));\r | |
1196 | \r | |
1197 | /* It's safe to allow irq's after cr2 has been saved */\r | |
1198 | if (regs->eflags & X86_EFLAGS_IF)\r | |
1199 | local_irq_enable();\r | |
1200 | +#endif\r | |
1201 | \r | |
1202 | tsk = current;\r | |
1203 | \r | |
1204 | @@ -220,21 +232,37 @@\r | |
1205 | good_area:\r | |
1206 | info.si_code = SEGV_ACCERR;\r | |
1207 | write = 0;\r | |
1208 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1209 | + switch (error_code & 7) {\r | |
1210 | +#else\r | |
1211 | switch (error_code & 3) {\r | |
1212 | +#endif\r | |
1213 | default: /* 3: write, present */\r | |
1214 | #ifdef TEST_VERIFY_AREA\r | |
1215 | if (regs->cs == KERNEL_CS)\r | |
1216 | printk("WP fault at %08lx\n", regs->eip);\r | |
1217 | #endif\r | |
1218 | /* fall through */\r | |
1219 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1220 | + case 7: /* PaX: write, present, some protection violation */\r | |
1221 | +#endif\r | |
1222 | case 2: /* write, not present */\r | |
1223 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1224 | + case 6:\r | |
1225 | +#endif\r | |
1226 | if (!(vma->vm_flags & VM_WRITE))\r | |
1227 | goto bad_area;\r | |
1228 | write++;\r | |
1229 | break;\r | |
1230 | case 1: /* read, present */\r | |
1231 | goto bad_area;\r | |
1232 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1233 | + case 5: /* PaX: read, present, protection violation */\r | |
1234 | +#endif\r | |
1235 | case 0: /* read, not present */\r | |
1236 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1237 | + case 4:\r | |
1238 | +#endif\r | |
1239 | if (!(vma->vm_flags & (VM_READ | VM_EXEC)))\r | |
1240 | goto bad_area;\r | |
1241 | }\r | |
1242 | @@ -409,3 +437,441 @@\r | |
1243 | return;\r | |
1244 | }\r | |
1245 | }\r | |
1246 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
1247 | +/* PaX: called with the page_table_lock spinlock held */\r | |
1248 | +static inline pte_t * pax_get_pte(struct mm_struct *mm, unsigned long address)\r | |
1249 | +{\r | |
1250 | + pgd_t *pgd;\r | |
1251 | + pmd_t *pmd;\r | |
1252 | +\r | |
1253 | + pgd = pgd_offset(mm, address);\r | |
1254 | + if (!pgd || !pgd_present(*pgd))\r | |
1255 | + return 0;\r | |
1256 | + pmd = pmd_offset(pgd, address);\r | |
1257 | + if (!pmd || !pmd_present(*pmd))\r | |
1258 | + return 0;\r | |
1259 | + return pte_offset(pmd, address);\r | |
1260 | +}\r | |
1261 | +\r | |
1262 | +/*\r | |
1263 | + * PaX: decide what to do with offenders\r | |
1264 | + *\r | |
1265 | + * returns 0 when access should be allowed\r | |
1266 | + * 1 when task should be killed\r | |
1267 | + * 2 when sigreturn trampoline was detected\r | |
1268 | + * 3 when rt_sigreturn trampoline was detected\r | |
1269 | + * 4 when gcc trampoline was detected\r | |
1270 | + */\r | |
1271 | +static int pax_handle_read_fault(struct pt_regs *regs, unsigned long address)\r | |
1272 | +{\r | |
1273 | + static unsigned char trans[8] = {6, 1, 2, 0, 13, 5, 3, 4};\r | |
1274 | + int err;\r | |
1275 | +\r | |
1276 | +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r | |
1277 | + if (!(current->flags & PF_PAX_EMUTRAMP))\r | |
1278 | + return 1;\r | |
1279 | +\r | |
1280 | + { /* PaX: sigreturn emulation */\r | |
1281 | + unsigned char pop, mov;\r | |
1282 | + unsigned short sys;\r | |
1283 | + unsigned long nr;\r | |
1284 | +\r | |
1285 | + err = __get_user(pop, (unsigned char *)(regs->eip));\r | |
1286 | + err |= __get_user(mov, (unsigned char *)(regs->eip + 1));\r | |
1287 | + err |= __get_user(nr, (unsigned long *)(regs->eip + 2));\r | |
1288 | + err |= __get_user(sys, (unsigned short *)(regs->eip + 6));\r | |
1289 | +\r | |
1290 | + if (!err) {\r | |
1291 | + if (pop == 0x58 &&\r | |
1292 | + mov == 0xb8 &&\r | |
1293 | + nr == __NR_sigreturn &&\r | |
1294 | + sys == 0x80cd)\r | |
1295 | + {\r | |
1296 | + regs->esp += 4;\r | |
1297 | + regs->eax = nr;\r | |
1298 | + regs->eip += 8;\r | |
1299 | + return 2;\r | |
1300 | + }\r | |
1301 | + }\r | |
1302 | + }\r | |
1303 | +\r | |
1304 | + { /* PaX: rt_sigreturn emulation */\r | |
1305 | + unsigned char mov;\r | |
1306 | + unsigned short sys;\r | |
1307 | + unsigned long nr;\r | |
1308 | +\r | |
1309 | + err = __get_user(mov, (unsigned char *)(regs->eip));\r | |
1310 | + err |= __get_user(nr, (unsigned long *)(regs->eip + 1));\r | |
1311 | + err |= __get_user(sys, (unsigned short *)(regs->eip + 5));\r | |
1312 | +\r | |
1313 | + if (!err) {\r | |
1314 | + if (mov == 0xb8 &&\r | |
1315 | + nr == __NR_rt_sigreturn &&\r | |
1316 | + sys == 0x80cd)\r | |
1317 | + {\r | |
1318 | + regs->eax = nr;\r | |
1319 | + regs->eip += 7;\r | |
1320 | + return 3;\r | |
1321 | + }\r | |
1322 | + }\r | |
1323 | + }\r | |
1324 | +\r | |
1325 | + { /* PaX: gcc trampoline emulation #1 */\r | |
1326 | + unsigned char mov1, mov2;\r | |
1327 | + unsigned short jmp;\r | |
1328 | + unsigned long addr1, addr2, ret;\r | |
1329 | +\r | |
1330 | + err = __get_user(mov1, (unsigned char *)(regs->eip));\r | |
1331 | + err |= __get_user(addr1, (unsigned long *)(regs->eip + 1));\r | |
1332 | + err |= __get_user(mov2, (unsigned char *)(regs->eip + 5));\r | |
1333 | + err |= __get_user(addr2, (unsigned long *)(regs->eip + 6));\r | |
1334 | + err |= __get_user(jmp, (unsigned short *)(regs->eip + 10));\r | |
1335 | + err |= __get_user(ret, (unsigned long *)(regs->esp));\r | |
1336 | +\r | |
1337 | + if (!err) {\r | |
1338 | + unsigned short call;\r | |
1339 | +\r | |
1340 | + err = __get_user(call, (unsigned short *)(ret-2));\r | |
1341 | + if (!err) {\r | |
1342 | + if ((mov1 & 0xF8) == 0xB8 &&\r | |
1343 | + (mov2 & 0xF8) == 0xB8 &&\r | |
1344 | + (mov1 & 0x07) != (mov2 & 0x07) &&\r | |
1345 | + (jmp & 0xF8FF) == 0xE0FF &&\r | |
1346 | + (mov2 & 0x07) == ((jmp>>8) & 0x07) &&\r | |
1347 | + (call & 0xF8FF) == 0xD0FF &&\r | |
1348 | + (regs->eip == ((unsigned long*)regs)[trans[(call>>8) & 0x07]]))\r | |
1349 | + {\r | |
1350 | + ((unsigned long *)regs)[trans[mov1 & 0x07]] = addr1;\r | |
1351 | + ((unsigned long *)regs)[trans[mov2 & 0x07]] = addr2;\r | |
1352 | + regs->eip = addr2;\r | |
1353 | + return 4;\r | |
1354 | + }\r | |
1355 | + }\r | |
1356 | + }\r | |
1357 | + }\r | |
1358 | +\r | |
1359 | + { /* PaX: gcc trampoline emulation #2 */\r | |
1360 | + unsigned char mov, jmp;\r | |
1361 | + unsigned long addr1, addr2, ret;\r | |
1362 | +\r | |
1363 | + err = __get_user(mov, (unsigned char *)(regs->eip));\r | |
1364 | + err |= __get_user(addr1, (unsigned long *)(regs->eip + 1));\r | |
1365 | + err |= __get_user(jmp, (unsigned char *)(regs->eip + 5));\r | |
1366 | + err |= __get_user(addr2, (unsigned long *)(regs->eip + 6));\r | |
1367 | + err |= __get_user(ret, (unsigned long *)(regs->esp));\r | |
1368 | +\r | |
1369 | + if (!err) {\r | |
1370 | + unsigned short call;\r | |
1371 | +\r | |
1372 | + err = __get_user(call, (unsigned short *)(ret-2));\r | |
1373 | + if (!err) {\r | |
1374 | + if ((mov & 0xF8) == 0xB8 &&\r | |
1375 | + jmp == 0xE9 &&\r | |
1376 | + (call & 0xF8FF) == 0xD0FF &&\r | |
1377 | + (regs->eip == ((unsigned long*)regs)[trans[(call>>8) & 0x07]]))\r | |
1378 | + {\r | |
1379 | + ((unsigned long *)regs)[trans[mov & 0x07]] = addr1;\r | |
1380 | + regs->eip += addr2 + 10;\r | |
1381 | + return 4;\r | |
1382 | + }\r | |
1383 | + }\r | |
1384 | + }\r | |
1385 | + }\r | |
1386 | +#endif\r | |
1387 | +\r | |
1388 | + return 1; /* PaX in action */\r | |
1389 | +}\r | |
1390 | +\r | |
1391 | +static int pax_handle_opcode(struct task_struct *tsk, struct pt_regs *regs)\r | |
1392 | +{\r | |
1393 | + unsigned long opsize = 1;\r | |
1394 | + unsigned long opsize_override = 0;\r | |
1395 | + unsigned long i;\r | |
1396 | +\r | |
1397 | + if (regs->eflags & TF_MASK)\r | |
1398 | + tsk->ptrace |= PT_PAX_OLDTF;\r | |
1399 | + else\r | |
1400 | + tsk->ptrace &= ~PT_PAX_OLDTF;\r | |
1401 | + tsk->ptrace &= ~PT_PAX_KEEPTF;\r | |
1402 | +\r | |
1403 | + for (i=0; i<15; i++) {\r | |
1404 | + unsigned char opcode;\r | |
1405 | + if (__get_user(opcode, (unsigned char*)(regs->eip+i)))\r | |
1406 | + break;\r | |
1407 | + switch (opcode) {\r | |
1408 | + case 0x26:\r | |
1409 | + case 0x2E:\r | |
1410 | + case 0x36:\r | |
1411 | + case 0x3E:\r | |
1412 | + case 0x64:\r | |
1413 | + case 0x65:\r | |
1414 | + case 0x67:\r | |
1415 | + case 0xF0:\r | |
1416 | + case 0xF2:\r | |
1417 | + case 0xF3:\r | |
1418 | + break;\r | |
1419 | +\r | |
1420 | + case 0x66:\r | |
1421 | + opsize_override = 1;\r | |
1422 | + break;\r | |
1423 | +\r | |
1424 | + case 0x9C: /* PUSHF */\r | |
1425 | + if (opsize ^ opsize_override) {\r | |
1426 | + __put_user(regs->eflags & 0x00FCFFFFul, (unsigned long*)(regs->esp-4));\r | |
1427 | + regs->esp -= 4;\r | |
1428 | + } else {\r | |
1429 | + __put_user(regs->eflags, (unsigned short*)(regs->esp-2));\r | |
1430 | + regs->esp -= 2;\r | |
1431 | + }\r | |
1432 | + regs->eip += i + 1;\r | |
1433 | + return 1;\r | |
1434 | +\r | |
1435 | + case 0x9D: /* POPF */\r | |
1436 | + case 0xCF: /* IRET */\r | |
1437 | + tsk->ptrace |= PT_PAX_KEEPTF;\r | |
1438 | + return 0;\r | |
1439 | +\r | |
1440 | + default:\r | |
1441 | + return 0;\r | |
1442 | + }\r | |
1443 | + }\r | |
1444 | + return 0;\r | |
1445 | +}\r | |
1446 | +\r | |
1447 | +static inline void pax_handle_pte(struct mm_struct *mm, unsigned long address)\r | |
1448 | +{\r | |
1449 | + pte_t *pte;\r | |
1450 | + pte = pax_get_pte(mm, address);\r | |
1451 | + if (pte) {\r | |
1452 | + set_pte(pte, pte_exprotect(*pte));\r | |
1453 | + __flush_tlb_one(address);\r | |
1454 | + }\r | |
1455 | +}\r | |
1456 | +\r | |
1457 | +#define PAX_SPIN_COUNT 256\r | |
1458 | +\r | |
1459 | +void pax_handle_ptes(struct task_struct *tsk)\r | |
1460 | +{\r | |
1461 | + struct mm_struct *mm;\r | |
1462 | +\r | |
1463 | + mm = tsk->mm;\r | |
1464 | + spin_lock(&mm->page_table_lock);\r | |
1465 | + switch (tsk->thread.pax_faults.count) {\r | |
1466 | + default:\r | |
1467 | + printk(KERN_ERR "PAX: wtf: %s:%d, %ld\n", tsk->comm, tsk->pid, tsk->thread.pax_faults.count);\r | |
1468 | + break;\r | |
1469 | +\r | |
1470 | + case PAX_SPIN_COUNT+4:\r | |
1471 | + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[3]);\r | |
1472 | +\r | |
1473 | + case PAX_SPIN_COUNT+3:\r | |
1474 | + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[2]);\r | |
1475 | +\r | |
1476 | + case PAX_SPIN_COUNT+2:\r | |
1477 | + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[1]);\r | |
1478 | +\r | |
1479 | + case PAX_SPIN_COUNT+1:\r | |
1480 | + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[0]);\r | |
1481 | + }\r | |
1482 | + spin_unlock(&mm->page_table_lock);\r | |
1483 | + tsk->thread.pax_faults.eip = 0;\r | |
1484 | + tsk->thread.pax_faults.count = 0;\r | |
1485 | +}\r | |
1486 | +\r | |
1487 | +/*\r | |
1488 | + * PaX: handle the extra page faults or pass it down to the original handler\r | |
1489 | + *\r | |
1490 | + * returns 0 when nothing special was detected\r | |
1491 | + * 1 when sigreturn trampoline (syscall) has to be emulated\r | |
1492 | + */\r | |
1493 | +asmlinkage int pax_do_page_fault(struct pt_regs *regs, unsigned long error_code)\r | |
1494 | +{\r | |
1495 | + struct task_struct *tsk = current;\r | |
1496 | + struct mm_struct *mm = current->mm;\r | |
1497 | + unsigned long address;\r | |
1498 | + pte_t *pte;\r | |
1499 | + unsigned char pte_mask = _PAGE_ACCESSED | _PAGE_USER;\r | |
1500 | + int ret;\r | |
1501 | + unsigned long i;\r | |
1502 | +\r | |
1503 | + __asm__("movl %%cr2,%0":"=r" (address));\r | |
1504 | +\r | |
1505 | + /* It's safe to allow irq's after cr2 has been saved */\r | |
1506 | + if (regs->eflags & X86_EFLAGS_IF)\r | |
1507 | + local_irq_enable();\r | |
1508 | +\r | |
1509 | + if ((error_code & 5) != 5 || address >= TASK_SIZE || regs->xcs != __USER_CS || (VM_MASK & regs->eflags))\r | |
1510 | + goto chain;\r | |
1511 | +\r | |
1512 | + /* PaX: it's our fault, let's handle it if we can */\r | |
1513 | +\r | |
1514 | + if (error_code == 7) {\r | |
1515 | + pte_mask |= _PAGE_DIRTY;\r | |
1516 | + /* PaX: take a look at read faults before acquiring any locks */\r | |
1517 | + } else if (regs->eip == address) { /* read/instruction fetch attempt from a protected page in user mode */\r | |
1518 | + ret = pax_handle_read_fault(regs, address);\r | |
1519 | + switch (ret) {\r | |
1520 | + case 4:\r | |
1521 | + tsk->thread.pax_faults.eip = 0;\r | |
1522 | + tsk->thread.pax_faults.count = 0;\r | |
1523 | + return 0;\r | |
1524 | +\r | |
1525 | + case 3:\r | |
1526 | + case 2:\r | |
1527 | + tsk->thread.pax_faults.eip = 0;\r | |
1528 | + tsk->thread.pax_faults.count = 0;\r | |
1529 | + return 1;\r | |
1530 | +\r | |
1531 | + default:\r | |
1532 | + case 1: {\r | |
1533 | + char* buffer = (char*)__get_free_page(GFP_KERNEL);\r | |
1534 | + char* path=NULL;\r | |
1535 | +\r | |
1536 | + if (buffer) {\r | |
1537 | + struct vm_area_struct* vma;\r | |
1538 | +\r | |
1539 | + down_read(&mm->mmap_sem);\r | |
1540 | + vma = mm->mmap;\r | |
1541 | + while (vma) {\r | |
1542 | + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {\r | |
1543 | + break;\r | |
1544 | + }\r | |
1545 | + vma = vma->vm_next;\r | |
1546 | + }\r | |
1547 | + if (vma)\r | |
1548 | + path = d_path(vma->vm_file->f_dentry, vma->vm_file->f_vfsmnt, buffer, PAGE_SIZE);\r | |
1549 | + up_read(&mm->mmap_sem);\r | |
1550 | + }\r | |
1551 | + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, EIP: %08lX, ESP: %08lX\n", path, tsk->comm, tsk->pid, tsk->uid, tsk->euid, regs->eip, regs->esp);\r | |
1552 | + if (buffer) free_page((unsigned long)buffer);\r | |
1553 | + printk(KERN_ERR "PAX: bytes at EIP: ");\r | |
1554 | + for (i = 0; i < 20; i++) {\r | |
1555 | + unsigned char c;\r | |
1556 | + if (__get_user(c, (unsigned char*)(regs->eip+i))) {\r | |
1557 | + printk("<invalid address>.");\r | |
1558 | + break;\r | |
1559 | + }\r | |
1560 | + printk("%02x ", c);\r | |
1561 | + }\r | |
1562 | + printk("\n");\r | |
1563 | +\r | |
1564 | + tsk->thread.pax_faults.eip = 0;\r | |
1565 | + tsk->thread.pax_faults.count = 0;\r | |
1566 | + tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r | |
1567 | + regs->eflags &= ~TF_MASK;\r | |
1568 | + tsk->thread.cr2 = address;\r | |
1569 | + tsk->thread.error_code = error_code;\r | |
1570 | + tsk->thread.trap_no = 14;\r | |
1571 | + force_sig(SIGKILL,tsk);\r | |
1572 | + return 0;\r | |
1573 | + }\r | |
1574 | +\r | |
1575 | + case 0:\r | |
1576 | + }\r | |
1577 | + }\r | |
1578 | +\r | |
1579 | + spin_lock(&mm->page_table_lock);\r | |
1580 | + pte = pax_get_pte(mm, address);\r | |
1581 | + if (!pte || !(pte_val(*pte) & _PAGE_PRESENT) || pte_exec(*pte)) {\r | |
1582 | + spin_unlock(&mm->page_table_lock);\r | |
1583 | + goto chain;\r | |
1584 | + }\r | |
1585 | +\r | |
1586 | + if ((error_code == 7) && !pte_write(*pte)) { /* write attempt to a protected page in user mode */\r | |
1587 | + spin_unlock(&mm->page_table_lock);\r | |
1588 | + goto chain;\r | |
1589 | + }\r | |
1590 | +\r | |
1591 | + /*\r | |
1592 | + * PaX: fill DTLB with user rights and retry\r | |
1593 | + */\r | |
1594 | + if (regs->eip != tsk->thread.pax_faults.eip) { /* detect DTLB trashing */\r | |
1595 | + tsk->thread.pax_faults.eip = regs->eip;\r | |
1596 | + tsk->thread.pax_faults.count = 0;\r | |
1597 | +\r | |
1598 | +pax_emu:\r | |
1599 | + __asm__ __volatile__ (\r | |
1600 | + "orb %2,%1\n"\r | |
1601 | + "invlpg %0\n"\r | |
1602 | + "testb $0,%0\n"\r | |
1603 | + "xorb %3,%1\n"\r | |
1604 | + :\r | |
1605 | + : "m" (*(char*)address), "m" (*(char*)pte) , "r" (pte_mask) , "i" (_PAGE_USER)\r | |
1606 | + : "memory", "cc");\r | |
1607 | + spin_unlock(&mm->page_table_lock);\r | |
1608 | + return 0;\r | |
1609 | + }\r | |
1610 | +\r | |
1611 | + if (tsk->thread.pax_faults.count < PAX_SPIN_COUNT) {\r | |
1612 | + ++tsk->thread.pax_faults.count;\r | |
1613 | + goto pax_emu;\r | |
1614 | + }\r | |
1615 | + spin_unlock(&mm->page_table_lock);\r | |
1616 | +\r | |
1617 | + if (tsk->thread.pax_faults.count == PAX_SPIN_COUNT) {\r | |
1618 | + if (pax_handle_opcode(tsk, regs)) {\r | |
1619 | + tsk->thread.pax_faults.eip = 0;\r | |
1620 | + tsk->thread.pax_faults.count = 0;\r | |
1621 | + tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r | |
1622 | + return 0;\r | |
1623 | + } else {\r | |
1624 | + ++tsk->thread.pax_faults.count;\r | |
1625 | + }\r | |
1626 | + }\r | |
1627 | +\r | |
1628 | + if (tsk->thread.pax_faults.count > PAX_SPIN_COUNT+1+3) {\r | |
1629 | + printk(KERN_ERR "PAX: preventing DoS: %s:%d, EIP: %08lX, ESP: %08lX\n", tsk->comm, tsk->pid, regs->eip, regs->esp);\r | |
1630 | + printk(KERN_ERR "PAX: bytes at EIP: ");\r | |
1631 | + for (i = 0; i < 20; i++) {\r | |
1632 | + unsigned char c;\r | |
1633 | + if (__get_user(c, (unsigned char*)(regs->eip+i))) {\r | |
1634 | + printk("<invalid address>.");\r | |
1635 | + break;\r | |
1636 | + }\r | |
1637 | + printk("%02x ", c);\r | |
1638 | + }\r | |
1639 | + printk("\n");\r | |
1640 | +\r | |
1641 | + tsk->thread.pax_faults.eip = 0;\r | |
1642 | + tsk->thread.pax_faults.count = 0;\r | |
1643 | + tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r | |
1644 | + regs->eflags &= ~TF_MASK;\r | |
1645 | + tsk->thread.cr2 = address;\r | |
1646 | + tsk->thread.error_code = error_code;\r | |
1647 | + tsk->thread.trap_no = 14;\r | |
1648 | + force_sig(SIGKILL,tsk);\r | |
1649 | + return 0;\r | |
1650 | + }\r | |
1651 | +\r | |
1652 | + spin_lock(&mm->page_table_lock);\r | |
1653 | + pte = pax_get_pte(mm, address);\r | |
1654 | + if (pte) {\r | |
1655 | + set_pte(pte, pte_mkexec(*pte));\r | |
1656 | + __flush_tlb_one(address);\r | |
1657 | + tsk->thread.pax_faults.addresses[tsk->thread.pax_faults.count-PAX_SPIN_COUNT-1] = address;\r | |
1658 | + ++tsk->thread.pax_faults.count;\r | |
1659 | + }\r | |
1660 | + spin_unlock(&mm->page_table_lock);\r | |
1661 | + tsk->ptrace |= PT_PAX_TRACE;\r | |
1662 | + regs->eflags |= TF_MASK;\r | |
1663 | +\r | |
1664 | +#if 0\r | |
1665 | + if (tsk->thread.pax_faults.count > PAX_SPIN_COUNT+1+1) {\r | |
1666 | + printk(KERN_ERR "PAX: DTLB trashing, level %ld: %s:%d,"\r | |
1667 | + "EIP: %08lX, ESP: %08lX, cr2: %08lX\n",\r | |
1668 | + tsk->thread.pax_faults.count - (PAX_SPIN_COUNT+1),\r | |
1669 | + tsk->comm, tsk->pid, regs->eip, regs->esp, address);\r | |
1670 | + printk(KERN_ERR "PAX: DTLB trashing, %08lX, %08lX, %08lX\n",\r | |
1671 | + tsk->thread.pax_faults.addresses[0],\r | |
1672 | + tsk->thread.pax_faults.addresses[1],\r | |
1673 | + tsk->thread.pax_faults.addresses[2]);\r | |
1674 | + }\r | |
1675 | +#endif\r | |
1676 | + return 0;\r | |
1677 | +\r | |
1678 | +chain:\r | |
1679 | + do_page_fault(regs, error_code, address);\r | |
1680 | + return 0;\r | |
1681 | +}\r | |
1682 | +#endif\r | |
1683 | +\r | |
1684 | diff -urN linux/arch/i386/mm/init.c linux/arch/i386/mm/init.c\r | |
1685 | --- linux/arch/i386/mm/init.c Sun Nov 11 13:09:32 2001\r | |
1686 | +++ linux/arch/i386/mm/init.c Mon Nov 26 10:37:58 2001\r | |
1687 | @@ -399,7 +399,11 @@\r | |
1688 | pmd = pmd_offset(pgd, vaddr);\r | |
1689 | pte = pte_offset(pmd, vaddr);\r | |
1690 | old_pte = *pte;\r | |
1691 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1692 | + *pte = mk_pte_phys(0, PAGE_READONLY_EXEC);\r | |
1693 | +#else\r | |
1694 | *pte = mk_pte_phys(0, PAGE_READONLY);\r | |
1695 | +#endif\r | |
1696 | local_flush_tlb();\r | |
1697 | \r | |
1698 | boot_cpu_data.wp_works_ok = do_test_wp_bit(vaddr);\r | |
1699 | diff -urN linux/arch/ia64/config.in linux/arch/ia64/config.in\r | |
1700 | --- linux/arch/ia64/config.in Fri Nov 9 17:26:17 2001\r | |
1701 | +++ linux/arch/ia64/config.in Mon Nov 26 10:37:58 2001\r | |
1702 | @@ -276,3 +276,12 @@\r | |
1703 | fi\r | |
1704 | \r | |
1705 | endmenu\r | |
1706 | +\r | |
1707 | +mainmenu_option next_comment\r | |
1708 | +comment 'Grsecurity'\r | |
1709 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1710 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1711 | + source grsecurity/Config.in\r | |
1712 | +fi\r | |
1713 | +endmenu\r | |
1714 | +\r | |
1715 | diff -urN linux/arch/m68k/config.in linux/arch/m68k/config.in\r | |
1716 | --- linux/arch/m68k/config.in Mon Jun 11 22:15:27 2001\r | |
1717 | +++ linux/arch/m68k/config.in Mon Nov 26 10:37:58 2001\r | |
1718 | @@ -546,3 +546,12 @@\r | |
1719 | #bool 'Debug kmalloc/kfree' CONFIG_DEBUG_MALLOC\r | |
1720 | bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r | |
1721 | endmenu\r | |
1722 | +\r | |
1723 | +mainmenu_option next_comment\r | |
1724 | +comment 'Grsecurity'\r | |
1725 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1726 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1727 | + source grsecurity/Config.in\r | |
1728 | +fi\r | |
1729 | +endmenu\r | |
1730 | +\r | |
1731 | diff -urN linux/arch/mips/config.in linux/arch/mips/config.in\r | |
1732 | --- linux/arch/mips/config.in Mon Oct 15 16:41:34 2001\r | |
1733 | +++ linux/arch/mips/config.in Mon Nov 26 10:37:58 2001\r | |
1734 | @@ -520,3 +520,12 @@\r | |
1735 | bool 'Run uncached' CONFIG_MIPS_UNCACHED\r | |
1736 | fi\r | |
1737 | endmenu\r | |
1738 | +\r | |
1739 | +mainmenu_option next_comment\r | |
1740 | +comment 'Grsecurity'\r | |
1741 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1742 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1743 | + source grsecurity/Config.in\r | |
1744 | +fi\r | |
1745 | +endmenu\r | |
1746 | +\r | |
1747 | diff -urN linux/arch/mips64/config.in linux/arch/mips64/config.in\r | |
1748 | --- linux/arch/mips64/config.in Sun Sep 9 13:43:02 2001\r | |
1749 | +++ linux/arch/mips64/config.in Mon Nov 26 10:37:58 2001\r | |
1750 | @@ -276,3 +276,12 @@\r | |
1751 | bool 'Run uncached' CONFIG_MIPS_UNCACHED\r | |
1752 | fi\r | |
1753 | endmenu\r | |
1754 | +\r | |
1755 | +mainmenu_option next_comment\r | |
1756 | +comment 'Grsecurity'\r | |
1757 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1758 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1759 | + source grsecurity/Config.in\r | |
1760 | +fi\r | |
1761 | +endmenu\r | |
1762 | +\r | |
1763 | diff -urN linux/arch/parisc/config.in linux/arch/parisc/config.in\r | |
1764 | --- linux/arch/parisc/config.in Tue Apr 17 20:19:25 2001\r | |
1765 | +++ linux/arch/parisc/config.in Mon Nov 26 10:37:58 2001\r | |
1766 | @@ -208,3 +208,11 @@\r | |
1767 | bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r | |
1768 | endmenu\r | |
1769 | \r | |
1770 | +mainmenu_option next_comment\r | |
1771 | +comment 'Grsecurity'\r | |
1772 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1773 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1774 | + source grsecurity/Config.in\r | |
1775 | +fi\r | |
1776 | +endmenu\r | |
1777 | +\r | |
1778 | diff -urN linux/arch/ppc/config.in linux/arch/ppc/config.in\r | |
1779 | --- linux/arch/ppc/config.in Fri Nov 16 13:10:08 2001\r | |
1780 | +++ linux/arch/ppc/config.in Mon Nov 26 10:37:59 2001\r | |
1781 | @@ -393,3 +393,12 @@\r | |
1782 | bool 'Include kgdb kernel debugger' CONFIG_KGDB\r | |
1783 | bool 'Include xmon kernel debugger' CONFIG_XMON\r | |
1784 | endmenu\r | |
1785 | +\r | |
1786 | +mainmenu_option next_comment\r | |
1787 | +comment 'Grsecurity'\r | |
1788 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1789 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1790 | + source grsecurity/Config.in\r | |
1791 | +fi\r | |
1792 | +endmenu\r | |
1793 | +\r | |
1794 | diff -urN linux/arch/s390/config.in linux/arch/s390/config.in\r | |
1795 | --- linux/arch/s390/config.in Fri Nov 9 16:58:02 2001\r | |
1796 | +++ linux/arch/s390/config.in Mon Nov 26 10:37:59 2001\r | |
1797 | @@ -73,3 +73,11 @@\r | |
1798 | bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r | |
1799 | endmenu\r | |
1800 | \r | |
1801 | +mainmenu_option next_comment\r | |
1802 | +comment 'Grsecurity'\r | |
1803 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1804 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1805 | + source grsecurity/Config.in\r | |
1806 | +fi\r | |
1807 | +endmenu\r | |
1808 | +\r | |
1809 | diff -urN linux/arch/s390x/config.in linux/arch/s390x/config.in\r | |
1810 | --- linux/arch/s390x/config.in Thu Oct 11 12:04:57 2001\r | |
1811 | +++ linux/arch/s390x/config.in Mon Nov 26 10:37:59 2001\r | |
1812 | @@ -77,3 +77,11 @@\r | |
1813 | bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r | |
1814 | endmenu\r | |
1815 | \r | |
1816 | +mainmenu_option next_comment\r | |
1817 | +comment 'Grsecurity'\r | |
1818 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1819 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1820 | + source grsecurity/Config.in\r | |
1821 | +fi\r | |
1822 | +endmenu\r | |
1823 | +\r | |
1824 | diff -urN linux/arch/sh/config.in linux/arch/sh/config.in\r | |
1825 | --- linux/arch/sh/config.in Mon Oct 15 16:36:48 2001\r | |
1826 | +++ linux/arch/sh/config.in Mon Nov 26 10:37:59 2001\r | |
1827 | @@ -386,3 +386,12 @@\r | |
1828 | bool 'Early printk support' CONFIG_SH_EARLY_PRINTK\r | |
1829 | fi\r | |
1830 | endmenu\r | |
1831 | +\r | |
1832 | +mainmenu_option next_comment\r | |
1833 | +comment 'Grsecurity'\r | |
1834 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1835 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1836 | + source grsecurity/Config.in\r | |
1837 | +fi\r | |
1838 | +endmenu\r | |
1839 | +\r | |
1840 | diff -urN linux/arch/sparc/config.in linux/arch/sparc/config.in\r | |
1841 | --- linux/arch/sparc/config.in Mon Jun 11 22:15:27 2001\r | |
1842 | +++ linux/arch/sparc/config.in Mon Nov 26 10:37:59 2001\r | |
1843 | @@ -266,3 +266,12 @@\r | |
1844 | \r | |
1845 | bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r | |
1846 | endmenu\r | |
1847 | +\r | |
1848 | +mainmenu_option next_comment\r | |
1849 | +comment 'Grsecurity'\r | |
1850 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1851 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1852 | + source grsecurity/Config.in\r | |
1853 | +fi\r | |
1854 | +endmenu\r | |
1855 | +\r | |
1856 | diff -urN linux/arch/sparc64/config.in linux/arch/sparc64/config.in\r | |
1857 | --- linux/arch/sparc64/config.in Tue Nov 13 12:16:05 2001\r | |
1858 | +++ linux/arch/sparc64/config.in Mon Nov 26 10:37:59 2001\r | |
1859 | @@ -298,3 +298,12 @@\r | |
1860 | bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r | |
1861 | #bool 'ECache flush trap support at ta 0x72' CONFIG_EC_FLUSH_TRAP\r | |
1862 | endmenu\r | |
1863 | +\r | |
1864 | +mainmenu_option next_comment\r | |
1865 | +comment 'Grsecurity'\r | |
1866 | +bool 'Grsecurity' CONFIG_GRKERNSEC\r | |
1867 | +if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r | |
1868 | + source grsecurity/Config.in\r | |
1869 | +fi\r | |
1870 | +endmenu\r | |
1871 | +\r | |
1872 | diff -urN linux/drivers/char/mem.c linux/drivers/char/mem.c\r | |
1873 | --- linux/drivers/char/mem.c Fri Sep 14 17:04:07 2001\r | |
1874 | +++ linux/drivers/char/mem.c Mon Nov 26 10:37:59 2001\r | |
1875 | @@ -200,9 +200,21 @@\r | |
1876 | /*\r | |
1877 | * Don't dump addresses that are not real memory to a core file.\r | |
1878 | */\r | |
1879 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
1880 | + if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC)) {\r | |
1881 | +#else \r | |
1882 | if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC))\r | |
1883 | +#endif\r | |
1884 | vma->vm_flags |= VM_IO;\r | |
1885 | \r | |
1886 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
1887 | + /* it turned out to be device memory (eg. video RAM), don't apply PaX */\r | |
1888 | + if ((current->flags & PF_PAX_PAGEEXEC) &&!(vma->vm_flags & VM_EXEC)) {\r | |
1889 | + vma->vm_flags |= VM_EXEC | VM_MAYEXEC;\r | |
1890 | + vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];\r | |
1891 | + } \r | |
1892 | + }\r | |
1893 | +#endif\r | |
1894 | if (remap_page_range(vma->vm_start, offset, vma->vm_end-vma->vm_start,\r | |
1895 | vma->vm_page_prot))\r | |
1896 | return -EAGAIN;\r | |
1897 | @@ -365,8 +377,12 @@\r | |
1898 | count = size;\r | |
1899 | \r | |
1900 | zap_page_range(mm, addr, count);\r | |
1901 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
1902 | + zeromap_page_range(addr, count, vma->vm_page_prot); \r | |
1903 | +#else\r | |
1904 | zeromap_page_range(addr, count, PAGE_COPY);\r | |
1905 | \r | |
1906 | +#endif\r | |
1907 | size -= count;\r | |
1908 | buf += count;\r | |
1909 | addr += count;\r | |
1910 | diff -urN linux/drivers/char/random.c linux/drivers/char/random.c\r | |
1911 | --- linux/drivers/char/random.c Fri Nov 9 17:01:21 2001\r | |
1912 | +++ linux/drivers/char/random.c Mon Nov 26 10:38:00 2001\r | |
1913 | @@ -260,6 +260,12 @@\r | |
1914 | /*\r | |
1915 | * Configuration information\r | |
1916 | */\r | |
1917 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
1918 | +#include <linux/grsecurity.h>\r | |
1919 | +#define DEFAULT_POOL_SIZE_RANDNET 4096\r | |
1920 | +#define SECONDARY_POOL_SIZE_RANDNET 1024\r | |
1921 | +#define BATCH_ENTROPY_SIZE_RANDNET 2048\r | |
1922 | +#endif\r | |
1923 | #define DEFAULT_POOL_SIZE 512\r | |
1924 | #define SECONDARY_POOL_SIZE 128\r | |
1925 | #define BATCH_ENTROPY_SIZE 256\r | |
1926 | @@ -387,8 +393,13 @@\r | |
1927 | /*\r | |
1928 | * Static global variables\r | |
1929 | */\r | |
1930 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
1931 | +struct entropy_store *random_state; /* The default global store */\r | |
1932 | +struct entropy_store *sec_random_state; /* secondary store */\r | |
1933 | +#else\r | |
1934 | static struct entropy_store *random_state; /* The default global store */\r | |
1935 | static struct entropy_store *sec_random_state; /* secondary store */\r | |
1936 | +#endif\r | |
1937 | static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);\r | |
1938 | static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);\r | |
1939 | \r | |
1940 | @@ -1433,11 +1444,23 @@\r | |
1941 | {\r | |
1942 | int i;\r | |
1943 | \r | |
1944 | - if (create_entropy_store(DEFAULT_POOL_SIZE, &random_state))\r | |
1945 | + if (create_entropy_store(\r | |
1946 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
1947 | + grsec_enable_randnet?DEFAULT_POOL_SIZE_RANDNET:\r | |
1948 | +#endif\r | |
1949 | + DEFAULT_POOL_SIZE, &random_state))\r | |
1950 | return; /* Error, return */\r | |
1951 | - if (batch_entropy_init(BATCH_ENTROPY_SIZE, random_state))\r | |
1952 | + if (batch_entropy_init(\r | |
1953 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
1954 | + grsec_enable_randnet?BATCH_ENTROPY_SIZE_RANDNET:\r | |
1955 | +#endif\r | |
1956 | + BATCH_ENTROPY_SIZE, random_state))\r | |
1957 | return; /* Error, return */\r | |
1958 | - if (create_entropy_store(SECONDARY_POOL_SIZE, &sec_random_state))\r | |
1959 | + if (create_entropy_store(\r | |
1960 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
1961 | + grsec_enable_randnet?SECONDARY_POOL_SIZE_RANDNET:\r | |
1962 | +#endif\r | |
1963 | + SECONDARY_POOL_SIZE, &sec_random_state))\r | |
1964 | return; /* Error, return */\r | |
1965 | clear_entropy_store(random_state);\r | |
1966 | clear_entropy_store(sec_random_state);\r | |
1967 | diff -urN linux/drivers/char/vt.c linux/drivers/char/vt.c\r | |
1968 | --- linux/drivers/char/vt.c Fri Nov 16 13:08:28 2001\r | |
1969 | +++ linux/drivers/char/vt.c Mon Nov 26 10:38:00 2001\r | |
1970 | @@ -37,6 +37,10 @@\r | |
1971 | #include <asm/vc_ioctl.h>\r | |
1972 | #endif /* CONFIG_FB_COMPAT_XPMAC */\r | |
1973 | \r | |
1974 | +#ifdef CONFIG_GRKERNSEC_KBMAP\r | |
1975 | +#include <linux/grsecurity.h>\r | |
1976 | +#endif\r | |
1977 | +\r | |
1978 | char vt_dont_switch;\r | |
1979 | extern struct tty_driver console_driver;\r | |
1980 | \r | |
1981 | @@ -177,7 +181,11 @@\r | |
1982 | val = (i ? K_HOLE : K_NOSUCHMAP);\r | |
1983 | return put_user(val, &user_kbe->kb_value);\r | |
1984 | case KDSKBENT:\r | |
1985 | +#ifdef CONFIG_GRKERNSEC_KBMAP\r | |
1986 | + if (!perm || (grsec_enable_kbmap && !suser()))\r | |
1987 | +#else \r | |
1988 | if (!perm)\r | |
1989 | +#endif\r | |
1990 | return -EPERM;\r | |
1991 | if (!i && v == K_NOSUCHMAP) {\r | |
1992 | /* disallocate map */\r | |
1993 | @@ -298,7 +306,11 @@\r | |
1994 | return -EFAULT;\r | |
1995 | return ((p && *p) ? -EOVERFLOW : 0);\r | |
1996 | case KDSKBSENT:\r | |
1997 | +#ifdef CONFIG_GRKERNSEC_KBMAP\r | |
1998 | + if (!perm || (grsec_enable_kbmap && !suser()))\r | |
1999 | +#else \r | |
2000 | if (!perm)\r | |
2001 | +#endif\r | |
2002 | return -EPERM;\r | |
2003 | \r | |
2004 | q = func_table[i];\r | |
2005 | diff -urN linux/drivers/ieee1394/video1394.c linux/drivers/ieee1394/video1394.c\r | |
2006 | --- linux/drivers/ieee1394/video1394.c Tue Oct 2 00:24:25 2001\r | |
2007 | +++ linux/drivers/ieee1394/video1394.c Mon Nov 26 10:38:00 2001\r | |
2008 | @@ -829,7 +829,11 @@\r | |
2009 | pos=(unsigned long) d->buf;\r | |
2010 | while (size > 0) {\r | |
2011 | page = kvirt_to_pa(pos);\r | |
2012 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2013 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2014 | +#else\r | |
2015 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r | |
2016 | +#endif\r | |
2017 | return -EAGAIN;\r | |
2018 | start+=PAGE_SIZE;\r | |
2019 | pos+=PAGE_SIZE;\r | |
2020 | diff -urN linux/drivers/media/video/bttv-driver.c linux/drivers/media/video/bttv-driver.c\r | |
2021 | --- linux/drivers/media/video/bttv-driver.c Wed Oct 17 17:19:20 2001\r | |
2022 | +++ linux/drivers/media/video/bttv-driver.c Mon Nov 26 10:38:01 2001\r | |
2023 | @@ -2052,7 +2052,11 @@\r | |
2024 | pos=(unsigned long) btv->fbuffer;\r | |
2025 | while (size > 0) {\r | |
2026 | page = kvirt_to_pa(pos);\r | |
2027 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2028 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2029 | +#else\r | |
2030 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r | |
2031 | +#endif\r | |
2032 | return -EAGAIN;\r | |
2033 | start+=PAGE_SIZE;\r | |
2034 | pos+=PAGE_SIZE;\r | |
2035 | diff -urN linux/drivers/media/video/cpia.c linux/drivers/media/video/cpia.c\r | |
2036 | --- linux/drivers/media/video/cpia.c Thu Oct 25 16:53:47 2001\r | |
2037 | +++ linux/drivers/media/video/cpia.c Mon Nov 26 10:38:01 2001\r | |
2038 | @@ -3005,7 +3005,11 @@\r | |
2039 | pos = (unsigned long)(cam->frame_buf);\r | |
2040 | while (size > 0) {\r | |
2041 | page = kvirt_to_pa(pos);\r | |
2042 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2043 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {\r | |
2044 | +#else\r | |
2045 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {\r | |
2046 | +#endif\r | |
2047 | up(&cam->busy_lock);\r | |
2048 | return -EAGAIN;\r | |
2049 | }\r | |
2050 | diff -urN linux/drivers/media/video/meye.c linux/drivers/media/video/meye.c\r | |
2051 | --- linux/drivers/media/video/meye.c Thu Oct 25 16:53:47 2001\r | |
2052 | +++ linux/drivers/media/video/meye.c Mon Nov 26 10:38:02 2001\r | |
2053 | @@ -1263,7 +1263,11 @@\r | |
2054 | \r | |
2055 | while (size > 0) {\r | |
2056 | page = kvirt_to_pa(pos);\r | |
2057 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2058 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {\r | |
2059 | +#else\r | |
2060 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {\r | |
2061 | +#endif\r | |
2062 | up(&meye.lock);\r | |
2063 | return -EAGAIN;\r | |
2064 | }\r | |
2065 | diff -urN linux/drivers/media/video/planb.c linux/drivers/media/video/planb.c\r | |
2066 | --- linux/drivers/media/video/planb.c Thu Oct 25 16:53:47 2001\r | |
2067 | +++ linux/drivers/media/video/planb.c Mon Nov 26 10:38:03 2001\r | |
2068 | @@ -2009,7 +2009,11 @@\r | |
2069 | }\r | |
2070 | for (i = 0; i < pb->rawbuf_size; i++) {\r | |
2071 | if (remap_page_range(start, virt_to_phys((void *)pb->rawbuf[i]),\r | |
2072 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2073 | + PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2074 | +#else\r | |
2075 | PAGE_SIZE, PAGE_SHARED))\r | |
2076 | +#endif\r | |
2077 | return -EAGAIN;\r | |
2078 | start += PAGE_SIZE;\r | |
2079 | if (size <= PAGE_SIZE)\r | |
2080 | diff -urN linux/drivers/media/video/zr36067.c linux/drivers/media/video/zr36067.c\r | |
2081 | --- linux/drivers/media/video/zr36067.c Fri Nov 9 17:01:22 2001\r | |
2082 | +++ linux/drivers/media/video/zr36067.c Mon Nov 26 10:38:03 2001\r | |
2083 | @@ -4322,7 +4322,11 @@\r | |
2084 | frag_tab[2 * j];\r | |
2085 | page = virt_to_phys(bus_to_virt(pos)); /* should just be pos on i386 */\r | |
2086 | if (remap_page_range\r | |
2087 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2088 | + (start, page, todo, PAGE_SHARED_EXEC)) {\r | |
2089 | +#else\r | |
2090 | (start, page, todo, PAGE_SHARED)) {\r | |
2091 | +#endif\r | |
2092 | printk(KERN_ERR\r | |
2093 | "%s: zoran_mmap(V4L): remap_page_range failed\n",\r | |
2094 | zr->name);\r | |
2095 | @@ -4363,7 +4367,11 @@\r | |
2096 | ("V4L remap page range %d 0x%lx %ld to 0x%lx\n",\r | |
2097 | i, page, todo, start));\r | |
2098 | if (remap_page_range\r | |
2099 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2100 | + (start, page, todo, PAGE_SHARED_EXEC)) {\r | |
2101 | +#else\r | |
2102 | (start, page, todo, PAGE_SHARED)) {\r | |
2103 | +#endif\r | |
2104 | printk(KERN_ERR\r | |
2105 | "%s: zoran_mmap(V4L): remap_page_range failed\n",\r | |
2106 | zr->name);\r | |
2107 | diff -urN linux/drivers/media/video/zr36120.c linux/drivers/media/video/zr36120.c\r | |
2108 | --- linux/drivers/media/video/zr36120.c Fri Nov 9 17:01:22 2001\r | |
2109 | +++ linux/drivers/media/video/zr36120.c Mon Nov 26 10:38:04 2001\r | |
2110 | @@ -1484,7 +1484,11 @@\r | |
2111 | pos = (unsigned long)ztv->fbuffer;\r | |
2112 | while (size>0) {\r | |
2113 | unsigned long page = virt_to_phys((void*)pos);\r | |
2114 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2115 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2116 | +#else\r | |
2117 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r | |
2118 | +#endif\r | |
2119 | return -EAGAIN;\r | |
2120 | start += PAGE_SIZE;\r | |
2121 | pos += PAGE_SIZE;\r | |
2122 | diff -urN linux/drivers/usb/ov511.c linux/drivers/usb/ov511.c\r | |
2123 | --- linux/drivers/usb/ov511.c Fri Sep 14 17:04:07 2001\r | |
2124 | +++ linux/drivers/usb/ov511.c Mon Nov 26 10:38:04 2001\r | |
2125 | @@ -2769,7 +2769,11 @@\r | |
2126 | pos = (unsigned long)ov511->fbuf;\r | |
2127 | while (size > 0) {\r | |
2128 | page = kvirt_to_pa(pos);\r | |
2129 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2130 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2131 | +#else\r | |
2132 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r | |
2133 | +#endif\r | |
2134 | return -EAGAIN;\r | |
2135 | start += PAGE_SIZE;\r | |
2136 | pos += PAGE_SIZE;\r | |
2137 | diff -urN linux/drivers/usb/pwc-if.c linux/drivers/usb/pwc-if.c\r | |
2138 | --- linux/drivers/usb/pwc-if.c Wed Oct 17 17:34:06 2001\r | |
2139 | +++ linux/drivers/usb/pwc-if.c Mon Nov 26 10:38:04 2001\r | |
2140 | @@ -1569,7 +1569,11 @@\r | |
2141 | pos = (unsigned long)pdev->image_data;\r | |
2142 | while (size > 0) {\r | |
2143 | page = kvirt_to_pa(pos);\r | |
2144 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2145 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2146 | +#else\r | |
2147 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r | |
2148 | +#endif\r | |
2149 | return -EAGAIN;\r | |
2150 | \r | |
2151 | start += PAGE_SIZE;\r | |
2152 | diff -urN linux/drivers/usb/se401.c linux/drivers/usb/se401.c\r | |
2153 | --- linux/drivers/usb/se401.c Fri Sep 14 17:27:10 2001\r | |
2154 | +++ linux/drivers/usb/se401.c Mon Nov 26 10:38:05 2001\r | |
2155 | @@ -1374,7 +1374,11 @@\r | |
2156 | pos = (unsigned long)se401->fbuf;\r | |
2157 | while (size > 0) {\r | |
2158 | page = kvirt_to_pa(pos);\r | |
2159 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2160 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {\r | |
2161 | +#else\r | |
2162 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {\r | |
2163 | +#endif\r | |
2164 | up(&se401->lock);\r | |
2165 | return -EAGAIN;\r | |
2166 | }\r | |
2167 | diff -urN linux/drivers/usb/usbvideo.c linux/drivers/usb/usbvideo.c\r | |
2168 | --- linux/drivers/usb/usbvideo.c Thu Oct 11 02:42:46 2001\r | |
2169 | +++ linux/drivers/usb/usbvideo.c Mon Nov 26 10:38:05 2001\r | |
2170 | @@ -1199,7 +1199,11 @@\r | |
2171 | pos = (unsigned long) uvd->fbuf;\r | |
2172 | while (size > 0) {\r | |
2173 | page = usbvideo_kvirt_to_pa(pos);\r | |
2174 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2175 | + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r | |
2176 | +#else\r | |
2177 | if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r | |
2178 | +#endif\r | |
2179 | return -EAGAIN;\r | |
2180 | \r | |
2181 | start += PAGE_SIZE;\r | |
2182 | diff -urN linux/fs/binfmt_aout.c linux/fs/binfmt_aout.c\r | |
2183 | --- linux/fs/binfmt_aout.c Fri Nov 2 20:39:20 2001\r | |
2184 | +++ linux/fs/binfmt_aout.c Mon Nov 26 10:38:05 2001\r | |
2185 | @@ -5,6 +5,7 @@\r | |
2186 | */\r | |
2187 | \r | |
2188 | #include <linux/module.h>\r | |
2189 | +#include <linux/config.h>\r | |
2190 | \r | |
2191 | #include <linux/sched.h>\r | |
2192 | #include <linux/kernel.h>\r | |
2193 | @@ -307,6 +308,25 @@\r | |
2194 | current->mm->mmap = NULL;\r | |
2195 | compute_creds(bprm);\r | |
2196 | current->flags &= ~PF_FORKNOEXEC;\r | |
2197 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
2198 | + if (N_FLAGS(ex) & F_STACKEXEC) current->flags |= PF_STACKEXEC;\r | |
2199 | +#endif\r | |
2200 | +\r | |
2201 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
2202 | + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC))\r | |
2203 | + current->flags |= PF_PAX_PAGEEXEC;\r | |
2204 | +#endif\r | |
2205 | +\r | |
2206 | +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r | |
2207 | + if (N_FLAGS(ex) & F_PAX_EMUTRAMP)\r | |
2208 | + current->flags |= PF_PAX_EMUTRAMP;\r | |
2209 | +#endif\r | |
2210 | +\r | |
2211 | +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
2212 | + if (!(N_FLAGS(ex) & F_PAX_MPROTECT)) \r | |
2213 | + current->flags |= PF_PAX_MPROTECT;\r | |
2214 | +#endif\r | |
2215 | +\r | |
2216 | #ifdef __sparc__\r | |
2217 | if (N_MAGIC(ex) == NMAGIC) {\r | |
2218 | loff_t pos = fd_offset;\r | |
2219 | @@ -393,7 +413,11 @@\r | |
2220 | \r | |
2221 | down_write(¤t->mm->mmap_sem);\r | |
2222 | error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,\r | |
2223 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2224 | + PROT_READ | PROT_WRITE,\r | |
2225 | +#else\r | |
2226 | PROT_READ | PROT_WRITE | PROT_EXEC,\r | |
2227 | +#endif\r | |
2228 | MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,\r | |
2229 | fd_offset + ex.a_text);\r | |
2230 | up_write(¤t->mm->mmap_sem);\r | |
2231 | diff -urN linux/fs/binfmt_elf.c linux/fs/binfmt_elf.c\r | |
2232 | --- linux/fs/binfmt_elf.c Sat Oct 20 22:16:59 2001\r | |
2233 | +++ linux/fs/binfmt_elf.c Mon Nov 26 10:38:05 2001\r | |
2234 | @@ -11,6 +11,7 @@\r | |
2235 | \r | |
2236 | #include <linux/module.h>\r | |
2237 | \r | |
2238 | +#include <linux/config.h>\r | |
2239 | #include <linux/fs.h>\r | |
2240 | #include <linux/stat.h>\r | |
2241 | #include <linux/sched.h>\r | |
2242 | @@ -33,6 +34,9 @@\r | |
2243 | #include <linux/smp_lock.h>\r | |
2244 | #include <linux/compiler.h>\r | |
2245 | #include <linux/limits.h>\r | |
2246 | +#if defined(CONFIG_GRKERNSEC_PAX_RANDMMAP) || defined(CONFIG_GRKERNSEC_PAX)\r | |
2247 | +#include <linux/random.h>\r | |
2248 | +#endif\r | |
2249 | \r | |
2250 | #include <asm/uaccess.h>\r | |
2251 | #include <asm/param.h>\r | |
2252 | @@ -73,7 +77,10 @@\r | |
2253 | #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))\r | |
2254 | #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))\r | |
2255 | \r | |
2256 | -static struct linux_binfmt elf_format = {\r | |
2257 | +#ifndef CONFIG_GRKERNSEC_STACK\r | |
2258 | +static\r | |
2259 | +#endif\r | |
2260 | +struct linux_binfmt elf_format = {\r | |
2261 | NULL, THIS_MODULE, load_elf_binary, load_elf_library, elf_core_dump, ELF_EXEC_PAGESIZE\r | |
2262 | };\r | |
2263 | \r | |
2264 | @@ -138,6 +145,11 @@\r | |
2265 | } else\r | |
2266 | u_platform = p;\r | |
2267 | \r | |
2268 | +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
2269 | + if (current->flags & PF_PAX_RANDMMAP)\r | |
2270 | + u_platform -= (current->mm->delta_stack & ~PAGE_MASK);\r | |
2271 | +#endif\r | |
2272 | +\r | |
2273 | /*\r | |
2274 | * Force 16 byte _final_ alignment here for generality.\r | |
2275 | */\r | |
2276 | @@ -599,7 +611,49 @@\r | |
2277 | current->mm->end_data = 0;\r | |
2278 | current->mm->end_code = 0;\r | |
2279 | current->mm->mmap = NULL;\r | |
2280 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2281 | + current->mm->delta_mmap = 0;\r | |
2282 | + current->mm->delta_exec = 0;\r | |
2283 | + current->mm->delta_stack = 0;\r | |
2284 | +#endif\r | |
2285 | current->flags &= ~PF_FORKNOEXEC;\r | |
2286 | +\r | |
2287 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
2288 | + if (elf_ex.e_flags & EF_STACKEXEC)\r | |
2289 | + current->flags |= PF_STACKEXEC;\r | |
2290 | +#endif\r | |
2291 | +\r | |
2292 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
2293 | + if (!(elf_ex.e_flags & EF_PAX_PAGEEXEC))\r | |
2294 | + current->flags |= PF_PAX_PAGEEXEC;\r | |
2295 | +#endif\r | |
2296 | +\r | |
2297 | +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r | |
2298 | + if (elf_ex.e_flags & EF_PAX_EMUTRAMP)\r | |
2299 | + current->flags |= PF_PAX_EMUTRAMP;\r | |
2300 | +#endif\r | |
2301 | +\r | |
2302 | +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
2303 | + if (!(elf_ex.e_flags & EF_PAX_MPROTECT))\r | |
2304 | + current->flags |= PF_PAX_MPROTECT;\r | |
2305 | +#endif\r | |
2306 | +\r | |
2307 | +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
2308 | + if (!(elf_ex.e_flags & EF_PAX_RANDMMAP)) {\r | |
2309 | + unsigned short delta;\r | |
2310 | + current->flags |= PF_PAX_RANDMMAP;\r | |
2311 | +\r | |
2312 | + get_random_bytes(&delta, sizeof(delta));\r | |
2313 | + current->mm->delta_mmap = (unsigned long)delta << PAGE_SHIFT;\r | |
2314 | +\r | |
2315 | + get_random_bytes(&delta, sizeof(delta));\r | |
2316 | + current->mm->delta_exec = (unsigned long)delta << PAGE_SHIFT;\r | |
2317 | +\r | |
2318 | + get_random_bytes(&delta, sizeof(delta));\r | |
2319 | + current->mm->delta_stack = (unsigned long)delta << 4;\r | |
2320 | + }\r | |
2321 | +#endif\r | |
2322 | +\r | |
2323 | elf_entry = (unsigned long) elf_ex.e_entry;\r | |
2324 | \r | |
2325 | /* Do this immediately, since STACK_TOP as used in setup_arg_pages\r | |
2326 | @@ -654,6 +708,13 @@\r | |
2327 | base, as well as whatever program they might try to exec. This\r | |
2328 | is because the brk will follow the loader, and is not movable. */\r | |
2329 | load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);\r | |
2330 | +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
2331 | + /* PaX: randomize base address at the default exe base if requested */\r | |
2332 | + if (current->flags | PF_PAX_RANDMMAP) {\r | |
2333 | + load_bias = ELF_PAGESTART(0x08048000 - vaddr + current->mm->delta_exec);\r | |
2334 | + }\r | |
2335 | +#endif\r | |
2336 | +\r | |
2337 | }\r | |
2338 | \r | |
2339 | error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);\r | |
2340 | diff -urN linux/fs/devices.c linux/fs/devices.c\r | |
2341 | --- linux/fs/devices.c Sat Sep 22 23:35:43 2001\r | |
2342 | +++ linux/fs/devices.c Mon Nov 26 10:38:05 2001\r | |
2343 | @@ -162,7 +162,11 @@\r | |
2344 | * is contain the open that then fills in the correct operations\r | |
2345 | * depending on the special file...\r | |
2346 | */\r | |
2347 | -static struct file_operations def_chr_fops = {\r | |
2348 | +\r | |
2349 | +#ifndef CONFIG_GRKERNSEC_FD\r | |
2350 | +static\r | |
2351 | +#endif\r | |
2352 | +struct file_operations def_chr_fops = {\r | |
2353 | open: chrdev_open,\r | |
2354 | };\r | |
2355 | \r | |
2356 | diff -urN linux/fs/exec.c linux/fs/exec.c\r | |
2357 | --- linux/fs/exec.c Fri Nov 2 20:39:20 2001\r | |
2358 | +++ linux/fs/exec.c Mon Nov 26 10:38:06 2001\r | |
2359 | @@ -48,6 +48,28 @@\r | |
2360 | \r | |
2361 | int core_uses_pid;\r | |
2362 | \r | |
2363 | +#ifdef CONFIG_OBV_PROC\r | |
2364 | +#include <linux/obvext.h>\r | |
2365 | +#include <linux/grsecurity.h>\r | |
2366 | +#endif\r | |
2367 | +\r | |
2368 | +#if defined(CONFIG_GRKERNSEC_FD) || defined(CONFIG_GRKERNSEC_EXECVE) ||\\r | |
2369 | + defined(CONFIG_GRKERNSEC_COREDUMP)||defined(CONFIG_GRKERNSEC_TPE) ||\\r | |
2370 | + defined(CONFIG_GRKERNSEC_CHROOT_EXECLOG) || \\r | |
2371 | + defined(CONFIG_GRKERNSEC_EXECLOG) ||\\r | |
2372 | + defined(CONFIG_GRKERNSEC_EXECLOG_GROUP) || defined(CONFIG_GRKERNSEC_PTRACE)\r | |
2373 | +#include <linux/grsecurity.h>\r | |
2374 | +#endif\r | |
2375 | +\r | |
2376 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2377 | +#include <linux/major.h>\r | |
2378 | +extern struct file_operations def_chr_fops;\r | |
2379 | +#endif\r | |
2380 | +\r | |
2381 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
2382 | +extern struct task_struct *child_reaper;\r | |
2383 | +#endif\r | |
2384 | +\r | |
2385 | static struct linux_binfmt *formats;\r | |
2386 | static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;\r | |
2387 | \r | |
2388 | @@ -278,7 +300,12 @@\r | |
2389 | lru_cache_add(page);\r | |
2390 | flush_dcache_page(page);\r | |
2391 | flush_page_to_ram(page);\r | |
2392 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2393 | + set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page,\r | |
2394 | + (tsk->flags & PF_PAX_PAGEEXEC)?PAGE_COPY_NOEXEC:PAGE_COPY_EXEC))));\r | |
2395 | +#else\r | |
2396 | set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY))));\r | |
2397 | +#endif\r | |
2398 | tsk->mm->rss++;\r | |
2399 | spin_unlock(&tsk->mm->page_table_lock);\r | |
2400 | \r | |
2401 | @@ -299,6 +326,12 @@\r | |
2402 | \r | |
2403 | stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;\r | |
2404 | \r | |
2405 | +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
2406 | + if (current->flags & PF_PAX_RANDMMAP)\r | |
2407 | + stack_base = PAGE_MASK & (stack_base - current->mm->delta_stack);\r | |
2408 | +\r | |
2409 | +#endif\r | |
2410 | + \r | |
2411 | bprm->p += stack_base;\r | |
2412 | if (bprm->loader)\r | |
2413 | bprm->loader += stack_base;\r | |
2414 | @@ -312,9 +345,15 @@\r | |
2415 | {\r | |
2416 | mpnt->vm_mm = current->mm;\r | |
2417 | mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;\r | |
2418 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
2419 | + mpnt->vm_end = stack_base + MAX_ARG_PAGES*PAGE_SIZE;\r | |
2420 | + mpnt->vm_page_prot = (current->flags & PF_PAX_PAGEEXEC)?PAGE_COPY_NOEXEC:PAGE_COPY_EXEC;\r | |
2421 | + mpnt->vm_flags = (current->flags & PF_PAX_PAGEEXEC)?VM_STACK_FLAGS:(VM_STACK_FLAGS|VM_EXEC|VM_MAYEXEC);\r | |
2422 | +#else\r | |
2423 | mpnt->vm_end = STACK_TOP;\r | |
2424 | mpnt->vm_page_prot = PAGE_COPY;\r | |
2425 | mpnt->vm_flags = VM_STACK_FLAGS;\r | |
2426 | +#endif\r | |
2427 | mpnt->vm_ops = NULL;\r | |
2428 | mpnt->vm_pgoff = 0;\r | |
2429 | mpnt->vm_file = NULL;\r | |
2430 | @@ -473,6 +512,69 @@\r | |
2431 | if (atomic_dec_and_test(&oldsig->count))\r | |
2432 | kmem_cache_free(sigact_cachep, oldsig);\r | |
2433 | }\r | |
2434 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2435 | +static inline int tweak_fd_open_null(struct linux_binprm *bprm)\r | |
2436 | +{\r | |
2437 | + struct inode *i;\r | |
2438 | + struct dentry *d;\r | |
2439 | + struct file *f;\r | |
2440 | +\r | |
2441 | + if(!(i = get_empty_inode()))\r | |
2442 | + return -ENOMEM;\r | |
2443 | + if(!(d = dget(d_alloc_root(i)))) {\r | |
2444 | + iput(i);\r | |
2445 | + return -ENOMEM;\r | |
2446 | + }\r | |
2447 | + if(!(f = get_empty_filp())) {\r | |
2448 | + dput(d);\r | |
2449 | + iput(i);\r | |
2450 | + return -ENFILE;\r | |
2451 | + }\r | |
2452 | + i->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;\r | |
2453 | + i->i_uid = current->fsuid;\r | |
2454 | + i->i_gid = current->fsgid;\r | |
2455 | + i->i_rdev = MKDEV(MEM_MAJOR,3);\r | |
2456 | + i->i_blksize = PAGE_SIZE;\r | |
2457 | + i->i_blocks = 0;\r | |
2458 | + i->i_atime = i->i_mtime = i->i_ctime = CURRENT_TIME;\r | |
2459 | + i->i_fop = &def_chr_fops;\r | |
2460 | + i->i_state = I_DIRTY;\r | |
2461 | +\r | |
2462 | + f->f_flags = O_RDWR;\r | |
2463 | + f->f_mode = FMODE_READ | FMODE_WRITE;\r | |
2464 | + f->f_dentry = d;\r | |
2465 | + f->f_op = i->i_fop;\r | |
2466 | + f->f_pos = 0;\r | |
2467 | + f->f_reada = 0;\r | |
2468 | + f->f_op->open(i,f);\r | |
2469 | +\r | |
2470 | + bprm->tweak_fd_null = f;\r | |
2471 | +\r | |
2472 | + return 0;\r | |
2473 | +}\r | |
2474 | +\r | |
2475 | +static int tweak_fd_0_1_2(struct linux_binprm *bprm)\r | |
2476 | +{\r | |
2477 | + int fd,new,retval;\r | |
2478 | +\r | |
2479 | + for(fd=0;fd<=2;fd++) {\r | |
2480 | + if(current->files->fd[fd]) continue;\r | |
2481 | + if((new = get_unused_fd()) != fd) {\r | |
2482 | + if(new >= 0) put_unused_fd(new);\r | |
2483 | + return -EMFILE;\r | |
2484 | + }\r | |
2485 | + if(bprm->tweak_fd_null)\r | |
2486 | + atomic_inc(&bprm->tweak_fd_null->f_count);\r | |
2487 | + else\r | |
2488 | + if((retval = tweak_fd_open_null(bprm)))\r | |
2489 | + return retval;\r | |
2490 | +\r | |
2491 | + fd_install(fd,bprm->tweak_fd_null);\r | |
2492 | + bprm->tweak_fd_mask |= 1 << fd;\r | |
2493 | + }\r | |
2494 | + return 0;\r | |
2495 | +}\r | |
2496 | +#endif\r | |
2497 | \r | |
2498 | /*\r | |
2499 | * These functions flushes out all traces of the currently running executable\r | |
2500 | @@ -563,6 +665,25 @@\r | |
2501 | current->comm[i++] = ch;\r | |
2502 | }\r | |
2503 | current->comm[i] = '\0';\r | |
2504 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
2505 | + current->flags &= ~PF_STACKEXEC;\r | |
2506 | +#endif\r | |
2507 | +\r | |
2508 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
2509 | + current->flags &= ~PF_PAX_PAGEEXEC;\r | |
2510 | +#endif\r | |
2511 | +\r | |
2512 | +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r | |
2513 | + current->flags &= ~PF_PAX_EMUTRAMP;\r | |
2514 | +#endif\r | |
2515 | +\r | |
2516 | +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
2517 | + current->flags &= ~PF_PAX_MPROTECT;\r | |
2518 | +#endif\r | |
2519 | +\r | |
2520 | +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
2521 | + current->flags &= ~PF_PAX_RANDMMAP;\r | |
2522 | +#endif\r | |
2523 | \r | |
2524 | flush_thread();\r | |
2525 | \r | |
2526 | @@ -580,6 +701,10 @@\r | |
2527 | flush_signal_handlers(current);\r | |
2528 | flush_old_files(current->files);\r | |
2529 | \r | |
2530 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2531 | + if(grsec_enable_fd && bprm->priv_change)\r | |
2532 | + return tweak_fd_0_1_2(bprm);\r | |
2533 | +#endif\r | |
2534 | return 0;\r | |
2535 | \r | |
2536 | mmap_failed:\r | |
2537 | @@ -610,6 +735,9 @@\r | |
2538 | {\r | |
2539 | int mode;\r | |
2540 | struct inode * inode = bprm->file->f_dentry->d_inode;\r | |
2541 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2542 | + if (grsec_enable_fd) bprm->priv_change = 0;\r | |
2543 | +#endif\r | |
2544 | \r | |
2545 | mode = inode->i_mode;\r | |
2546 | /*\r | |
2547 | @@ -626,8 +754,16 @@\r | |
2548 | \r | |
2549 | if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {\r | |
2550 | /* Set-uid? */\r | |
2551 | - if (mode & S_ISUID)\r | |
2552 | - bprm->e_uid = inode->i_uid;\r | |
2553 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2554 | + if (mode & S_ISUID) {\r | |
2555 | + bprm->e_uid = inode->i_uid;\r | |
2556 | + if(grsec_enable_fd && (bprm->e_uid != current->euid))\r | |
2557 | + bprm->priv_change = 1;\r | |
2558 | + }\r | |
2559 | +#else\r | |
2560 | + if (mode & S_ISUID)\r | |
2561 | + bprm->e_uid = inode->i_uid;\r | |
2562 | +#endif\r | |
2563 | \r | |
2564 | /* Set-gid? */\r | |
2565 | /*\r | |
2566 | @@ -635,9 +771,17 @@\r | |
2567 | * is a candidate for mandatory locking, not a setgid\r | |
2568 | * executable.\r | |
2569 | */\r | |
2570 | - if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))\r | |
2571 | - bprm->e_gid = inode->i_gid;\r | |
2572 | - }\r | |
2573 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2574 | + if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {\r | |
2575 | + bprm->e_gid = inode->i_gid;\r | |
2576 | + if(grsec_enable_fd && !in_group_p(bprm->e_gid))\r | |
2577 | + bprm->priv_change = 1;\r | |
2578 | + }\r | |
2579 | +#else\r | |
2580 | + if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))\r | |
2581 | + bprm->e_gid = inode->i_gid;\r | |
2582 | +#endif \r | |
2583 | +}\r | |
2584 | \r | |
2585 | /* We don't have VFS support for capabilities yet */\r | |
2586 | cap_clear(bprm->cap_inheritable);\r | |
2587 | @@ -660,7 +804,26 @@\r | |
2588 | if (bprm->e_uid == 0) \r | |
2589 | cap_set_full(bprm->cap_effective);\r | |
2590 | }\r | |
2591 | -\r | |
2592 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
2593 | + if (current->ptrace & PT_PTRACED){\r | |
2594 | + if(current->uid && grsec_enable_ptrace\r | |
2595 | +#ifdef CONFIG_GRKERNSEC_GROUP\r | |
2596 | + && ((grsec_enable_ptrace_group && !in_group_p(grsec_ptrace_gid))\r | |
2597 | + || !grsec_enable_ptrace_group)\r | |
2598 | +#endif\r | |
2599 | + ) {\r | |
2600 | + security_alert("denied ptrace of [%.32s:%lu] (%s) by " DEFAULTSECMSG,\r | |
2601 | + "denied ptraces", kdevname(bprm->file->f_dentry->d_inode->i_dev),\r | |
2602 | + bprm->file->f_dentry->d_inode->i_ino, bprm->filename, \r | |
2603 | + DEFAULTSECARGS);\r | |
2604 | + return -EPERM;\r | |
2605 | + }\r | |
2606 | + security_alert("ptrace of [%.32s:%lu] (%s) by " DEFAULTSECMSG,\r | |
2607 | + "ptraces", kdevname(bprm->file->f_dentry->d_inode->i_dev),\r | |
2608 | + bprm->file->f_dentry->d_inode->i_ino, bprm->filename, \r | |
2609 | + DEFAULTSECARGS);\r | |
2610 | + }\r | |
2611 | +#endif\r | |
2612 | memset(bprm->buf,0,BINPRM_BUF_SIZE);\r | |
2613 | return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);\r | |
2614 | }\r | |
2615 | @@ -708,6 +871,9 @@\r | |
2616 | current->cap_permitted);\r | |
2617 | }\r | |
2618 | }\r | |
2619 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2620 | + if (grsec_enable_fd) tweak_fd_0_1_2(bprm);\r | |
2621 | +#endif\r | |
2622 | do_unlock = 1;\r | |
2623 | }\r | |
2624 | \r | |
2625 | @@ -859,6 +1025,20 @@\r | |
2626 | struct file *file;\r | |
2627 | int retval;\r | |
2628 | int i;\r | |
2629 | +#if defined(CONFIG_GRKERNSEC_EXECLOG) || defined(CONFIG_GRKERNSEC_EXECLOG_GROUP)\r | |
2630 | + int x;\r | |
2631 | + char *grargs;\r | |
2632 | + char grarg[68];\r | |
2633 | +#endif\r | |
2634 | +\r | |
2635 | +#ifdef CONFIG_GRKERNSEC_EXECVE\r | |
2636 | + if(grsec_enable_execve && current->user)\r | |
2637 | + if(atomic_read(¤t->user->processes) > current->rlim[RLIMIT_NPROC].rlim_cur) {\r | |
2638 | + security_alert("Attempt to overstep process limit by " DEFAULTSECMSG,\r | |
2639 | + "proc limit overstep", DEFAULTSECARGS);\r | |
2640 | + return -EAGAIN;\r | |
2641 | + }\r | |
2642 | +#endif\r | |
2643 | \r | |
2644 | file = open_exec(filename);\r | |
2645 | \r | |
2646 | @@ -866,6 +1046,16 @@\r | |
2647 | if (IS_ERR(file))\r | |
2648 | return retval;\r | |
2649 | \r | |
2650 | +#ifdef CONFIG_OBV_PROC\r | |
2651 | +if( ( (obv_search(file->f_dentry,OBV_EXEC,file->f_vfsmnt)) == OBV_DENY) ) {\r | |
2652 | + obv_seclog("denying execution of %.1024s by " DEFAULTSECMSG,\r | |
2653 | + filename, DEFAULTSECARGS);\r | |
2654 | + allow_write_access(file);\r | |
2655 | + fput(file);\r | |
2656 | + return -EPERM;\r | |
2657 | +}\r | |
2658 | +#endif\r | |
2659 | +\r | |
2660 | bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);\r | |
2661 | memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0])); \r | |
2662 | \r | |
2663 | @@ -886,10 +1076,111 @@\r | |
2664 | return bprm.envc;\r | |
2665 | }\r | |
2666 | \r | |
2667 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2668 | + if (grsec_enable_fd) {\r | |
2669 | + bprm.tweak_fd_mask = 0;\r | |
2670 | + bprm.tweak_fd_null = NULL;\r | |
2671 | + }\r | |
2672 | +#endif\r | |
2673 | retval = prepare_binprm(&bprm);\r | |
2674 | if (retval < 0) \r | |
2675 | goto out; \r | |
2676 | \r | |
2677 | +\r | |
2678 | +#ifdef CONFIG_GRKERNSEC_TPE\r | |
2679 | +if (grsec_enable_tpe) {\r | |
2680 | +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r | |
2681 | +if (grsec_enable_tpe_glibc) {\r | |
2682 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL\r | |
2683 | +if(grsec_enable_tpe_all?current->uid:in_group_p(grsec_tpe_gid)){\r | |
2684 | +#else\r | |
2685 | +if(in_group_p(grsec_tpe_gid)){\r | |
2686 | +#endif\r | |
2687 | + char **envpp=envp,*envpt;\r | |
2688 | + while(*envpp){\r | |
2689 | + envpt=*envpp;\r | |
2690 | + if((*envpt == 'L') && (*(envpt + 1) == 'D') &&\r | |
2691 | + (*(envpt + 2) == '_') && strchr(envpt,'=')){\r | |
2692 | + security_alert("denied exec of %.32s by " DEFAULTSECMSG\r | |
2693 | + "reason: malicious environment","denied execs",\r | |
2694 | + filename, DEFAULTSECARGS);\r | |
2695 | + dput(file->f_dentry);\r | |
2696 | + return -EACCES;\r | |
2697 | + }\r | |
2698 | + *envpp=*++envpp;\r | |
2699 | + }\r | |
2700 | + if(!strncmp(file->f_dentry->d_name.name,"ld-2.",5) &&\r | |
2701 | + !strncmp(file->f_dentry->d_parent->d_name.name,"lib",3)){\r | |
2702 | + security_alert("denied exec of %.32s by " DEFAULTSECMSG\r | |
2703 | + "reason: tried to bypass via ld","denied execs",\r | |
2704 | + filename, DEFAULTSECARGS);\r | |
2705 | + dput(file->f_dentry);\r | |
2706 | + return -EACCES;\r | |
2707 | + }\r | |
2708 | +}\r | |
2709 | +}\r | |
2710 | +#endif\r | |
2711 | +if((current->uid) &&\r | |
2712 | + ((file->f_dentry->d_parent->d_inode->i_uid) ||\r | |
2713 | + (!(file->f_dentry->d_parent->d_inode->i_uid) &&\r | |
2714 | + ((file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) ||\r | |
2715 | + (file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH)))) &&\r | |
2716 | + (in_group_p(grsec_tpe_gid))){\r | |
2717 | + security_alert("denied exec of %.32s by " DEFAULTSECMSG\r | |
2718 | + "reason: untrusted","denied execs",\r | |
2719 | + filename, DEFAULTSECARGS);\r | |
2720 | + dput(file->f_dentry);\r | |
2721 | + return -EACCES;\r | |
2722 | +}\r | |
2723 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL\r | |
2724 | +else if(grsec_enable_tpe_all &&\r | |
2725 | + (current->uid) && !(((!(file->f_dentry->d_parent->d_inode->i_uid) &&\r | |
2726 | + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) &&\r | |
2727 | + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH)) ||\r | |
2728 | + ((file->f_dentry->d_parent->d_inode->i_uid == current->uid) &&\r | |
2729 | + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) &&\r | |
2730 | + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH))))){\r | |
2731 | + security_alert("denied exec of %.32s by " DEFAULTSECMSG\r | |
2732 | + "reason: untrusted","denied execs",\r | |
2733 | + filename, DEFAULTSECARGS);\r | |
2734 | + dput(file->f_dentry);\r | |
2735 | + return -EACCES;\r | |
2736 | +}\r | |
2737 | +#endif\r | |
2738 | +}\r | |
2739 | +#endif\r | |
2740 | +\r | |
2741 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r | |
2742 | + if(grsec_enable_chroot_execlog && proc_is_chrooted(current)) {\r | |
2743 | + printk(KERN_INFO "grsec: exec of %.64s within chroot "\r | |
2744 | + "jail (%.32s:%lu) by process " DEFAULTSECMSG "\n",\r | |
2745 | + filename,kdevname(current->fs->root->d_inode->i_dev),\r | |
2746 | + current->fs->root->d_inode->i_ino,\r | |
2747 | + DEFAULTSECARGS);\r | |
2748 | + }\r | |
2749 | +#endif\r | |
2750 | +\r | |
2751 | +#if defined(CONFIG_GRKERNSEC_EXECLOG) || defined(CONFIG_GRKERNSEC_EXECLOG_GROUP)\r | |
2752 | +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r | |
2753 | + if (in_group_p(grsec_execlog_gid) && grsec_enable_execlog_group) {\r | |
2754 | +#else\r | |
2755 | + if (grsec_enable_execlog) {\r | |
2756 | +#endif\r | |
2757 | + for(x=0;x<sizeof(grarg);x++)\r | |
2758 | + grarg[x]='\0';\r | |
2759 | + for(x=0;x<bprm.argc;x++) {\r | |
2760 | + if((strlen(argv[x]) + strlen(grarg) + 2) < sizeof(grarg)) {\r | |
2761 | + grargs=strcat(grarg,argv[x]);\r | |
2762 | + if(x<bprm.argc-1)\r | |
2763 | + grargs=strcat(grarg," ");\r | |
2764 | + }\r | |
2765 | + }\r | |
2766 | + printk(KERN_INFO "grsec: exec of [%.32s:%lu] (%.68s) by " DEFAULTSECMSG\r | |
2767 | + "\n", kdevname(file->f_dentry->d_inode->i_dev),\r | |
2768 | + file->f_dentry->d_inode->i_ino, grarg, DEFAULTSECARGS);\r | |
2769 | + }\r | |
2770 | +#endif\r | |
2771 | +\r | |
2772 | retval = copy_strings_kernel(1, &bprm.filename, &bprm);\r | |
2773 | if (retval < 0) \r | |
2774 | goto out; \r | |
2775 | @@ -904,9 +1195,19 @@\r | |
2776 | goto out; \r | |
2777 | \r | |
2778 | retval = search_binary_handler(&bprm,regs);\r | |
2779 | - if (retval >= 0)\r | |
2780 | + if (retval >= 0) {\r | |
2781 | +#ifdef CONFIG_OBV_PROC\r | |
2782 | + if(obv_set_proc_acl(file->f_dentry,current,filename,file->f_vfsmnt)) {\r | |
2783 | + obv_seclog("could not set acl for %ld %d",\r | |
2784 | + file->f_dentry->d_inode->i_ino,\r | |
2785 | + file->f_dentry->d_inode->i_dev);\r | |
2786 | + goto out; \r | |
2787 | + }\r | |
2788 | +#endif\r | |
2789 | +\r | |
2790 | /* execve success */\r | |
2791 | return retval;\r | |
2792 | + }\r | |
2793 | \r | |
2794 | out:\r | |
2795 | /* Something went wrong, return the inode and free the argument pages*/\r | |
2796 | @@ -920,6 +1221,13 @@\r | |
2797 | __free_page(page);\r | |
2798 | }\r | |
2799 | \r | |
2800 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
2801 | + if(grsec_enable_fd && bprm.tweak_fd_mask) { \r | |
2802 | + for(i=0;i<=2;i++)\r | |
2803 | + if(bprm.tweak_fd_mask & (1 << i))\r | |
2804 | + (void)sys_close(i);\r | |
2805 | + }\r | |
2806 | +#endif\r | |
2807 | return retval;\r | |
2808 | }\r | |
2809 | \r | |
2810 | @@ -952,7 +1260,14 @@\r | |
2811 | goto fail;\r | |
2812 | \r | |
2813 | memcpy(corename,"core.", 5);\r | |
2814 | +#ifdef CONFIG_GRKERNSEC_COREDUMP\r | |
2815 | + if(grsec_enable_coredump)\r | |
2816 | + memcpy(corename+5,current->comm,sizeof(current->comm));\r | |
2817 | + else\r | |
2818 | + corename[4] = '\0';\r | |
2819 | +#else\r | |
2820 | corename[4] = '\0';\r | |
2821 | +#endif\r | |
2822 | if (core_uses_pid || atomic_read(¤t->mm->mm_users) != 1)\r | |
2823 | sprintf(&corename[4], ".%d", current->pid);\r | |
2824 | file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);\r | |
2825 | @@ -970,7 +1285,11 @@\r | |
2826 | goto close_fail;\r | |
2827 | if (!file->f_op->write)\r | |
2828 | goto close_fail;\r | |
2829 | +#ifdef CONFIG_OBV_PROC\r | |
2830 | + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)\r | |
2831 | +#else\r | |
2832 | if (do_truncate(file->f_dentry, 0) != 0)\r | |
2833 | +#endif\r | |
2834 | goto close_fail;\r | |
2835 | \r | |
2836 | down_read(¤t->mm->mmap_sem);\r | |
2837 | diff -urN linux/fs/namei.c linux/fs/namei.c\r | |
2838 | --- linux/fs/namei.c Wed Oct 17 17:46:29 2001\r | |
2839 | +++ linux/fs/namei.c Mon Nov 26 10:38:06 2001\r | |
2840 | @@ -26,8 +26,22 @@\r | |
2841 | #include <asm/namei.h>\r | |
2842 | #include <asm/uaccess.h>\r | |
2843 | \r | |
2844 | +#if defined(CONFIG_GRKERNSEC_LINK) || defined(CONFIG_GRKERNSEC_FIFO) ||\\r | |
2845 | + defined(CONFIG_GRKERNSEC_CHROOT)\r | |
2846 | +#include <linux/grsecurity.h>\r | |
2847 | +#endif\r | |
2848 | +\r | |
2849 | +#ifdef CONFIG_OBV_PROC\r | |
2850 | +#include <linux/obvext.h>\r | |
2851 | +#include <linux/grsecurity.h>\r | |
2852 | +#endif\r | |
2853 | +\r | |
2854 | #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])\r | |
2855 | \r | |
2856 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
2857 | +extern struct task_struct *child_reaper;\r | |
2858 | +#endif\r | |
2859 | +\r | |
2860 | /* [Feb-1997 T. Schoebel-Theuer]\r | |
2861 | * Fundamental changes in the pathname lookup mechanisms (namei)\r | |
2862 | * were necessary because of omirr. The reason is that omirr needs\r | |
2863 | @@ -342,6 +356,27 @@\r | |
2864 | current->state = TASK_RUNNING;\r | |
2865 | schedule();\r | |
2866 | }\r | |
2867 | +\r | |
2868 | +#ifdef CONFIG_GRKERNSEC_LINK\r | |
2869 | + if(grsec_enable_link && S_ISLNK(dentry->d_inode->i_mode) &&\r | |
2870 | + (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&\r | |
2871 | + dentry->d_parent->d_inode->i_uid != dentry->d_inode->i_uid &&\r | |
2872 | + (dentry->d_parent->d_inode->i_mode & S_IWOTH) &&\r | |
2873 | + current->fsuid != dentry->d_inode->i_uid) {\r | |
2874 | + security_alert("not following symlink (%.30s/%.30s) of [%.32s]:%lu owned by %d.%d "\r | |
2875 | + "by " DEFAULTSECMSG,"symlinks not followed",\r | |
2876 | + dentry->d_parent->d_name.name,\r | |
2877 | + dentry->d_name.name,\r | |
2878 | + kdevname(dentry->d_inode->i_dev),\r | |
2879 | + dentry->d_inode->i_ino,\r | |
2880 | + dentry->d_inode->i_uid,\r | |
2881 | + dentry->d_inode->i_gid,\r | |
2882 | + DEFAULTSECARGS);\r | |
2883 | + path_release(nd);\r | |
2884 | + return -EACCES;\r | |
2885 | + }\r | |
2886 | +#endif\r | |
2887 | +\r | |
2888 | current->link_count++;\r | |
2889 | current->total_link_count++;\r | |
2890 | UPDATE_ATIME(dentry->d_inode);\r | |
2891 | @@ -625,6 +660,20 @@\r | |
2892 | else if (this.len == 2 && this.name[1] == '.')\r | |
2893 | nd->last_type = LAST_DOTDOT;\r | |
2894 | return_base:\r | |
2895 | +#ifdef CONFIG_OBV_PROC\r | |
2896 | + if(nd->dentry && !(IS_ERR(nd->dentry)))\r | |
2897 | + if( ( (obv_check_hidden(nd->dentry,nd->mnt)) == OBV_DENY) ) {\r | |
2898 | + obv_seclog("attempt to access hidden file "\r | |
2899 | + "with inode %ld dev %d by " DEFAULTSECMSG,\r | |
2900 | + nd->dentry->d_inode->i_ino,\r | |
2901 | + nd->dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
2902 | + err = -ENOENT; /*Fake that its not there*/\r | |
2903 | + dput(dentry);\r | |
2904 | + path_release(nd);\r | |
2905 | + goto return_err;\r | |
2906 | + }\r | |
2907 | +#endif\r | |
2908 | +\r | |
2909 | return 0;\r | |
2910 | out_dput:\r | |
2911 | dput(dentry);\r | |
2912 | @@ -976,6 +1025,49 @@\r | |
2913 | struct dentry *dentry;\r | |
2914 | struct dentry *dir;\r | |
2915 | int count = 0;\r | |
2916 | +#ifdef CONFIG_OBV_PROC\r | |
2917 | + int tmp;\r | |
2918 | + if(flag & OBV_NONEXISTANT) {\r | |
2919 | + flag &= ~OBV_NONEXISTANT;\r | |
2920 | + if(path_init(pathname,lookup_flags(flag)|LOOKUP_PARENT,nd))\r | |
2921 | + error = path_walk(pathname,nd);\r | |
2922 | + if(error) return error;\r | |
2923 | + } else {\r | |
2924 | + if(path_init(pathname,lookup_flags(flag),nd))\r | |
2925 | + error = path_walk(pathname,nd);\r | |
2926 | + if(error) return error;\r | |
2927 | + }\r | |
2928 | + if( (tmp = (flag&O_ACCMODE)) > 0) {\r | |
2929 | + if(tmp & FMODE_READ ) {\r | |
2930 | + if( (obv_search(nd->dentry,OBV_READ,nd->mnt)) == OBV_DENY) {\r | |
2931 | + obv_seclog("attempt to open %.1024s read-only "\r | |
2932 | + "by " DEFAULTSECMSG, pathname, DEFAULTSECARGS);\r | |
2933 | + error = -EPERM;\r | |
2934 | + goto exit;\r | |
2935 | + }\r | |
2936 | + }\r | |
2937 | + else if(flag & O_APPEND) {\r | |
2938 | + if( (obv_search(nd->dentry,OBV_APPEND,nd->mnt)) == OBV_DENY) {\r | |
2939 | + obv_seclog("attempt to open %.1024s "\r | |
2940 | + "append-only by " DEFAULTSECMSG,\r | |
2941 | + pathname, DEFAULTSECARGS);\r | |
2942 | + error = -EPERM;\r | |
2943 | + goto exit;\r | |
2944 | + }\r | |
2945 | + }\r | |
2946 | + if(tmp & FMODE_WRITE && (!(flag & O_APPEND))) { /* its write*/\r | |
2947 | + if( ( (obv_search(nd->dentry,OBV_WRITE,nd->mnt)) == OBV_DENY) ) {\r | |
2948 | + obv_seclog("attempt to open %.1024s "\r | |
2949 | + "for writing by " DEFAULTSECMSG,\r | |
2950 | + pathname, DEFAULTSECARGS);\r | |
2951 | + error = -EPERM;\r | |
2952 | + goto exit;\r | |
2953 | + }\r | |
2954 | + }\r | |
2955 | + }\r | |
2956 | + path_release(nd);\r | |
2957 | +#endif\r | |
2958 | +\r | |
2959 | \r | |
2960 | acc_mode = ACC_MODE(flag);\r | |
2961 | \r | |
2962 | @@ -1083,6 +1175,22 @@\r | |
2963 | * actually live on the filesystem itself, and as such you\r | |
2964 | * can write to them even if the filesystem is read-only.\r | |
2965 | */\r | |
2966 | +#ifdef CONFIG_GRKERNSEC_FIFO\r | |
2967 | + if (grsec_enable_fifo &&\r | |
2968 | + S_ISFIFO(inode->i_mode) && !(flag & O_EXCL) &&\r | |
2969 | + (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&\r | |
2970 | + inode->i_uid != dentry->d_parent->d_inode->i_uid &&\r | |
2971 | + current->fsuid != inode->i_uid) {\r | |
2972 | + if (!permission(inode, acc_mode))\r | |
2973 | + security_alert("denied writing FIFO (%.32s/%.32s) of %d.%d "\r | |
2974 | + "by " DEFAULTSECMSG,\r | |
2975 | + "writes into a FIFO denied",dentry->d_parent->d_name.name,dentry->d_name.name,\r | |
2976 | + inode->i_uid, inode->i_gid,\r | |
2977 | + DEFAULTSECARGS);\r | |
2978 | + error = -EACCES;\r | |
2979 | + goto exit_dput;\r | |
2980 | + }\r | |
2981 | +#endif\r | |
2982 | if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {\r | |
2983 | flag &= ~O_TRUNC;\r | |
2984 | } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {\r | |
2985 | @@ -1126,7 +1234,11 @@\r | |
2986 | if (!error) {\r | |
2987 | DQUOT_INIT(inode);\r | |
2988 | \r | |
2989 | +#ifdef CONFIG_OBV_PROC\r | |
2990 | + error = do_truncate(dentry,0,nd->mnt);\r | |
2991 | +#else\r | |
2992 | error = do_truncate(dentry, 0);\r | |
2993 | +#endif\r | |
2994 | }\r | |
2995 | put_write_access(inode);\r | |
2996 | if (error)\r | |
2997 | @@ -1157,6 +1269,24 @@\r | |
2998 | * stored in nd->last.name and we will have to putname() it when we\r | |
2999 | * are done. Procfs-like symlinks just set LAST_BIND.\r | |
3000 | */\r | |
3001 | +#ifdef CONFIG_GRKERNSEC_LINK\r | |
3002 | + if(grsec_enable_link && S_ISLNK(dentry->d_inode->i_mode) &&\r | |
3003 | + (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&\r | |
3004 | + dentry->d_parent->d_inode->i_uid != dentry->d_inode->i_uid &&\r | |
3005 | + (dentry->d_parent->d_inode->i_mode & S_IWOTH) &&\r | |
3006 | + current->fsuid != dentry->d_inode->i_uid) {\r | |
3007 | + security_alert("not following symlink (%.30s/%.30s) [%.32s]:%lu of %d.%d "\r | |
3008 | + "by " DEFAULTSECMSG,"symlinks not followed",\r | |
3009 | + dentry->d_parent->d_name.name, dentry->d_name.name, \r | |
3010 | + kdevname(dentry->d_inode->i_dev), \r | |
3011 | + dentry->d_inode->i_ino, dentry->d_inode->i_uid,\r | |
3012 | + dentry->d_inode->i_gid,\r | |
3013 | + DEFAULTSECARGS);\r | |
3014 | + error = -EACCES;\r | |
3015 | + goto exit_dput;\r | |
3016 | + }\r | |
3017 | +#endif\r | |
3018 | +\r | |
3019 | UPDATE_ATIME(dentry->d_inode);\r | |
3020 | error = dentry->d_inode->i_op->follow_link(dentry, nd);\r | |
3021 | dput(dentry);\r | |
3022 | @@ -1241,6 +1371,9 @@\r | |
3023 | struct dentry * dentry;\r | |
3024 | struct nameidata nd;\r | |
3025 | \r | |
3026 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3027 | + char grdevmode;\r | |
3028 | +#endif\r | |
3029 | if (S_ISDIR(mode))\r | |
3030 | return -EPERM;\r | |
3031 | tmp = getname(filename);\r | |
3032 | @@ -1256,6 +1389,37 @@\r | |
3033 | \r | |
3034 | mode &= ~current->fs->umask;\r | |
3035 | if (!IS_ERR(dentry)) {\r | |
3036 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3037 | + if (grsec_enable_chroot && !S_ISFIFO(mode) && proc_is_chrooted(current)) {\r | |
3038 | + switch (mode & S_IFMT) {\r | |
3039 | + case S_IFREG: grdevmode = 'r'; break;\r | |
3040 | + case S_IFCHR: grdevmode = 'c'; break;\r | |
3041 | + case S_IFBLK: grdevmode = 'b'; break;\r | |
3042 | + case S_IFSOCK: grdevmode = 's'; break;\r | |
3043 | + default: grdevmode = 'u';\r | |
3044 | + }\r | |
3045 | + security_alert("refused attempt to mknod(%c:%.32s) (%.30s) from chroot() jail (%s:%lu) "\r | |
3046 | + "owned by %d %d by " DEFAULTSECMSG, \r | |
3047 | + "mknods in chroot denied",grdevmode,kdevname(dev),tmp,\r | |
3048 | + kdevname(current->fs->root->d_inode->i_dev),current->fs->root->d_inode->i_ino,\r | |
3049 | + current->fs->root->d_inode->i_uid,current->fs->root->d_inode->i_gid,\r | |
3050 | + DEFAULTSECARGS);\r | |
3051 | + error = -EPERM;\r | |
3052 | + dput(dentry);\r | |
3053 | + goto out_dput;\r | |
3054 | + }\r | |
3055 | +#endif \r | |
3056 | +#ifdef CONFIG_OBV_PROC\r | |
3057 | + if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY) ) {\r | |
3058 | + obv_seclog("attempt to mknod %.1024s (dev %d) by "\r | |
3059 | + DEFAULTSECMSG, filename, dev,\r | |
3060 | + DEFAULTSECARGS);\r | |
3061 | + error = -EPERM;\r | |
3062 | + dput(dentry);\r | |
3063 | + goto out_dput;\r | |
3064 | + }\r | |
3065 | +#endif\r | |
3066 | + \r | |
3067 | switch (mode & S_IFMT) {\r | |
3068 | case 0: case S_IFREG:\r | |
3069 | error = vfs_create(nd.dentry->d_inode,dentry,mode);\r | |
3070 | @@ -1271,6 +1435,7 @@\r | |
3071 | }\r | |
3072 | dput(dentry);\r | |
3073 | }\r | |
3074 | +out_dput:\r | |
3075 | up(&nd.dentry->d_inode->i_sem);\r | |
3076 | path_release(&nd);\r | |
3077 | out:\r | |
3078 | @@ -1323,6 +1488,17 @@\r | |
cab4bb15 | 3079 | if (!IS_ERR(dentry)) {\r |
842916cd JR |
3080 | if (!IS_POSIX_ACL(nd.dentry->d_inode))\r |
3081 | mode &= ~current->fs->umask;\r | |
cab4bb15 | 3082 | +#ifdef CONFIG_OBV_PROC\r |
3083 | + error = 0;\r | |
3084 | + if( ( ((obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY))){\r | |
3085 | + obv_seclog("attempt to mkdir %.1024s by "\r | |
3086 | + DEFAULTSECMSG, pathname,\r | |
3087 | + DEFAULTSECARGS);\r | |
3088 | + error = -EPERM;\r | |
3089 | + }\r | |
3090 | + if(!error)\r | |
3091 | +#endif\r | |
3092 | +\r | |
842916cd | 3093 | error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);\r |
cab4bb15 | 3094 | dput(dentry);\r |
842916cd | 3095 | }\r |
cab4bb15 | 3096 | @@ -1431,7 +1607,17 @@\r |
3097 | dentry = lookup_hash(&nd.last, nd.dentry);\r | |
3098 | error = PTR_ERR(dentry);\r | |
3099 | if (!IS_ERR(dentry)) {\r | |
3100 | - error = vfs_rmdir(nd.dentry->d_inode, dentry);\r | |
3101 | +#ifdef CONFIG_OBV_PROC\r | |
3102 | + error = 0;\r | |
3103 | + if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r | |
3104 | + obv_seclog("attempt to rmdir %.1024s by "\r | |
3105 | + DEFAULTSECMSG, pathname,\r | |
3106 | + DEFAULTSECARGS);\r | |
3107 | + error = -EPERM;\r | |
3108 | + }\r | |
3109 | + if(!error)\r | |
3110 | +#endif\r | |
3111 | + error = vfs_rmdir(nd.dentry->d_inode, dentry);\r | |
3112 | dput(dentry);\r | |
3113 | }\r | |
3114 | up(&nd.dentry->d_inode->i_sem);\r | |
3115 | @@ -1494,7 +1680,17 @@\r | |
3116 | /* Why not before? Because we want correct error value */\r | |
3117 | if (nd.last.name[nd.last.len])\r | |
3118 | goto slashes;\r | |
3119 | - error = vfs_unlink(nd.dentry->d_inode, dentry);\r | |
3120 | +#ifdef CONFIG_OBV_PROC\r | |
3121 | + error = 0;\r | |
3122 | + if( ( (obv_search(dentry,OBV_WRITE, nd.mnt)) == OBV_DENY)) {\r | |
3123 | + obv_seclog("attempt to unlink %.1024s by " DEFAULTSECMSG,\r | |
3124 | + name, DEFAULTSECARGS);\r | |
3125 | + error = -EPERM;\r | |
3126 | + }\r | |
3127 | + if(!error)\r | |
3128 | +#endif\r | |
3129 | +\r | |
3130 | + error = vfs_unlink(nd.dentry->d_inode, dentry);\r | |
3131 | exit2:\r | |
3132 | dput(dentry);\r | |
3133 | }\r | |
3134 | @@ -1559,7 +1755,19 @@\r | |
3135 | dentry = lookup_create(&nd, 0);\r | |
3136 | error = PTR_ERR(dentry);\r | |
3137 | if (!IS_ERR(dentry)) {\r | |
3138 | - error = vfs_symlink(nd.dentry->d_inode, dentry, from);\r | |
3139 | +#ifdef CONFIG_OBV_PROC\r | |
3140 | + error = 0;\r | |
3141 | + if( obv_search(nd.dentry,OBV_WRITE,nd.mnt) == OBV_DENY)\r | |
3142 | + {\r | |
3143 | + obv_seclog("attempt to symlink %.1024s"\r | |
3144 | + "to %.1024s by " DEFAULTSECMSG,\r | |
3145 | + from, to, DEFAULTSECARGS);\r | |
3146 | + error = -EPERM;\r | |
3147 | + }\r | |
3148 | +\r | |
3149 | + if(!error) \r | |
3150 | +#endif\r | |
3151 | + error = vfs_symlink(nd.dentry->d_inode, dentry, from);\r | |
3152 | dput(dentry);\r | |
3153 | }\r | |
3154 | up(&nd.dentry->d_inode->i_sem);\r | |
3155 | @@ -1650,6 +1858,35 @@\r | |
3156 | new_dentry = lookup_create(&nd, 0);\r | |
3157 | error = PTR_ERR(new_dentry);\r | |
3158 | if (!IS_ERR(new_dentry)) {\r | |
3159 | +#ifdef CONFIG_GRKERNSEC_LINK\r | |
3160 | + if(grsec_enable_link) {\r | |
3161 | + error = -EPERM;\r | |
3162 | + if(current->fsuid != old_nd.dentry->d_inode->i_uid &&\r | |
3163 | + (!S_ISREG(old_nd.dentry->d_inode->i_mode) ||\r | |
3164 | + (old_nd.dentry->d_inode->i_mode & S_ISUID) ||\r | |
3165 | + ((old_nd.dentry->d_inode->i_mode & (S_ISGID | S_IXGRP)) == \r | |
3166 | + (S_ISGID | S_IXGRP)) || (error = permission(old_nd.dentry->d_inode,\r | |
3167 | + MAY_READ | MAY_WRITE))) && !capable(CAP_FOWNER) \r | |
3168 | + && current->uid) {\r | |
3169 | + security_alert("denied hardlink of %.30s (owned by %d.%d) to %.30s for "\r | |
3170 | + DEFAULTSECMSG, "denied hardlinks",oldname,old_nd.dentry->d_inode->i_uid,\r | |
3171 | + old_nd.dentry->d_inode->i_gid,newname,DEFAULTSECARGS);\r | |
3172 | + dput(new_dentry);\r | |
3173 | + goto out_release;\r | |
3174 | + }\r | |
3175 | + }\r | |
3176 | +#endif \r | |
3177 | +#ifdef CONFIG_OBV_PROC\r | |
3178 | + error = 0;\r | |
3179 | + if( obv_search(old_nd.dentry,OBV_WRITE,old_nd.mnt) == OBV_DENY || obv_search(nd.dentry,OBV_WRITE,nd.mnt) == OBV_DENY) {\r | |
3180 | + obv_seclog("attempt to link %.1024s to %.1024s by " \r | |
3181 | + DEFAULTSECMSG, oldname, newname,\r | |
3182 | + DEFAULTSECARGS);\r | |
3183 | + error = -EPERM;\r | |
3184 | + }\r | |
3185 | + if(!error)\r | |
3186 | +#endif\r | |
3187 | +\r | |
3188 | error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);\r | |
3189 | dput(new_dentry);\r | |
3190 | }\r | |
3191 | @@ -1887,11 +2124,25 @@\r | |
3192 | error = PTR_ERR(new_dentry);\r | |
3193 | if (IS_ERR(new_dentry))\r | |
3194 | goto exit4;\r | |
3195 | +#ifdef CONFIG_OBV_PROC\r | |
3196 | + error = 0;\r | |
3197 | + if( obv_search(old_dir,OBV_WRITE,oldnd.mnt) == OBV_DENY || obv_search(new_dir,OBV_WRITE,newnd.mnt) == OBV_DENY) {\r | |
3198 | + obv_seclog("attempt to rename %.1024s to %.1024s by " \r | |
3199 | + DEFAULTSECMSG, oldname, newname,\r | |
3200 | + DEFAULTSECARGS);\r | |
3201 | + error = -EPERM;\r | |
3202 | + }\r | |
3203 | + if(!error) {\r | |
3204 | +#endif\r | |
3205 | +\r | |
3206 | \r | |
3207 | lock_kernel();\r | |
3208 | error = vfs_rename(old_dir->d_inode, old_dentry,\r | |
3209 | new_dir->d_inode, new_dentry);\r | |
3210 | unlock_kernel();\r | |
3211 | +#ifdef CONFIG_OBV_PROC\r | |
3212 | + }\r | |
3213 | +#endif\r | |
3214 | \r | |
3215 | dput(new_dentry);\r | |
3216 | exit4:\r | |
3217 | diff -urN linux/fs/namespace.c linux/fs/namespace.c\r | |
3218 | --- linux/fs/namespace.c Sun Nov 11 14:23:14 2001\r | |
3219 | +++ linux/fs/namespace.c Mon Nov 26 10:38:06 2001\r | |
3220 | @@ -16,6 +16,11 @@\r | |
3221 | #include <linux/acct.h>\r | |
3222 | #include <linux/module.h>\r | |
3223 | #include <linux/devfs_fs_kernel.h>\r | |
3224 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3225 | +#include <linux/sched.h>\r | |
3226 | +#include <linux/grsecurity.h>\r | |
3227 | +extern struct task_struct *child_reaper;\r | |
3228 | +#endif\r | |
3229 | \r | |
3230 | #include <asm/uaccess.h>\r | |
3231 | \r | |
3232 | @@ -714,6 +719,20 @@\r | |
3233 | retval = path_walk(dir_name, &nd);\r | |
3234 | if (retval)\r | |
3235 | return retval;\r | |
3236 | +\r | |
3237 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3238 | + if (grsec_enable_chroot && proc_is_chrooted(current)) {\r | |
3239 | + security_alert("denied attempt to mount (%.30s) as %.64s from chroot jail (%.32s:%lu) "\r | |
3240 | + "of %d.%d by " DEFAULTSECMSG, "denied mounts in chroot",\r | |
3241 | + dev_name,dir_name, kdevname(current->fs->root->d_inode->i_dev),\r | |
3242 | + current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,\r | |
3243 | + current->fs->root->d_inode->i_gid, DEFAULTSECARGS);\r | |
3244 | + retval = -EPERM;\r | |
3245 | + path_release(&nd);\r | |
3246 | + return retval;\r | |
3247 | + }\r | |
3248 | +#endif\r | |
3249 | +\r | |
3250 | \r | |
3251 | if (flags & MS_REMOUNT)\r | |
3252 | retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,\r | |
3253 | diff -urN linux/fs/open.c linux/fs/open.c\r | |
3254 | --- linux/fs/open.c Fri Oct 12 16:48:42 2001\r | |
3255 | +++ linux/fs/open.c Mon Nov 26 10:38:06 2001\r | |
3256 | @@ -18,8 +18,36 @@\r | |
3257 | \r | |
3258 | #include <asm/uaccess.h>\r | |
3259 | \r | |
3260 | +#if defined(CONFIG_GRKERNSEC_CHROOT)||\\r | |
3261 | + defined(CONFIG_GRKERNSEC_CHROOT_CAPS)\r | |
3262 | +#include <linux/grsecurity.h>\r | |
3263 | +#endif\r | |
3264 | +\r | |
3265 | +#ifdef CONFIG_OBV_PROC\r | |
3266 | +#include <linux/obvext.h>\r | |
3267 | +#include <linux/grsecurity.h>\r | |
3268 | +#endif\r | |
3269 | +\r | |
3270 | #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))\r | |
3271 | \r | |
3272 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3273 | +extern struct task_struct *child_reaper;\r | |
3274 | +#endif\r | |
3275 | +\r | |
3276 | +#ifdef CONFIG_OBV_PROC\r | |
3277 | +static int conv_flags(int p) {\r | |
3278 | + int retval = LOOKUP_FOLLOW;\r | |
3279 | + if(p & O_NOFOLLOW)\r | |
3280 | + retval &= ~LOOKUP_FOLLOW;\r | |
3281 | + if( (p & (O_CREAT|O_EXCL)) == (O_CREAT | O_EXCL))\r | |
3282 | + retval &= ~LOOKUP_FOLLOW;\r | |
3283 | + if(p & O_DIRECTORY)\r | |
3284 | + retval |= LOOKUP_DIRECTORY;\r | |
3285 | + return retval;\r | |
3286 | +}\r | |
3287 | +#endif\r | |
3288 | +\r | |
3289 | +\r | |
3290 | int vfs_statfs(struct super_block *sb, struct statfs *buf)\r | |
3291 | {\r | |
3292 | int retval = -ENODEV;\r | |
3293 | @@ -71,7 +99,11 @@\r | |
3294 | return error;\r | |
3295 | }\r | |
3296 | \r | |
3297 | +#ifdef CONFIG_OBV_PROC\r | |
3298 | +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)\r | |
3299 | +#else\r | |
3300 | int do_truncate(struct dentry *dentry, loff_t length)\r | |
3301 | +#endif\r | |
3302 | {\r | |
3303 | struct inode *inode = dentry->d_inode;\r | |
3304 | int error;\r | |
3305 | @@ -81,6 +113,17 @@\r | |
3306 | if (length < 0)\r | |
3307 | return -EINVAL;\r | |
3308 | \r | |
3309 | +#ifdef CONFIG_OBV_PROC\r | |
3310 | + if( ( (obv_search(dentry,OBV_WRITE,mnt)) == OBV_DENY)) {\r | |
3311 | + obv_seclog("attempted to truncate file with inode %ld dev "\r | |
3312 | + "%d by " DEFAULTSECMSG,\r | |
3313 | + dentry->d_inode->i_ino,\r | |
3314 | + dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3315 | + return -EPERM;\r | |
3316 | + }\r | |
3317 | +#endif\r | |
3318 | +\r | |
3319 | +\r | |
3320 | down(&inode->i_sem);\r | |
3321 | newattrs.ia_size = length;\r | |
3322 | newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;\r | |
3323 | @@ -139,7 +182,11 @@\r | |
3324 | error = locks_verify_truncate(inode, NULL, length);\r | |
3325 | if (!error) {\r | |
3326 | DQUOT_INIT(inode);\r | |
3327 | +#ifdef CONFIG_OBV_PROC\r | |
3328 | + error = do_truncate(nd.dentry, length, nd.mnt);\r | |
3329 | +#else\r | |
3330 | error = do_truncate(nd.dentry, length);\r | |
3331 | +#endif\r | |
3332 | }\r | |
3333 | put_write_access(inode);\r | |
3334 | \r | |
3335 | @@ -191,7 +238,11 @@\r | |
3336 | \r | |
3337 | error = locks_verify_truncate(inode, file, length);\r | |
3338 | if (!error)\r | |
3339 | +#ifdef CONFIG_OBV_PROC\r | |
3340 | + error = do_truncate(dentry, length, file->f_vfsmnt);\r | |
3341 | +#else\r | |
3342 | error = do_truncate(dentry, length);\r | |
3343 | +#endif\r | |
3344 | out_putf:\r | |
3345 | fput(file);\r | |
3346 | out:\r | |
3347 | @@ -245,6 +296,18 @@\r | |
3348 | if (IS_RDONLY(inode))\r | |
3349 | goto dput_and_out;\r | |
3350 | \r | |
3351 | +#ifdef CONFIG_OBV_PROC\r | |
3352 | + if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r | |
3353 | + obv_seclog("attempted to change access time for file" \r | |
3354 | + "with inode %ld dev %d by " DEFAULTSECMSG,\r | |
3355 | + nd.dentry->d_inode->i_ino,\r | |
3356 | + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3357 | + error = -EPERM;\r | |
3358 | + goto dput_and_out;\r | |
3359 | + }\r | |
3360 | +#endif\r | |
3361 | +\r | |
3362 | +\r | |
3363 | /* Don't worry, the checks are done in inode_change_ok() */\r | |
3364 | newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;\r | |
3365 | if (times) {\r | |
3366 | @@ -290,6 +353,18 @@\r | |
3367 | if (IS_RDONLY(inode))\r | |
3368 | goto dput_and_out;\r | |
3369 | \r | |
3370 | +#ifdef CONFIG_OBV_PROC\r | |
3371 | + if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r | |
3372 | + obv_seclog("attempted to change access time for file with"\r | |
3373 | + "inode %ld dev %d by " DEFAULTSECMSG,\r | |
3374 | + nd.dentry->d_inode->i_ino,\r | |
3375 | + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3376 | + error = -EPERM;\r | |
3377 | + goto dput_and_out;\r | |
3378 | + }\r | |
3379 | +#endif\r | |
3380 | +\r | |
3381 | +\r | |
3382 | /* Don't worry, the checks are done in inode_change_ok() */\r | |
3383 | newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;\r | |
3384 | if (utimes) {\r | |
3385 | @@ -341,6 +416,16 @@\r | |
3386 | \r | |
3387 | res = user_path_walk(filename, &nd);\r | |
3388 | if (!res) {\r | |
3389 | +#ifdef CONFIG_OBV_PROC\r | |
3390 | + if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r | |
3391 | + obv_seclog("attempted to access file with inode %ld dev "\r | |
3392 | + "%d by " DEFAULTSECMSG, nd.dentry->d_inode->i_ino,\r | |
3393 | + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3394 | + path_release(&nd);\r | |
3395 | + return -EPERM;\r | |
3396 | + }\r | |
3397 | +#endif\r | |
3398 | +\r | |
3399 | res = permission(nd.dentry->d_inode, mode);\r | |
3400 | /* SuS v2 requires we report a read only fs too */\r | |
3401 | if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)\r | |
3402 | @@ -378,6 +463,16 @@\r | |
3403 | if (error)\r | |
3404 | goto dput_and_out;\r | |
3405 | \r | |
3406 | +#ifdef CONFIG_OBV_PROC\r | |
3407 | + if( ( (obv_search(nd.dentry,OBV_READ,nd.mnt)) == OBV_DENY)) {\r | |
3408 | + obv_seclog("Attempted to chdir to directory with inode %ld dev "\r | |
3409 | + "%d by " DEFAULTSECMSG, nd.dentry->d_inode->i_ino,\r | |
3410 | + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3411 | + error = -EPERM;\r | |
3412 | + goto dput_and_out;\r | |
3413 | + }\r | |
3414 | +#endif\r | |
3415 | +\r | |
3416 | set_fs_pwd(current->fs, nd.mnt, nd.dentry);\r | |
3417 | \r | |
3418 | dput_and_out:\r | |
3419 | @@ -408,6 +503,16 @@\r | |
3420 | goto out_putf;\r | |
3421 | \r | |
3422 | error = permission(inode, MAY_EXEC);\r | |
3423 | +\r | |
3424 | +#ifdef CONFIG_OBV_PROC\r | |
3425 | + if( ( (obv_search(file->f_dentry,OBV_WRITE,file->f_vfsmnt)) == OBV_DENY)) {\r | |
3426 | + obv_seclog("attempted to truncate file with inode %ld dev "\r | |
3427 | + "%d by " DEFAULTSECMSG,file->f_dentry->d_inode->i_ino,\r | |
3428 | + file->f_dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3429 | + error = -EPERM;\r | |
3430 | + }\r | |
3431 | +#endif\r | |
3432 | +\r | |
3433 | if (!error)\r | |
3434 | set_fs_pwd(current->fs, mnt, dentry);\r | |
3435 | out_putf:\r | |
3436 | @@ -441,9 +546,39 @@\r | |
3437 | error = -EPERM;\r | |
3438 | if (!capable(CAP_SYS_CHROOT))\r | |
3439 | goto dput_and_out;\r | |
3440 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3441 | + if(grsec_enable_chroot && proc_is_chrooted(current)) {\r | |
3442 | + security_alert("denied attempt to chroot() from (%.32s:%lu) to (%.30s)"\r | |
3443 | + ", process " DEFAULTSECMSG,\r | |
3444 | + "double chroot() denied",\r | |
3445 | + kdevname(current->fs->root->d_inode->i_dev),\r | |
3446 | + current->fs->root->d_inode->i_ino,name,\r | |
3447 | + DEFAULTSECARGS);\r | |
3448 | + goto dput_and_out;\r | |
3449 | + }\r | |
3450 | +#endif \r | |
3451 | \r | |
3452 | set_fs_root(current->fs, nd.mnt, nd.dentry);\r | |
3453 | set_fs_altroot();\r | |
3454 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r | |
3455 | + if(grsec_enable_chroot_caps && current->pid && current->pid > 1) {\r | |
3456 | + cap_lower(current->cap_permitted,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &\r | |
3457 | + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &\r | |
3458 | + CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &\r | |
3459 | + CAP_SYS_TTY_CONFIG);\r | |
3460 | + cap_lower(current->cap_inheritable,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &\r | |
3461 | + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &\r | |
3462 | + CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &\r | |
3463 | + CAP_SYS_TTY_CONFIG);\r | |
3464 | + cap_lower(current->cap_effective,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &\r | |
3465 | + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &\r | |
3466 | + CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &\r | |
3467 | + CAP_SYS_TTY_CONFIG);\r | |
3468 | + }\r | |
3469 | +#endif\r | |
3470 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3471 | + if (grsec_enable_chroot) set_fs_pwd(current->fs, nd.mnt, nd.dentry);\r | |
3472 | +#endif\r | |
3473 | error = 0;\r | |
3474 | dput_and_out:\r | |
3475 | path_release(&nd);\r | |
3476 | @@ -472,8 +607,35 @@\r | |
3477 | err = -EPERM;\r | |
3478 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode))\r | |
3479 | goto out_putf;\r | |
3480 | +\r | |
3481 | +#ifdef CONFIG_OBV_PROC\r | |
3482 | + if( ( (obv_search(dentry,OBV_WRITE,file->f_vfsmnt)) == OBV_DENY)) {\r | |
3483 | + obv_seclog("Attempt to fchmod program with inode %ld dev %d "\r | |
3484 | + "by " DEFAULTSECMSG, dentry->d_inode->i_ino,\r | |
3485 | + dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3486 | +\r | |
3487 | + err = -EPERM;\r | |
3488 | + goto out_putf;\r | |
3489 | + }\r | |
3490 | +#endif\r | |
3491 | +\r | |
3492 | if (mode == (mode_t) -1)\r | |
3493 | mode = inode->i_mode;\r | |
3494 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3495 | + if(grsec_enable_chroot && ((mode & S_ISUID) || (mode & S_ISGID))\r | |
3496 | + && proc_is_chrooted(current)) {\r | |
3497 | + security_alert("denied attempt to fchmod +s (%.32s:%lu) owned by %d.%d to mode 0%07o "\r | |
3498 | + "from chroot jail (%.32s:%lu) of %d.%d by "\r | |
3499 | + DEFAULTSECMSG,\r | |
3500 | + "denied fchmod +s in chroot",\r | |
3501 | + kdevname(inode->i_dev),inode->i_ino,inode->i_uid,inode->i_gid,mode,\r | |
3502 | + kdevname(current->fs->root->d_inode->i_dev),current->fs->root->d_inode->i_ino,\r | |
3503 | + current->fs->root->d_inode->i_uid,current->fs->root->d_inode->i_gid,\r | |
3504 | + DEFAULTSECARGS);\r | |
3505 | + err = -EPERM;\r | |
3506 | + goto out_putf;\r | |
3507 | + } \r | |
3508 | +#endif\r | |
3509 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);\r | |
3510 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;\r | |
3511 | err = notify_change(dentry, &newattrs);\r | |
3512 | @@ -504,8 +666,33 @@\r | |
3513 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode))\r | |
3514 | goto dput_and_out;\r | |
3515 | \r | |
3516 | +#ifdef CONFIG_OBV_PROC\r | |
3517 | + if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r | |
3518 | + obv_seclog("Attempt to chmod file %1024s by "\r | |
3519 | + DEFAULTSECMSG, filename, DEFAULTSECARGS); \r | |
3520 | + error = -EPERM;\r | |
3521 | + goto dput_and_out;\r | |
3522 | + }\r | |
3523 | +#endif\r | |
3524 | +\r | |
3525 | +\r | |
3526 | if (mode == (mode_t) -1)\r | |
3527 | mode = inode->i_mode;\r | |
3528 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
3529 | + if (grsec_enable_chroot && ((mode & S_ISUID) || (mode & S_ISGID))\r | |
3530 | + && proc_is_chrooted(current)) {\r | |
3531 | + security_alert("denied attempt to chmod +s (%.32s:%lu) (%.30s) owned by %d.%d to mode 0%07o "\r | |
3532 | + "from chroot jail (%.32s:%lu) of %d.%d by "\r | |
3533 | + DEFAULTSECMSG,"denied chmod +s in chroot",\r | |
3534 | + kdevname(inode->i_dev),inode->i_ino,filename,inode->i_uid,inode->i_gid,\r | |
3535 | + mode,kdevname(current->fs->root->d_inode->i_dev),\r | |
3536 | + current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,\r | |
3537 | + current->fs->root->d_inode->i_gid,\r | |
3538 | + DEFAULTSECARGS);\r | |
3539 | + error = -EPERM;\r | |
3540 | + goto dput_and_out;\r | |
3541 | + }\r | |
3542 | +#endif\r | |
3543 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);\r | |
3544 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;\r | |
3545 | error = notify_change(nd.dentry, &newattrs);\r | |
3546 | @@ -516,7 +703,11 @@\r | |
3547 | return error;\r | |
3548 | }\r | |
3549 | \r | |
3550 | +#ifdef CONFIG_OBV_PROC\r | |
3551 | +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)\r | |
3552 | +#else\r | |
3553 | static int chown_common(struct dentry * dentry, uid_t user, gid_t group)\r | |
3554 | +#endif\r | |
3555 | {\r | |
3556 | struct inode * inode;\r | |
3557 | int error;\r | |
3558 | @@ -533,6 +724,17 @@\r | |
3559 | error = -EPERM;\r | |
3560 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode))\r | |
3561 | goto out;\r | |
3562 | +#ifdef CONFIG_OBV_PROC\r | |
3563 | + if( ( (obv_search(dentry,OBV_WRITE,mnt)) == OBV_DENY)) {\r | |
3564 | + obv_seclog("Attempt to chown file with inode %ld dev %d "\r | |
3565 | + "to %d.%d by " DEFAULTSECMSG,\r | |
3566 | + dentry->d_inode->i_ino,dentry->d_inode->i_dev,\r | |
3567 | + user, group, DEFAULTSECARGS);\r | |
3568 | + error = -EPERM;\r | |
3569 | + goto out;\r | |
3570 | + }\r | |
3571 | +#endif\r | |
3572 | +\r | |
3573 | if (user == (uid_t) -1)\r | |
3574 | user = inode->i_uid;\r | |
3575 | if (group == (gid_t) -1)\r | |
3576 | @@ -583,7 +785,11 @@\r | |
3577 | \r | |
3578 | error = user_path_walk(filename, &nd);\r | |
3579 | if (!error) {\r | |
3580 | +#ifdef CONFIG_OBV_PROC\r | |
3581 | + error = chown_common(nd.dentry, user, group, nd.mnt);\r | |
3582 | +#else\r | |
3583 | error = chown_common(nd.dentry, user, group);\r | |
3584 | +#endif\r | |
3585 | path_release(&nd);\r | |
3586 | }\r | |
3587 | return error;\r | |
3588 | @@ -596,7 +802,11 @@\r | |
3589 | \r | |
3590 | error = user_path_walk_link(filename, &nd);\r | |
3591 | if (!error) {\r | |
3592 | +#ifdef CONFIG_OBV_PROC\r | |
3593 | + error = chown_common(nd.dentry, user, group, nd.mnt);\r | |
3594 | +#else\r | |
3595 | error = chown_common(nd.dentry, user, group);\r | |
3596 | +#endif\r | |
3597 | path_release(&nd);\r | |
3598 | }\r | |
3599 | return error;\r | |
3600 | @@ -610,7 +820,11 @@\r | |
3601 | \r | |
3602 | file = fget(fd);\r | |
3603 | if (file) {\r | |
3604 | +#ifdef CONFIG_OBV_PROC\r | |
3605 | + error = chown_common(file->f_dentry, user, group, file->f_vfsmnt);\r | |
3606 | +#else\r | |
3607 | error = chown_common(file->f_dentry, user, group);\r | |
3608 | +#endif\r | |
3609 | fput(file);\r | |
3610 | }\r | |
3611 | return error;\r | |
3612 | @@ -634,12 +848,39 @@\r | |
3613 | {\r | |
3614 | int namei_flags, error;\r | |
3615 | struct nameidata nd;\r | |
3616 | +#ifdef CONFIG_OBV_PROC\r | |
3617 | + struct nameidata obv;\r | |
3618 | +#endif\r | |
3619 | \r | |
3620 | namei_flags = flags;\r | |
3621 | if ((namei_flags+1) & O_ACCMODE)\r | |
3622 | namei_flags++;\r | |
3623 | if (namei_flags & O_TRUNC)\r | |
3624 | namei_flags |= 2;\r | |
3625 | +\r | |
3626 | +#ifdef CONFIG_OBV_PROC\r | |
3627 | + error = 0;\r | |
3628 | + if(path_init(filename,conv_flags(namei_flags),&obv))\r | |
3629 | + error = path_walk(filename,&obv);\r | |
3630 | + if(error) goto out;\r | |
3631 | + if(!obv.dentry->d_inode)\r | |
3632 | + nd.flags |= OBV_NONEXISTANT;\r | |
3633 | + else \r | |
3634 | + if(S_ISBLK(obv.dentry->d_inode->i_mode) && !capable(CAP_SYS_RAWIO)) {\r | |
3635 | + obv_seclog("Attempt to block device %ld %d with "\r | |
3636 | + "insuffificent capabilities by process "\r | |
3637 | + DEFAULTSECMSG,obv.dentry->d_inode->i_ino,\r | |
3638 | + obv.dentry->d_inode->i_dev, DEFAULTSECARGS);\r | |
3639 | + path_release(&obv);\r | |
3640 | + error = -EPERM;\r | |
3641 | + return ERR_PTR(error);\r | |
3642 | + }\r | |
3643 | +\r | |
3644 | + path_release(&obv);\r | |
3645 | +out:\r | |
3646 | +\r | |
3647 | +#endif\r | |
3648 | +\r | |
3649 | \r | |
3650 | error = open_namei(filename, namei_flags, mode, &nd);\r | |
3651 | if (!error)\r | |
3652 | diff -urN linux/fs/proc/base.c linux/fs/proc/base.c\r | |
3653 | --- linux/fs/proc/base.c Thu Oct 11 02:42:47 2001\r | |
3654 | +++ linux/fs/proc/base.c Mon Nov 26 10:38:06 2001\r | |
3655 | @@ -24,6 +24,10 @@\r | |
3656 | #include <linux/file.h>\r | |
3657 | #include <linux/string.h>\r | |
3658 | \r | |
3659 | +#ifdef CONFIG_OBV_PROC\r | |
3660 | +#include <linux/obvext.h>\r | |
3661 | +#endif\r | |
3662 | +\r | |
3663 | /*\r | |
3664 | * For hysterical raisins we keep the same inumbers as in the old procfs.\r | |
3665 | * Feel free to change the macro below - just keep the range distinct from\r | |
3666 | @@ -663,7 +667,11 @@\r | |
3667 | inode->i_gid = 0;\r | |
3668 | if (ino == PROC_PID_INO || task_dumpable(task)) {\r | |
3669 | inode->i_uid = task->euid;\r | |
3670 | +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3671 | inode->i_gid = task->egid;\r | |
3672 | +#else\r | |
3673 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;\r | |
3674 | +#endif\r | |
3675 | }\r | |
3676 | \r | |
3677 | out:\r | |
3678 | @@ -966,13 +974,27 @@\r | |
3679 | if (!task)\r | |
3680 | goto out;\r | |
3681 | \r | |
3682 | +#ifdef CONFIG_OBV_PROC\r | |
3683 | + if(obv_check_hidden_proc(task->obvacl)) {\r | |
3684 | + free_task_struct(task);\r | |
3685 | + goto out;\r | |
3686 | + }\r | |
3687 | +#endif\r | |
3688 | +\r | |
3689 | +\r | |
3690 | inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);\r | |
3691 | \r | |
3692 | free_task_struct(task);\r | |
3693 | \r | |
3694 | if (!inode)\r | |
3695 | goto out;\r | |
3696 | +#ifdef CONFIG_GRKERNSEC_PROC_USER\r | |
3697 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;\r | |
3698 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3699 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;\r | |
3700 | +#else\r | |
3701 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;\r | |
3702 | +#endif\r | |
3703 | inode->i_op = &proc_base_inode_operations;\r | |
3704 | inode->i_fop = &proc_base_operations;\r | |
3705 | inode->i_nlink = 3;\r | |
3706 | @@ -1012,8 +1034,13 @@\r | |
3707 | int pid = p->pid;\r | |
3708 | if (!pid)\r | |
3709 | continue;\r | |
3710 | +#ifdef CONFIG_OBV_PROC\r | |
3711 | + if(obv_check_hidden_proc(p->obvacl)) \r | |
3712 | + continue;\r | |
3713 | +#endif\r | |
3714 | if (--index >= 0)\r | |
3715 | continue;\r | |
3716 | +\r | |
3717 | pids[nr_pids] = pid;\r | |
3718 | nr_pids++;\r | |
3719 | if (nr_pids >= PROC_MAXPIDS)\r | |
3720 | diff -urN linux/fs/proc/generic.c linux/fs/proc/generic.c\r | |
3721 | --- linux/fs/proc/generic.c Fri Sep 7 13:53:59 2001\r | |
3722 | +++ linux/fs/proc/generic.c Mon Nov 26 10:38:07 2001\r | |
3723 | @@ -491,6 +491,22 @@\r | |
3724 | return ent;\r | |
3725 | }\r | |
3726 | \r | |
3727 | +#ifdef CONFIG_GRKERNSEC_PROC\r | |
3728 | +struct proc_dir_entry *proc_priv_mkdir(const char *name, mode_t mode, struct proc_dir_entry *parent)\r | |
3729 | +{\r | |
3730 | + struct proc_dir_entry *ent;\r | |
3731 | +\r | |
3732 | + ent = proc_create(&parent, name, mode, 2);\r | |
3733 | + if (ent) {\r | |
3734 | + ent->proc_fops = &proc_dir_operations;\r | |
3735 | + ent->proc_iops = &proc_dir_inode_operations;\r | |
3736 | +\r | |
3737 | + proc_register(parent, ent);\r | |
3738 | + }\r | |
3739 | + return ent;\r | |
3740 | +}\r | |
3741 | +#endif\r | |
3742 | +\r | |
3743 | struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,\r | |
3744 | struct proc_dir_entry *parent)\r | |
3745 | {\r | |
3746 | diff -urN linux/fs/proc/inode.c linux/fs/proc/inode.c\r | |
3747 | --- linux/fs/proc/inode.c Sat Nov 17 14:24:32 2001\r | |
3748 | +++ linux/fs/proc/inode.c Mon Nov 26 10:38:07 2001\r | |
3749 | @@ -152,7 +152,11 @@\r | |
3750 | if (de->mode) {\r | |
3751 | inode->i_mode = de->mode;\r | |
3752 | inode->i_uid = de->uid;\r | |
3753 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3754 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;\r | |
3755 | +#else\r | |
3756 | inode->i_gid = de->gid;\r | |
3757 | +#endif\r | |
3758 | }\r | |
3759 | if (de->size)\r | |
3760 | inode->i_size = de->size;\r | |
3761 | diff -urN linux/fs/proc/proc_misc.c linux/fs/proc/proc_misc.c\r | |
3762 | --- linux/fs/proc/proc_misc.c Wed Nov 21 00:29:09 2001\r | |
3763 | +++ linux/fs/proc/proc_misc.c Mon Nov 26 10:38:07 2001\r | |
3764 | @@ -507,8 +507,10 @@\r | |
3765 | {"meminfo", meminfo_read_proc},\r | |
3766 | {"version", version_read_proc},\r | |
3767 | #ifdef CONFIG_MODULES\r | |
3768 | +#ifndef CONFIG_GRKERNSEC_PROC\r | |
3769 | {"modules", modules_read_proc},\r | |
3770 | #endif\r | |
3771 | +#endif\r | |
3772 | {"stat", kstat_read_proc},\r | |
3773 | {"devices", devices_read_proc},\r | |
3774 | {"partitions", partitions_read_proc},\r | |
3775 | @@ -531,6 +533,13 @@\r | |
3776 | for (p = simple_ones; p->name; p++)\r | |
3777 | create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);\r | |
3778 | \r | |
3779 | +#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)\r | |
3780 | +#ifdef CONFIG_GRKERNSEC_PROC_USER\r | |
3781 | + create_proc_read_entry("modules", S_IRUSR, NULL, &modules_read_proc, NULL);\r | |
3782 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3783 | + create_proc_read_entry("modules", S_IRUSR | S_IRGRP, NULL, &modules_read_proc, NULL);\r | |
3784 | +#endif\r | |
3785 | +#endif\r | |
3786 | /* And now for trickier ones */\r | |
3787 | entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);\r | |
3788 | if (entry)\r | |
3789 | @@ -538,7 +547,13 @@\r | |
3790 | create_seq_entry("mounts", 0, &proc_mounts_operations);\r | |
3791 | create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);\r | |
3792 | #ifdef CONFIG_MODULES\r | |
3793 | +#ifdef CONFIG_GRKERNSEC_PROC_USER\r | |
3794 | + create_seq_entry("ksyms", S_IRUSR, &proc_ksyms_operations);\r | |
3795 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3796 | + create_seq_entry("ksyms", S_IRUSR | S_IRGRP, &proc_ksyms_operations);\r | |
3797 | +#else\r | |
3798 | create_seq_entry("ksyms", 0, &proc_ksyms_operations);\r | |
3799 | +#endif\r | |
3800 | #endif\r | |
3801 | proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);\r | |
3802 | if (proc_root_kcore) {\r | |
3803 | diff -urN linux/fs/proc/proc_tty.c linux/fs/proc/proc_tty.c\r | |
3804 | --- linux/fs/proc/proc_tty.c Fri Apr 21 18:17:57 2000\r | |
3805 | +++ linux/fs/proc/proc_tty.c Mon Nov 26 10:38:07 2001\r | |
3806 | @@ -174,7 +174,13 @@\r | |
3807 | if (!proc_mkdir("tty", 0))\r | |
3808 | return;\r | |
3809 | proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);\r | |
3810 | +#ifdef CONFIG_GRKERNSEC_PROC_USER\r | |
3811 | + proc_tty_driver = proc_priv_mkdir("tty/driver", S_IFDIR|S_IRUSR|S_IXUSR, 0);\r | |
3812 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3813 | + proc_tty_driver = proc_priv_mkdir("tty/driver", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);\r | |
3814 | +#else\r | |
3815 | proc_tty_driver = proc_mkdir("tty/driver", 0);\r | |
3816 | +#endif\r | |
3817 | \r | |
3818 | create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);\r | |
3819 | create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);\r | |
3820 | diff -urN linux/fs/proc/root.c linux/fs/proc/root.c\r | |
3821 | --- linux/fs/proc/root.c Sat Oct 20 22:14:42 2001\r | |
3822 | +++ linux/fs/proc/root.c Mon Nov 26 10:38:07 2001\r | |
3823 | @@ -37,13 +37,25 @@\r | |
3824 | return;\r | |
3825 | }\r | |
3826 | proc_misc_init();\r | |
3827 | +#ifdef CONFIG_GRKERNSEC_PROC_USER\r | |
3828 | + proc_net = proc_priv_mkdir("net", S_IFDIR|S_IRUSR|S_IXUSR, 0);\r | |
3829 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3830 | + proc_net = proc_priv_mkdir("net", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);\r | |
3831 | +#else\r | |
3832 | proc_net = proc_mkdir("net", 0);\r | |
3833 | +#endif\r | |
3834 | #ifdef CONFIG_SYSVIPC\r | |
3835 | proc_mkdir("sysvipc", 0);\r | |
3836 | #endif\r | |
3837 | #ifdef CONFIG_SYSCTL\r | |
3838 | +#ifdef CONFIG_GRKERNSEC_PROC_USER\r | |
3839 | + proc_sys_root = proc_priv_mkdir("sys", S_IFDIR|S_IRUSR|S_IXUSR, 0);\r | |
3840 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
3841 | + proc_sys_root = proc_priv_mkdir("sys", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);\r | |
3842 | +#else\r | |
3843 | proc_sys_root = proc_mkdir("sys", 0);\r | |
3844 | #endif\r | |
3845 | +#endif\r | |
3846 | #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE)\r | |
3847 | proc_mkdir("sys/fs", 0);\r | |
3848 | proc_mkdir("sys/fs/binfmt_misc", 0);\r | |
3849 | @@ -132,6 +144,9 @@\r | |
3850 | EXPORT_SYMBOL(proc_symlink);\r | |
3851 | EXPORT_SYMBOL(proc_mknod);\r | |
3852 | EXPORT_SYMBOL(proc_mkdir);\r | |
3853 | +#ifdef CONFIG_GRKERNSEC_PROC\r | |
3854 | +EXPORT_SYMBOL(proc_priv_mkdir);\r | |
3855 | +#endif\r | |
3856 | EXPORT_SYMBOL(create_proc_entry);\r | |
3857 | EXPORT_SYMBOL(remove_proc_entry);\r | |
3858 | EXPORT_SYMBOL(proc_root);\r | |
3859 | diff -urN linux/fs/readdir.c linux/fs/readdir.c\r | |
3860 | --- linux/fs/readdir.c Sun Aug 12 17:59:08 2001\r | |
3861 | +++ linux/fs/readdir.c Mon Nov 26 10:38:07 2001\r | |
3862 | @@ -13,6 +13,10 @@\r | |
3863 | \r | |
3864 | #include <asm/uaccess.h>\r | |
3865 | \r | |
3866 | +#ifdef CONFIG_OBV_PROC\r | |
3867 | +#include <linux/obvext.h>\r | |
3868 | +#endif\r | |
3869 | +\r | |
3870 | int vfs_readdir(struct file *file, filldir_t filler, void *buf)\r | |
3871 | {\r | |
3872 | struct inode *inode = file->f_dentry->d_inode;\r | |
3873 | @@ -120,6 +124,10 @@\r | |
3874 | struct readdir_callback {\r | |
3875 | struct old_linux_dirent * dirent;\r | |
3876 | int count;\r | |
3877 | +#ifdef CONFIG_OBV_PROC\r | |
3878 | + struct dentry *dentry;\r | |
3879 | + struct vfsmount *mnt;\r | |
3880 | +#endif\r | |
3881 | };\r | |
3882 | \r | |
3883 | static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset,\r | |
3884 | @@ -127,9 +135,27 @@\r | |
3885 | {\r | |
3886 | struct readdir_callback * buf = (struct readdir_callback *) __buf;\r | |
3887 | struct old_linux_dirent * dirent;\r | |
3888 | +#ifdef CONFIG_OBV_PROC\r | |
3889 | + ino_t old_ino;\r | |
3890 | +#endif\r | |
3891 | \r | |
3892 | if (buf->count)\r | |
3893 | return -EINVAL;\r | |
3894 | +#ifdef CONFIG_OBV_PROC\r | |
3895 | + if(buf->dentry && buf->dentry->d_inode) {\r | |
3896 | + old_ino = buf->dentry->d_inode->i_ino;\r | |
3897 | + buf->dentry->d_inode->i_ino = ino;\r | |
3898 | +#ifdef CONFIG_OBV_DEBUG\r | |
3899 | + printk("Guess what: %ld %d is about to get a readdir check\n",buf->dentry->d_inode->i_ino,buf->dentry->d_inode->i_dev);\r | |
3900 | +#endif\r | |
3901 | + if( obv_check_hidden(buf->dentry,buf->mnt) == OBV_DENY) {\r | |
3902 | + buf->dentry->d_inode->i_ino = old_ino;\r | |
3903 | + return 0;\r | |
3904 | + }\r | |
3905 | + buf->dentry->d_inode->i_ino = ino;\r | |
3906 | + }\r | |
3907 | +#endif\r | |
3908 | + \r | |
3909 | buf->count++;\r | |
3910 | dirent = buf->dirent;\r | |
3911 | put_user(ino, &dirent->d_ino);\r | |
3912 | @@ -153,6 +179,10 @@\r | |
3913 | \r | |
3914 | buf.count = 0;\r | |
3915 | buf.dirent = dirent;\r | |
3916 | +#ifdef CONFIG_OBV_PROC\r | |
3917 | + buf.dentry = file->f_dentry;\r | |
3918 | + buf.mnt = file->f_vfsmnt;\r | |
3919 | +#endif\r | |
3920 | \r | |
3921 | error = vfs_readdir(file, fillonedir, &buf);\r | |
3922 | if (error >= 0)\r | |
3923 | @@ -181,6 +211,10 @@\r | |
3924 | struct linux_dirent * previous;\r | |
3925 | int count;\r | |
3926 | int error;\r | |
3927 | +#ifdef CONFIG_OBV_PROC\r | |
3928 | + struct dentry *dentry;\r | |
3929 | + struct vfsmount *mnt;\r | |
3930 | +#endif\r | |
3931 | };\r | |
3932 | \r | |
3933 | static int filldir(void * __buf, const char * name, int namlen, loff_t offset,\r | |
3934 | @@ -189,10 +223,27 @@\r | |
3935 | struct linux_dirent * dirent;\r | |
3936 | struct getdents_callback * buf = (struct getdents_callback *) __buf;\r | |
3937 | int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 1);\r | |
3938 | +#ifdef CONFIG_OBV_PROC\r | |
3939 | + ino_t old_ino;\r | |
3940 | +#endif\r | |
3941 | \r | |
3942 | buf->error = -EINVAL; /* only used if we fail.. */\r | |
3943 | if (reclen > buf->count)\r | |
3944 | return -EINVAL;\r | |
3945 | +#ifdef CONFIG_OBV_PROC\r | |
3946 | + if(buf->dentry && buf->dentry->d_inode) {\r | |
3947 | + old_ino = buf->dentry->d_inode->i_ino;\r | |
3948 | + buf->dentry->d_inode->i_ino = ino;\r | |
3949 | +#ifdef CONFIG_OBV_DEBUG\r | |
3950 | + printk("Guess what: %ld %d is about to get a readdir check\n",buf->dentry->d_inode->i_ino,buf->dentry->d_inode->i_dev);\r | |
3951 | +#endif\r | |
3952 | + if( obv_check_hidden(buf->dentry,buf->mnt) == OBV_DENY) {\r | |
3953 | + buf->dentry->d_inode->i_ino = old_ino;\r | |
3954 | + return 0;\r | |
3955 | + }\r | |
3956 | + buf->dentry->d_inode->i_ino = old_ino;\r | |
3957 | + }\r | |
3958 | +#endif\r | |
3959 | dirent = buf->previous;\r | |
3960 | if (dirent)\r | |
3961 | put_user(offset, &dirent->d_off);\r | |
3962 | @@ -224,6 +275,10 @@\r | |
3963 | buf.previous = NULL;\r | |
3964 | buf.count = count;\r | |
3965 | buf.error = 0;\r | |
3966 | +#ifdef CONFIG_OBV_PROC\r | |
3967 | + buf.dentry = file->f_dentry;\r | |
3968 | + buf.mnt = file->f_vfsmnt;\r | |
3969 | +#endif\r | |
3970 | \r | |
3971 | error = vfs_readdir(file, filldir, &buf);\r | |
3972 | if (error < 0)\r | |
3973 | @@ -259,6 +314,10 @@\r | |
3974 | struct linux_dirent64 * previous;\r | |
3975 | int count;\r | |
3976 | int error;\r | |
3977 | +#ifdef CONFIG_OBV_PROC\r | |
3978 | + struct dentry *dentry;\r | |
3979 | + struct vfsmount *mnt;\r | |
3980 | +#endif\r | |
3981 | };\r | |
3982 | \r | |
3983 | static int filldir64(void * __buf, const char * name, int namlen, loff_t offset,\r | |
3984 | @@ -268,9 +327,26 @@\r | |
3985 | struct getdents_callback64 * buf = (struct getdents_callback64 *) __buf;\r | |
3986 | int reclen = ROUND_UP64(NAME_OFFSET(dirent) + namlen + 1);\r | |
3987 | \r | |
3988 | +#ifdef CONFIG_OBV_PROC\r | |
3989 | + ino_t old_ino;\r | |
3990 | +#endif\r | |
3991 | buf->error = -EINVAL; /* only used if we fail.. */\r | |
3992 | if (reclen > buf->count)\r | |
3993 | return -EINVAL;\r | |
3994 | +#ifdef CONFIG_OBV_PROC\r | |
3995 | + if(buf->dentry && buf->dentry->d_inode) {\r | |
3996 | + old_ino = buf->dentry->d_inode->i_ino;\r | |
3997 | + buf->dentry->d_inode->i_ino = ino;\r | |
3998 | + if((obv_check_hidden(buf->dentry,buf->mnt)) == OBV_DENY) {\r | |
3999 | + buf->dentry->d_inode->i_ino = old_ino;\r | |
4000 | + return 0;\r | |
4001 | + }\r | |
4002 | + buf->dentry->d_inode->i_ino = old_ino;\r | |
4003 | + }\r | |
4004 | +#endif\r | |
4005 | +\r | |
4006 | +\r | |
4007 | + \r | |
4008 | dirent = buf->previous;\r | |
4009 | if (dirent) {\r | |
4010 | d.d_off = offset;\r | |
4011 | @@ -307,6 +383,11 @@\r | |
4012 | buf.previous = NULL;\r | |
4013 | buf.count = count;\r | |
4014 | buf.error = 0;\r | |
4015 | +#ifdef CONFIG_OBV_PROC\r | |
4016 | + buf.mnt = file->f_vfsmnt;\r | |
4017 | + buf.dentry = file->f_dentry;\r | |
4018 | +#endif\r | |
4019 | +\r | |
4020 | \r | |
4021 | error = vfs_readdir(file, filldir64, &buf);\r | |
4022 | if (error < 0)\r | |
4023 | diff -urN linux/grsecurity/Config.in linux/grsecurity/Config.in\r | |
4024 | --- linux/grsecurity/Config.in Wed Dec 31 19:00:00 1969\r | |
4025 | +++ linux/grsecurity/Config.in Mon Nov 26 10:38:07 2001\r | |
4026 | @@ -0,0 +1,153 @@\r | |
4027 | +mainmenu_option next_comment\r | |
4028 | +comment 'Buffer Overflow Protection'\r | |
4029 | +if [ "$CONFIG_X86" != "n" ]; then\r | |
4030 | +if [ "$CONFIG_GRKERNSEC_PAX" != "y" ]; then\r | |
4031 | +bool 'Openwall non-executable stack' CONFIG_GRKERNSEC_STACK\r | |
4032 | +if [ "$CONFIG_GRKERNSEC_STACK" != "n" ]; then\r | |
4033 | +bool ' Gcc trampoline support' CONFIG_GRKERNSEC_STACK_GCC\r | |
4034 | +fi\r | |
4035 | +fi\r | |
4036 | +if [ "$CONFIG_GRKERNSEC_STACK" != "y" ]; then\r | |
4037 | +bool 'PaX protection' CONFIG_GRKERNSEC_PAX\r | |
4038 | +if [ "$CONFIG_GRKERNSEC_PAX" = "y" ]; then\r | |
4039 | + bool ' Emulate trampolines' CONFIG_GRKERNSEC_PAX_EMUTRAMP\r | |
4040 | + bool ' Restrict mprotect()' CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
4041 | +fi\r | |
4042 | + bool 'Randomize mmap() base' CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
4043 | +fi\r | |
4044 | +fi\r | |
4045 | +endmenu\r | |
4046 | +mainmenu_option next_comment\r | |
4047 | +comment 'Access Control Lists'\r | |
4048 | +bool 'Enable Oblivion ACL system' CONFIG_OBV_PROC\r | |
4049 | +if [ "$CONFIG_OBV_PROC" = "y" ]; then\r | |
4050 | + int 'Maximum Number of Oblivion Rulesets for Files, Processes' CONFIG_OBV_MAX_RULESET 256\r | |
4051 | + int 'Seconds in between Oblivion log messages(minimum)' CONFIG_OBV_FLOODTIME 3\r | |
4052 | + choice 'Default ruleset for programs without acls' \\r | |
4053 | + "Deny CONFIG_OBV_DEF_DENY \\r | |
4054 | + Allow CONFIG_OBV_DEF_ALLOW \\r | |
4055 | + Deny_if_running_as_root CONFIG_OBV_DEF_DENY_ROOT " Allow\r | |
4056 | + bool 'Enable Oblivion Debugging Messages' CONFIG_OBV_DEBUG\r | |
4057 | + string 'Path to obvadm' CONFIG_OBVADM_PATH "/sbin/obvadm"\r | |
4058 | + int 'Maximum tries before password lockout' CONFIG_OBV_MAXTRIES 3\r | |
4059 | + int 'Time to wait after max password tries, in seconds' CONFIG_OBV_TIMEOUT 30\r | |
4060 | +fi\r | |
4061 | +endmenu\r | |
4062 | +mainmenu_option next_comment\r | |
4063 | +comment 'Filesystem Protections'\r | |
4064 | +bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC\r | |
4065 | +if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then\r | |
4066 | +bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER\r | |
4067 | +if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then\r | |
4068 | +bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP\r | |
4069 | +if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then\r | |
4070 | +int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001\r | |
4071 | +fi\r | |
4072 | +fi\r | |
4073 | +fi\r | |
4074 | +bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK\r | |
4075 | +bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO\r | |
4076 | +bool 'Secure file descriptors' CONFIG_GRKERNSEC_FD\r | |
4077 | +bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT\r | |
4078 | +bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG\r | |
4079 | +bool 'Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS\r | |
4080 | +bool 'Secure keymap loading' CONFIG_GRKERNSEC_KBMAP\r | |
4081 | +endmenu\r | |
4082 | +mainmenu_option next_comment\r | |
4083 | +comment 'Security Logging'\r | |
4084 | +if [ "$CONFIG_GRKERNSEC_EXECLOG_GROUP" != "y" ]; then\r | |
4085 | +bool 'Exec logging for all users' CONFIG_GRKERNSEC_EXECLOG\r | |
4086 | +fi\r | |
4087 | +if [ "$CONFIG_GRKERNSEC_EXECLOG" != "y" ]; then\r | |
4088 | +bool 'Exec logging for a single group' CONFIG_GRKERNSEC_EXECLOG_GROUP\r | |
4089 | +if [ "$CONFIG_GRKERNSEC_EXECLOG_GROUP" != "n" ]; then\r | |
4090 | +int ' GID of logged execs' CONFIG_GRKERNSEC_EXECLOG_GID 1007\r | |
4091 | +fi\r | |
4092 | +fi\r | |
4093 | +if [ "$CONFIG_GRKERNSEC_SUID_ROOT" != "y" ]; then\r | |
4094 | +bool 'Set*id logging for all users' CONFIG_GRKERNSEC_SUID\r | |
4095 | +fi\r | |
4096 | +if [ "$CONFIG_GRKERNSEC_SUID" != "y" ]; then\r | |
4097 | +bool 'Set*id logging for root' CONFIG_GRKERNSEC_SUID_ROOT\r | |
4098 | +fi\r | |
4099 | +bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL\r | |
4100 | +bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL\r | |
4101 | +bool 'Time change logging' CONFIG_GRKERNSEC_TIME\r | |
4102 | +endmenu\r | |
4103 | +mainmenu_option next_comment\r | |
4104 | +comment 'Executable Protections'\r | |
4105 | +bool 'Exec process limiting' CONFIG_GRKERNSEC_EXECVE\r | |
4106 | +bool 'Randomized PIDs' CONFIG_GRKERNSEC_RANDPID\r | |
4107 | +bool 'Fork-bomb protection' CONFIG_GRKERNSEC_FORKBOMB\r | |
4108 | +if [ "$CONFIG_GRKERNSEC_FORKBOMB" != "n" ]; then\r | |
4109 | +int ' GID for restricted users' CONFIG_GRKERNSEC_FORKBOMB_GID 1006\r | |
4110 | +int ' Forks allowed per second' CONFIG_GRKERNSEC_FORKBOMB_SEC 40\r | |
4111 | +int ' Maximum processes allowed' CONFIG_GRKERNSEC_FORKBOMB_MAX 20\r | |
4112 | +fi\r | |
4113 | +bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE\r | |
4114 | +if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then\r | |
4115 | +bool ' Glibc protection' CONFIG_GRKERNSEC_TPE_GLIBC\r | |
4116 | +bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL\r | |
4117 | +int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005\r | |
4118 | +fi\r | |
4119 | +if [ "$CONFIG_X86" != "n" ]; then\r | |
4120 | +bool 'Restricted ptrace' CONFIG_GRKERNSEC_PTRACE\r | |
4121 | +if [ "$CONFIG_GRKERNSEC_PTRACE" != "n" ]; then\r | |
4122 | +bool ' Allow ptrace for group' CONFIG_GRKERNSEC_PTRACE_GROUP\r | |
4123 | +if [ "$CONFIG_GRKERNSEC_PTRACE_GROUP" != "n" ]; then\r | |
4124 | +int ' GID for ptrace' CONFIG_GRKERNSEC_PTRACE_GID 1008\r | |
4125 | +fi\r | |
4126 | +fi\r | |
4127 | +fi\r | |
4128 | +endmenu\r | |
4129 | +mainmenu_option next_comment\r | |
4130 | +comment 'Network Protections'\r | |
4131 | +bool 'Randomized IP IDs' CONFIG_GRKERNSEC_RANDID\r | |
4132 | +bool 'Randomized TCP source ports' CONFIG_GRKERNSEC_RANDSRC\r | |
4133 | +bool 'Altered Ping IDs' CONFIG_GRKERNSEC_RANDPING\r | |
4134 | +bool 'Randomized TTL' CONFIG_GRKERNSEC_RANDTTL\r | |
4135 | +if [ "$CONFIG_GRKERNSEC_RANDTTL" != "n" ]; then\r | |
4136 | +int ' TTL starting point:' CONFIG_GRKERNSEC_RANDTTL_THRESH 64\r | |
4137 | +fi\r | |
4138 | +bool 'Enhanced network randomness' CONFIG_GRKERNSEC_RANDNET\r | |
4139 | +bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET\r | |
4140 | +if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then\r | |
4141 | +bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL\r | |
4142 | +if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then\r | |
4143 | +int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004\r | |
4144 | +fi\r | |
4145 | +bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT\r | |
4146 | +if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then\r | |
4147 | +int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003\r | |
4148 | +fi\r | |
4149 | +bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER\r | |
4150 | +if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then\r | |
4151 | +int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002\r | |
4152 | +fi\r | |
4153 | +fi\r | |
4154 | +bool 'Stealth networking' CONFIG_GRKERNSEC_STEALTH\r | |
4155 | +if [ "$CONFIG_GRKERNSEC_STEALTH" != "n" ]; then\r | |
4156 | +bool ' Do not send RSTs on unserved TCP' CONFIG_GRKERNSEC_STEALTH_RST\r | |
4157 | +bool ' Do not reply to UDP with ICMP unreachables' CONFIG_GRKERNSEC_STEALTH_UDP\r | |
4158 | +bool ' Do not process ICMP packets' CONFIG_GRKERNSEC_STEALTH_ICMP\r | |
4159 | +bool ' Do not reply to IGMP requests' CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
4160 | +bool ' Drop packets with illegitimate flags' CONFIG_GRKERNSEC_STEALTH_FLAGS\r | |
4161 | +fi\r | |
4162 | +endmenu\r | |
4163 | +mainmenu_option next_comment\r | |
4164 | +comment 'Network Logging'\r | |
4165 | +bool 'Log requests to unserved TCP ports' CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
4166 | +bool 'Log requests to unserved UDP ports' CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r | |
4167 | +bool 'Log ICMP packets' CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r | |
4168 | +bool 'Log packets with illegitimate flags' CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r | |
4169 | +endmenu\r | |
4170 | +if [ "$CONFIG_SYSCTL" != "n" ]; then\r | |
4171 | +mainmenu_option next_comment\r | |
4172 | +comment 'Sysctl support'\r | |
4173 | +bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL\r | |
4174 | +endmenu\r | |
4175 | +fi\r | |
4176 | +mainmenu_option next_comment\r | |
4177 | +comment 'Miscellaneous Enhancements'\r | |
4178 | +bool 'BSD-style coredumps' CONFIG_GRKERNSEC_COREDUMP\r | |
4179 | +endmenu\r | |
4180 | diff -urN linux/include/asm-i386/a.out.h linux/include/asm-i386/a.out.h\r | |
4181 | --- linux/include/asm-i386/a.out.h Fri Jun 16 14:33:06 1995\r | |
4182 | +++ linux/include/asm-i386/a.out.h Mon Nov 26 10:38:07 2001\r | |
4183 | @@ -19,8 +19,12 @@\r | |
4184 | \r | |
4185 | #ifdef __KERNEL__\r | |
4186 | \r | |
4187 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
4188 | +#define STACK_TOP ((current->flags & PF_STACKEXEC) ? TASK_SIZE - _STK_LIM : TASK_SIZE)\r | |
4189 | +#else\r | |
4190 | #define STACK_TOP TASK_SIZE\r | |
4191 | \r | |
4192 | +#endif\r | |
4193 | #endif\r | |
4194 | \r | |
4195 | #endif /* __A_OUT_GNU_H__ */\r | |
4196 | diff -urN linux/include/asm-i386/pgtable.h linux/include/asm-i386/pgtable.h\r | |
4197 | --- linux/include/asm-i386/pgtable.h Thu Nov 22 14:46:19 2001\r | |
4198 | +++ linux/include/asm-i386/pgtable.h Mon Nov 26 11:15:22 2001\r | |
4199 | @@ -192,9 +192,26 @@\r | |
4200 | #define _PAGE_CHG_MASK (PTE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY)\r | |
4201 | \r | |
4202 | #define PAGE_NONE __pgprot(_PAGE_PROTNONE | _PAGE_ACCESSED)\r | |
4203 | +\r | |
4204 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4205 | +#define PAGE_SHARED_EXEC __pgprot(_PAGE_PRESENT | _PAGE_RW |_PAGE_USER |_PAGE_ACCESSED)\r | |
4206 | +#define PAGE_COPY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r | |
4207 | +#define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r | |
4208 | +#else\r | |
4209 | #define PAGE_SHARED __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | _PAGE_ACCESSED)\r | |
4210 | #define PAGE_COPY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r | |
4211 | #define PAGE_READONLY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r | |
4212 | +#endif\r | |
4213 | +\r | |
4214 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
4215 | +#define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED)\r | |
4216 | +#define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)\r | |
4217 | +#define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED) \r | |
4218 | +#else\r | |
4219 | +#define PAGE_SHARED_NOEXEC PAGE_SHARED_EXEC\r | |
4220 | +#define PAGE_COPY_NOEXEC PAGE_COPY_EXEC\r | |
4221 | +#define PAGE_READONLY_NOEXEC PAGE_READONLY_EXEC\r | |
4222 | +#endif\r | |
4223 | \r | |
4224 | #define __PAGE_KERNEL \\r | |
4225 | (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED)\r | |
4226 | @@ -228,6 +245,15 @@\r | |
4227 | * This is the closest we can get..\r | |
4228 | */\r | |
4229 | #define __P000 PAGE_NONE\r | |
4230 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4231 | +#define __P001 PAGE_READONLY_NOEXEC\r | |
4232 | +#define __P010 PAGE_COPY_NOEXEC\r | |
4233 | +#define __P011 PAGE_COPY_NOEXEC\r | |
4234 | +#define __P100 PAGE_READONLY_EXEC\r | |
4235 | +#define __P101 PAGE_READONLY_EXEC\r | |
4236 | +#define __P110 PAGE_COPY_EXEC\r | |
4237 | +#define __P111 PAGE_COPY_EXEC\r | |
4238 | +#else\r | |
4239 | #define __P001 PAGE_READONLY\r | |
4240 | #define __P010 PAGE_COPY\r | |
4241 | #define __P011 PAGE_COPY\r | |
4242 | @@ -235,8 +261,18 @@\r | |
4243 | #define __P101 PAGE_READONLY\r | |
4244 | #define __P110 PAGE_COPY\r | |
4245 | #define __P111 PAGE_COPY\r | |
4246 | +#endif\r | |
4247 | \r | |
4248 | #define __S000 PAGE_NONE\r | |
4249 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4250 | +#define __S001 PAGE_READONLY_NOEXEC\r | |
4251 | +#define __S010 PAGE_SHARED_NOEXEC\r | |
4252 | +#define __S011 PAGE_SHARED_NOEXEC\r | |
4253 | +#define __S100 PAGE_READONLY_EXEC\r | |
4254 | +#define __S101 PAGE_READONLY_EXEC\r | |
4255 | +#define __S110 PAGE_SHARED_EXEC\r | |
4256 | +#define __S111 PAGE_SHARED_EXEC\r | |
4257 | +#else\r | |
4258 | #define __S001 PAGE_READONLY\r | |
4259 | #define __S010 PAGE_SHARED\r | |
4260 | #define __S011 PAGE_SHARED\r | |
4261 | @@ -244,6 +280,7 @@\r | |
4262 | #define __S101 PAGE_READONLY\r | |
4263 | #define __S110 PAGE_SHARED\r | |
4264 | #define __S111 PAGE_SHARED\r | |
4265 | +#endif\r | |
4266 | \r | |
4267 | /*\r | |
4268 | * Define this if things work differently on an i386 and an i486:\r | |
4269 | diff -urN linux/include/asm-i386/processor.h linux/include/asm-i386/processor.h\r | |
4270 | --- linux/include/asm-i386/processor.h Thu Nov 22 14:46:19 2001\r | |
4271 | +++ linux/include/asm-i386/processor.h Mon Nov 26 11:15:21 2001\r | |
4272 | @@ -267,11 +267,25 @@\r | |
4273 | */\r | |
4274 | #define TASK_SIZE (PAGE_OFFSET)\r | |
4275 | \r | |
4276 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
4277 | +#define MAGIC_SIGRETURN (PAGE_OFFSET + 0xDE0000)\r | |
4278 | +#define MAGIC_RT_SIGRETURN (PAGE_OFFSET + 0xDE0001)\r | |
4279 | +#endif\r | |
4280 | /* This decides where the kernel will search for a free chunk of vm\r | |
4281 | * space during mmap's.\r | |
4282 | */\r | |
4283 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
4284 | +extern struct linux_binfmt elf_format;\r | |
4285 | +#define TASK_UNMAPPED_BASE(size) ( \\r | |
4286 | + current->binfmt == &elf_format && \\r | |
4287 | + !(current->flags & PF_STACKEXEC) && \\r | |
4288 | + (size) < 0x00ef0000UL \\r | |
4289 | + ? 0x00110000UL \\r | |
4290 | + : TASK_SIZE / 3 ) \r | |
4291 | +#else\r | |
4292 | #define TASK_UNMAPPED_BASE (TASK_SIZE / 3)\r | |
4293 | \r | |
4294 | +#endif\r | |
4295 | /*\r | |
4296 | * Size of io_bitmap in longwords: 32 is ports 0-0x3ff.\r | |
4297 | */\r | |
4298 | @@ -362,6 +376,14 @@\r | |
4299 | unsigned long __cacheline_filler[5];\r | |
4300 | };\r | |
4301 | \r | |
4302 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4303 | +struct pax_fault_info {\r | |
4304 | + unsigned long eip;\r | |
4305 | + unsigned long addresses[4];\r | |
4306 | + unsigned long count;\r | |
4307 | +};\r | |
4308 | +#endif\r | |
4309 | +\r | |
4310 | struct thread_struct {\r | |
4311 | unsigned long esp0;\r | |
4312 | unsigned long eip;\r | |
4313 | @@ -372,6 +394,11 @@\r | |
4314 | unsigned long debugreg[8]; /* %%db0-7 debug registers */\r | |
4315 | /* fault info */\r | |
4316 | unsigned long cr2, trap_no, error_code;\r | |
4317 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4318 | +/* PaX fault info */\r | |
4319 | + struct pax_fault_info pax_faults;\r | |
4320 | +#endif\r | |
4321 | +\r | |
4322 | /* floating point info */\r | |
4323 | union i387_union i387;\r | |
4324 | /* virtual 86 mode info */\r | |
4325 | diff -urN linux/include/linux/a.out.h linux/include/linux/a.out.h\r | |
4326 | --- linux/include/linux/a.out.h Thu Nov 22 14:46:18 2001\r | |
4327 | +++ linux/include/linux/a.out.h Mon Nov 26 11:15:21 2001\r | |
4328 | @@ -37,6 +37,14 @@\r | |
4329 | M_MIPS2 = 152 /* MIPS R6000/R4000 binary */\r | |
4330 | };\r | |
4331 | \r | |
4332 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4333 | +/* Constants for the N_FLAGS field */\r | |
4334 | +#define F_PAX_PAGEEXEC 1 /* Enforce PAGE_EXEC */\r | |
4335 | +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */\r | |
4336 | +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */\r | |
4337 | +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */ \r | |
4338 | +#endif\r | |
4339 | +\r | |
4340 | #if !defined (N_MAGIC)\r | |
4341 | #define N_MAGIC(exec) ((exec).a_info & 0xffff)\r | |
4342 | #endif\r | |
4343 | @@ -57,6 +65,9 @@\r | |
4344 | ((exec).a_info = \\r | |
4345 | ((exec).a_info&0x00ffffff) | (((flags) & 0xff) << 24))\r | |
4346 | \r | |
4347 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
4348 | +#define F_STACKEXEC 1\r | |
4349 | +#endif\r | |
4350 | /* Code indicating object file or impure executable. */\r | |
4351 | #define OMAGIC 0407\r | |
4352 | /* Code indicating pure executable. */\r | |
4353 | diff -urN linux/include/linux/binfmts.h linux/include/linux/binfmts.h\r | |
4354 | --- linux/include/linux/binfmts.h Thu Nov 22 14:46:19 2001\r | |
4355 | +++ linux/include/linux/binfmts.h Mon Nov 26 11:15:22 2001\r | |
4356 | @@ -1,6 +1,7 @@\r | |
4357 | #ifndef _LINUX_BINFMTS_H\r | |
4358 | #define _LINUX_BINFMTS_H\r | |
4359 | \r | |
4360 | +#include <linux/config.h>\r | |
4361 | #include <linux/ptrace.h>\r | |
4362 | #include <linux/capability.h>\r | |
4363 | \r | |
4364 | @@ -30,6 +31,11 @@\r | |
4365 | int argc, envc;\r | |
4366 | char * filename; /* Name of binary */\r | |
4367 | unsigned long loader, exec;\r | |
4368 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
4369 | + int priv_change;\r | |
4370 | + int tweak_fd_mask;\r | |
4371 | + struct file *tweak_fd_null;\r | |
4372 | +#endif\r | |
4373 | };\r | |
4374 | \r | |
4375 | /*\r | |
4376 | diff -urN linux/include/linux/elf.h linux/include/linux/elf.h\r | |
4377 | --- linux/include/linux/elf.h Thu Nov 22 14:48:29 2001\r | |
4378 | +++ linux/include/linux/elf.h Mon Nov 26 11:29:02 2001\r | |
4379 | @@ -87,6 +87,9 @@\r | |
4380 | */\r | |
4381 | #define EM_ALPHA 0x9026\r | |
4382 | \r | |
4383 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
4384 | +#define EF_STACKEXEC 1\r | |
4385 | +#endif\r | |
4386 | /*\r | |
4387 | * This is the old interim value for S/390 architecture\r | |
4388 | */\r | |
4389 | @@ -255,6 +258,13 @@\r | |
4390 | #define R_MIPS_LOVENDOR 100\r | |
4391 | #define R_MIPS_HIVENDOR 127\r | |
4392 | \r | |
4393 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4394 | +/* Constants for the e_flags field */\r | |
4395 | +#define EF_PAX_PAGEEXEC 1 /* 0: Enforce PAGE_EXEC */\r | |
4396 | +#define EF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */\r | |
4397 | +#define EF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */\r | |
4398 | +#define EF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ \r | |
4399 | +#endif\r | |
4400 | \r | |
4401 | /*\r | |
4402 | * Sparc ELF relocation types\r | |
4403 | diff -urN linux/include/linux/fs.h linux/include/linux/fs.h\r | |
4404 | --- linux/include/linux/fs.h Mon Nov 26 08:29:17 2001\r | |
4405 | +++ linux/include/linux/fs.h Mon Nov 26 11:15:22 2001\r | |
4406 | @@ -1044,7 +1044,11 @@\r | |
4407 | \r | |
4408 | asmlinkage long sys_open(const char *, int, int);\r | |
4409 | asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */\r | |
4410 | +#ifdef CONFIG_OBV_PROC\r | |
4411 | +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);\r | |
4412 | +#else\r | |
4413 | extern int do_truncate(struct dentry *, loff_t start);\r | |
4414 | +#endif\r | |
4415 | \r | |
4416 | extern struct file *filp_open(const char *, int, int);\r | |
4417 | extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);\r | |
4418 | diff -urN linux/include/linux/grsecurity.h linux/include/linux/grsecurity.h\r | |
4419 | --- linux/include/linux/grsecurity.h Wed Dec 31 19:00:00 1969\r | |
4420 | +++ linux/include/linux/grsecurity.h Mon Nov 26 10:38:10 2001\r | |
4421 | @@ -0,0 +1,79 @@\r | |
4422 | +extern int grsec_enable_link;\r | |
4423 | +extern int grsec_enable_fifo; \r | |
4424 | +extern int grsec_enable_fd;\r | |
4425 | +extern int grsec_enable_execve;\r | |
4426 | +extern int grsec_enable_forkbomb;\r | |
4427 | +extern int grsec_forkbomb_gid;\r | |
4428 | +extern int grsec_forkbomb_sec;\r | |
4429 | +extern int grsec_forkbomb_max;\r | |
4430 | +extern int grsec_enable_execlog;\r | |
4431 | +extern int grsec_enable_execlog_group;\r | |
4432 | +extern int grsec_execlog_gid;\r | |
4433 | +extern int grsec_enable_suid;\r | |
4434 | +extern int grsec_enable_suid_root;\r | |
4435 | +extern int grsec_enable_signal;\r | |
4436 | +extern int grsec_enable_coredump;\r | |
4437 | +extern int grsec_enable_forkfail;\r | |
4438 | +extern int grsec_enable_time;\r | |
4439 | +extern int grsec_enable_kbmap;\r | |
4440 | +extern int grsec_enable_randnet;\r | |
4441 | +extern int grsec_enable_chroot;\r | |
4442 | +extern int grsec_enable_chroot_execlog;\r | |
4443 | +extern int grsec_enable_chroot_caps;\r | |
4444 | +extern int grsec_enable_tpe;\r | |
4445 | +extern int grsec_tpe_gid;\r | |
4446 | +extern int grsec_enable_tpe_glibc;\r | |
4447 | +extern int grsec_enable_tpe_all; \r | |
4448 | +extern int grsec_enable_ptrace; \r | |
4449 | +extern int grsec_enable_ptrace_group; \r | |
4450 | +extern int grsec_ptrace_gid; \r | |
4451 | +extern int grsec_enable_sidcaps;\r | |
4452 | +extern int grsec_enable_randpid;\r | |
4453 | +extern int grsec_enable_randid; \r | |
4454 | +extern int grsec_enable_randsrc;\r | |
4455 | +extern int grsec_enable_randping;\r | |
4456 | +extern int grsec_enable_randttl; \r | |
4457 | +extern int grsec_randttl_thresh; \r | |
4458 | +extern int grsec_enable_socket_all;\r | |
4459 | +extern int grsec_socket_all_gid;\r | |
4460 | +extern int grsec_enable_socket_client;\r | |
4461 | +extern int grsec_socket_client_gid;\r | |
4462 | +extern int grsec_enable_socket_server; \r | |
4463 | +extern int grsec_socket_server_gid; \r | |
4464 | +extern int grsec_enable_stealth_rst;\r | |
4465 | +extern int grsec_enable_stealth_udp;\r | |
4466 | +extern int grsec_enable_stealth_icmp;\r | |
4467 | +extern int grsec_enable_stealth_igmp;\r | |
4468 | +extern int grsec_enable_stealth_flags;\r | |
4469 | +extern int grsec_enable_stealth_rst_log;\r | |
4470 | +extern int grsec_enable_stealth_udp_log;\r | |
4471 | +extern int grsec_enable_stealth_icmp_log;\r | |
4472 | +extern int grsec_enable_stealth_flags_log;\r | |
4473 | +extern int grsec_lock;\r | |
4474 | +\r | |
4475 | +#define proc_is_chrooted(tsk_a) ((tsk_a->fs->root->d_inode->i_dev != \\r | |
4476 | + child_reaper->fs->root->d_inode->i_dev) || \\r | |
4477 | + (tsk_a->fs->root->d_inode->i_ino != \\r | |
4478 | + child_reaper->fs->root->d_inode->i_ino)) \r | |
4479 | +\r | |
4480 | +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_dev == \\r | |
4481 | + tsk_b->fs->root->d_inode->i_dev) && \\r | |
4482 | + (tsk_a->fs->root->d_inode->i_ino == \\r | |
4483 | + tsk_b->fs->root->d_inode->i_ino)) \r | |
4484 | +\r | |
4485 | +#define DEFAULTSECMSG "(%.16s:%d) UID(%d) EUID(%d), parent (%.16s:%d) " \\r | |
4486 | + "UID(%d) EUID(%d)"\r | |
4487 | +\r | |
4488 | +#define DEFAULTSECARGS current->comm, current->pid, current->uid, \\r | |
4489 | + current->euid, current->p_pptr->comm, \\r | |
4490 | + current->p_pptr->pid, current->p_pptr->uid, \\r | |
4491 | + current->p_pptr->euid\r | |
4492 | +\r | |
4493 | +#define CHROOTLONGCHECK t->pid && t->fs && t->fs->root && \\r | |
4494 | + t->fs->root->d_inode && t->p_pptr && \\r | |
4495 | + current->pid && current->fs && current->fs->root && \\r | |
4496 | + current->fs->root->d_inode && \\r | |
4497 | + current->p_pptr && child_reaper && child_reaper->pid && \\r | |
4498 | + child_reaper->fs && child_reaper->fs->root && \\r | |
4499 | + child_reaper->fs->root->d_inode && \\r | |
4500 | + grsec_enable_chroot\r | |
4501 | diff -urN linux/include/linux/kernel.h linux/include/linux/kernel.h\r | |
4502 | --- linux/include/linux/kernel.h Thu Nov 22 14:46:18 2001\r | |
4503 | +++ linux/include/linux/kernel.h Mon Nov 26 11:15:21 2001\r | |
4504 | @@ -121,6 +121,47 @@\r | |
4505 | ((unsigned char *)&addr)[1], \\r | |
4506 | ((unsigned char *)&addr)[2], \\r | |
4507 | ((unsigned char *)&addr)[3]\r | |
4508 | +#ifndef CONFIG_OBV_DEBUG\r | |
4509 | +#define obv_seclog(default_msg, args...) \\r | |
4510 | +({ \\r | |
4511 | + static unsigned long msg_time = 0, getting_messages = 0; \\r | |
4512 | + static spinlock_t oblivion_lock = SPIN_LOCK_UNLOCKED; \\r | |
4513 | + \\r | |
4514 | + spin_lock(&oblivion_lock); \\r | |
4515 | + \\r | |
4516 | + if((!msg_time) || (jiffies - msg_time > CONFIG_OBV_FLOODTIME * HZ)) { \\r | |
4517 | + getting_messages = 1; \\r | |
4518 | + msg_time = jiffies; \\r | |
4519 | + printk(KERN_INFO "obv: " default_msg "\n", ##args ); \\r | |
4520 | + } else if(getting_messages) { \\r | |
4521 | + msg_time = jiffies; \\r | |
4522 | + getting_messages = 0; \\r | |
4523 | + printk(KERN_ALERT "Flooded with msgs. Logging disabled for %i seconds \n", CONFIG_OBV_FLOODTIME); \\r | |
4524 | + \\r | |
4525 | + } \\r | |
4526 | + spin_unlock(&oblivion_lock); \\r | |
4527 | +})\r | |
4528 | +#else\r | |
4529 | +#define obv_seclog(msg,args...) printk(KERN_INFO "obv " msg "\n", ##args);\r | |
4530 | +#endif\r | |
4531 | +\r | |
4532 | +#define security_alert(normal_msg,flood_msg,args...) \\r | |
4533 | +({ \\r | |
4534 | + static unsigned long warning_time = 0, no_flood_yet = 0; \\r | |
4535 | + static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED; \\r | |
4536 | + \\r | |
4537 | + spin_lock(&security_alert_lock); \\r | |
4538 | + if(!warning_time || jiffies - warning_time > 30 * HZ) { \\r | |
4539 | + warning_time = jiffies; no_flood_yet = 1; \\r | |
4540 | + printk(KERN_ALERT "grsec: " normal_msg "\n", ## args); \\r | |
4541 | + } else if (no_flood_yet) { \\r | |
4542 | + warning_time = jiffies; no_flood_yet = 0; \\r | |
4543 | + printk(KERN_ALERT "grsec: more " flood_msg \\r | |
4544 | + ", logging disabled for 30 seconds\n"); \\r | |
4545 | + } \\r | |
4546 | + \\r | |
4547 | + spin_unlock(&security_alert_lock); \\r | |
4548 | +})\r | |
4549 | \r | |
4550 | #define HIPQUAD(addr) \\r | |
4551 | ((unsigned char *)&addr)[3], \\r | |
4552 | diff -urN linux/include/linux/mm.h linux/include/linux/mm.h\r | |
4553 | --- linux/include/linux/mm.h Mon Nov 26 08:29:17 2001\r | |
4554 | +++ linux/include/linux/mm.h Mon Nov 26 11:15:22 2001\r | |
4555 | @@ -103,7 +103,11 @@\r | |
4556 | #define VM_DONTEXPAND 0x00040000 /* Cannot expand with mremap() */\r | |
4557 | #define VM_RESERVED 0x00080000 /* Don't unmap it from swap_out */\r | |
4558 | \r | |
4559 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4560 | +#define VM_STACK_FLAGS 0x00000133 \r | |
4561 | +#else\r | |
4562 | #define VM_STACK_FLAGS 0x00000177\r | |
4563 | +#endif\r | |
4564 | \r | |
4565 | #define VM_READHINTMASK (VM_SEQ_READ | VM_RAND_READ)\r | |
4566 | #define VM_ClearReadHint(v) (v)->vm_flags &= ~VM_READHINTMASK\r | |
4567 | diff -urN linux/include/linux/oblivion.h linux/include/linux/oblivion.h\r | |
4568 | --- linux/include/linux/oblivion.h Wed Dec 31 19:00:00 1969\r | |
4569 | +++ linux/include/linux/oblivion.h Mon Nov 26 11:15:31 2001\r | |
4570 | @@ -0,0 +1,145 @@\r | |
4571 | +\r | |
4572 | +#include <linux/obvdefs.h>\r | |
4573 | +\r | |
4574 | +/* * * * * * * * * * * * * * * * * * * * *\r | |
4575 | + * Oblivion kernel Modification\r | |
4576 | + * Main header file\r | |
4577 | + * Purpose: define most Oblivion data structures \r | |
4578 | + * * * * * * * * * * * * * * * * * * * * */\r | |
4579 | +\r | |
4580 | +#define OBV_VERSION "oblivion v1.0"\r | |
4581 | +\r | |
4582 | +#define OBV_SHUTDOWN_MODE 0\r | |
4583 | +#define OBV_ENABLE_MODE 1\r | |
4584 | +#define OBV_CHCAPS_MODE 2\r | |
4585 | +#define OBV_AUTH_MODE 3\r | |
4586 | +#define OBV_GOD_MODE 4\r | |
4587 | +\r | |
4588 | +/* required headers: <linux/kdev_t.h>, <linux/types.h> */\r | |
4589 | +\r | |
4590 | +/* I need to include linux/fs.h in oblivion.c and it would be\r | |
4591 | + * overkill to include kdev_t.h twice(once here and once in fs.h)\r | |
4592 | + * so I just did the other necessary header inclusion before including oblivion.h*/\r | |
4593 | +\r | |
4594 | +\r | |
4595 | +\r | |
4596 | +#define OBV_MAX_PW_LEN 129\r | |
4597 | +#define OBV_SHASUM_SIZE 20\r | |
4598 | +#define OBV_MAX_EXTRA_LEN 1025\r | |
4599 | +\r | |
4600 | +/* Begin Data Structures */\r | |
4601 | +struct obv_pw {\r | |
4602 | + char pw[OBV_MAX_PW_LEN];\r | |
4603 | + char extra[OBV_MAX_EXTRA_LEN];\r | |
4604 | + __u8 sum[OBV_SHASUM_SIZE]; /* 160-bit SHA hash of the password*/\r | |
4605 | + __u8 mode; /* On/Off/Restart(Restart is not ready yet..*/\r | |
4606 | +};\r | |
4607 | +\r | |
4608 | +struct obv_sum {\r | |
4609 | + __u8 sum[OBV_SHASUM_SIZE];\r | |
4610 | + ino_t file_inode;\r | |
4611 | + kdev_t file_dev;\r | |
4612 | +};\r | |
4613 | +\r | |
4614 | +struct obv_sum_db {\r | |
4615 | + struct obv_sum *db;\r | |
4616 | + int max_ref;\r | |
4617 | +};\r | |
4618 | +\r | |
4619 | +\r | |
4620 | +struct obv_file_acl {\r | |
4621 | + ino_t file_inode;\r | |
4622 | + kdev_t file_dev;\r | |
4623 | + __u32 mode; \r | |
4624 | +};\r | |
4625 | +\r | |
4626 | +/* When sorting/searching, we can effectively search obv_file_acl and obv_acl structures since their identifying information(inodes/devs) are the same name and their size, due to the above padding, is also the same*/\r | |
4627 | +\r | |
4628 | +struct obv_file_db {\r | |
4629 | + struct obv_file_acl *db;\r | |
4630 | + int max_ref;\r | |
4631 | +};\r | |
4632 | +\r | |
4633 | +\r | |
4634 | +/* information about r/w/x info for a file by a process */\r | |
4635 | +/* Uses a (balanced )binary tree for its implementation...ideas are welcome for \r | |
4636 | + * a more efficient way however=)*/\r | |
4637 | +\r | |
4638 | +struct obv_proc_acl {\r | |
4639 | + ino_t file_inode;\r | |
4640 | + kdev_t file_dev; \r | |
4641 | + /* to do rules like /tmp * set the dir /tmp rw .. best solution I can find*/\r | |
4642 | + __u16 mode;\r | |
4643 | + /* you may consider the file inode, file_dev, and mode to(combined) be the key */\r | |
4644 | + struct obv_proc_acl *left;\r | |
4645 | + struct obv_proc_acl *right;\r | |
4646 | + __u16 height; /* used for avl rebalancing*/\r | |
4647 | +};\r | |
4648 | +\r | |
4649 | +\r | |
4650 | +\r | |
4651 | +/* information about a process */\r | |
4652 | +struct obv_acl {\r | |
4653 | + ino_t file_inode;\r | |
4654 | + kdev_t file_dev;\r | |
4655 | + __u8 mode;\r | |
4656 | + kernel_cap_t file_caps; /* capability set*/\r | |
4657 | + struct obv_proc_acl *tree;\r | |
4658 | +};\r | |
4659 | +\r | |
4660 | +/* database - contains process ACLs */\r | |
4661 | +struct obv_proc_db {\r | |
4662 | + struct obv_acl *db;\r | |
4663 | + int max_ref;\r | |
4664 | +};\r | |
4665 | +\r | |
4666 | +/* Temporary storage--see kernel/oblivion.c */\r | |
4667 | +struct obv_temp {\r | |
4668 | + ino_t file_inode;\r | |
4669 | + kdev_t file_dev;\r | |
4670 | + __u16 mode;\r | |
4671 | +};\r | |
4672 | +/* Begin Capabilities subsection */\r | |
4673 | +\r | |
4674 | +#define CONFIG_OBV_MAX_CAP 30\r | |
4675 | +\r | |
4676 | +struct obv_cap {\r | |
4677 | + char * capname;\r | |
4678 | + kernel_cap_t capval;\r | |
4679 | +};\r | |
4680 | +\r | |
4681 | +struct obv_cap_list {\r | |
4682 | + struct obv_cap table[CONFIG_OBV_MAX_CAP];\r | |
4683 | +};\r | |
4684 | +/* End Capabilities subsection */\r | |
4685 | +/* End Data Structures */\r | |
4686 | +\r | |
4687 | +/* Begin SHA hash section */\r | |
4688 | +#define SHA1HANDSOFF /* Copies data before messing with it. */\r | |
4689 | +\r | |
4690 | +struct SHA1_CTX {\r | |
4691 | + unsigned long state[5];\r | |
4692 | + unsigned long count[2];\r | |
4693 | + unsigned char buffer[64];\r | |
4694 | +};\r | |
4695 | +\r | |
4696 | +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))\r | |
4697 | +\r | |
4698 | +/* blk0() and blk() perform the initial expand. */\r | |
4699 | +/* I got the idea of expanding during the round function from SSLeay */\r | |
4700 | +#ifdef __LITTLE_ENDIAN\r | |
4701 | +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \\r | |
4702 | + |(rol(block->l[i],8)&0x00FF00FF))\r | |
4703 | +#else\r | |
4704 | +#define blk0(i) block->l[i]\r | |
4705 | +#endif /* __LITTLE_ENDIAN */\r | |
4706 | +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \\r | |
4707 | + ^block->l[(i+2)&15]^block->l[i&15],1))\r | |
4708 | +\r | |
4709 | + /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */\r | |
4710 | +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);\r | |
4711 | +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);\r | |
4712 | +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);\r | |
4713 | +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);\r | |
4714 | +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);\r | |
4715 | +/* End SHA hash section */\r | |
4716 | diff -urN linux/include/linux/obvcipher.h linux/include/linux/obvcipher.h\r | |
4717 | --- linux/include/linux/obvcipher.h Wed Dec 31 19:00:00 1969\r | |
4718 | +++ linux/include/linux/obvcipher.h Mon Nov 26 10:38:10 2001\r | |
4719 | @@ -0,0 +1,4 @@\r | |
4720 | +extern void SHA1Init(struct SHA1_CTX *context);\r | |
4721 | +extern void SHA1Update(struct SHA1_CTX *context, unsigned char *data,unsigned int len);\r | |
4722 | +extern void SHA1Final(unsigned char digest[20],struct SHA1_CTX *context);\r | |
4723 | +extern int obv_chkpw(struct obv_pw *entry);\r | |
4724 | diff -urN linux/include/linux/obvdefs.h linux/include/linux/obvdefs.h\r | |
4725 | --- linux/include/linux/obvdefs.h Wed Dec 31 19:00:00 1969\r | |
4726 | +++ linux/include/linux/obvdefs.h Mon Nov 26 11:15:31 2001\r | |
4727 | @@ -0,0 +1,83 @@\r | |
4728 | +\r | |
4729 | +/* Begin Status/Return value declarations */\r | |
4730 | +\r | |
4731 | +#define OBV_ALLOW 1\r | |
4732 | +#define OBV_NOTFOUND -1\r | |
4733 | +#define OBV_DENY 0\r | |
4734 | +\r | |
4735 | +#define OBV_LOADING 0x01\r | |
4736 | +#define OBV_DISABLED 0x02\r | |
4737 | +#define OBV_READY 0x04\r | |
4738 | +#define OBV_1ST 0x08\r | |
4739 | +/* Debugging mode*/ \r | |
4740 | +#define OBV_TESTING 0x080\r | |
4741 | +\r | |
4742 | +#ifdef CONFIG_OBV_DEF_DENY\r | |
4743 | +#define OBV_DEFAULT OBV_DENY\r | |
4744 | +#endif\r | |
4745 | +#ifdef CONFIG_OBV_DEF_DENY_ROOT\r | |
4746 | +#define OBV_DEFAULT !(current->euid) ? OBV_DENY : OBV_ALLOW;\r | |
4747 | +#endif\r | |
4748 | +#ifdef CONFIG_OBV_DEF_ALLOW\r | |
4749 | +#define OBV_DEFAULT OBV_ALLOW\r | |
4750 | +#endif\r | |
4751 | +\r | |
4752 | +/* End Status declarations */\r | |
4753 | +\r | |
4754 | +\r | |
4755 | +\r | |
4756 | +\r | |
4757 | +/* Begin ACL declarations */\r | |
4758 | +#define OBV_READ 0x01\r | |
4759 | +#define OBV_APPEND 0x02\r | |
4760 | +#define OBV_WRITE 0x04\r | |
4761 | +#define OBV_EXEC 0x08\r | |
4762 | +#define OBV_HIDDEN 0x10\r | |
4763 | +#define OBV_OVERRIDE 0x20 /* Override File ACL, useful for proc only*/\r | |
4764 | +#define OBV_PROTECTED 0x40\r | |
4765 | +#define OBV_NONEXISTANT 0x40000000 /* File does not exist, check parent. Done when *checking* for a file's ACL */\r | |
4766 | +\r | |
4767 | +\r | |
4768 | +/* Standard stuff done, on to File ACL stuff */\r | |
4769 | +\r | |
4770 | +#define OBV_FILE_READ OBV_READ\r | |
4771 | +#define OBV_FILE_APPEND OBV_APPEND\r | |
4772 | +#define OBV_FILE_WRITE (OBV_WRITE | OBV_APPEND)\r | |
4773 | +#define OBV_FILE_EXEC OBV_EXEC\r | |
4774 | +#define OBV_FILE_HIDDEN OBV_HIDDEN\r | |
4775 | +\r | |
4776 | +\r | |
4777 | +#define OBV_PROC_READ OBV_READ\r | |
4778 | +#define OBV_PROC_APPEND OBV_APPEND\r | |
4779 | +#define OBV_PROC_WRITE (OBV_WRITE|OBV_APPEND); /* write access implies append access*/\r | |
4780 | +#define OBV_PROC_EXEC OBV_EXEC\r | |
4781 | +#define OBV_PROC_ACCESS OBV_HIDDEN\r | |
4782 | +#define OBV_PROC_OVERRIDE OBV_OVERRIDE\r | |
4783 | +#define OBV_PROC_IGN_DEFAULT OBV_IGN_DEFAULT\r | |
4784 | +#define OBV_PROC_HIDDEN OBV_HIDDEN /* Hidden, unkillable(except by init) process. Good for hiding your IDSes / logging daemons:)*/\r | |
4785 | +#define OBV_PROC_PROTECTED OBV_PROTECTED\r | |
4786 | + \r | |
4787 | +/* Begin TODO */\r | |
4788 | +#define OBV_REQSUM 0x200 /* Require program to have SHAsum in database*/\r | |
4789 | +#define OBV_INHERIT 0x400 /* Children inherit parent's process acls*/\r | |
4790 | +#define OBV_AUTH 0x100 /* Require secondary authentication before execution*/\r | |
4791 | +#define OBV_AUTH_IF_ROOT 0x800 /* Require secondary authentication IF the user has root priveleges */\r | |
4792 | +\r | |
4793 | +#define OBV_FILE_REQSUM OBV_REQSUM\r | |
4794 | +#define OBV_FILE_AUTH OBV_AUTH\r | |
4795 | +#define OBV_PROC_REQSUM OBV_REQSUM\r | |
4796 | +#define OBV_PROC_INHERIT OBV_INHERIT\r | |
4797 | +#define OBV_PROC_AUTH OBV_AUTH\r | |
4798 | +#define OBV_PROC_AUTH_IF_ROOT OBV_AUTH_IF_ROOT\r | |
4799 | +/* End TODO */\r | |
4800 | +\r | |
4801 | +#define OBV_PROC_EXTRA (OBV_PROC_OVERRIDE|OBV_PROC_REQSUM|OBV_PROC_INHERIT|OBV_PROC_AUTH)\r | |
4802 | +/* Extra things that must be checked after a search*/\r | |
4803 | +\r | |
4804 | +#define OBV_FILE_EXTRA (OBV_FILE_REQSUM|OBV_FILE_AUTH)\r | |
4805 | +#define OBV_RW (OBV_READ|OBV_WRITE)\r | |
4806 | +#define OBV_RX (OBV_READ|OBV_EXEC)\r | |
4807 | +#define OBV_RWX (OBV_READ|OBV_WRITE|OBV_EXEC)\r | |
4808 | +\r | |
4809 | +/* End ACL Declarations */\r | |
4810 | +\r | |
4811 | diff -urN linux/include/linux/obvext.h linux/include/linux/obvext.h\r | |
4812 | --- linux/include/linux/obvext.h Wed Dec 31 19:00:00 1969\r | |
4813 | +++ linux/include/linux/obvext.h Mon Nov 26 11:16:21 2001\r | |
4814 | @@ -0,0 +1,17 @@\r | |
4815 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r | |
4816 | + * Oblivion external header\r | |
4817 | + * Used for sections of the kernel that must access oblivion\r | |
4818 | + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\r | |
4819 | +\r | |
4820 | +#include <linux/dcache.h>\r | |
4821 | +#include <linux/sysctl.h>\r | |
4822 | +#include <linux/obvdefs.h>\r | |
4823 | +\r | |
4824 | +extern int obv_status;\r | |
4825 | +extern int obv_disable;\r | |
4826 | +extern int obv_check_hidden(struct dentry *dentry, struct vfsmount *mnt);\r | |
4827 | +extern int obv_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt);\r | |
4828 | +extern int obv_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt);\r | |
4829 | +extern int obv_check_hidden_proc(struct task_struct *tsk);\r | |
4830 | +extern int obv_check_protected(struct task_struct *tsk);\r | |
4831 | +extern int obv_proc_handler(ctl_table *table,int write, struct file *filp, void *buffer, size_t *lenp);\r | |
4832 | diff -urN linux/include/linux/proc_fs.h linux/include/linux/proc_fs.h\r | |
4833 | --- linux/include/linux/proc_fs.h Thu Nov 22 14:46:23 2001\r | |
4834 | +++ linux/include/linux/proc_fs.h Mon Nov 26 11:16:21 2001\r | |
4835 | @@ -137,6 +137,9 @@\r | |
4836 | extern struct proc_dir_entry *proc_mknod(const char *,mode_t,\r | |
4837 | struct proc_dir_entry *,kdev_t);\r | |
4838 | extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);\r | |
4839 | +#ifdef CONFIG_GRKERNSEC_PROC\r | |
4840 | +extern struct proc_dir_entry *proc_priv_mkdir(const char *, mode_t mode, struct proc_dir_entry *);\r | |
4841 | +#endif\r | |
4842 | \r | |
4843 | static inline struct proc_dir_entry *create_proc_read_entry(const char *name,\r | |
4844 | mode_t mode, struct proc_dir_entry *base, \r | |
4845 | diff -urN linux/include/linux/sched.h linux/include/linux/sched.h\r | |
4846 | --- linux/include/linux/sched.h Thu Nov 22 14:46:19 2001\r | |
4847 | +++ linux/include/linux/sched.h Mon Nov 26 11:15:22 2001\r | |
4848 | @@ -29,6 +29,10 @@\r | |
4849 | \r | |
4850 | struct exec_domain;\r | |
4851 | \r | |
4852 | +#ifdef CONFIG_OBV_PROC\r | |
4853 | +struct obv_acl;\r | |
4854 | +#endif\r | |
4855 | +\r | |
4856 | /*\r | |
4857 | * cloning flags:\r | |
4858 | */\r | |
4859 | @@ -225,6 +229,12 @@\r | |
4860 | unsigned long cpu_vm_mask;\r | |
4861 | unsigned long swap_address;\r | |
4862 | \r | |
4863 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4864 | + unsigned long delta_mmap; /* PaX: randomized offset */\r | |
4865 | + unsigned long delta_exec; /* PaX: randomized offset */\r | |
4866 | + unsigned long delta_stack; /* PaX: randomized offset */\r | |
4867 | +#endif\r | |
4868 | + \r | |
4869 | unsigned dumpable:1;\r | |
4870 | \r | |
4871 | /* Architecture-specific MM context */\r | |
4872 | @@ -401,6 +411,10 @@\r | |
4873 | int (*notifier)(void *priv);\r | |
4874 | void *notifier_data;\r | |
4875 | sigset_t *notifier_mask;\r | |
4876 | +\r | |
4877 | +#ifdef CONFIG_OBV_PROC\r | |
4878 | + struct obv_acl *obvacl;\r | |
4879 | +#endif\r | |
4880 | \r | |
4881 | /* Thread group tracking */\r | |
4882 | u32 parent_exec_id;\r | |
4883 | @@ -429,6 +443,13 @@\r | |
4884 | \r | |
4885 | #define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */\r | |
4886 | \r | |
4887 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4888 | +#define PF_PAX_PAGEEXEC 0x01000000 /* PaX: Enforce PAGE_EXEC */\r | |
4889 | +#define PF_PAX_EMUTRAMP 0x02000000 /* PaX: Emulate trampolines */\r | |
4890 | +#define PF_PAX_MPROTECT 0x04000000 /* PaX: Restrict mprotect() */\r | |
4891 | +#define PF_PAX_RANDMMAP 0x08000000 /* PaX: Randomize mmap() base */\r | |
4892 | +#endif\r | |
4893 | +\r | |
4894 | /*\r | |
4895 | * Ptrace flags\r | |
4896 | */\r | |
4897 | @@ -436,8 +457,18 @@\r | |
4898 | #define PT_PTRACED 0x00000001\r | |
4899 | #define PT_TRACESYS 0x00000002\r | |
4900 | #define PT_DTRACE 0x00000004 /* delayed trace (used on m68k, i386) */\r | |
4901 | +#ifdef CONFIG_GRKERNSEC_STACK\r | |
4902 | +#define PF_STACKEXEC 0x01000000\r | |
4903 | +#endif\r | |
4904 | #define PT_TRACESYSGOOD 0x00000008\r | |
4905 | #define PT_PTRACE_CAP 0x00000010 /* ptracer can follow suid-exec */\r | |
4906 | +\r | |
4907 | +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r | |
4908 | +/* PaX: for handling DTLB trashing */\r | |
4909 | +#define PT_PAX_TRACE 0x00000020\r | |
4910 | +#define PT_PAX_KEEPTF 0x00000040\r | |
4911 | +#define PT_PAX_OLDTF 0x00000080\r | |
4912 | +#endif\r | |
4913 | \r | |
4914 | /*\r | |
4915 | * Limit the stack by to some sane default: root can always\r | |
4916 | diff -urN linux/include/linux/sysctl.h linux/include/linux/sysctl.h\r | |
4917 | --- linux/include/linux/sysctl.h Mon Nov 26 08:29:17 2001\r | |
4918 | +++ linux/include/linux/sysctl.h Mon Nov 26 11:15:37 2001\r | |
4919 | @@ -124,6 +124,8 @@\r | |
cab4bb15 | 4920 | KERN_TAINTED=53, /* int: various kernel tainted flags */\r |
4921 | KERN_CADPID=54, /* int: PID of the process to notify on CAD */\r | |
842916cd | 4922 | KERN_KDB=55, /* int: kdb on/off */\r |
cab4bb15 | 4923 | + KERN_GRSECURITY=68, /* grsecurity */\r |
4924 | + KERN_OBV = 69 /* struct obv_pw, controls oblivion*/\r | |
4925 | };\r | |
4926 | \r | |
4927 | \r | |
4928 | diff -urN linux/include/net/inetpeer.h linux/include/net/inetpeer.h\r | |
4929 | --- linux/include/net/inetpeer.h Thu Nov 22 14:47:11 2001\r | |
4930 | +++ linux/include/net/inetpeer.h Mon Nov 26 11:28:13 2001\r | |
4931 | @@ -14,6 +14,11 @@\r | |
4932 | #include <linux/sched.h>\r | |
4933 | #include <linux/spinlock.h>\r | |
4934 | #include <asm/atomic.h>\r | |
4935 | +#include <linux/config.h>\r | |
4936 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
4937 | +#include <linux/grsecurity.h>\r | |
4938 | +extern __u16 ip_randomid(void);\r | |
4939 | +#endif\r | |
4940 | \r | |
4941 | struct inet_peer\r | |
4942 | {\r | |
4943 | @@ -58,6 +63,11 @@\r | |
4944 | __u16 id;\r | |
4945 | \r | |
4946 | spin_lock_bh(&inet_peer_idlock);\r | |
4947 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
4948 | + if(grsec_enable_randid)\r | |
4949 | + id = htons(ip_randomid());\r | |
4950 | + else\r | |
4951 | +#endif\r | |
4952 | id = p->ip_id_count++;\r | |
4953 | spin_unlock_bh(&inet_peer_idlock);\r | |
4954 | return id;\r | |
4955 | diff -urN linux/include/net/ip.h linux/include/net/ip.h\r | |
4956 | --- linux/include/net/ip.h Thu Nov 22 14:47:15 2001\r | |
4957 | +++ linux/include/net/ip.h Mon Nov 26 11:28:13 2001\r | |
4958 | @@ -38,6 +38,11 @@\r | |
4959 | \r | |
4960 | #include <net/sock.h> /* struct sock */\r | |
4961 | \r | |
4962 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
4963 | +#include <linux/grsecurity.h>\r | |
4964 | +extern __u16 ip_randomid(void);\r | |
4965 | +#endif\r | |
4966 | +\r | |
4967 | struct inet_skb_parm\r | |
4968 | {\r | |
4969 | struct ip_options opt; /* Compiled IP options */\r | |
4970 | @@ -196,6 +201,11 @@\r | |
4971 | * does not change, they drop every other packet in\r | |
4972 | * a TCP stream using header compression.\r | |
4973 | */\r | |
4974 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
4975 | + if(grsec_enable_randid)\r | |
4976 | + iph->id = htons(ip_randomid());\r | |
4977 | + else\r | |
4978 | +#endif\r | |
4979 | iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);\r | |
4980 | } else\r | |
4981 | __ip_select_ident(iph, dst);\r | |
4982 | diff -urN linux/init/main.c linux/init/main.c\r | |
4983 | --- linux/init/main.c Fri Nov 9 17:15:00 2001\r | |
4984 | +++ linux/init/main.c Mon Nov 26 10:38:11 2001\r | |
4985 | @@ -69,6 +69,12 @@\r | |
4986 | #include <asm/smp.h>\r | |
4987 | #endif\r | |
4988 | \r | |
4989 | +#ifdef CONFIG_OBV_PROC\r | |
4990 | +#include <linux/obvext.h>\r | |
4991 | +#endif\r | |
4992 | +\r | |
4993 | +\r | |
4994 | +\r | |
4995 | /*\r | |
4996 | * Versions of gcc older than that listed below may actually compile\r | |
4997 | * and link okay, but the end product can have subtle run time bugs.\r | |
4998 | @@ -107,6 +113,12 @@\r | |
4999 | extern void ipc_init(void);\r | |
5000 | #endif\r | |
5001 | \r | |
5002 | +#ifdef CONFIG_OBV_PROC\r | |
5003 | +static __init int obv_setup(char *line);\r | |
5004 | +#endif\r | |
5005 | +\r | |
5006 | +\r | |
5007 | +\r | |
5008 | /*\r | |
5009 | * Boot command-line arguments\r | |
5010 | */\r | |
5011 | @@ -307,6 +319,19 @@\r | |
5012 | }\r | |
5013 | \r | |
5014 | __setup("root=", root_dev_setup);\r | |
5015 | +\r | |
5016 | +#ifdef CONFIG_OBV_PROC\r | |
5017 | +static int __init obv_setup(char *str) \r | |
5018 | +{\r | |
5019 | +#ifdef CONFIG_OBV_DEBUG\r | |
5020 | + obv_seclog("Obv got %.3s at startup\n",str);\r | |
5021 | +#endif\r | |
5022 | + if(*str == '0') obv_disable = 1;\r | |
5023 | + return 1;\r | |
5024 | +}\r | |
5025 | +__setup("oblivion=",obv_setup);\r | |
5026 | +#endif\r | |
5027 | +\r | |
5028 | \r | |
5029 | static int __init checksetup(char *line)\r | |
5030 | {\r | |
5031 | diff -urN linux/kernel/Makefile linux/kernel/Makefile\r | |
5032 | --- linux/kernel/Makefile Mon Sep 17 00:22:40 2001\r | |
5033 | +++ linux/kernel/Makefile Mon Nov 26 10:38:11 2001\r | |
842916cd | 5034 | @@ -14,12 +14,13 @@\r |
cab4bb15 | 5035 | obj-y = sched.o dma.o fork.o exec_domain.o panic.o printk.o \\r |
5036 | module.o exit.o itimer.o info.o time.o softirq.o resource.o \\r | |
5037 | sysctl.o acct.o capability.o ptrace.o timer.o user.o \\r | |
5038 | - signal.o sys.o kmod.o context.o\r | |
5039 | + signal.o sys.o grsecurity.o kmod.o context.o\r | |
5040 | \r | |
5041 | obj-$(CONFIG_UID16) += uid16.o\r | |
5042 | obj-$(CONFIG_MODULES) += ksyms.o\r | |
5043 | obj-$(CONFIG_PM) += pm.o\r | |
842916cd | 5044 | obj-$(CONFIG_KALLSYMS) += kallsyms.o\r |
cab4bb15 | 5045 | +obj-$(CONFIG_OBV_PROC) += oblivion.o obvqsort.o obvhash.o\r |
5046 | \r | |
5047 | ifneq ($(CONFIG_IA64),y)\r | |
5048 | # According to Alan Modra <alan@linuxcare.com.au>, the -fno-omit-frame-pointer is\r | |
5049 | diff -urN linux/kernel/exit.c linux/kernel/exit.c\r | |
5050 | --- linux/kernel/exit.c Wed Nov 21 17:42:27 2001\r | |
5051 | +++ linux/kernel/exit.c Mon Nov 26 10:38:11 2001\r | |
5052 | @@ -20,6 +20,10 @@\r | |
5053 | #include <asm/pgtable.h>\r | |
5054 | #include <asm/mmu_context.h>\r | |
5055 | \r | |
5056 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5057 | +#include <linux/grsecurity.h>\r | |
5058 | +#endif\r | |
5059 | +\r | |
5060 | extern void sem_exit (void);\r | |
5061 | extern struct task_struct *child_reaper;\r | |
5062 | \r | |
5063 | @@ -416,6 +420,10 @@\r | |
5064 | write_unlock_irq(&tasklist_lock);\r | |
5065 | }\r | |
5066 | \r | |
5067 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5068 | +pid_t last_pids[64];\r | |
5069 | +int cur_n_pids;\r | |
5070 | +#endif\r | |
5071 | NORET_TYPE void do_exit(long code)\r | |
5072 | {\r | |
5073 | struct task_struct *tsk = current;\r | |
5074 | @@ -436,6 +444,12 @@\r | |
5075 | __exit_mm(tsk);\r | |
5076 | \r | |
5077 | lock_kernel();\r | |
5078 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5079 | + if(grsec_enable_randpid){\r | |
5080 | + last_pids[cur_n_pids++] = tsk -> pid;\r | |
5081 | + cur_n_pids &= 63;\r | |
5082 | + }\r | |
5083 | +#endif\r | |
5084 | sem_exit();\r | |
5085 | __exit_files(tsk);\r | |
5086 | __exit_fs(tsk);\r | |
5087 | diff -urN linux/kernel/fork.c linux/kernel/fork.c\r | |
5088 | --- linux/kernel/fork.c Wed Nov 21 13:18:42 2001\r | |
5089 | +++ linux/kernel/fork.c Mon Nov 26 10:38:11 2001\r | |
5090 | @@ -20,12 +20,29 @@\r | |
5091 | #include <linux/vmalloc.h>\r | |
5092 | #include <linux/completion.h>\r | |
5093 | #include <linux/personality.h>\r | |
5094 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5095 | +#include <linux/random.h>\r | |
5096 | +#endif\r | |
5097 | +\r | |
5098 | +#if defined(CONFIG_GRKERNSEC_FORKFAIL)||defined(CONFIG_GRKERNSEC_RANDPID) \\r | |
5099 | + || defined(CONFIG_GRKERNSEC_FORKBOMB)\r | |
5100 | +#include <linux/grsecurity.h>\r | |
5101 | +#endif\r | |
5102 | \r | |
5103 | #include <asm/pgtable.h>\r | |
5104 | #include <asm/pgalloc.h>\r | |
5105 | #include <asm/uaccess.h>\r | |
5106 | #include <asm/mmu_context.h>\r | |
5107 | \r | |
5108 | +#ifdef CONFIG_OBV_PROC\r | |
5109 | +#include <linux/oblivion.h>\r | |
5110 | +#endif\r | |
5111 | +\r | |
5112 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5113 | +extern struct entropy_store *random_state;\r | |
5114 | +extern struct entropy_store *sec_random_state;\r | |
5115 | +#endif\r | |
5116 | +\r | |
5117 | /* The idle threads do not count.. */\r | |
5118 | int nr_threads;\r | |
5119 | int nr_running;\r | |
5120 | @@ -36,6 +53,13 @@\r | |
5121 | \r | |
5122 | struct task_struct *pidhash[PIDHASH_SZ];\r | |
5123 | \r | |
5124 | +#ifdef CONFIG_OBV_PROC\r | |
5125 | +static __inline__ int obv_copy_acl(struct task_struct *tsk) {\r | |
5126 | + tsk->obvacl = current->obvacl;\r | |
5127 | + return 0;\r | |
5128 | +}\r | |
5129 | +#endif\r | |
5130 | +\r | |
5131 | void add_wait_queue(wait_queue_head_t *q, wait_queue_t * wait)\r | |
5132 | {\r | |
5133 | unsigned long flags;\r | |
5134 | @@ -81,9 +105,18 @@\r | |
5135 | /* Protects next_safe and last_pid. */\r | |
5136 | spinlock_t lastpid_lock = SPIN_LOCK_UNLOCKED;\r | |
5137 | \r | |
5138 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5139 | +extern pid_t last_pids[64];\r | |
5140 | +extern int cur_n_pids;\r | |
5141 | +#endif\r | |
5142 | +\r | |
5143 | static int get_pid(unsigned long flags)\r | |
5144 | {\r | |
5145 | static int next_safe = PID_MAX;\r | |
5146 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5147 | + int loops; \r | |
5148 | +#endif\r | |
5149 | +\r | |
5150 | struct task_struct *p;\r | |
5151 | \r | |
5152 | if (flags & CLONE_PID)\r | |
5153 | @@ -91,32 +124,72 @@\r | |
5154 | \r | |
5155 | spin_lock(&lastpid_lock);\r | |
5156 | if((++last_pid) & 0xffff8000) {\r | |
5157 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5158 | + if(!grsec_enable_randpid || (current->p_pptr->pid < 1))\r | |
5159 | +#endif\r | |
5160 | last_pid = 300; /* Skip daemons etc. */\r | |
5161 | goto inside;\r | |
5162 | }\r | |
5163 | - if(last_pid >= next_safe) {\r | |
5164 | + if(last_pid >= \r | |
5165 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5166 | + (grsec_enable_randpid && (current->p_pptr->pid >= 1))?2:\r | |
5167 | +#endif\r | |
5168 | + next_safe) {\r | |
5169 | inside:\r | |
5170 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5171 | + if(!grsec_enable_randpid || (current->p_pptr->pid < 1))\r | |
5172 | +#endif\r | |
5173 | next_safe = PID_MAX;\r | |
5174 | read_lock(&tasklist_lock);\r | |
5175 | repeat:\r | |
5176 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5177 | + if (grsec_enable_randpid && (current->p_pptr->pid >= 1)) {\r | |
5178 | + if((random_state) || (sec_random_state)){\r | |
5179 | + do {\r | |
5180 | + get_random_bytes(&last_pid, sizeof(last_pid));\r | |
5181 | + last_pid %= PID_MAX;\r | |
5182 | + if(last_pid < 0)\r | |
5183 | + last_pid = -1 * last_pid;\r | |
5184 | + } while (last_pid <= 1);\r | |
5185 | + } else\r | |
5186 | + last_pid = 1+((xtime.tv_usec * total_forks) % PID_MAX);\r | |
5187 | + for(loops=0;loops<64;loops++){\r | |
5188 | + if(last_pids[loops] == last_pid)\r | |
5189 | + goto repeat;\r | |
5190 | + }\r | |
5191 | + }\r | |
5192 | +#endif\r | |
5193 | +\r | |
5194 | for_each_task(p) {\r | |
5195 | if(p->pid == last_pid ||\r | |
5196 | p->pgrp == last_pid ||\r | |
5197 | p->tgid == last_pid ||\r | |
5198 | p->session == last_pid) {\r | |
5199 | - if(++last_pid >= next_safe) {\r | |
5200 | + if(\r | |
5201 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5202 | + (!grsec_enable_randpid || \r | |
5203 | + (current->p_pptr->pid < 1)) &&\r | |
5204 | +#endif\r | |
5205 | + ++last_pid >= next_safe) {\r | |
5206 | if(last_pid & 0xffff8000)\r | |
5207 | last_pid = 300;\r | |
5208 | next_safe = PID_MAX;\r | |
5209 | }\r | |
5210 | goto repeat;\r | |
5211 | }\r | |
5212 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5213 | + if(!grsec_enable_randpid || \r | |
5214 | + (current->p_pptr->pid < 1)){\r | |
5215 | +#endif\r | |
5216 | if(p->pid > last_pid && next_safe > p->pid)\r | |
5217 | next_safe = p->pid;\r | |
5218 | if(p->pgrp > last_pid && next_safe > p->pgrp)\r | |
5219 | next_safe = p->pgrp;\r | |
5220 | if(p->session > last_pid && next_safe > p->session)\r | |
5221 | next_safe = p->session;\r | |
5222 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5223 | + }\r | |
5224 | +#endif\r | |
5225 | }\r | |
5226 | read_unlock(&tasklist_lock);\r | |
5227 | }\r | |
5228 | @@ -565,6 +638,39 @@\r | |
5229 | int retval;\r | |
5230 | struct task_struct *p;\r | |
5231 | struct completion vfork;\r | |
5232 | +#ifdef CONFIG_GRKERNSEC_FORKBOMB\r | |
5233 | + int fork_user;\r | |
5234 | + int sec_forks = 0;\r | |
5235 | + int user_tasks = 0;\r | |
5236 | + unsigned long curr_time = jiffies;\r | |
5237 | +\r | |
5238 | +fork_user = current->uid;\r | |
5239 | +if(grsec_enable_forkbomb) {\r | |
5240 | +if(in_group_p(grsec_forkbomb_gid) && fork_user){\r | |
5241 | + read_lock(&tasklist_lock);\r | |
5242 | + for_each_task(p)\r | |
5243 | + {\r | |
5244 | + if ((p->uid) == fork_user)\r | |
5245 | + {\r | |
5246 | + user_tasks++;\r | |
5247 | + if ( (curr_time - (p->start_time)) <= 100)\r | |
5248 | + sec_forks++;\r | |
5249 | + }\r | |
5250 | + }\r | |
5251 | + read_unlock(&tasklist_lock);\r | |
5252 | +\r | |
5253 | + if (user_tasks >= grsec_forkbomb_max){\r | |
5254 | + security_alert("max process limit reached with "\r | |
5255 | + DEFAULTSECMSG,"max proc limits reached",DEFAULTSECARGS);\r | |
5256 | + return(kill_pg(current->pgrp,SIGKILL,0));\r | |
5257 | + } else if (sec_forks >= grsec_forkbomb_sec){\r | |
5258 | + security_alert("fork rate-limit reached with "\r | |
5259 | + DEFAULTSECMSG,"fork rate-limits reached", DEFAULTSECARGS);\r | |
5260 | + return(kill_pg(current->pgrp,SIGKILL,0));\r | |
5261 | + }\r | |
5262 | +}\r | |
5263 | +}\r | |
5264 | +#endif\r | |
5265 | \r | |
5266 | retval = -EPERM;\r | |
5267 | \r | |
5268 | @@ -661,6 +767,11 @@\r | |
5269 | goto bad_fork_cleanup_fs;\r | |
5270 | if (copy_mm(clone_flags, p))\r | |
5271 | goto bad_fork_cleanup_sighand;\r | |
5272 | +#ifdef CONFIG_OBV_PROC\r | |
5273 | + if (obv_copy_acl(p))\r | |
5274 | + goto bad_fork_cleanup_sighand;\r | |
5275 | +#endif\r | |
5276 | +\r | |
5277 | retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);\r | |
5278 | if (retval)\r | |
5279 | goto bad_fork_cleanup_mm;\r | |
5280 | @@ -747,6 +858,11 @@\r | |
5281 | free_uid(p->user);\r | |
5282 | bad_fork_free:\r | |
5283 | free_task_struct(p);\r | |
5284 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL\r | |
5285 | + if(grsec_enable_forkfail)\r | |
5286 | + security_alert("failed fork with errno %d by " DEFAULTSECMSG,\r | |
5287 | + "failed forks",retval, DEFAULTSECARGS);\r | |
5288 | +#endif\r | |
5289 | goto fork_out;\r | |
5290 | }\r | |
5291 | \r | |
5292 | diff -urN linux/kernel/grsecurity.c linux/kernel/grsecurity.c\r | |
5293 | --- linux/kernel/grsecurity.c Wed Dec 31 19:00:00 1969\r | |
5294 | +++ linux/kernel/grsecurity.c Mon Nov 26 10:38:11 2001\r | |
5295 | @@ -0,0 +1,266 @@\r | |
5296 | +#include <linux/config.h>\r | |
5297 | +\r | |
5298 | +#ifdef CONFIG_GRKERNSEC_SYSCTL\r | |
5299 | +#ifdef CONFIG_GRKERNSEC_LINK\r | |
5300 | +int grsec_enable_link = 0;\r | |
5301 | +#endif\r | |
5302 | +#ifdef CONFIG_GRKERNSEC_FIFO\r | |
5303 | +int grsec_enable_fifo = 0;\r | |
5304 | +#endif\r | |
5305 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
5306 | +int grsec_enable_fd = 0;\r | |
5307 | +#endif\r | |
5308 | +#ifdef CONFIG_GRKERNSEC_EXECVE\r | |
5309 | +int grsec_enable_execve = 0;\r | |
5310 | +#endif\r | |
5311 | +#ifdef CONFIG_GRKERNSEC_FORKBOMB\r | |
5312 | +int grsec_enable_forkbomb = 0;\r | |
5313 | +int grsec_forkbomb_gid = 0;\r | |
5314 | +int grsec_forkbomb_sec = 0;\r | |
5315 | +int grsec_forkbomb_max = 0;\r | |
5316 | +#endif\r | |
5317 | +#ifdef CONFIG_GRKERNSEC_EXECLOG\r | |
5318 | +int grsec_enable_execlog = 0;\r | |
5319 | +#endif\r | |
5320 | +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r | |
5321 | +int grsec_enable_execlog_group = 0;\r | |
5322 | +int grsec_execlog_gid = 0;\r | |
5323 | +#endif\r | |
5324 | +#ifdef CONFIG_GRKERNSEC_SUID\r | |
5325 | +int grsec_enable_suid = 0;\r | |
5326 | +#endif\r | |
5327 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
5328 | +int grsec_enable_suid_root = 0;\r | |
5329 | +#endif\r | |
5330 | +#ifdef CONFIG_GRKERNSEC_SIGNAL\r | |
5331 | +int grsec_enable_signal = 0;\r | |
5332 | +#endif\r | |
5333 | +#ifdef CONFIG_GRKERNSEC_COREDUMP\r | |
5334 | +int grsec_enable_coredump = 0;\r | |
5335 | +#endif\r | |
5336 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL\r | |
5337 | +int grsec_enable_forkfail = 0;\r | |
5338 | +#endif\r | |
5339 | +#ifdef CONFIG_GRKERNSEC_TIME\r | |
5340 | +int grsec_enable_time = 0;\r | |
5341 | +#endif\r | |
5342 | +#ifdef CONFIG_GRKERNSEC_KBMAP\r | |
5343 | +int grsec_enable_kbmap = 0;\r | |
5344 | +#endif\r | |
5345 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
5346 | +int grsec_enable_randnet = 0;\r | |
5347 | +#endif\r | |
5348 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
5349 | +int grsec_enable_chroot = 0;\r | |
5350 | +#endif\r | |
5351 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r | |
5352 | +int grsec_enable_chroot_execlog = 0;\r | |
5353 | +#endif\r | |
5354 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r | |
5355 | +int grsec_enable_chroot_caps = 0;\r | |
5356 | +#endif\r | |
5357 | +#ifdef CONFIG_GRKERNSEC_TPE\r | |
5358 | +int grsec_enable_tpe = 0;\r | |
5359 | +int grsec_tpe_gid = 0;\r | |
5360 | +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r | |
5361 | +int grsec_enable_tpe_glibc = 0;\r | |
5362 | +#endif\r | |
5363 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL\r | |
5364 | +int grsec_enable_tpe_all = 0;\r | |
5365 | +#endif\r | |
5366 | +#endif\r | |
5367 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
5368 | +int grsec_enable_ptrace = 0;\r | |
5369 | +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r | |
5370 | +int grsec_enable_ptrace_group = 0;\r | |
5371 | +int grsec_ptrace_gid = 0;\r | |
5372 | +#endif\r | |
5373 | +#endif\r | |
5374 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5375 | +int grsec_enable_randpid = 0;\r | |
5376 | +#endif\r | |
5377 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
5378 | +int grsec_enable_randid = 0;\r | |
5379 | +#endif\r | |
5380 | +#ifdef CONFIG_GRKERNSEC_RANDSRC\r | |
5381 | +int grsec_enable_randsrc = 0;\r | |
5382 | +#endif\r | |
5383 | +#ifdef CONFIG_GRKERNSEC_RANDPING\r | |
5384 | +int grsec_enable_randping = 0;\r | |
5385 | +#endif\r | |
5386 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
5387 | +int grsec_enable_randttl = 0;\r | |
5388 | +int grsec_randttl_thresh = 0;\r | |
5389 | +#endif\r | |
5390 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r | |
5391 | +int grsec_enable_socket_all = 0;\r | |
5392 | +int grsec_socket_all_gid = 0;\r | |
5393 | +#endif\r | |
5394 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r | |
5395 | +int grsec_enable_socket_client = 0;\r | |
5396 | +int grsec_socket_client_gid = 0;\r | |
5397 | +#endif\r | |
5398 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r | |
5399 | +int grsec_enable_socket_server = 0;\r | |
5400 | +int grsec_socket_server_gid = 0;\r | |
5401 | +#endif\r | |
5402 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r | |
5403 | +int grsec_enable_stealth_rst = 0;\r | |
5404 | +#endif\r | |
5405 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r | |
5406 | +int grsec_enable_stealth_udp = 0;\r | |
5407 | +#endif\r | |
5408 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r | |
5409 | +int grsec_enable_stealth_icmp = 0;\r | |
5410 | +#endif\r | |
5411 | +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
5412 | +int grsec_enable_stealth_igmp = 0;\r | |
5413 | +#endif\r | |
5414 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r | |
5415 | +int grsec_enable_stealth_flags = 0;\r | |
5416 | +#endif\r | |
5417 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r | |
5418 | +int grsec_enable_stealth_flags_log = 0;\r | |
5419 | +#endif\r | |
5420 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r | |
5421 | +int grsec_enable_stealth_udp_log = 0;\r | |
5422 | +#endif\r | |
5423 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
5424 | +int grsec_enable_stealth_rst_log = 0;\r | |
5425 | +#endif\r | |
5426 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r | |
5427 | +int grsec_enable_stealth_icmp_log = 0;\r | |
5428 | +#endif\r | |
5429 | +int grsec_lock = 0;\r | |
5430 | +#else\r | |
5431 | +#ifdef CONFIG_GRKERNSEC_LINK\r | |
5432 | +int grsec_enable_link = 1;\r | |
5433 | +#endif\r | |
5434 | +#ifdef CONFIG_GRKERNSEC_FIFO\r | |
5435 | +int grsec_enable_fifo = 1;\r | |
5436 | +#endif\r | |
5437 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
5438 | +int grsec_enable_fd = 1;\r | |
5439 | +#endif\r | |
5440 | +#ifdef CONFIG_GRKERNSEC_EXECVE\r | |
5441 | +int grsec_enable_execve = 1;\r | |
5442 | +#endif\r | |
5443 | +#ifdef CONFIG_GRKERNSEC_FORKBOMB\r | |
5444 | +int grsec_enable_forkbomb = 1;\r | |
5445 | +int grsec_forkbomb_gid = CONFIG_GRKERNSEC_FORKBOMB_GID;\r | |
5446 | +int grsec_forkbomb_sec = CONFIG_GRKERNSEC_FORKBOMB_SEC;\r | |
5447 | +int grsec_forkbomb_max = CONFIG_GRKERNSEC_FORKBOMB_MAX;\r | |
5448 | +#endif\r | |
5449 | +#ifdef CONFIG_GRKERNSEC_EXECLOG\r | |
5450 | +int grsec_enable_execlog = 1;\r | |
5451 | +#endif\r | |
5452 | +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r | |
5453 | +int grsec_enable_execlog_group = 1;\r | |
5454 | +int grsec_execlog_gid= CONFIG_GRKERNSEC_EXECLOG_GID;\r | |
5455 | +#endif\r | |
5456 | +#ifdef CONFIG_GRKERNSEC_SUID\r | |
5457 | +int grsec_enable_suid = 1;\r | |
5458 | +#endif\r | |
5459 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
5460 | +int grsec_enable_suid_root = 1;\r | |
5461 | +#endif\r | |
5462 | +#ifdef CONFIG_GRKERNSEC_SIGNAL\r | |
5463 | +int grsec_enable_signal = 1;\r | |
5464 | +#endif\r | |
5465 | +#ifdef CONFIG_GRKERNSEC_COREDUMP\r | |
5466 | +int grsec_enable_coredump = 1;\r | |
5467 | +#endif\r | |
5468 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL\r | |
5469 | +int grsec_enable_forkfail = 1;\r | |
5470 | +#endif\r | |
5471 | +#ifdef CONFIG_GRKERNSEC_TIME\r | |
5472 | +int grsec_enable_time = 1;\r | |
5473 | +#endif\r | |
5474 | +#ifdef CONFIG_GRKERNSEC_KBMAP\r | |
5475 | +int grsec_enable_kbmap = 1;\r | |
5476 | +#endif\r | |
5477 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
5478 | +int grsec_enable_randnet = 1;\r | |
5479 | +#endif\r | |
5480 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
5481 | +int grsec_enable_chroot = 1;\r | |
5482 | +#endif\r | |
5483 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r | |
5484 | +int grsec_enable_chroot_execlog = 1;\r | |
5485 | +#endif\r | |
5486 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r | |
5487 | +int grsec_enable_chroot_caps = 1;\r | |
5488 | +#endif\r | |
5489 | +#ifdef CONFIG_GRKERNSEC_TPE\r | |
5490 | +int grsec_enable_tpe = 1;\r | |
5491 | +int grsec_tpe_gid= CONFIG_GRKERNSEC_TPE_GID;\r | |
5492 | +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r | |
5493 | +int grsec_enable_tpe_glibc = 1;\r | |
5494 | +#endif\r | |
5495 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL\r | |
5496 | +int grsec_enable_tpe_all = 1;\r | |
5497 | +#endif\r | |
5498 | +#endif\r | |
5499 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
5500 | +int grsec_enable_ptrace = 1;\r | |
5501 | +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r | |
5502 | +int grsec_enable_ptrace_group = 1;\r | |
5503 | +int grsec_ptrace_gid = CONFIG_GRKERNSEC_PTRACE_GID;\r | |
5504 | +#endif\r | |
5505 | +#endif\r | |
5506 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
5507 | +int grsec_enable_randpid = 1;\r | |
5508 | +#endif\r | |
5509 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
5510 | +int grsec_enable_randid = 1;\r | |
5511 | +#endif\r | |
5512 | +#ifdef CONFIG_GRKERNSEC_RANDSRC\r | |
5513 | +int grsec_enable_randsrc = 1;\r | |
5514 | +#endif\r | |
5515 | +#ifdef CONFIG_GRKERNSEC_RANDPING\r | |
5516 | +int grsec_enable_randping = 1;\r | |
5517 | +#endif\r | |
5518 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
5519 | +int grsec_enable_randttl = 1;\r | |
5520 | +int grsec_randttl_thresh= CONFIG_GRKERNSEC_RANDTTL_THRESH;\r | |
5521 | +#endif\r | |
5522 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r | |
5523 | +int grsec_enable_socket_all = 1;\r | |
5524 | +int grsec_socket_all_gid= CONFIG_GRKERNSEC_SOCKET_ALL_GID;\r | |
5525 | +#endif\r | |
5526 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r | |
5527 | +int grsec_enable_socket_client = 1;\r | |
5528 | +int grsec_socket_client_gid= CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;\r | |
5529 | +#endif\r | |
5530 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r | |
5531 | +int grsec_enable_socket_server = 1;\r | |
5532 | +int grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;\r | |
5533 | +#endif\r | |
5534 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r | |
5535 | +int grsec_enable_stealth_rst = 1;\r | |
5536 | +#endif\r | |
5537 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r | |
5538 | +int grsec_enable_stealth_udp = 1;\r | |
5539 | +#endif\r | |
5540 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r | |
5541 | +int grsec_enable_stealth_icmp = 1;\r | |
5542 | +#endif\r | |
5543 | +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
5544 | +int grsec_enable_stealth_igmp = 1;\r | |
5545 | +#endif\r | |
5546 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r | |
5547 | +int grsec_enable_stealth_flags = 1;\r | |
5548 | +#endif\r | |
5549 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r | |
5550 | +int grsec_enable_stealth_flags_log = 1;\r | |
5551 | +#endif\r | |
5552 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r | |
5553 | +int grsec_enable_stealth_udp_log = 1;\r | |
5554 | +#endif\r | |
5555 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
5556 | +int grsec_enable_stealth_rst_log = 1;\r | |
5557 | +#endif\r | |
5558 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r | |
5559 | +int grsec_enable_stealth_icmp_log = 1;\r | |
5560 | +#endif\r | |
5561 | +#endif\r | |
5562 | diff -urN linux/kernel/oblivion.c linux/kernel/oblivion.c\r | |
5563 | --- linux/kernel/oblivion.c Wed Dec 31 19:00:00 1969\r | |
5564 | +++ linux/kernel/oblivion.c Mon Nov 26 10:38:11 2001\r | |
5565 | @@ -0,0 +1,1348 @@\r | |
5566 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r | |
5567 | + * Oblivion: A Security-Enhancing Linux Kernel Modification\r | |
5568 | + * Author: Michael Dalton\r | |
5569 | + * E-Mail: michael@linux.com\r | |
5570 | + * Information: This modification is designed to give \r | |
5571 | + * fine-tuned control over processes, to prevent\r | |
5572 | + * the damage of buffer overflows by disallowing them to run or\r | |
5573 | + * write to anything that is abnormal. It also protects files from\r | |
5574 | + * access by unauthorized programs(read only/append only/hidden modes)\r | |
5575 | + * and has capability management features.\r | |
5576 | + *\r | |
5577 | + * Modifications\r | |
5578 | + * 4-20-2001 - Began development of OPM .3 \r | |
5579 | + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\r | |
5580 | +\r | |
5581 | +/* Access Layers */\r | |
5582 | +\r | |
5583 | +/* Files -\r | |
5584 | + * file database -> file info\r | |
5585 | + */\r | |
5586 | +\r | |
5587 | +/* Process\r | |
5588 | + * process database -> process entry (and capabilities) -> process file access rights \r | |
5589 | + */\r | |
5590 | +\r | |
5591 | +#include <linux/kernel.h>\r | |
5592 | +#include <linux/mm.h>\r | |
5593 | +#include <linux/ctype.h>\r | |
5594 | +#include <asm/uaccess.h>\r | |
5595 | +#include <asm/errno.h>\r | |
5596 | +#include <linux/file.h>\r | |
5597 | +#include <linux/fs.h>\r | |
5598 | +#include <linux/slab.h>\r | |
5599 | +#include <linux/types.h>\r | |
5600 | +#include <linux/capability.h>\r | |
5601 | +#include <linux/sched.h>\r | |
5602 | +#include <linux/oblivion.h>\r | |
5603 | +#include <linux/obvcipher.h>\r | |
5604 | +#include <linux/sysctl.h>\r | |
5605 | +#include <linux/grsecurity.h>\r | |
5606 | +\r | |
5607 | +#define OBV_SET_AUTH 1\r | |
5608 | +#define OBV_SET_INHERIT 2\r | |
5609 | +#define OBV_SET_PROC 3\r | |
5610 | +\r | |
5611 | +#define CONFIG_OBV_PROCACL_CONF "/etc/obv/proc.acl"\r | |
5612 | +#define CONFIG_OBV_FILEACL_CONF "/etc/obv/file.acl"\r | |
5613 | +#define CONFIG_OBV_SUM_CONF "/etc/obv/sum.db"\r | |
5614 | +#define CONFIG_OBV_PW_CONF "/etc/obv/pw"\r | |
5615 | +#define CONFIG_OBVADM_ACL CONFIG_OBVADM_PATH ## " fx"\r | |
5616 | +#define CONFIG_GODMODE_ACL "/ frwxoi"\r | |
5617 | +/* i.e. this would become "/sbin/obvadm x" for executable access only to\r | |
5618 | + * /sbin/obvadm (and find it if its hidden) */\r | |
5619 | +\r | |
5620 | +#define obv_empty_tree (struct obv_proc_acl *) NULL\r | |
5621 | +\r | |
5622 | +#define obv_heightof(tree) ( (tree == obv_empty_tree) ? 0 : (tree->height) )\r | |
5623 | +\r | |
5624 | +#define INIT_CAP_TABLE(table) \\r | |
5625 | +table[0].capname = "CAP_CHOWN";\\r | |
5626 | +table[0].capval = CAP_CHOWN; \\r | |
5627 | +table[1].capname = "CAP_DAC_OVERRIDE"; \\r | |
5628 | +table[1].capval = CAP_DAC_OVERRIDE; \\r | |
5629 | +table[2].capname = "CAP_DAC_READ_SEARCH"; \\r | |
5630 | +table[2].capval = CAP_DAC_READ_SEARCH; \\r | |
5631 | +table[3].capname = "CAP_FOWNER"; \\r | |
5632 | +table[3].capval = CAP_FOWNER; \\r | |
5633 | +table[4].capname = "CAP_FSETID"; \\r | |
5634 | +table[4].capval = CAP_FSETID; \\r | |
5635 | +table[5].capname = "CAP_FS_MASK"; \\r | |
5636 | +table[5].capval = CAP_FS_MASK; \\r | |
5637 | +table[6].capname = "CAP_KILL"; \\r | |
5638 | +table[6].capval = CAP_KILL; \\r | |
5639 | +table[7].capname = "CAP_SETGID"; \\r | |
5640 | +table[7].capval = CAP_SETGID; \\r | |
5641 | +table[8].capname = "CAP_SETUID"; \\r | |
5642 | +table[8].capval = CAP_SETUID; \\r | |
5643 | +table[9].capname = "CAP_SETPCAP"; \\r | |
5644 | +table[9].capval = CAP_SETPCAP; \\r | |
5645 | +table[10].capname = "CAP_LINUX_IMMUTABLE"; \\r | |
5646 | +table[10].capval = CAP_LINUX_IMMUTABLE; \\r | |
5647 | +table[11].capname = "CAP_NET_BIND_SERVICE"; \\r | |
5648 | +table[11].capval = CAP_NET_BIND_SERVICE; \\r | |
5649 | +table[12].capname = "CAP_NET_BROADCAST"; \\r | |
5650 | +table[12].capval = CAP_NET_BROADCAST;\\r | |
5651 | +table[13].capname = "CAP_NET_ADMIN"; \\r | |
5652 | +table[13].capval = CAP_NET_ADMIN; \\r | |
5653 | +table[14].capname = "CAP_NET_RAW"; \\r | |
5654 | +table[14].capval = CAP_NET_RAW; \\r | |
5655 | +table[15].capname = "CAP_IPC_LOCK"; \\r | |
5656 | +table[15].capval = CAP_IPC_LOCK; \\r | |
5657 | +table[16].capname = "CAP_IPC_OWNER"; \\r | |
5658 | +table[16].capval = CAP_IPC_OWNER; \\r | |
5659 | +table[17].capname = "CAP_SYS_MODULE"; \\r | |
5660 | +table[17].capval = CAP_SYS_MODULE; \\r | |
5661 | +table[18].capname = "CAP_SYS_RAWIO"; \\r | |
5662 | +table[18].capval = CAP_SYS_RAWIO; \\r | |
5663 | +table[19].capname = "CAP_SYS_CHROOT"; \\r | |
5664 | +table[19].capval = CAP_SYS_CHROOT; \\r | |
5665 | +table[20].capname = "CAP_SYS_PTRACE"; \\r | |
5666 | +table[20].capval = CAP_SYS_PTRACE; \\r | |
5667 | +table[21].capname = "CAP_SYS_PACCT"; \\r | |
5668 | +table[21].capval = CAP_SYS_PACCT; \\r | |
5669 | +table[22].capname = "CAP_SYS_ADMIN"; \\r | |
5670 | +table[22].capval = CAP_SYS_ADMIN; \\r | |
5671 | +table[23].capname = "CAP_SYS_BOOT"; \\r | |
5672 | +table[23].capval = CAP_SYS_BOOT; \\r | |
5673 | +table[24].capname = "CAP_SYS_NICE"; \\r | |
5674 | +table[24].capval = CAP_SYS_NICE; \\r | |
5675 | +table[25].capname = "CAP_SYS_RESOURCE"; \\r | |
5676 | +table[25].capval = CAP_SYS_RESOURCE; \\r | |
5677 | +table[26].capname = "CAP_SYS_TIME"; \\r | |
5678 | +table[26].capval = CAP_SYS_TIME; \\r | |
5679 | +table[27].capname = "CAP_SYS_TTY_CONFIG"; \\r | |
5680 | +table[27].capval = CAP_SYS_TTY_CONFIG; \\r | |
5681 | +table[28].capname = "CAP_MKNOD"; \\r | |
5682 | +table[28].capval = CAP_MKNOD; \\r | |
5683 | +table[29].capname = "CAP_LEASE"; \\r | |
5684 | +table[29].capval = CAP_LEASE;\r | |
5685 | +\r | |
5686 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r | |
5687 | + * Global variables\r | |
5688 | + * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * */\r | |
5689 | +\r | |
5690 | +int _enable_oblivion_load = 0;\r | |
5691 | +int obv_disable = 0; /* handles boot time disabling of oblivion*/\r | |
5692 | +static struct obv_proc_db procdb;\r | |
5693 | +static struct obv_file_db filedb;\r | |
5694 | +/* Main variables for holding the rulesets*/\r | |
5695 | +static spinlock_t obv_lock = SPIN_LOCK_UNLOCKED;\r | |
5696 | +__u8 obv_status = (OBV_1ST | OBV_DISABLED);\r | |
5697 | +struct obv_pw obv_pwent;\r | |
5698 | +struct obv_cap_list *caplist; \r | |
5699 | +struct obv_acl obv_god_mode = { 0,0,0,~0,obv_empty_tree};\r | |
5700 | +/* iddqd style god mode;) Full caps/access rights*/\r | |
5701 | +extern kdev_t ROOT_DEV;\r | |
5702 | +struct obv_acl obv_auth = { 0,0,(__u8)OBV_PROC_AUTH,CAP_INIT_EFF_SET,obv_empty_tree };\r | |
5703 | +/* acl for authentication mode */\r | |
5704 | +\r | |
5705 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r | |
5706 | + * Sorting Routines\r | |
5707 | + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\r | |
5708 | +\r | |
5709 | +\r | |
5710 | +\r | |
5711 | +static __inline__ int obv_procacl_less(const struct obv_temp *a, const struct obv_proc_acl *b) \r | |
5712 | +{\r | |
5713 | + return ( (a->file_inode < b->file_inode) || ( (a->file_inode == b->file_inode) && (a->file_dev < b->file_dev) ) ) ? 1 : 0;\r | |
5714 | +}\r | |
5715 | +\r | |
5716 | +#define obv_proc_acl_less(a,b) obv_procacl_less(a,b)\r | |
5717 | +\r | |
5718 | +static __inline__ int obv_procacl_eq(const struct obv_temp *a, const struct obv_proc_acl *b)\r | |
5719 | +{\r | |
5720 | + return ( (a->file_inode == b->file_inode) && (a->file_dev == b->file_dev) ) ? 1:0;\r | |
5721 | +}\r | |
5722 | +\r | |
5723 | +\r | |
5724 | +static __inline__ int obv_acl_eq(const struct obv_acl *a, const struct obv_acl *b) \r | |
5725 | +{\r | |
5726 | + return ( (a->file_inode == b->file_inode) && (a->file_dev == b->file_dev)) ? 1 : 0;\r | |
5727 | +}\r | |
5728 | +\r | |
5729 | +extern void obv_qsort(void *const pbase,size_t total_elems,size_t size,int (*cmp) (const void *, const void *));\r | |
5730 | +\r | |
5731 | +/* see obvqsort.c for above. Slightly adapted from gnu libc's qsort*/\r | |
5732 | +\r | |
5733 | +static __inline__ int obv_file_acl_cmp(const void *va, const void *vb) \r | |
5734 | +{\r | |
5735 | + struct obv_file_acl *a = (struct obv_file_acl *) va;\r | |
5736 | + struct obv_file_acl *b = (struct obv_file_acl *) vb;\r | |
5737 | + if (a->file_inode < b->file_inode) \r | |
5738 | + return -1;\r | |
5739 | + else if(a->file_inode == b->file_inode) {\r | |
5740 | + if(a->file_dev < b->file_dev) \r | |
5741 | + return -1;\r | |
5742 | + else if(a->file_dev == b->file_dev)\r | |
5743 | + return 0;\r | |
5744 | + }\r | |
5745 | + return 1;\r | |
5746 | +}\r | |
5747 | +\r | |
5748 | +static __inline__ int obv_fileacl_less(const struct obv_file_acl *f1, const struct obv_temp *f2) {\r | |
5749 | + return ( ((f1->file_inode < f2->file_inode)) || (f1->file_inode == f2->file_inode && f1->file_dev < f2->file_dev) ) ? 1 : 0;\r | |
5750 | +}\r | |
5751 | +\r | |
5752 | +static __inline__ int obv_fileacl_eq(const struct obv_file_acl *f1, const struct obv_temp *f2) {\r | |
5753 | + return ( (f1->file_inode == f2->file_inode) && (f1->file_dev == f2->file_dev)) ? 1 : 0;\r | |
5754 | +}\r | |
5755 | +static __inline__ int obv_acl_cmp(const void *va, const void *vb) \r | |
5756 | +{\r | |
5757 | + struct obv_acl *a = (struct obv_acl *) va;\r | |
5758 | + struct obv_acl *b = (struct obv_acl *) vb;\r | |
5759 | + if (a->file_inode < b->file_inode) \r | |
5760 | + return -1;\r | |
5761 | +\r | |
5762 | + else if(a->file_inode == b->file_inode) {\r | |
5763 | + if(a->file_dev < b->file_dev) \r | |
5764 | + return -1;\r | |
5765 | + else if(a->file_dev == b->file_dev) \r | |
5766 | + return 0;\r | |
5767 | + }\r | |
5768 | + return 1;\r | |
5769 | +}\r | |
5770 | +#define obv_acl_less(a,b) (((obv_acl_cmp((const void *)a,(const void *)b)) < 0))\r | |
5771 | +\r | |
5772 | +static struct obv_proc_acl * obv_rotl(struct obv_proc_acl *tree) \r | |
5773 | +{\r | |
5774 | + struct obv_proc_acl *tmp = tree->right;\r | |
5775 | + tree->right = tmp->left;\r | |
5776 | + tmp->left = tree;\r | |
5777 | + if(obv_heightof(tree->left) >= obv_heightof(tree->right))\r | |
5778 | + tree->height = obv_heightof(tree->left) +1;\r | |
5779 | + else\r | |
5780 | + tree->height = obv_heightof(tree->right) + 1;\r | |
5781 | + if(obv_heightof(tmp->left) >= obv_heightof(tmp->right))\r | |
5782 | + tmp->height = obv_heightof(tmp->left) + 1;\r | |
5783 | + else\r | |
5784 | + tmp->height = obv_heightof(tmp->right) + 1;\r | |
5785 | + return tmp;\r | |
5786 | +}\r | |
5787 | +\r | |
5788 | +static struct obv_proc_acl * obv_rotr(struct obv_proc_acl *tree)\r | |
5789 | +{\r | |
5790 | + struct obv_proc_acl *tmp = tree->left;\r | |
5791 | + tree->left = tmp->right;\r | |
5792 | + tmp->right = tree;\r | |
5793 | + if(obv_heightof(tree->left) >= obv_heightof(tree->right))\r | |
5794 | + tree->height=obv_heightof(tree->left) + 1;\r | |
5795 | + else\r | |
5796 | + tree->height = obv_heightof(tree->right) + 1;\r | |
5797 | + if(obv_heightof(tmp->left) >= obv_heightof(tmp->right))\r | |
5798 | + tmp->height = obv_heightof(tmp->left) + 1;\r | |
5799 | + else\r | |
5800 | + tmp->height = obv_heightof(tmp->right) + 1; \r | |
5801 | + return tmp;\r | |
5802 | +}\r | |
5803 | +\r | |
5804 | +static struct obv_proc_acl * obv_drlr(struct obv_proc_acl *tree) {\r | |
5805 | + tree->right = obv_rotr(tree->right);\r | |
5806 | + return obv_rotl(tree);\r | |
5807 | +}\r | |
5808 | +\r | |
5809 | +static struct obv_proc_acl * obv_dlrr(struct obv_proc_acl *tree) {\r | |
5810 | + tree->left = obv_rotl(tree->left);\r | |
5811 | + return obv_rotr(tree);\r | |
5812 | +}\r | |
5813 | +\r | |
5814 | +\r | |
5815 | +static void obv_sort(void) \r | |
5816 | +{\r | |
5817 | + obv_qsort((void *)procdb.db,procdb.max_ref,sizeof(struct obv_acl),obv_acl_cmp);\r | |
5818 | + obv_qsort((void *)filedb.db,filedb.max_ref,sizeof(struct obv_file_acl),obv_file_acl_cmp);\r | |
5819 | +}\r | |
5820 | +\r | |
5821 | +#ifdef CONFIG_OBV_SUPERDEBUG\r | |
5822 | +static void obv_list_file_acls(void)\r | |
5823 | +{\r | |
5824 | + int i;\r | |
5825 | + for(i=0;i<filedb.max_ref;i++) {\r | |
5826 | + obv_seclog("File ACL pos %d has inode %ld dev %d mode %x",\r | |
5827 | + i,filedb.db[i].file_inode,filedb.db[i].file_dev,\r | |
5828 | + filedb.db[i].mode);\r | |
5829 | + }\r | |
5830 | +}\r | |
5831 | +\r | |
5832 | +static void obv_traverse(struct obv_proc_acl *head) \r | |
5833 | +{\r | |
5834 | + if(!head) {\r | |
5835 | + obv_seclog("null tree");\r | |
5836 | + return;\r | |
5837 | + }\r | |
5838 | + obv_seclog("Tree: %ld %d %x",head->file_inode,head->file_dev,\r | |
5839 | + head->mode);\r | |
5840 | + if(head->left != obv_empty_tree) {\r | |
5841 | + obv_seclog("Doing left proc acl");\r | |
5842 | + obv_traverse(head->left);\r | |
5843 | + }\r | |
5844 | + if(head->right != obv_empty_tree) {\r | |
5845 | + obv_seclog("Doing right proc acl");\r | |
5846 | + obv_traverse(head->right);\r | |
5847 | + }\r | |
5848 | +}\r | |
5849 | +\r | |
5850 | +static void obv_list_proc_acls(void) \r | |
5851 | +{\r | |
5852 | + int i;\r | |
5853 | + for(i=0;i<procdb.max_ref;i++) {\r | |
5854 | + obv_seclog("ACL pos %d has inode %ld dev %d",i,\r | |
5855 | + procdb.db[i].file_inode,procdb.db[i].file_dev);\r | |
5856 | + obv_seclog("ACL tree is..");\r | |
5857 | + obv_traverse(procdb.db[i].tree);\r | |
5858 | + }\r | |
5859 | +}\r | |
5860 | +#endif\r | |
5861 | +\r | |
5862 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * *\r | |
5863 | + * Config file management\r | |
5864 | + * Yikes! If anyone has cleanup ideas I'd love to hear em\r | |
5865 | + * * * * * * * * * * * * * * * * * * * * * * * * * * */\r | |
5866 | +\r | |
5867 | +\r | |
5868 | +\r | |
5869 | +\r | |
5870 | +static int obv_add_pw_conf(void)\r | |
5871 | +{\r | |
5872 | + struct file *filp;\r | |
5873 | + int retval;\r | |
5874 | + mm_segment_t old_fs = get_fs();\r | |
5875 | + filp = filp_open(CONFIG_OBV_PW_CONF, O_RDONLY, O_RDONLY);\r | |
5876 | + if( ( IS_ERR(filp) ) || (filp == NULL) || (!(filp->f_op->read)) ) {\r | |
5877 | + obv_seclog("Could not open config file %.1024s",\r | |
5878 | + CONFIG_OBV_PW_CONF);\r | |
5879 | + return 1;\r | |
5880 | + }\r | |
5881 | + filp->f_pos = 0;\r | |
5882 | + set_fs(KERNEL_DS);\r | |
5883 | + retval = filp->f_op->read(filp,obv_pwent.sum,sizeof(obv_pwent.sum)/sizeof(obv_pwent.sum[0]),&filp->f_pos);\r | |
5884 | + set_fs(old_fs);\r | |
5885 | + if(retval != sizeof(obv_pwent.sum)/sizeof(obv_pwent.sum[0])) {\r | |
5886 | + obv_seclog("Invalid pw entry detected, got %d wanted %d",\r | |
5887 | + retval,sizeof(obv_pwent.sum));\r | |
5888 | + retval = 1;\r | |
5889 | + } else retval = 0;\r | |
5890 | + filp_close(filp,NULL);\r | |
5891 | + return retval;\r | |
5892 | +}\r | |
5893 | +\r | |
5894 | +\r | |
5895 | +\r | |
5896 | +\r | |
5897 | +static int obv_add_file_acl(char *line) \r | |
5898 | +{\r | |
5899 | + char *p, *q;\r | |
5900 | + struct nameidata filedata;\r | |
5901 | + int working = 1;\r | |
5902 | + struct obv_file_acl *curr;\r | |
5903 | +\r | |
5904 | + if( (p = memscan(line,'/',strlen(line))) == line + strlen(line) ) {\r | |
5905 | + // obv_seclog("Line %.1024s seems wrong",line);\r | |
5906 | + return 0;\r | |
5907 | + }\r | |
5908 | + else curr = &(filedb.db[filedb.max_ref]);\r | |
5909 | +\r | |
5910 | + if( (q = memscan(p,' ',strlen(p))) == p + strlen(p))\r | |
5911 | + return 0;\r | |
5912 | + *q++ = '\0';\r | |
5913 | + if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&filedata)) \r | |
5914 | + if(path_walk(p,&filedata)) {\r | |
5915 | + obv_seclog("Unable to locate file %.1024s",p);\r | |
5916 | + //goto out;\r | |
5917 | + return 0;\r | |
5918 | + }\r | |
5919 | + if( !(filedata.dentry) || IS_ERR(filedata.dentry) ) {\r | |
5920 | + obv_seclog("Error adding file acl for file %.1024s",p);\r | |
5921 | + // goto out;\r | |
5922 | + return 0;\r | |
5923 | + }\r | |
5924 | + curr->file_inode = filedata.dentry->d_inode->i_ino;\r | |
5925 | + curr->file_dev = filedata.dentry->d_inode->i_dev;\r | |
5926 | + curr->mode = 0;\r | |
5927 | +\r | |
5928 | + while(*q == ' ') q++;\r | |
5929 | + while(working) { \r | |
5930 | + switch(*q) {\r | |
5931 | + case 'r' :\r | |
5932 | + curr->mode |= OBV_FILE_READ;\r | |
5933 | + q++;\r | |
5934 | + break;\r | |
5935 | + case 'h' :\r | |
5936 | + curr->mode |= OBV_FILE_HIDDEN;\r | |
5937 | + q++;\r | |
5938 | + break;\r | |
5939 | + case 'a' :\r | |
5940 | + curr->mode |= OBV_FILE_APPEND;\r | |
5941 | + q++;\r | |
5942 | + break;\r | |
5943 | + case 'w' :\r | |
5944 | + curr->mode |= OBV_FILE_WRITE;\r | |
5945 | + q++;\r | |
5946 | + break;\r | |
5947 | + case 'x':\r | |
5948 | + curr->mode |= OBV_FILE_EXEC;\r | |
5949 | + q++;\r | |
5950 | + break;\r | |
5951 | + /* Note: 's' and 'a' only come into play when something is executed*/\r | |
5952 | + case 's' :\r | |
5953 | + filedb.db[filedb.max_ref].mode |= OBV_FILE_REQSUM;\r | |
5954 | + q++;\r | |
5955 | + break;\r | |
5956 | + case 'u' :\r | |
5957 | + filedb.db[filedb.max_ref].mode |= OBV_FILE_AUTH;\r | |
5958 | + q++;\r | |
5959 | + break;\r | |
5960 | + default: /* if anything else, the '\0' at the end of the line will hit here and cause us to terminate, so it won't go on indefinately and start accessing memory it shouldn't*/\r | |
5961 | + working = 0;\r | |
5962 | + break;\r | |
5963 | + }\r | |
5964 | + }\r | |
5965 | +#ifdef CONFIG_OBV_DEBUG\r | |
5966 | + obv_seclog("Added File ACL for inode %ld dev %d with mode %x and max_ref %d",\r | |
5967 | + curr->file_inode,curr->file_dev,curr->mode,filedb.max_ref);\r | |
5968 | +#endif\r | |
5969 | + filedb.max_ref++;\r | |
5970 | + path_release(&filedata); \r | |
5971 | + return 0;\r | |
5972 | +}\r | |
5973 | +\r | |
5974 | +\r | |
5975 | +static __inline__ struct obv_proc_acl * obv_set(struct obv_temp *data, struct obv_proc_acl *left, struct obv_proc_acl *right,__u16 height) \r | |
5976 | +{\r | |
5977 | + struct obv_proc_acl *dest = kmalloc(sizeof(struct obv_proc_acl),GFP_KERNEL);\r | |
5978 | + if(dest == NULL) {\r | |
5979 | + obv_seclog("Memory allocation failure, Oblivion panicing");\r | |
5980 | + return procdb.db[procdb.max_ref].tree;\r | |
5981 | + }\r | |
5982 | + dest->file_inode = data->file_inode;\r | |
5983 | + dest->file_dev = data->file_dev;\r | |
5984 | + dest->mode = data->mode;\r | |
5985 | + dest->left = left; dest->right = right;\r | |
5986 | + dest->height = height;\r | |
5987 | + return dest;\r | |
5988 | +}\r | |
5989 | +\r | |
5990 | +\r | |
5991 | +static struct obv_proc_acl * obv_tree_ins(struct obv_proc_acl *tree, struct obv_temp *entry) \r | |
5992 | +{\r | |
5993 | + if(tree == obv_empty_tree) {\r | |
5994 | + tree = obv_set(entry,obv_empty_tree,obv_empty_tree,0);\r | |
5995 | + return tree;\r | |
5996 | + }\r | |
5997 | + else if(obv_procacl_less(entry,tree)) {\r | |
5998 | + tree->left = obv_tree_ins(tree->left,entry);\r | |
5999 | + if(obv_heightof(tree->left) > obv_heightof(tree->right) + 1) {\r | |
6000 | + if(obv_procacl_less(entry,tree->left)) \r | |
6001 | + tree = obv_rotr(tree);\r | |
6002 | + else\r | |
6003 | + tree = obv_dlrr(tree);\r | |
6004 | + }\r | |
6005 | + }\r | |
6006 | + else /* assuming no duplicate entries*/ {\r | |
6007 | + tree->right = obv_tree_ins(tree->right,entry);\r | |
6008 | + if(obv_heightof(tree->right) > obv_heightof(tree->left) + 1) {\r | |
6009 | + if(obv_procacl_less(entry,tree->right)) \r | |
6010 | + tree = obv_drlr(tree);\r | |
6011 | + else\r | |
6012 | + tree = obv_rotl(tree);\r | |
6013 | + }\r | |
6014 | + }\r | |
6015 | + if(obv_heightof(tree->left) >= obv_heightof(tree->right))\r | |
6016 | + tree->height = obv_heightof(tree->left) + 1;\r | |
6017 | + else\r | |
6018 | + tree->height = obv_heightof(tree->right) + 1;\r | |
6019 | + return tree;\r | |
6020 | +}\r | |
6021 | +\r | |
6022 | +static kernel_cap_t obv_cap_conv(char *p)\r | |
6023 | +{\r | |
6024 | + kernel_cap_t cap;\r | |
6025 | + int i;\r | |
6026 | + char *q;\r | |
6027 | + cap_t(cap) = 0;\r | |
6028 | + if(!p) return cap;\r | |
6029 | + if( (q = memscan(p,'\n',strlen(p))) != p + strlen(p))\r | |
6030 | + *q = '\0';\r | |
6031 | +\r | |
6032 | + while(*p == ' ') p++;\r | |
6033 | + if( (strncmp(p,"CAP",3)) != 0) \r | |
6034 | + goto out;\r | |
6035 | + for(i=0;i<CONFIG_OBV_MAX_CAP;i++) {\r | |
6036 | + if(!(strcmp(p,caplist->table[i].capname))) {\r | |
6037 | + cap_t(cap) = CAP_TO_MASK(caplist->table[i].capval);\r | |
6038 | + return cap;\r | |
6039 | + }\r | |
6040 | + }\r | |
6041 | +out:\r | |
6042 | + return cap;\r | |
6043 | +}\r | |
6044 | +\r | |
6045 | +\r | |
6046 | +static int obv_add_proc_acl(char *line,struct obv_acl *obv) \r | |
6047 | +{\r | |
6048 | + char *p, *q;\r | |
6049 | + struct nameidata nd;\r | |
6050 | + int working = 1;\r | |
6051 | + struct obv_temp curr;\r | |
6052 | + if( (p = memscan(line,'+',strlen(line)) ) != line + strlen(line) ) {\r | |
6053 | + cap_t(obv->file_caps) |= cap_t(obv_cap_conv(++p));\r | |
6054 | + return 0;\r | |
6055 | + }\r | |
6056 | + else if ( (p = memscan(line,'-',strlen(line)) ) != line + strlen(line) ) {\r | |
6057 | + cap_t(obv->file_caps) &= ~cap_t(obv_cap_conv(++p));\r | |
6058 | + return 0;\r | |
6059 | + } \r | |
6060 | +\r | |
6061 | + else {\r | |
6062 | + if( (p = memscan(line,'/',strlen(line))) == line + strlen(line)) {\r | |
6063 | + obv_seclog("Line %.1024s missing a /",line);\r | |
6064 | + return 0;\r | |
6065 | + }\r | |
6066 | + if ( (q = memscan(p,' ',strlen(p))) == p + strlen(p)) {\r | |
6067 | + obv_seclog("Missing a space in obv proc acl entry, line %.1024s",line);\r | |
6068 | + return 0;\r | |
6069 | + }\r | |
6070 | + *q++ = '\0';\r | |
6071 | + if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&nd))\r | |
6072 | + if(path_walk(p,&nd)) {\r | |
6073 | + obv_seclog("Unable to locate file %.1024s",p);\r | |
6074 | + return 0;\r | |
6075 | + }\r | |
6076 | + if( (!nd.dentry) || (IS_ERR(nd.dentry)) || (!(nd.dentry->d_inode)) ) {\r | |
6077 | + if(nd.dentry)\r | |
6078 | + path_release(&nd);\r | |
6079 | + obv_seclog("Unable to locate file %.1024s",p);\r | |
6080 | + return 0;\r | |
6081 | + }\r | |
6082 | + curr.file_inode = nd.dentry->d_inode->i_ino;\r | |
6083 | + curr.file_dev = nd.dentry->d_inode->i_dev;\r | |
6084 | + curr.mode = 0;\r | |
6085 | +\r | |
6086 | + while(*q == ' ') q++;\r | |
6087 | + while(working) {\r | |
6088 | + switch(*q) {\r | |
6089 | + case 'r' :\r | |
6090 | + curr.mode |= OBV_PROC_READ;\r | |
6091 | + q++;\r | |
6092 | + break;\r | |
6093 | + case 'w' :\r | |
6094 | + curr.mode |= OBV_PROC_WRITE;\r | |
6095 | + q++;\r | |
6096 | + break;\r | |
6097 | + case 'x' :\r | |
6098 | + curr.mode |= OBV_PROC_EXEC;\r | |
6099 | + q++;\r | |
6100 | + break;\r | |
6101 | + case 'a' :\r | |
6102 | + curr.mode |= OBV_PROC_APPEND;\r | |
6103 | + q++;\r | |
6104 | + break;\r | |
6105 | + case 'f':\r | |
6106 | + curr.mode |= OBV_PROC_ACCESS;\r | |
6107 | + q++;\r | |
6108 | + break;\r | |
6109 | + case 'o':\r | |
6110 | + curr.mode |= OBV_PROC_OVERRIDE;\r | |
6111 | + q++;\r | |
6112 | + break;\r | |
6113 | + case 'u' :\r | |
6114 | + curr.mode |= OBV_PROC_AUTH;\r | |
6115 | + q++;\r | |
6116 | + break;\r | |
6117 | + case 'R' :\r | |
6118 | + curr.mode |= OBV_PROC_AUTH_IF_ROOT;\r | |
6119 | + q++;\r | |
6120 | + break;\r | |
6121 | + case 'i' :\r | |
6122 | + curr.mode |= OBV_PROC_INHERIT;\r | |
6123 | + q++;\r | |
6124 | + break;\r | |
6125 | + case 's' :\r | |
6126 | + curr.mode |= OBV_PROC_REQSUM;\r | |
6127 | + q++;\r | |
6128 | + break;\r | |
6129 | + default: \r | |
6130 | + working = 0;\r | |
6131 | + break;\r | |
6132 | + }\r | |
6133 | + }\r | |
6134 | +#ifdef CONFIG_OBV_DEBUG\r | |
6135 | + obv_seclog("About to insert %ld %d %.1024s mode %x",\r | |
6136 | + curr.file_inode,curr.file_dev,line,curr.mode);\r | |
6137 | +#endif\r | |
6138 | + obv->tree = obv_tree_ins(obv->tree,&curr);\r | |
6139 | + path_release(&nd);\r | |
6140 | + return 0;\r | |
6141 | + }\r | |
6142 | + return 1; /* we should never make it here*/\r | |
6143 | +}\r | |
6144 | +\r | |
6145 | +static int obv_add_pw(char *pw)\r | |
6146 | +{\r | |
6147 | + struct SHA1_CTX context;\r | |
6148 | + SHA1Init(&context);\r | |
6149 | + SHA1Update(&context,pw,strlen(pw));\r | |
6150 | + SHA1Final(obv_pwent.sum,&context);\r | |
6151 | + return 0;\r | |
6152 | +}\r | |
6153 | +\r | |
6154 | +static int obv_add_line(char *line, int type) \r | |
6155 | +{\r | |
6156 | + static int mode = 0;\r | |
6157 | + char *p,*q;\r | |
6158 | + struct dentry *file;\r | |
6159 | + struct nameidata filed;\r | |
6160 | + static struct obv_acl *curr;\r | |
6161 | + int working;\r | |
6162 | + /* mode = 0 : we are ready for a new program acl\r | |
6163 | + * mode = 1 : we are in the middle of reading a program acl*/\r | |
6164 | + switch(type) {\r | |
6165 | + case 2 : return obv_add_pw(line);\r | |
6166 | + case 1 : return obv_add_file_acl(line);\r | |
6167 | + case 0 : break; /* handled below*/\r | |
6168 | + default: obv_seclog("Unknown type %d passed",type);\r | |
6169 | + return 1;\r | |
6170 | + break;\r | |
6171 | + }\r | |
6172 | +\r | |
6173 | + if(!mode) {\r | |
6174 | + if(procdb.max_ref >= CONFIG_OBV_MAX_RULESET) return 1;\r | |
6175 | + if( (p = memscan (line,'/',strlen(line))) == (line+strlen(line)) ) {\r | |
6176 | + obv_seclog("Could not find a '/' in line %.1024s",line);\r | |
6177 | + return 0;\r | |
6178 | + }\r | |
6179 | + else curr = &(procdb.db[procdb.max_ref]);\r | |
6180 | +\r | |
6181 | +\r | |
6182 | + if( (q = memscan(p,' ',strlen(p)) ) != p + strlen(p) )\r | |
6183 | + *q++= '\0';\r | |
6184 | +\r | |
6185 | + if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&filed) ) \r | |
6186 | + if(path_walk(p,&filed)) {\r | |
6187 | + obv_seclog("Add file error for file %.1024s",p);\r | |
6188 | + return 1;\r | |
6189 | + }\r | |
6190 | + file = filed.dentry;\r | |
6191 | + if (IS_ERR(file) || !file || !(file->d_inode)) {\r | |
6192 | + if(file)\r | |
6193 | + path_release(&filed);\r | |
6194 | + obv_seclog("Could not lookup file on line %.1024s",line);\r | |
6195 | + return 1;\r | |
6196 | + }\r | |
6197 | + curr->file_inode = file->d_inode->i_ino;\r | |
6198 | + curr->file_dev = file->d_inode->i_dev;\r | |
6199 | + while(*q == ' ') q++;\r | |
6200 | + curr->mode = 0;\r | |
6201 | + working = 1;\r | |
6202 | + while(working) {\r | |
6203 | + switch(*q) {\r | |
6204 | + case 'p':\r | |
6205 | + curr->mode |= OBV_PROC_PROTECTED;\r | |
6206 | + q++;\r | |
6207 | + break;\r | |
6208 | + case 'h':\r | |
6209 | + curr->mode |= OBV_PROC_HIDDEN;\r | |
6210 | + q++;\r | |
6211 | + break;\r | |
6212 | + default:\r | |
6213 | + working = 0;\r | |
6214 | + }\r | |
6215 | + }\r | |
6216 | + curr->file_caps = cap_bset;\r | |
6217 | + mode = 1;\r | |
6218 | +#ifdef CONFIG_OBV_DEBUG\r | |
6219 | + obv_seclog("Added program (full entry) with inode %ld dev %d mode %x line %.1024s",\r | |
6220 | + curr->file_inode,curr->file_dev,curr->mode,line); \r | |
6221 | +#endif\r | |
6222 | + path_release(&filed);\r | |
6223 | + curr->tree = obv_empty_tree;\r | |
6224 | + return 0;\r | |
6225 | + }\r | |
6226 | + else if( (p=memscan(line,'}',strlen(line))) != (line + strlen(line)) ) {\r | |
6227 | + procdb.max_ref++;\r | |
6228 | + mode = 0;\r | |
6229 | + return 0;\r | |
6230 | + } else {\r | |
6231 | + return obv_add_proc_acl(line,curr);\r | |
6232 | + }\r | |
6233 | +}\r | |
6234 | +\r | |
6235 | +static int obv_init_variables(void) \r | |
6236 | +{\r | |
6237 | + caplist = kmalloc(sizeof(struct obv_cap_list),GFP_KERNEL);\r | |
6238 | + if(caplist) {\r | |
6239 | + INIT_CAP_TABLE(caplist->table)\r | |
6240 | + }\r | |
6241 | +\r | |
6242 | + procdb.db = kmalloc(sizeof(struct obv_acl) * CONFIG_OBV_MAX_RULESET,GFP_KERNEL);\r | |
6243 | + filedb.db = kmalloc(sizeof(struct obv_file_acl) * CONFIG_OBV_MAX_RULESET,GFP_KERNEL);\r | |
6244 | + procdb.max_ref = filedb.max_ref = 0;\r | |
6245 | +\r | |
6246 | + if( (obv_add_proc_acl(CONFIG_OBVADM_ACL,&obv_auth)) )\r | |
6247 | + return 1;\r | |
6248 | + else if( (obv_add_proc_acl(CONFIG_GODMODE_ACL,&obv_god_mode)) )\r | |
6249 | + return 1;\r | |
6250 | + else if( (obv_add_proc_acl("/etc r",&obv_auth)) )\r | |
6251 | + return 1;\r | |
6252 | + else if( (obv_add_proc_acl("/lib r",&obv_auth)) )\r | |
6253 | + return 1;\r | |
6254 | +\r | |
6255 | + return procdb.db && filedb.db && caplist ? 0 : 1;\r | |
6256 | +}\r | |
6257 | +\r | |
6258 | +\r | |
6259 | +static int obv_conf_parse(const char *conffile,const int type)\r | |
6260 | +{\r | |
6261 | + /* Purpose: open and read from oblivion config file */\r | |
6262 | + struct file *filp;\r | |
6263 | + int bytes_read = 0, end = 0, obv_fatal = 0;\r | |
6264 | + char buffer[1024];\r | |
6265 | + char *filepos = NULL,*memscanp = NULL;\r | |
6266 | + mm_segment_t old_fs = get_fs();\r | |
6267 | + filepos = buffer;\r | |
6268 | + filp = filp_open(conffile, O_RDONLY, O_RDONLY);\r | |
6269 | + if( ( IS_ERR(filp) ) || (filp == NULL) ) {\r | |
6270 | + obv_seclog("Could not open config file %.1024s",conffile);\r | |
6271 | +\r | |
6272 | + obv_fatal = 1;\r | |
6273 | + return obv_fatal;\r | |
6274 | + } else if ( filp->f_op->read == NULL ) {\r | |
6275 | + fput(filp);\r | |
6276 | + obv_fatal = 2;\r | |
6277 | + return obv_fatal;\r | |
6278 | + }\r | |
6279 | + filp->f_pos = 0;\r | |
6280 | + /* end error checking, now for the real work */\r | |
6281 | + while ( ! end ) {\r | |
6282 | + filepos = buffer;\r | |
6283 | + /* if current task isn't from the kernel, we'll\r | |
6284 | + have a current->addr_limit.seg that isn't 0xFFFFFFFF\r | |
6285 | +\r | |
6286 | + and we can't have that */\r | |
6287 | + set_fs(KERNEL_DS);\r | |
6288 | + bytes_read = filp->f_op->read (filp,buffer,(sizeof(buffer)/sizeof(buffer[0])),&filp->f_pos);\r | |
6289 | + filp->f_pos -= bytes_read;\r | |
6290 | + set_fs(old_fs);\r | |
6291 | + if(bytes_read < (sizeof(buffer)/sizeof(buffer[0])) ) {\r | |
6292 | + end = 1;\r | |
6293 | + filepos[bytes_read++] = '\n'; /* make sure it ends on a '\n' */\r | |
6294 | + } \r | |
6295 | + \r | |
6296 | + while ( bytes_read > 0 && ( memscanp = memscan(filepos,'\n',bytes_read) ) != filepos + bytes_read ) {\r | |
6297 | + *memscanp++ = '\0' ;\r | |
6298 | + filp->f_pos += (int) (memscanp - filepos);\r | |
6299 | + bytes_read -= (int) (memscanp - filepos);\r | |
6300 | + /* necessary for later strlen()'s...*/\r | |
6301 | + if( (*filepos != '#') ) \r | |
6302 | + if(obv_add_line(filepos,type))\r | |
6303 | + return 1;\r | |
6304 | + filepos = memscanp; /* next area to search .. */\r | |
6305 | + }\r | |
6306 | + }\r | |
6307 | + filp_close(filp,NULL);\r | |
6308 | + return obv_fatal;\r | |
6309 | +}\r | |
6310 | +\r | |
6311 | +static int oblivion_init(void) \r | |
6312 | +{\r | |
6313 | + int error = 0;\r | |
6314 | + spin_lock(&obv_lock);\r | |
6315 | + obv_status &= ~OBV_DISABLED;\r | |
6316 | + obv_status |= OBV_LOADING;\r | |
6317 | + if(obv_init_variables() )\r | |
6318 | + error = -1;\r | |
6319 | + else if(obv_add_pw_conf())\r | |
6320 | + error = -2;\r | |
6321 | + else if (obv_conf_parse(CONFIG_OBV_PROCACL_CONF,0))\r | |
6322 | + error = -3;\r | |
6323 | + else if(obv_conf_parse(CONFIG_OBV_FILEACL_CONF,1))\r | |
6324 | + error = -4;\r | |
6325 | + if(!error) {\r | |
6326 | +#ifdef CONFIG_OBV_SUPERDEBUG\r | |
6327 | + obv_list_proc_acls();\r | |
6328 | + obv_list_file_acls();\r | |
6329 | +#endif\r | |
6330 | + obv_sort();\r | |
6331 | + obv_status |= OBV_READY; /* locked, cocked, and ready to rock*/ \r | |
6332 | + }else {\r | |
6333 | + obv_status |= OBV_DISABLED;\r | |
6334 | + obv_seclog("Error loading , trying to run kernel with oblivion disabled. To disable oblivion at startup use <kernel image name> oblivion=off from your boot loader");\r | |
6335 | + }\r | |
6336 | + obv_status &= ~OBV_LOADING;\r | |
6337 | + spin_unlock(&obv_lock);\r | |
6338 | + return error;\r | |
6339 | +}\r | |
6340 | +\r | |
6341 | +/* * * * * * * * * * * * * * * * * * * * * * *\r | |
6342 | + * Begin Misc Section \r | |
6343 | + * * * * * * * * * * * * * * * * * * * * * * */\r | |
6344 | +\r | |
6345 | +/* Searching stuff, program exit cleanup, and sysctl parsing */\r | |
6346 | +\r | |
6347 | +/* Nonrecursive binary sort, idea from libc, implementation is slightly different but the inspirationw as found there=) */\r | |
6348 | +\r | |
6349 | +static __inline__ int do_obv_file_acl_search(struct obv_temp *curr) \r | |
6350 | +{\r | |
6351 | + int high, low; \r | |
6352 | + struct obv_file_acl *pos;\r | |
6353 | + high = filedb.max_ref;\r | |
6354 | + low = 0;\r | |
6355 | + while(low < high) {\r | |
6356 | + pos = &filedb.db[((low+high)/2)];\r | |
6357 | + if(obv_fileacl_less(pos,curr))\r | |
6358 | + low = (( (low + high) / 2) + 1 );\r | |
6359 | + else if(obv_fileacl_eq(pos,curr)) {\r | |
6360 | + if(pos->mode & curr->mode) {\r | |
6361 | +#ifdef CONFIG_OBV_DEBUG\r | |
6362 | + obv_seclog("File ACL allow, req %x allowed %x\n source: %ld %d dest %ld %d",\r | |
6363 | + curr->mode,pos->mode,pos->file_inode,pos->file_dev,curr->file_inode,curr->file_dev);\r | |
6364 | +#endif\r | |
6365 | + return OBV_ALLOW;\r | |
6366 | + }\r | |
6367 | + else {\r | |
6368 | +#ifdef CONFIG_OBV_DEBUG\r | |
6369 | + if(!(curr->mode & OBV_FILE_HIDDEN))\r | |
6370 | + obv_seclog("File ACL deny, req %x allowed %x\n source %ld %d dest %ld %d",\r | |
6371 | + curr->mode,pos->mode,pos->file_inode,pos->file_dev,curr->file_inode,curr->file_dev);\r | |
6372 | +#endif\r | |
6373 | + return OBV_DENY;\r | |
6374 | + }\r | |
6375 | + }\r | |
6376 | + else high = ( (low + high) / 2);\r | |
6377 | + }\r | |
6378 | + return OBV_NOTFOUND;\r | |
6379 | +}\r | |
6380 | +\r | |
6381 | +static __inline__ int do_obv_proc_acl_search(struct obv_acl *proc,struct obv_proc_acl *root,struct obv_temp *curr) \r | |
6382 | +{\r | |
6383 | + /* Nonrecursively search down the Red-Black tree to see if we have an acl for this file*/\r | |
6384 | + struct obv_proc_acl *pos = root;\r | |
6385 | + if(proc == NULL || pos == NULL) /* no entry*/ {\r | |
6386 | + return OBV_DEFAULT;\r | |
6387 | + }\r | |
6388 | + // obv_seclog("Got called...and there's an entry (curr is %ld %d",curr->file_inode,curr->file_dev);\r | |
6389 | + while(pos != obv_empty_tree) {\r | |
6390 | + if(obv_procacl_eq(curr,pos)) {\r | |
6391 | + if(curr->mode & pos->mode) {\r | |
6392 | + __u16 tmp;\r | |
6393 | +#ifdef CONFIG_OBV_DEBUG\r | |
6394 | + obv_seclog("Process %ld %d allowed for file %ld %d tried for mode %x allowed mode %x",\r | |
6395 | + proc->file_inode,proc->file_dev,curr->file_inode,curr->file_dev,curr->mode,pos->mode);\r | |
6396 | +#endif\r | |
6397 | + tmp = pos->mode & OBV_PROC_EXTRA;\r | |
6398 | + curr->mode |= tmp; /* Store any "extra" access rights like \r | |
6399 | + inherit or override*/\r | |
6400 | + return OBV_ALLOW;\r | |
6401 | + } else {\r | |
6402 | +#ifdef CONFIG_OBV_DEBUG\r | |
6403 | + obv_seclog("Process %ld %d denied for file %ld %d tried for mode %x allowed mode %x",\r | |
6404 | + proc->file_inode,proc->file_dev,curr->file_inode,curr->file_dev,curr->mode,pos->mode);\r | |
6405 | +#endif\r | |
6406 | + return OBV_DENY;\r | |
6407 | + }\r | |
6408 | + }\r | |
6409 | + else if(obv_procacl_less(curr,pos)) \r | |
6410 | + pos = pos->left;\r | |
6411 | + else \r | |
6412 | + pos=pos->right;\r | |
6413 | + }\r | |
6414 | +\r | |
6415 | + return OBV_NOTFOUND; \r | |
6416 | +}\r | |
6417 | +\r | |
6418 | +static __inline__ int obv_chk_proc_acls(struct dentry * dentry, struct obv_temp *searchval, struct vfsmount *mnt)\r | |
6419 | +{\r | |
6420 | + struct dentry *curr = dentry;\r | |
6421 | + int retval = OBV_NOTFOUND;\r | |
6422 | + struct nameidata tmp = {NULL, NULL};\r | |
6423 | + struct vfsmount *parent;\r | |
6424 | +\r | |
6425 | +loop : \r | |
6426 | + do {\r | |
6427 | + if(!curr || !curr->d_inode) break;\r | |
6428 | + searchval->file_inode = curr->d_inode->i_ino;\r | |
6429 | + searchval->file_dev = curr->d_inode->i_dev;\r | |
6430 | + retval = do_obv_proc_acl_search(current->obvacl,current->obvacl->tree,searchval); \r | |
6431 | + if(curr->d_inode == curr->d_parent->d_inode) break;\r | |
6432 | + curr = curr->d_parent;\r | |
6433 | + } while( (curr) && (retval == OBV_NOTFOUND) );\r | |
6434 | + if(retval == OBV_NOTFOUND && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV ) {\r | |
6435 | + if(tmp.mnt) {\r | |
6436 | + if(tmp.mnt == tmp.mnt->mnt_parent) goto exit;\r | |
6437 | + }\r | |
6438 | + else if(mnt == mnt->mnt_parent) goto exit;\r | |
6439 | +\r | |
6440 | +\r | |
6441 | + if(!tmp.mnt) {\r | |
6442 | + tmp.mnt = mnt->mnt_parent;\r | |
6443 | + tmp.dentry = dget(mnt->mnt_mountpoint);\r | |
6444 | +\r | |
6445 | + }\r | |
6446 | +\r | |
6447 | + else {\r | |
6448 | + parent = tmp.mnt->mnt_parent;\r | |
6449 | + dput(tmp.dentry);\r | |
6450 | + tmp.dentry = dget(tmp.mnt->mnt_mountpoint);\r | |
6451 | + mntput(tmp.mnt);\r | |
6452 | + tmp.mnt = parent;\r | |
6453 | + }\r | |
6454 | + mntget(tmp.mnt);\r | |
6455 | + curr = tmp.dentry;\r | |
6456 | + goto loop;\r | |
6457 | + }\r | |
6458 | +exit: \r | |
6459 | + if(tmp.mnt) mntput(tmp.mnt);\r | |
6460 | + if(tmp.dentry) dput(tmp.dentry);\r | |
6461 | +\r | |
6462 | +\r | |
6463 | + return retval == OBV_NOTFOUND ? OBV_DENY : retval;\r | |
6464 | + /* if its not in a program's ACL list it should be denied */\r | |
6465 | +\r | |
6466 | +}\r | |
6467 | +\r | |
6468 | +static __inline__ int obv_chk_file_acls(struct dentry * dentry, struct obv_temp *searchval, struct vfsmount *mnt) \r | |
6469 | +{\r | |
6470 | + struct dentry *curr = dentry;\r | |
6471 | + int retval = OBV_NOTFOUND;\r | |
6472 | + struct vfsmount *parent;\r | |
6473 | + struct nameidata tmp = {NULL,NULL};\r | |
6474 | +loop: \r | |
6475 | + do {\r | |
6476 | + if(!curr || !curr->d_inode) break;\r | |
6477 | + searchval->file_inode = curr->d_inode->i_ino;\r | |
6478 | + searchval->file_dev = curr->d_inode->i_dev;\r | |
6479 | + retval = do_obv_file_acl_search(searchval); \r | |
6480 | + if(curr->d_inode == curr->d_parent->d_inode) break;\r | |
6481 | + curr = curr->d_parent;\r | |
6482 | + } while( (curr) && (retval == OBV_NOTFOUND) );\r | |
6483 | +\r | |
6484 | + if(retval == OBV_NOTFOUND && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV ) {\r | |
6485 | + if(tmp.mnt) {\r | |
6486 | + if(tmp.mnt == tmp.mnt->mnt_parent) goto exit;\r | |
6487 | + }\r | |
6488 | + else if(mnt == mnt->mnt_parent) goto exit;\r | |
6489 | + if(!tmp.mnt) {\r | |
6490 | + tmp.mnt = mnt->mnt_parent;\r | |
6491 | + tmp.dentry = dget(mnt->mnt_mountpoint);\r | |
6492 | +\r | |
6493 | + }\r | |
6494 | +\r | |
6495 | + else {\r | |
6496 | + parent = tmp.mnt->mnt_parent;\r | |
6497 | + dput(tmp.dentry);\r | |
6498 | + tmp.dentry = dget(tmp.mnt->mnt_mountpoint);\r | |
6499 | + mntput(tmp.mnt);\r | |
6500 | + tmp.mnt = parent;\r | |
6501 | + }\r | |
6502 | + mntget(tmp.mnt);\r | |
6503 | + curr = tmp.dentry;\r | |
6504 | + goto loop;\r | |
6505 | + }\r | |
6506 | +exit: \r | |
6507 | + if(tmp.mnt) mntput(tmp.mnt);\r | |
6508 | + if(tmp.dentry) dput(tmp.dentry);\r | |
6509 | +\r | |
6510 | +\r | |
6511 | +\r | |
6512 | + return retval;\r | |
6513 | + }\r | |
6514 | +\r | |
6515 | +\r | |
6516 | +int obv_check_hidden(struct dentry *dentry, struct vfsmount *mnt) {\r | |
6517 | + /* This has to be done a little differently than a normal search.\r | |
6518 | + * If a file "allows" hidden access it is hidden, and thus requires \r | |
6519 | + * a process that has hidden file access capabilities to access it.\r | |
6520 | + * If the file acl denies hidden access/has no acl then no proc acl \r | |
6521 | + * check is needed*/\r | |
6522 | + struct obv_temp searchval;\r | |
6523 | + searchval.mode = OBV_HIDDEN;\r | |
6524 | + if(!dentry) return OBV_ALLOW;\r | |
6525 | + if(obv_status & OBV_READY) {\r | |
6526 | + if( (obv_chk_file_acls(dentry,&searchval,mnt)) == OBV_ALLOW) {\r | |
6527 | + if(current->obvacl && current->obvacl->tree)\r | |
6528 | + return obv_chk_proc_acls(dentry,&searchval,mnt);\r | |
6529 | + else return OBV_DENY;\r | |
6530 | + }\r | |
6531 | + }\r | |
6532 | + return OBV_ALLOW;\r | |
6533 | +}\r | |
6534 | +\r | |
6535 | +int obv_check_hidden_proc(struct obv_acl * acl) \r | |
6536 | +{\r | |
6537 | + if((obv_status & OBV_READY) && acl) {\r | |
6538 | + if( acl->mode & OBV_PROC_HIDDEN) \r | |
6539 | + return 1; /* next release adds processes allowed to view hidden ones*/\r | |
6540 | + }\r | |
6541 | + return 0;\r | |
6542 | +}\r | |
6543 | +\r | |
6544 | +int obv_check_protected(struct task_struct *tsk)\r | |
6545 | +{\r | |
6546 | + if(obv_status & OBV_READY)\r | |
6547 | + if(tsk && tsk->obvacl)\r | |
6548 | + if(tsk->obvacl->mode & OBV_PROC_PROTECTED)\r | |
6549 | + return 1;\r | |
6550 | + return 0;\r | |
6551 | +}\r | |
6552 | +\r | |
6553 | +\r | |
6554 | +int obv_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt) \r | |
6555 | +{\r | |
6556 | + int proc_retval = OBV_NOTFOUND, file_retval = OBV_NOTFOUND;\r | |
6557 | + int retval = OBV_DEFAULT;\r | |
6558 | + if(dentry && dentry->d_inode && mnt) {\r | |
6559 | + if(obv_status & OBV_READY) {\r | |
6560 | + struct obv_temp searchval;\r | |
6561 | + searchval.mode = mode;\r | |
6562 | + if(current->obvacl && current->obvacl->tree) {\r | |
6563 | + if( ( proc_retval = obv_chk_proc_acls(dentry,&searchval,mnt) ) == OBV_DENY) {\r | |
6564 | + if( (current->obvacl->mode & OBV_AUTH) && (S_ISCHR(dentry->d_inode->i_mode)))\r | |
6565 | + retval = OBV_NOTFOUND;\r | |
6566 | + /* Okay. This process is under\r | |
6567 | + * authentication mode. Let it\r | |
6568 | + * read/write to the tty (and pass it on\r | |
6569 | + * to the file acls just in case\r | |
6570 | + * Does anyone know how to gain the ino$\r | |
6571 | + * from current->tty? It seems only the\r | |
6572 | + * device num(major/minor) is stored*/\r | |
6573 | +\r | |
6574 | + else {\r | |
6575 | + retval = OBV_DENY;\r | |
6576 | + goto out;\r | |
6577 | + }\r | |
6578 | + }\r | |
6579 | + }\r | |
6580 | +\r | |
6581 | +\r | |
6582 | + if( (proc_retval == OBV_ALLOW) && (searchval.mode & OBV_PROC_OVERRIDE)){\r | |
6583 | + retval = OBV_ALLOW;\r | |
6584 | + goto out;\r | |
6585 | + }\r | |
6586 | +\r | |
6587 | + if( (file_retval = obv_chk_file_acls(dentry,&searchval,mnt)) == OBV_DENY) {\r | |
6588 | + retval = OBV_DENY;\r | |
6589 | + goto out;\r | |
6590 | + }\r | |
6591 | +\r | |
6592 | + if( (proc_retval != file_retval) || (proc_retval == OBV_ALLOW)) {\r | |
6593 | + /* The choice to check for proc_retval being OBV_ALLOW was\r | |
6594 | + * random. If proc_retval and file_retval are equal and\r | |
6595 | + * either one is the value OBV_ALLOW then both are OBV_ALLOW\r | |
6596 | + * */\r | |
6597 | + retval = OBV_ALLOW;\r | |
6598 | + goto out;\r | |
6599 | + }\r | |
6600 | + } else retval = OBV_ALLOW; /* we aren't loaded, must be early in bootup*/\r | |
6601 | + }\r | |
6602 | +out: \r | |
6603 | +\r | |
6604 | +return retval; /* Else both returned OBV_NOTFOUND..must be the default*/\r | |
6605 | +}\r | |
6606 | +\r | |
6607 | +\r | |
6608 | +static __inline__ struct obv_acl * do_obv_find_proc(struct obv_acl *curr) \r | |
6609 | +{\r | |
6610 | + int high,low;\r | |
6611 | + struct obv_acl *pos;\r | |
6612 | + low = 0;\r | |
6613 | + high = procdb.max_ref;\r | |
6614 | + while(low < high) {\r | |
6615 | + pos = &procdb.db[((low+high)/2)];\r | |
6616 | + if(obv_acl_less(pos,curr))\r | |
6617 | + low = ( ( (low + high) / 2) +1 );\r | |
6618 | + else if(obv_acl_eq(pos,curr))\r | |
6619 | + return pos;\r | |
6620 | + else\r | |
6621 | + high = ( (high + low) / 2);\r | |
6622 | + }\r | |
6623 | + return NULL;\r | |
6624 | +}\r | |
6625 | +\r | |
6626 | +static int __inline__ obv_chk_inherit(struct dentry *dentry, struct vfsmount *mnt)\r | |
6627 | +{\r | |
6628 | + struct obv_temp temp;\r | |
6629 | + temp.mode = OBV_PROC_INHERIT;\r | |
6630 | + if( (obv_chk_proc_acls(dentry,&temp,mnt)) == OBV_ALLOW) \r | |
6631 | + return 1;\r | |
6632 | + return 0;\r | |
6633 | +}\r | |
6634 | +\r | |
6635 | +static int __inline__ obv_chk_auth(struct dentry *dentry, struct vfsmount *mnt)\r | |
6636 | +{\r | |
6637 | + struct obv_temp temp;\r | |
6638 | + temp.mode = OBV_PROC_AUTH;\r | |
6639 | + if( (obv_chk_proc_acls(dentry,&temp,mnt)) == OBV_ALLOW)\r | |
6640 | + return 1;\r | |
6641 | + else if(!current->uid || !current->gid || !current->euid || !current->egid || !current->suid || !current->sgid || !current->fsuid || !current->fsgid) \r | |
6642 | + {\r | |
6643 | + temp.mode = OBV_PROC_AUTH_IF_ROOT;\r | |
6644 | + if( (obv_chk_proc_acls(dentry,&temp,mnt)) == OBV_ALLOW)\r | |
6645 | + return 1;\r | |
6646 | + }\r | |
6647 | + \r | |
6648 | + return 0; \r | |
6649 | +}\r | |
6650 | +\r | |
6651 | +static int obv_do_auth(void)\r | |
6652 | +{\r | |
6653 | +#define OBV_AUTH_MSG "Authorize yourself to Oblivion please\n"\r | |
6654 | +\r | |
6655 | + char *p = OBV_AUTH_MSG; \r | |
6656 | + if(!(current->tty) || (!current->tty->driver.write)) return 1;\r | |
6657 | + current->tty->driver.write(current->tty,0,p,strlen(p));\r | |
6658 | + current->obvacl = &obv_auth;\r | |
6659 | + return 0;\r | |
6660 | +}\r | |
6661 | +\r | |
6662 | +static int do_set_proc_acl(struct dentry *dentry, struct vfsmount *mnt, int mode) \r | |
6663 | +{\r | |
6664 | + struct vfsmount *parent;\r | |
6665 | + struct nameidata tmp = {NULL, NULL};\r | |
6666 | + struct obv_acl curracl, *retval = NULL;\r | |
6667 | + struct dentry *curr = dentry;\r | |
6668 | +\r | |
6669 | +\r | |
6670 | + switch(mode) {\r | |
6671 | + case OBV_SET_AUTH:\r | |
6672 | + return obv_chk_auth(dentry,mnt);\r | |
6673 | + break;\r | |
6674 | + case OBV_SET_INHERIT:\r | |
6675 | + return obv_chk_inherit(dentry,mnt);\r | |
6676 | + break;\r | |
6677 | + case OBV_SET_PROC: \r | |
6678 | + break;\r | |
6679 | + default :\r | |
6680 | + obv_seclog("BUG! Received unknown mode %d for set_proc_acl",mode);\r | |
6681 | + return (unsigned long)NULL;\r | |
6682 | + break;\r | |
6683 | + }\r | |
6684 | + /* Okay now we handle OBV_SET_PROC */\r | |
6685 | +loop: \r | |
6686 | + do {\r | |
6687 | +\r | |
6688 | + if(!curr || !curr->d_inode) break;\r | |
6689 | + curracl.file_inode = curr->d_inode->i_ino;\r | |
6690 | + curracl.file_dev = curr->d_inode->i_dev;\r | |
6691 | + retval = do_obv_find_proc(&curracl); \r | |
6692 | + if(curr->d_inode == curr->d_parent->d_inode) break;\r | |
6693 | + curr = curr->d_parent;\r | |
6694 | + } while( (curr) && (!retval) );\r | |
6695 | + if(!retval && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV) {\r | |
6696 | + if(tmp.mnt) {\r | |
6697 | + if(tmp.mnt == tmp.mnt->mnt_parent) \r | |
6698 | + goto exit;\r | |
6699 | + }\r | |
6700 | + else if(mnt == mnt->mnt_parent) \r | |
6701 | + goto exit;\r | |
6702 | +\r | |
6703 | + if(!tmp.mnt) {\r | |
6704 | + tmp.mnt = mnt->mnt_parent;\r | |
6705 | + tmp.dentry = dget(mnt->mnt_mountpoint);\r | |
6706 | +\r | |
6707 | + }\r | |
6708 | +\r | |
6709 | + else {\r | |
6710 | + parent = tmp.mnt->mnt_parent;\r | |
6711 | + dput(tmp.dentry);\r | |
6712 | + tmp.dentry = dget(tmp.mnt->mnt_mountpoint);\r | |
6713 | + mntput(tmp.mnt);\r | |
6714 | + tmp.mnt = parent;\r | |
6715 | + }\r | |
6716 | + mntget(tmp.mnt);\r | |
6717 | + curr = tmp.dentry;\r | |
6718 | + goto loop;\r | |
6719 | + }\r | |
6720 | +exit:\r | |
6721 | + if(tmp.mnt) mntput(tmp.mnt);\r | |
6722 | + if(tmp.dentry) dput(tmp.dentry);\r | |
6723 | +\r | |
6724 | + return (unsigned long)retval;\r | |
6725 | +\r | |
6726 | +}\r | |
6727 | +\r | |
6728 | +static int do_obv_inherit(void) \r | |
6729 | +{\r | |
6730 | + return 0; \r | |
6731 | + /* Note: for copying due to fork() we use the code the oblivin code in\r | |
6732 | + * kernel/fork.c. If we're inheriting then our current ACL\r | |
6733 | + * (that of the program calling execve) is the ACL we inherit, \r | |
6734 | + * so no work needs to be done. Just return success \r | |
6735 | + */\r | |
6736 | +}\r | |
6737 | +\r | |
6738 | +\r | |
6739 | +int obv_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt) \r | |
6740 | +{\r | |
6741 | + struct obv_acl *temp = NULL;\r | |
6742 | + if(obv_status & OBV_READY) {\r | |
6743 | + if(current->obvacl) {\r | |
6744 | + if(do_set_proc_acl(dentry,mnt,OBV_SET_INHERIT))\r | |
6745 | + return do_obv_inherit();\r | |
6746 | + \r | |
6747 | + else if(do_set_proc_acl(dentry,mnt,OBV_SET_AUTH))\r | |
6748 | + return obv_do_auth();\r | |
6749 | + }\r | |
6750 | + temp = (struct obv_acl *)do_set_proc_acl(dentry,mnt,OBV_SET_PROC);\r | |
6751 | + } \r | |
6752 | + tsk->obvacl = temp;\r | |
6753 | + if(tsk->obvacl)\r | |
6754 | + tsk->cap_permitted = tsk->cap_effective = tsk->obvacl->file_caps;\r | |
6755 | + return 0;\r | |
6756 | +}\r | |
6757 | +\r | |
6758 | +\r | |
6759 | +static int obv_chcaps(struct obv_pw *entry)\r | |
6760 | +{\r | |
6761 | + char *p = entry->extra;\r | |
6762 | + char *q;\r | |
6763 | + char *mode;\r | |
6764 | + p[OBV_MAX_EXTRA_LEN-1] = '\0'; /* take no chances*/\r | |
6765 | + while( (q = memscan(p,'\n',strlen(p))) != p + strlen(p)) {\r | |
6766 | + mode = p++;\r | |
6767 | + *q++ = '\0';\r | |
6768 | + switch(*mode) {\r | |
6769 | + case '+' :\r | |
6770 | + cap_bset |= cap_t(obv_cap_conv(p));\r | |
6771 | + break;\r | |
6772 | + case '-' :\r | |
6773 | + cap_bset &= ~cap_t(obv_cap_conv(p));\r | |
6774 | + break;\r | |
6775 | + default:\r | |
6776 | + break;\r | |
6777 | + }\r | |
6778 | + p = q;\r | |
6779 | + }\r | |
6780 | +#ifdef CONFIG_OBV_DEBUG\r | |
6781 | + obv_seclog("cap bset is now %x",cap_bset);\r | |
6782 | +#endif\r | |
6783 | + return 0;\r | |
6784 | +}\r | |
6785 | +\r | |
6786 | +/* The following variables are needed for timer manipulation */\r | |
6787 | +static struct timer_list obv_badpw;\r | |
6788 | +static int failures = 0;\r | |
6789 | +static int during_wait = 0;\r | |
6790 | +\r | |
6791 | +static void obv_timer(unsigned long ignored)\r | |
6792 | +{\r | |
6793 | + failures = 0;\r | |
6794 | + during_wait = 0;\r | |
6795 | + del_timer(&obv_badpw); \r | |
6796 | +}\r | |
6797 | +\r | |
6798 | +int obv_proc_handler(ctl_table *table, int write, struct file *filp, void *buffer, size_t *lenp) \r | |
6799 | +{\r | |
6800 | + /* This is the main todo. simply I allow disabling oblivion only\r | |
6801 | + * at bootup(after its turned on). I don't have time today to \r | |
6802 | + * impelement a good pw scheme. The first thing I do when I get back is to do that.\r | |
6803 | + */\r | |
6804 | + struct obv_pw *usermode = (struct obv_pw *) buffer;\r | |
6805 | + int error = sizeof(struct obv_pw);\r | |
6806 | + if(*lenp != sizeof(struct obv_pw)){\r | |
6807 | + obv_seclog("Proc handler: being fed garbage %d byte send %d required",*lenp,sizeof(struct obv_pw)); \r | |
6808 | + return -EINVAL;\r | |
6809 | + }\r | |
6810 | + if(during_wait) return -EPERM;\r | |
6811 | + switch (usermode->mode){\r | |
6812 | + case OBV_SHUTDOWN_MODE:\r | |
6813 | + if(obv_status & OBV_READY) {\r | |
6814 | + if(!(obv_chkpw(usermode))) {\r | |
6815 | + obv_seclog("shutdown auth success for "\r | |
6816 | + DEFAULTSECMSG,DEFAULTSECARGS);\r | |
6817 | + spin_lock(&obv_lock);\r | |
6818 | + obv_status &= ~OBV_READY;\r | |
6819 | + obv_status |= OBV_DISABLED;\r | |
6820 | + spin_unlock(&obv_lock);\r | |
6821 | + break;\r | |
6822 | + } else \r | |
6823 | + error = -EPERM;\r | |
6824 | + }\r | |
6825 | + break;\r | |
6826 | + case OBV_ENABLE_MODE:\r | |
6827 | + if(obv_disable) {\r | |
6828 | + obv_seclog("Disabled at boot time, ignoring load request");\r | |
6829 | + break;\r | |
6830 | + }\r | |
6831 | + else if(obv_status & OBV_1ST) {\r | |
6832 | + obv_seclog("Loading %.32s",OBV_VERSION);\r | |
6833 | + oblivion_init();\r | |
6834 | + spin_lock(&obv_lock);\r | |
6835 | + obv_status &= ~OBV_1ST; \r | |
6836 | + spin_unlock(&obv_lock);\r | |
6837 | + break;\r | |
6838 | + }\r | |
6839 | + else {\r | |
6840 | + obv_seclog("%.32s already loaded, re-enabling",OBV_VERSION);\r | |
6841 | + spin_lock(&obv_lock);\r | |
6842 | + obv_status &= ~OBV_DISABLED;\r | |
6843 | + obv_status |= OBV_READY;\r | |
6844 | + spin_unlock(&obv_lock);\r | |
6845 | + break;\r | |
6846 | + }\r | |
6847 | +\r | |
6848 | + case OBV_CHCAPS_MODE : \r | |
6849 | + if(obv_status & OBV_1ST) {\r | |
6850 | + oblivion_init();\r | |
6851 | + }\r | |
6852 | + if(obv_status & OBV_1ST ||( obv_status & OBV_READY && !(obv_chkpw(usermode)))) {\r | |
6853 | + if(!(obv_chcaps(usermode))) {\r | |
6854 | + obv_seclog("successful capability change by "\r | |
6855 | + DEFAULTSECMSG,\r | |
6856 | + DEFAULTSECARGS);\r | |
6857 | + }\r | |
6858 | + obv_status &= ~OBV_1ST;\r | |
6859 | + }\r | |
6860 | + else\r | |
6861 | + error = -EPERM;\r | |
6862 | + break;\r | |
6863 | + case OBV_GOD_MODE:\r | |
6864 | + if(obv_status & OBV_READY) {\r | |
6865 | + if(!(obv_chkpw(usermode))) {\r | |
6866 | + obv_seclog("successful change to admin mode by "\r | |
6867 | + DEFAULTSECMSG,\r | |
6868 | + DEFAULTSECARGS);\r | |
6869 | + if(current->p_pptr)\r | |
6870 | + current->p_pptr->obvacl = &obv_god_mode;\r | |
6871 | + }\r | |
6872 | + else\r | |
6873 | + error = -EPERM;\r | |
6874 | + }\r | |
6875 | + break;\r | |
6876 | + case OBV_AUTH_MODE:\r | |
6877 | + if(obv_status & OBV_READY) {\r | |
6878 | + if(!(obv_chkpw(usermode)) ) {\r | |
6879 | + obv_seclog("successful authentication by "\r | |
6880 | + DEFAULTSECMSG,\r | |
6881 | + DEFAULTSECARGS);\r | |
6882 | + if(current->p_pptr)\r | |
6883 | + current->p_pptr->obvacl = NULL;\r | |
6884 | + /* The parent invoked obvadm, it is the\r | |
6885 | + * task that we must deal with */\r | |
6886 | + }\r | |
6887 | + else\r | |
6888 | + error = -EPERM;\r | |
6889 | + }\r | |
6890 | + break;\r | |
6891 | +\r | |
6892 | + default:\r | |
6893 | + obv_seclog("Invalid value %d by " DEFAULTSECMSG,\r | |
6894 | + usermode->mode, DEFAULTSECARGS);\r | |
6895 | + break;\r | |
6896 | + }\r | |
6897 | +\r | |
6898 | + if(error < 0) {\r | |
6899 | + failures++;\r | |
6900 | + if(failures > CONFIG_OBV_MAXTRIES) {\r | |
6901 | + obv_seclog("Maximum pw attempts reached, locking "\r | |
6902 | + "password authentication");\r | |
6903 | + init_timer(&obv_badpw);\r | |
6904 | + obv_badpw.data = 0;\r | |
6905 | + obv_badpw.function = obv_timer;\r | |
6906 | + obv_badpw.expires = jiffies + CONFIG_OBV_TIMEOUT*HZ;\r | |
6907 | + add_timer(&obv_badpw);\r | |
6908 | + during_wait = 1;\r | |
6909 | + }\r | |
6910 | + }\r | |
6911 | +\r | |
6912 | + return error;\r | |
6913 | +}\r | |
6914 | diff -urN linux/kernel/obvhash.c linux/kernel/obvhash.c\r | |
6915 | --- linux/kernel/obvhash.c Wed Dec 31 19:00:00 1969\r | |
6916 | +++ linux/kernel/obvhash.c Mon Nov 26 10:38:11 2001\r | |
6917 | @@ -0,0 +1,160 @@\r | |
6918 | +#include <linux/kernel.h>\r | |
6919 | +#include <linux/types.h>\r | |
6920 | +#include <linux/fs.h>\r | |
6921 | +#include <linux/capability.h>\r | |
6922 | +#include <linux/oblivion.h>\r | |
6923 | +\r | |
6924 | +/*\r | |
6925 | +Modified for use in OPM by Michael Dalton <michael@linux.com> \r | |
6926 | +Modified for kerneli by Andrew McDonald <andrew@mcdonald.org.uk>\r | |
6927 | +from:\r | |
6928 | +\r | |
6929 | +SHA-1 in C\r | |
6930 | +By Steve Reid <steve@edmweb.com>\r | |
6931 | +100% Public Domain\r | |
6932 | +Available from:\r | |
6933 | +ftp://ftp.zedz.net/pub/crypto/crypto/HASH/sha/sha1.c\r | |
6934 | +\r | |
6935 | +Test Vectors (from FIPS PUB 180-1)\r | |
6936 | +"abc"\r | |
6937 | + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\r | |
6938 | +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"\r | |
6939 | + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\r | |
6940 | +A million repetitions of "a"\r | |
6941 | + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\r | |
6942 | +*/\r | |
6943 | +\r | |
6944 | +\r | |
6945 | +extern struct obv_pw obv_pwent;\r | |
6946 | +\r | |
6947 | +void SHA1Transform(unsigned long state[5], unsigned char buffer[64])\r | |
6948 | +{\r | |
6949 | + unsigned long a, b, c, d, e;\r | |
6950 | + typedef union {\r | |
6951 | + unsigned char c[64];\r | |
6952 | + unsigned long l[16];\r | |
6953 | + } CHAR64LONG16;\r | |
6954 | + CHAR64LONG16* block;\r | |
6955 | +#ifdef SHA1HANDSOFF\r | |
6956 | + static unsigned char workspace[64];\r | |
6957 | + block = (CHAR64LONG16*)workspace;\r | |
6958 | + memcpy(block, buffer, 64);\r | |
6959 | +#else\r | |
6960 | + block = (CHAR64LONG16*)buffer;\r | |
6961 | +#endif\r | |
6962 | + /* Copy context->state[] to working vars */\r | |
6963 | + a = state[0];\r | |
6964 | + b = state[1];\r | |
6965 | + c = state[2];\r | |
6966 | + d = state[3];\r | |
6967 | + e = state[4];\r | |
6968 | + /* 4 rounds of 20 operations each. Loop unrolled. */\r | |
6969 | + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);\r | |
6970 | + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);\r | |
6971 | + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);\r | |
6972 | + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);\r | |
6973 | + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);\r | |
6974 | + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);\r | |
6975 | + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);\r | |
6976 | + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);\r | |
6977 | + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);\r | |
6978 | + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);\r | |
6979 | + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);\r | |
6980 | + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);\r | |
6981 | + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);\r | |
6982 | + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);\r | |
6983 | + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);\r | |
6984 | + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);\r | |
6985 | + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);\r | |
6986 | + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);\r | |
6987 | + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);\r | |
6988 | + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);\r | |
6989 | + /* Add the working vars back into context.state[] */\r | |
6990 | + state[0] += a;\r | |
6991 | + state[1] += b;\r | |
6992 | + state[2] += c;\r | |
6993 | + state[3] += d;\r | |
6994 | + state[4] += e;\r | |
6995 | + /* Wipe variables */\r | |
6996 | + a = b = c = d = e = 0;\r | |
6997 | +}\r | |
6998 | +\r | |
6999 | +\r | |
7000 | +/* SHA1Init - Initialize new context */\r | |
7001 | +\r | |
7002 | +void SHA1Init(struct SHA1_CTX* context)\r | |
7003 | +{\r | |
7004 | + /* SHA1 initialization constants */\r | |
7005 | + context->state[0] = 0x67452301;\r | |
7006 | + context->state[1] = 0xEFCDAB89;\r | |
7007 | + context->state[2] = 0x98BADCFE;\r | |
7008 | + context->state[3] = 0x10325476;\r | |
7009 | + context->state[4] = 0xC3D2E1F0;\r | |
7010 | + context->count[0] = context->count[1] = 0;\r | |
7011 | +}\r | |
7012 | +\r | |
7013 | +\r | |
7014 | +/* Run your data through this. */\r | |
7015 | +\r | |
7016 | +void SHA1Update(struct SHA1_CTX* context, unsigned char* data, unsigned int len)\r | |
7017 | +{\r | |
7018 | + unsigned int i, j;\r | |
7019 | +\r | |
7020 | + j = (context->count[0] >> 3) & 63;\r | |
7021 | + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;\r | |
7022 | + context->count[1] += (len >> 29);\r | |
7023 | + if ((j + len) > 63) {\r | |
7024 | + memcpy(&context->buffer[j], data, (i = 64-j));\r | |
7025 | + SHA1Transform(context->state, context->buffer);\r | |
7026 | + for ( ; i + 63 < len; i += 64) {\r | |
7027 | + SHA1Transform(context->state, &data[i]);\r | |
7028 | + }\r | |
7029 | + j = 0;\r | |
7030 | + }\r | |
7031 | + else i = 0;\r | |
7032 | + memcpy(&context->buffer[j], &data[i], len - i);\r | |
7033 | +}\r | |
7034 | +\r | |
7035 | +\r | |
7036 | +/* Add padding and return the message digest. */\r | |
7037 | +\r | |
7038 | +void SHA1Final(unsigned char digest[20], struct SHA1_CTX* context)\r | |
7039 | +{\r | |
7040 | + unsigned long i, j;\r | |
7041 | + unsigned char finalcount[8];\r | |
7042 | +\r | |
7043 | + for (i = 0; i < 8; i++) {\r | |
7044 | + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]\r | |
7045 | + >> ((3-(i & 3)) * 8) ) & 255); \r | |
7046 | + /* Endian independent */\r | |
7047 | + }\r | |
7048 | + SHA1Update(context, (unsigned char *)"\200", 1);\r | |
7049 | + while ((context->count[0] & 504) != 448) {\r | |
7050 | + SHA1Update(context, (unsigned char *)"\0", 1);\r | |
7051 | + }\r | |
7052 | + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */\r | |
7053 | + for (i = 0; i < 20; i++) {\r | |
7054 | + digest[i] = (unsigned char)\r | |
7055 | + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);\r | |
7056 | + }\r | |
7057 | + /* Wipe variables */\r | |
7058 | + i = j = 0;\r | |
7059 | + memset(context->buffer, 0, 64);\r | |
7060 | + memset(context->state, 0, 20);\r | |
7061 | + memset(context->count, 0, 8);\r | |
7062 | + memset(&finalcount, 0, 8);\r | |
7063 | +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */\r | |
7064 | + SHA1Transform(context->state, context->buffer);\r | |
7065 | +#endif\r | |
7066 | +}\r | |
7067 | +\r | |
7068 | +int obv_chkpw(struct obv_pw *entry) \r | |
7069 | +{\r | |
7070 | + struct SHA1_CTX context;\r | |
7071 | + char *pos = memscan(entry->pw,'\n',strlen(entry->pw));\r | |
7072 | + if(pos != entry->pw + strlen(entry->pw)) *pos = '\0';\r | |
7073 | + SHA1Init(&context);\r | |
7074 | + SHA1Update(&context,entry->pw,strlen(entry->pw));\r | |
7075 | + SHA1Final(entry->sum,&context);\r | |
7076 | + return memcmp(obv_pwent.sum,entry->sum,OBV_SHASUM_SIZE);\r | |
7077 | +}\r | |
7078 | diff -urN linux/kernel/obvqsort.c linux/kernel/obvqsort.c\r | |
7079 | --- linux/kernel/obvqsort.c Wed Dec 31 19:00:00 1969\r | |
7080 | +++ linux/kernel/obvqsort.c Mon Nov 26 11:18:12 2001\r | |
7081 | @@ -0,0 +1,229 @@\r | |
7082 | +/* * * * * * * * * * * * * * * * * * * * * * * * *\r | |
7083 | + * The following code is a slightly modified qsort found in glibc\r | |
7084 | + * The best implementation for a non-recursive qsort around\r | |
7085 | + * that I could find, and probably\r | |
7086 | + * better than what I would have come up with=)\r | |
7087 | + * * * * * * * * * * * * * * * * * * * * * * * * */\r | |
7088 | +#include <linux/kernel.h>\r | |
7089 | +#include <linux/types.h>\r | |
7090 | +#include <linux/slab.h>\r | |
7091 | +\r | |
7092 | +\r | |
7093 | +\r | |
7094 | +/* Byte-wise swap two items of size SIZE. */\r | |
7095 | +#define SWAP(a, b, size) \\r | |
7096 | + do \\r | |
7097 | + { \\r | |
7098 | + register size_t __size = (size); \\r | |
7099 | + register char *__a = (a), *__b = (b); \\r | |
7100 | + do \\r | |
7101 | + { \\r | |
7102 | + char __tmp = *__a; \\r | |
7103 | + *__a++ = *__b; \\r | |
7104 | + *__b++ = __tmp; \\r | |
7105 | + } while (--__size > 0); \\r | |
7106 | + } while (0)\r | |
7107 | +\r | |
7108 | +/* Discontinue quicksort algorithm when partition gets below this size.\r | |
7109 | + This particular magic number was chosen to work best on a Sun 4/260. */\r | |
7110 | +#define MAX_THRESH 4\r | |
7111 | +\r | |
7112 | +/* Stack node declarations used to store unfulfilled partition obligations. */\r | |
7113 | +typedef struct\r | |
7114 | + {\r | |
7115 | + char *lo;\r | |
7116 | + char *hi;\r | |
7117 | + } stack_node;\r | |
7118 | +\r | |
7119 | +/* The next 4 #defines implement a very fast in-line stack abstraction. */\r | |
7120 | +#define STACK_SIZE (8 * sizeof(unsigned long int))\r | |
7121 | +#define PUSH(low, high) ((void) ((top->lo = (low)), (top->hi = (high)), ++top))\r | |
7122 | +#define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi)))\r | |
7123 | +#define STACK_NOT_EMPTY (stack < top)\r | |
7124 | +\r | |
7125 | +\r | |
7126 | +/* Order size using quicksort. This implementation incorporates\r | |
7127 | + four optimizations discussed in Sedgewick:\r | |
7128 | +\r | |
7129 | + 1. Non-recursive, using an explicit stack of pointer that store the\r | |
7130 | + next array partition to sort. To save time, this maximum amount\r | |
7131 | + of space required to store an array of MAX_INT is allocated on the\r | |
7132 | + stack. Assuming a 32-bit integer, this needs only 32 *\r | |
7133 | + sizeof(stack_node) == 136 bits. Pretty cheap, actually.\r | |
7134 | +\r | |
7135 | + 2. Chose the pivot element using a median-of-three decision tree.\r | |
7136 | + This reduces the probability of selecting a bad pivot value and\r | |
7137 | + eliminates certain extraneous comparisons.\r | |
7138 | +\r | |
7139 | + 3. Only quicksorts TOTAL_ELEMS / MAX_THRESH partitions, leaving\r | |
7140 | + insertion sort to order the MAX_THRESH items within each partition.\r | |
7141 | + This is a big win, since insertion sort is faster for small, mostly\r | |
7142 | + sorted array segments.\r | |
7143 | +\r | |
7144 | + 4. The larger of the two sub-partitions is always pushed onto the\r | |
7145 | + stack first, with the algorithm then concentrating on the\r | |
7146 | + smaller partition. This *guarantees* no more than log (n)\r | |
7147 | + stack size is needed (actually O(1) in this case)! */\r | |
7148 | +\r | |
7149 | +\r | |
7150 | +void obv_qsort (void *pbase, size_t total_elems, size_t size, int (*cmp) (const void *, const void*))\r | |
7151 | +{\r | |
7152 | + register char *base_ptr = (char *) pbase;\r | |
7153 | +\r | |
7154 | + /* Allocating SIZE bytes for a pivot buffer facilitates a better\r | |
7155 | + algorithm below since we can do comparisons directly on the pivot. */\r | |
7156 | + char *pivot_buffer = (char *) kmalloc(size,GFP_KERNEL);\r | |
7157 | + const size_t max_thresh = MAX_THRESH * size;\r | |
7158 | +\r | |
7159 | + if (total_elems == 0)\r | |
7160 | + /* Avoid lossage with unsigned arithmetic below. */\r | |
7161 | + return;\r | |
7162 | +\r | |
7163 | + if (total_elems > MAX_THRESH)\r | |
7164 | + {\r | |
7165 | + char *lo = base_ptr;\r | |
7166 | + char *hi = &lo[size * (total_elems - 1)];\r | |
7167 | + /* Largest size needed for 32-bit int!!! */\r | |
7168 | + stack_node stack[STACK_SIZE];\r | |
7169 | + stack_node *top = stack + 1;\r | |
7170 | +\r | |
7171 | + while (STACK_NOT_EMPTY)\r | |
7172 | + {\r | |
7173 | + char *left_ptr;\r | |
7174 | + char *right_ptr;\r | |
7175 | +\r | |
7176 | + char *pivot = pivot_buffer;\r | |
7177 | +\r | |
7178 | + /* Select median value from among LO, MID, and HI. Rearrange\r | |
7179 | + LO and HI so the three values are sorted. This lowers the\r | |
7180 | + probability of picking a pathological pivot value and\r | |
7181 | + skips a comparison for both the LEFT_PTR and RIGHT_PTR. */\r | |
7182 | +\r | |
7183 | + char *mid = lo + size * ((hi - lo) / size >> 1);\r | |
7184 | +\r | |
7185 | + if ((*cmp) ((void *) mid, (void *) lo) < 0)\r | |
7186 | + SWAP (mid, lo, size);\r | |
7187 | + if ((*cmp) ((void *) hi, (void *) mid) < 0)\r | |
7188 | + SWAP (mid, hi, size);\r | |
7189 | + else\r | |
7190 | + goto jump_over;\r | |
7191 | + if ((*cmp) ((void *) mid, (void *) lo) < 0)\r | |
7192 | + SWAP (mid, lo, size);\r | |
7193 | + jump_over:;\r | |
7194 | + memcpy (pivot, mid, size);\r | |
7195 | + pivot = pivot_buffer;\r | |
7196 | +\r | |
7197 | + left_ptr = lo + size;\r | |
7198 | + right_ptr = hi - size;\r | |
7199 | +\r | |
7200 | + /* Here's the famous ``collapse the walls'' section of quicksort.\r | |
7201 | + Gotta like those tight inner loops! They are the main reason\r | |
7202 | + that this algorithm runs much faster than others. */\r | |
7203 | + do\r | |
7204 | + {\r | |
7205 | + while ((*cmp) ((void *) left_ptr, (void *) pivot) < 0)\r | |
7206 | + left_ptr += size;\r | |
7207 | +\r | |
7208 | + while ((*cmp) ((void *) pivot, (void *) right_ptr) < 0)\r | |
7209 | + right_ptr -= size;\r | |
7210 | +\r | |
7211 | + if (left_ptr < right_ptr)\r | |
7212 | + {\r | |
7213 | + SWAP (left_ptr, right_ptr, size);\r | |
7214 | + left_ptr += size;\r | |
7215 | + right_ptr -= size;\r | |
7216 | + }\r | |
7217 | + else if (left_ptr == right_ptr)\r | |
7218 | + {\r | |
7219 | + left_ptr += size;\r | |
7220 | + right_ptr -= size;\r | |
7221 | + break;\r | |
7222 | + }\r | |
7223 | + }\r | |
7224 | + while (left_ptr <= right_ptr);\r | |
7225 | +\r | |
7226 | + /* Set up pointers for next iteration. First determine whether\r | |
7227 | + left and right partitions are below the threshold size. If so,\r | |
7228 | + ignore one or both. Otherwise, push the larger partition's\r | |
7229 | + bounds on the stack and continue sorting the smaller one. */\r | |
7230 | +\r | |
7231 | + if ((size_t) (right_ptr - lo) <= max_thresh)\r | |
7232 | + {\r | |
7233 | + if ((size_t) (hi - left_ptr) <= max_thresh)\r | |
7234 | + /* Ignore both small partitions. */\r | |
7235 | + POP (lo, hi);\r | |
7236 | + else\r | |
7237 | + /* Ignore small left partition. */\r | |
7238 | + lo = left_ptr;\r | |
7239 | + }\r | |
7240 | + else if ((size_t) (hi - left_ptr) <= max_thresh)\r | |
7241 | + /* Ignore small right partition. */\r | |
7242 | + hi = right_ptr;\r | |
7243 | + else if ((right_ptr - lo) > (hi - left_ptr))\r | |
7244 | + {\r | |
7245 | + /* Push larger left partition indices. */\r | |
7246 | + PUSH (lo, right_ptr);\r | |
7247 | + lo = left_ptr;\r | |
7248 | + }\r | |
7249 | + else\r | |
7250 | + {\r | |
7251 | + /* Push larger right partition indices. */\r | |
7252 | + PUSH (left_ptr, hi);\r | |
7253 | + hi = right_ptr;\r | |
7254 | + }\r | |
7255 | + }\r | |
7256 | + }\r | |
7257 | + kfree(pivot_buffer);\r | |
7258 | +\r | |
7259 | + /* Once the BASE_PTR array is partially sorted by quicksort the rest\r | |
7260 | + is completely sorted using insertion sort, since this is efficient\r | |
7261 | + for partitions below MAX_THRESH size. BASE_PTR points to the beginning\r | |
7262 | + of the array to sort, and END_PTR points at the very last element in\r | |
7263 | + the array (*not* one beyond it!). */\r | |
7264 | +\r | |
7265 | +\r | |
7266 | + {\r | |
7267 | + char *const end_ptr = &base_ptr[size * (total_elems - 1)];\r | |
7268 | + char *tmp_ptr = base_ptr;\r | |
7269 | + char *thresh = min(end_ptr, base_ptr + max_thresh);\r | |
7270 | + register char *run_ptr;\r | |
7271 | +\r | |
7272 | + /* Find smallest element in first threshold and place it at the\r | |
7273 | + array's beginning. This is the smallest array element,\r | |
7274 | + and the operation speeds up insertion sort's inner loop. */\r | |
7275 | +\r | |
7276 | + for (run_ptr = tmp_ptr + size; run_ptr <= thresh; run_ptr += size)\r | |
7277 | + if ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0)\r | |
7278 | + tmp_ptr = run_ptr;\r | |
7279 | +\r | |
7280 | + if (tmp_ptr != base_ptr)\r | |
7281 | + SWAP (tmp_ptr, base_ptr, size);\r | |
7282 | +\r | |
7283 | + /* Insertion sort, running from left-hand-side up to right-hand-side. */\r | |
7284 | +\r | |
7285 | + run_ptr = base_ptr + size;\r | |
7286 | + while ((run_ptr += size) <= end_ptr)\r | |
7287 | + {\r | |
7288 | + tmp_ptr = run_ptr - size;\r | |
7289 | + while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0)\r | |
7290 | + tmp_ptr -= size;\r | |
7291 | +\r | |
7292 | + tmp_ptr += size;\r | |
7293 | + if (tmp_ptr != run_ptr)\r | |
7294 | + {\r | |
7295 | + char *trav;\r | |
7296 | +\r | |
7297 | + trav = run_ptr + size;\r | |
7298 | + while (--trav >= run_ptr)\r | |
7299 | + {\r | |
7300 | + char c = *trav;\r | |
7301 | + char *hi, *lo;\r | |
7302 | +\r | |
7303 | + for (hi = lo = trav; (lo -= size) >= tmp_ptr; hi = lo)\r | |
7304 | + *hi = *lo;\r | |
7305 | + *hi = c;\r | |
7306 | + }\r | |
7307 | + }\r | |
7308 | + }\r | |
7309 | + }\r | |
7310 | +}\r | |
7311 | diff -urN linux/kernel/printk.c linux/kernel/printk.c\r | |
7312 | --- linux/kernel/printk.c Sun Nov 11 13:20:21 2001\r | |
7313 | +++ linux/kernel/printk.c Mon Nov 26 10:38:11 2001\r | |
7314 | @@ -286,7 +286,11 @@\r | |
7315 | \r | |
7316 | asmlinkage long sys_syslog(int type, char * buf, int len)\r | |
7317 | {\r | |
7318 | +#ifdef CONFIG_GRKERNSEC_PROC\r | |
7319 | + if (!capable(CAP_SYS_ADMIN))\r | |
7320 | +#else\r | |
7321 | if ((type != 3) && !capable(CAP_SYS_ADMIN))\r | |
7322 | +#endif\r | |
7323 | return -EPERM;\r | |
7324 | return do_syslog(type, buf, len);\r | |
7325 | }\r | |
7326 | diff -urN linux/kernel/signal.c linux/kernel/signal.c\r | |
7327 | --- linux/kernel/signal.c Wed Nov 21 19:26:27 2001\r | |
7328 | +++ linux/kernel/signal.c Mon Nov 26 10:38:11 2001\r | |
7329 | @@ -16,6 +16,21 @@\r | |
7330 | \r | |
7331 | #include <asm/uaccess.h>\r | |
7332 | \r | |
7333 | +#if defined(CONFIG_GRKERNSEC_SIGNAL) || defined(CONFIG_GRKERNSEC_CHROOT)\r | |
7334 | +#include <linux/grsecurity.h>\r | |
7335 | +#endif\r | |
7336 | +\r | |
7337 | +#ifdef CONFIG_OBV_PROC\r | |
7338 | +#include <linux/fs.h>\r | |
7339 | +#include <linux/obvext.h>\r | |
7340 | +#endif\r | |
7341 | +\r | |
7342 | +\r | |
7343 | +\r | |
7344 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
7345 | +extern struct task_struct *child_reaper;\r | |
7346 | +#endif\r | |
7347 | +\r | |
7348 | /*\r | |
7349 | * SLAB caches for signal bits.\r | |
7350 | */\r | |
7351 | @@ -526,8 +541,37 @@\r | |
7352 | goto out_nolock;\r | |
7353 | \r | |
7354 | spin_lock_irqsave(&t->sigmask_lock, flags);\r | |
7355 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
7356 | + if(CHROOTLONGCHECK &&\r | |
7357 | + !( sig == SIGALRM || sig == SIGIO || !proc_is_chrooted(current) ||\r | |
7358 | + have_same_root(current,t) ||\r | |
7359 | + (t->pid == current->p_pptr->pid && sig == SIGCHLD) ) ) {\r | |
7360 | + security_alert("denied signal %d out of chroot jail (%.32s:%lu) of %d.%d "\r | |
7361 | + "by " DEFAULTSECMSG " to " DEFAULTSECMSG,\r | |
7362 | + "denied signals in chroot",sig,kdevname(current->fs->root->d_inode->i_dev),\r | |
7363 | + current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,\r | |
7364 | + current->fs->root->d_inode->i_gid,DEFAULTSECARGS,\r | |
7365 | + t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,\r | |
7366 | + t->p_pptr->pid,t->p_pptr->uid,t->p_pptr->euid);\r | |
7367 | + goto out;\r | |
7368 | + }\r | |
7369 | +#endif\r | |
7370 | handle_stop_signal(sig, t);\r | |
7371 | -\r | |
7372 | +#ifdef CONFIG_GRKERNSEC_SIGNAL\r | |
7373 | + if(grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) || \r | |
7374 | + (sig == SIGABRT) || (sig == SIGBUS))) {\r | |
7375 | + if(t->pid == current->pid) {\r | |
7376 | + security_alert("signal %d sent to " DEFAULTSECMSG,"signal warnings",sig,\r | |
7377 | + t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,t->p_pptr->pid,\r | |
7378 | + t->p_pptr->uid,t->p_pptr->euid);\r | |
7379 | + } else {\r | |
7380 | + security_alert("signal %d sent to " DEFAULTSECMSG " by "\r | |
7381 | + DEFAULTSECMSG, "signal warnings",\r | |
7382 | + sig,t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,t->p_pptr->pid,\r | |
7383 | + t->p_pptr->uid,t->p_pptr->euid, DEFAULTSECARGS);\r | |
7384 | + }\r | |
7385 | + } \r | |
7386 | +#endif\r | |
7387 | /* Optimize away the signal, if it's a signal that can be\r | |
7388 | handled immediately (ie non-blocked and untraced) and\r | |
7389 | that is ignored (either explicitly or by default). */\r | |
7390 | @@ -592,6 +636,9 @@\r | |
7391 | retval = -ESRCH;\r | |
7392 | read_lock(&tasklist_lock);\r | |
7393 | for_each_task(p) {\r | |
7394 | +#ifdef CONFIG_OBV_PROC\r | |
7395 | + if( !(obv_check_protected(p)) || current->pid == 1)\r | |
7396 | +#endif\r | |
7397 | if (p->pgrp == pgrp) {\r | |
7398 | int err = send_sig_info(sig, info, p);\r | |
7399 | if (retval)\r | |
7400 | @@ -619,6 +666,9 @@\r | |
7401 | retval = -ESRCH;\r | |
7402 | read_lock(&tasklist_lock);\r | |
7403 | for_each_task(p) {\r | |
7404 | +#ifdef CONFIG_OBV_PROC\r | |
7405 | + if( !(obv_check_protected(p)) || current->pid == 1)\r | |
7406 | +#endif\r | |
7407 | if (p->leader && p->session == sess) {\r | |
7408 | int err = send_sig_info(sig, info, p);\r | |
7409 | if (retval)\r | |
7410 | @@ -640,6 +690,9 @@\r | |
7411 | p = find_task_by_pid(pid);\r | |
7412 | error = -ESRCH;\r | |
7413 | if (p)\r | |
7414 | +#ifdef CONFIG_OBV_PROC\r | |
7415 | + if( !(obv_check_protected(p)) || current->pid == 1)\r | |
7416 | +#endif\r | |
7417 | error = send_sig_info(sig, info, p);\r | |
7418 | read_unlock(&tasklist_lock);\r | |
7419 | return error;\r | |
7420 | @@ -663,6 +716,9 @@\r | |
7421 | \r | |
7422 | read_lock(&tasklist_lock);\r | |
7423 | for_each_task(p) {\r | |
7424 | +#ifdef CONFIG_OBV_PROC\r | |
7425 | + if(!(obv_check_protected(p) || current->pid == 1))\r | |
7426 | +#endif\r | |
7427 | if (p->pid > 1 && p != current) {\r | |
7428 | int err = send_sig_info(sig, info, p);\r | |
7429 | ++count;\r | |
7430 | diff -urN linux/kernel/sys.c linux/kernel/sys.c\r | |
7431 | --- linux/kernel/sys.c Tue Sep 18 17:10:43 2001\r | |
7432 | +++ linux/kernel/sys.c Mon Nov 26 10:38:11 2001\r | |
7433 | @@ -4,6 +4,7 @@\r | |
7434 | * Copyright (C) 1991, 1992 Linus Torvalds\r | |
7435 | */\r | |
7436 | \r | |
7437 | +#include <linux/config.h>\r | |
7438 | #include <linux/module.h>\r | |
7439 | #include <linux/mm.h>\r | |
7440 | #include <linux/utsname.h>\r | |
7441 | @@ -18,6 +19,10 @@\r | |
7442 | #include <asm/uaccess.h>\r | |
7443 | #include <asm/io.h>\r | |
7444 | \r | |
7445 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7446 | +#include <linux/grsecurity.h>\r | |
7447 | +#endif\r | |
7448 | +\r | |
7449 | /*\r | |
7450 | * this is where the system-wide overflow UID and GID are defined, for\r | |
7451 | * architectures that now have 32-bit UID/GID but didn't in the past\r | |
7452 | @@ -379,6 +384,15 @@\r | |
7453 | int old_egid = current->egid;\r | |
7454 | int new_rgid = old_rgid;\r | |
7455 | int new_egid = old_egid;\r | |
7456 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7457 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7458 | + if(grsec_enable_suid_root && current->uid && (!rgid || !egid))\r | |
7459 | +#else\r | |
7460 | + if(grsec_enable_suid)\r | |
7461 | +#endif\r | |
7462 | + printk(KERN_INFO "grsec: setregid(rgid=%d/egid=%d) by " DEFAULTSECMSG\r | |
7463 | + "\n",rgid,egid, DEFAULTSECARGS);\r | |
7464 | +#endif \r | |
7465 | \r | |
7466 | if (rgid != (gid_t) -1) {\r | |
7467 | if ((old_rgid == rgid) ||\r | |
7468 | @@ -420,6 +434,15 @@\r | |
7469 | asmlinkage long sys_setgid(gid_t gid)\r | |
7470 | {\r | |
7471 | int old_egid = current->egid;\r | |
7472 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7473 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7474 | + if(grsec_enable_suid_root && current->uid && !gid)\r | |
7475 | +#else\r | |
7476 | + if(grsec_enable_suid)\r | |
7477 | +#endif\r | |
7478 | + printk(KERN_INFO "grsec: setgid(%d) by " DEFAULTSECMSG "\n",gid, \r | |
7479 | + DEFAULTSECARGS);\r | |
7480 | +#endif \r | |
7481 | \r | |
7482 | if (capable(CAP_SETGID))\r | |
7483 | {\r | |
7484 | @@ -539,6 +562,15 @@\r | |
7485 | new_ruid = old_ruid = current->uid;\r | |
7486 | new_euid = old_euid = current->euid;\r | |
7487 | old_suid = current->suid;\r | |
7488 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7489 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7490 | + if(grsec_enable_suid_root && current->uid && (!ruid || !euid))\r | |
7491 | +#else\r | |
7492 | + if(grsec_enable_suid)\r | |
7493 | +#endif\r | |
7494 | + printk(KERN_INFO "grsec: setreuid(ruid=%d/euid=%d) by " DEFAULTSECMSG\r | |
7495 | + "\n",ruid,euid, DEFAULTSECARGS);\r | |
7496 | +#endif \r | |
7497 | \r | |
7498 | if (ruid != (uid_t) -1) {\r | |
7499 | new_ruid = ruid;\r | |
7500 | @@ -599,7 +631,16 @@\r | |
7501 | old_ruid = new_ruid = current->uid;\r | |
7502 | old_suid = current->suid;\r | |
7503 | new_suid = old_suid;\r | |
7504 | - \r | |
7505 | +\r | |
7506 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7507 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7508 | + if(grsec_enable_suid_root && current->uid && !uid)\r | |
7509 | +#else\r | |
7510 | + if(grsec_enable_suid)\r | |
7511 | +#endif\r | |
7512 | + printk(KERN_INFO "grsec: setuid(%d) by " DEFAULTSECMSG "\n", uid,\r | |
7513 | + DEFAULTSECARGS);\r | |
7514 | +#endif \r | |
7515 | if (capable(CAP_SETUID)) {\r | |
7516 | if (uid != old_ruid && set_user(uid, old_euid != uid) < 0)\r | |
7517 | return -EAGAIN;\r | |
7518 | @@ -632,6 +673,15 @@\r | |
7519 | int old_ruid = current->uid;\r | |
7520 | int old_euid = current->euid;\r | |
7521 | int old_suid = current->suid;\r | |
7522 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7523 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7524 | + if(grsec_enable_suid_root && current->uid && (!ruid || !euid || !suid))\r | |
7525 | +#else\r | |
7526 | + if(grsec_enable_suid)\r | |
7527 | +#endif\r | |
7528 | + printk(KERN_INFO "grsec: setresuid(ruid=%d/suid=%d/euid=%d) by "\r | |
7529 | + DEFAULTSECMSG "\n", ruid, suid, euid, DEFAULTSECARGS);\r | |
7530 | +#endif \r | |
7531 | \r | |
7532 | if (!capable(CAP_SETUID)) {\r | |
7533 | if ((ruid != (uid_t) -1) && (ruid != current->uid) &&\r | |
7534 | @@ -683,6 +733,16 @@\r | |
7535 | */\r | |
7536 | asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)\r | |
7537 | {\r | |
7538 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7539 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7540 | + if(grsec_enable_suid_root && current->uid && (!rgid || !egid || !sgid))\r | |
7541 | +#else\r | |
7542 | + if(grsec_enable_suid)\r | |
7543 | +#endif\r | |
7544 | + printk(KERN_INFO "grsec: setresgid(rgid=%d/sgid=%d/egid=%d) by "\r | |
7545 | + DEFAULTSECMSG "\n", rgid, sgid, egid, DEFAULTSECARGS);\r | |
7546 | +#endif \r | |
7547 | +\r | |
7548 | if (!capable(CAP_SETGID)) {\r | |
7549 | if ((rgid != (gid_t) -1) && (rgid != current->gid) &&\r | |
7550 | (rgid != current->egid) && (rgid != current->sgid))\r | |
7551 | @@ -731,6 +791,15 @@\r | |
7552 | asmlinkage long sys_setfsuid(uid_t uid)\r | |
7553 | {\r | |
7554 | int old_fsuid;\r | |
7555 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7556 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7557 | + if(grsec_enable_suid_root && current->uid && !uid)\r | |
7558 | +#else\r | |
7559 | + if(grsec_enable_suid)\r | |
7560 | +#endif\r | |
7561 | + printk(KERN_INFO "grsec: setfsuid(%d) by " DEFAULTSECMSG "\n", uid,\r | |
7562 | + DEFAULTSECARGS);\r | |
7563 | +#endif \r | |
7564 | \r | |
7565 | old_fsuid = current->fsuid;\r | |
7566 | if (uid == current->uid || uid == current->euid ||\r | |
7567 | @@ -773,6 +842,15 @@\r | |
7568 | asmlinkage long sys_setfsgid(gid_t gid)\r | |
7569 | {\r | |
7570 | int old_fsgid;\r | |
7571 | +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r | |
7572 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7573 | + if(grsec_enable_suid_root && current->uid && !gid)\r | |
7574 | +#else\r | |
7575 | + if(grsec_enable_suid)\r | |
7576 | +#endif\r | |
7577 | + printk(KERN_INFO "grsec: setfsgid(%d) by " DEFAULTSECMSG "\n", gid,\r | |
7578 | + DEFAULTSECARGS);\r | |
7579 | +#endif \r | |
7580 | \r | |
7581 | old_fsgid = current->fsgid;\r | |
7582 | if (gid == current->gid || gid == current->egid ||\r | |
7583 | diff -urN linux/kernel/sysctl.c linux/kernel/sysctl.c\r | |
7584 | --- linux/kernel/sysctl.c Mon Nov 26 08:29:17 2001\r | |
7585 | +++ linux/kernel/sysctl.c Mon Nov 26 10:38:11 2001\r | |
7586 | @@ -37,7 +37,12 @@\r | |
7587 | #include <linux/nfs_fs.h>\r | |
7588 | #endif\r | |
7589 | \r | |
7590 | +#ifdef CONFIG_OBV_PROC\r | |
7591 | +#include <linux/obvext.h>\r | |
7592 | +#endif\r | |
7593 | +\r | |
7594 | #if defined(CONFIG_SYSCTL)\r | |
7595 | +#include <linux/grsecurity.h>\r | |
7596 | \r | |
7597 | /* External variables not in a header file. */\r | |
7598 | extern int panic_timeout;\r | |
7599 | @@ -116,6 +121,9 @@\r | |
7600 | static ctl_table debug_table[];\r | |
7601 | static ctl_table dev_table[];\r | |
7602 | extern ctl_table random_table[];\r | |
7603 | +#ifdef CONFIG_GRKERNSEC_SYSCTL\r | |
7604 | +static ctl_table grsecurity_table[];\r | |
7605 | +#endif\r | |
7606 | \r | |
7607 | /* /proc declarations: */\r | |
7608 | \r | |
7609 | @@ -255,9 +263,228 @@\r | |
842916cd JR |
7610 | {KERN_KDB, "kdb", &kdb_on, sizeof(int),\r |
7611 | 0644, NULL, &proc_dointvec},\r | |
7612 | #endif /* CONFIG_KDB */\r | |
cab4bb15 | 7613 | +#ifdef CONFIG_GRKERNSEC_SYSCTL\r |
7614 | + {KERN_GRSECURITY, "grsecurity", NULL, 0, 0550, grsecurity_table},\r | |
7615 | +#endif\r | |
7616 | +#ifdef CONFIG_OBV_PROC\r | |
7617 | + {KERN_OBV,"oblivion",NULL,sizeof(int),0600,NULL,&obv_proc_handler},\r | |
7618 | +#endif\r | |
7619 | +\r | |
7620 | {0}\r | |
7621 | };\r | |
7622 | \r | |
7623 | +#ifdef CONFIG_GRKERNSEC_SYSCTL\r | |
7624 | +enum {GS_LINK=1,GS_FIFO, GS_FD, GS_EXECVE, GS_FORK,\r | |
7625 | +GS_FORK_GID, GS_FORK_SEC, GS_FORK_MAX, GS_EXECLOG, GS_EXECLOG_GID, \r | |
7626 | +GS_EXECLOG_GRP, GS_SUID, GS_SUID_ROOT, GS_SIGNAL, GS_COREDUMP, GS_FORKFAIL, \r | |
7627 | +GS_TIME, GS_KBMAP, GS_RANDNET, GS_CHROOT, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS, \r | |
7628 | +GS_TPE, GS_TPE_GID, GS_TPE_GLIBC, GS_TPE_ALL, GS_PTRACE, GS_PTRACE_GRP, \r | |
7629 | +GS_PTRACE_GID, GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, \r | |
7630 | +GS_RANDTTL, GS_RANDTTL_THRESH, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, \r | |
7631 | +GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, \r | |
7632 | +GS_STEALTH_RST, GS_STEALTH_RST_LOG, GS_STEALTH_UDP, GS_STEALTH_UDP_LOG, \r | |
7633 | +GS_STEALTH_ICMP, GS_STEALTH_ICMP_LOG, GS_STEALTH_IGMP, GS_STEALTH_FLAGS, \r | |
7634 | +GS_STEALTH_FLAGS_LOG, GS_LOCK};\r | |
7635 | +\r | |
7636 | +static ctl_table grsecurity_table[] = {\r | |
7637 | +#ifdef CONFIG_GRKERNSEC_LINK\r | |
7638 | + {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),\r | |
7639 | + 0640, NULL, &proc_dointvec}, \r | |
7640 | +#endif\r | |
7641 | +#ifdef CONFIG_GRKERNSEC_FIFO\r | |
7642 | + {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),\r | |
7643 | + 0640, NULL, &proc_dointvec},\r | |
7644 | +#endif\r | |
7645 | +#ifdef CONFIG_GRKERNSEC_FD\r | |
7646 | + {GS_FD, "secure_fds", &grsec_enable_fd, sizeof (int),\r | |
7647 | + 0640, NULL, &proc_dointvec},\r | |
7648 | +#endif\r | |
7649 | +#ifdef CONFIG_GRKERNSEC_EXECVE\r | |
7650 | + {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),\r | |
7651 | + 0640, NULL, &proc_dointvec},\r | |
7652 | +#endif\r | |
7653 | +#ifdef CONFIG_GRKERNSEC_FORKBOMB\r | |
7654 | + {GS_FORK, "fork_bomb_prot", &grsec_enable_forkbomb, sizeof (int),\r | |
7655 | + 0640, NULL, &proc_dointvec},\r | |
7656 | + {GS_FORK_GID, "fork_bomb_gid", &grsec_forkbomb_gid, sizeof (int),\r | |
7657 | + 0640, NULL, &proc_dointvec},\r | |
7658 | + {GS_FORK_SEC, "fork_bomb_sec", &grsec_forkbomb_sec, sizeof (int),\r | |
7659 | + 0640, NULL, &proc_dointvec},\r | |
7660 | + {GS_FORK_MAX, "fork_bomb_max", &grsec_forkbomb_max, sizeof (int),\r | |
7661 | + 0640, NULL, &proc_dointvec},\r | |
7662 | +#endif\r | |
7663 | +#ifdef CONFIG_GRKERNSEC_EXECLOG\r | |
7664 | + {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),\r | |
7665 | + 0640, NULL, &proc_dointvec},\r | |
7666 | +#endif\r | |
7667 | +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r | |
7668 | + {GS_EXECLOG_GRP, "exec_group_logging", &grsec_enable_execlog_group, \r | |
7669 | + sizeof (int), 0640, NULL, &proc_dointvec},\r | |
7670 | + {GS_EXECLOG_GID, "exec_logging_gid", &grsec_execlog_gid, sizeof (int),\r | |
7671 | + 0640, NULL, &proc_dointvec},\r | |
7672 | +#endif\r | |
7673 | +#ifdef CONFIG_GRKERNSEC_SUID\r | |
7674 | + {GS_SUID, "suid_logging", &grsec_enable_suid, sizeof (int),\r | |
7675 | + 0640, NULL, &proc_dointvec},\r | |
7676 | +#endif\r | |
7677 | +#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r | |
7678 | + {GS_SUID_ROOT, "suid_root_logging", &grsec_enable_suid_root, sizeof (int),\r | |
7679 | + 0640, NULL, &proc_dointvec},\r | |
7680 | +#endif\r | |
7681 | +#ifdef CONFIG_GRKERNSEC_SIGNAL\r | |
7682 | + {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),\r | |
7683 | + 0640, NULL, &proc_dointvec},\r | |
7684 | +#endif\r | |
7685 | +#ifdef CONFIG_GRKERNSEC_COREDUMP\r | |
7686 | + {GS_COREDUMP, "coredump", &grsec_enable_coredump, sizeof (int),\r | |
7687 | + 0640, NULL, &proc_dointvec},\r | |
7688 | +#endif\r | |
7689 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL\r | |
7690 | + {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),\r | |
7691 | + 0640, NULL, &proc_dointvec},\r | |
7692 | +#endif\r | |
7693 | +#ifdef CONFIG_GRKERNSEC_TIME\r | |
7694 | + {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),\r | |
7695 | + 0640, NULL, &proc_dointvec},\r | |
7696 | +#endif\r | |
7697 | +#ifdef CONFIG_GRKERNSEC_KBMAP\r | |
7698 | + {GS_KBMAP, "secure_kbmap", &grsec_enable_kbmap, sizeof (int),\r | |
7699 | + 0640, NULL, &proc_dointvec},\r | |
7700 | +#endif\r | |
7701 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
7702 | + {GS_RANDNET, "rand_net", &grsec_enable_randnet, sizeof (int),\r | |
7703 | + 0640, NULL, &proc_dointvec},\r | |
7704 | +#endif\r | |
7705 | +#ifdef CONFIG_GRKERNSEC_CHROOT\r | |
7706 | + {GS_CHROOT, "chroot_restrictions", &grsec_enable_chroot, sizeof (int),\r | |
7707 | + 0640, NULL, &proc_dointvec},\r | |
7708 | +#endif\r | |
7709 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r | |
7710 | + {GS_CHROOT_EXECLOG, "chroot_execlog",\r | |
7711 | + &grsec_enable_chroot_execlog, sizeof (int),\r | |
7712 | + 0640, NULL, &proc_dointvec},\r | |
7713 | +#endif\r | |
7714 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r | |
7715 | + {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),\r | |
7716 | + 0640, NULL, &proc_dointvec},\r | |
7717 | +#endif\r | |
7718 | +#ifdef CONFIG_GRKERNSEC_TPE\r | |
7719 | + {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),\r | |
7720 | + 0640, NULL, &proc_dointvec},\r | |
7721 | + {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),\r | |
7722 | + 0640, NULL, &proc_dointvec},\r | |
7723 | +#endif\r | |
7724 | +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r | |
7725 | + {GS_TPE_GLIBC, "tpe_glibc", &grsec_enable_tpe_glibc, sizeof (int),\r | |
7726 | + 0640, NULL, &proc_dointvec},\r | |
7727 | +#endif\r | |
7728 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL\r | |
7729 | + {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),\r | |
7730 | + 0640, NULL, &proc_dointvec},\r | |
7731 | +#endif\r | |
7732 | +#ifdef CONFIG_GRKERNSEC_PTRACE\r | |
7733 | + {GS_PTRACE, "restrict_ptrace", &grsec_enable_ptrace, sizeof (int),\r | |
7734 | + 0640, NULL, &proc_dointvec},\r | |
7735 | +#endif\r | |
7736 | +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r | |
7737 | + {GS_PTRACE_GRP, "allow_ptrace_group", &grsec_enable_ptrace_group, sizeof (int),\r | |
7738 | + 0640, NULL, &proc_dointvec},\r | |
7739 | + {GS_PTRACE_GID, "ptrace_gid", &grsec_ptrace_gid, sizeof (int),\r | |
7740 | + 0640, NULL, &proc_dointvec},\r | |
7741 | +#endif\r | |
7742 | +#ifdef CONFIG_GRKERNSEC_RANDPID\r | |
7743 | + {GS_RANDPID, "rand_pids", &grsec_enable_randpid, sizeof (int),\r | |
7744 | + 0640, NULL, &proc_dointvec},\r | |
7745 | +#endif\r | |
7746 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
7747 | + {GS_RANDID, "rand_ip_ids", &grsec_enable_randid, sizeof (int),\r | |
7748 | + 0640, NULL, &proc_dointvec},\r | |
7749 | +#endif\r | |
7750 | +#ifdef CONFIG_GRKERNSEC_RANDSRC\r | |
7751 | + {GS_RANDSRC, "rand_tcp_src_ports", &grsec_enable_randsrc, sizeof (int),\r | |
7752 | + 0640, NULL, &proc_dointvec},\r | |
7753 | +#endif\r | |
7754 | +#ifdef CONFIG_GRKERNSEC_RANDPING\r | |
7755 | + {GS_RANDPING, "altered_pings", &grsec_enable_randping, sizeof (int),\r | |
7756 | + 0640, NULL, &proc_dointvec},\r | |
7757 | +#endif\r | |
7758 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
7759 | + {GS_RANDTTL, "rand_ttl", &grsec_enable_randttl, sizeof (int),\r | |
7760 | + 0640, NULL, &proc_dointvec},\r | |
7761 | + {GS_RANDTTL_THRESH, "rand_ttl_thresh", \r | |
7762 | + &grsec_randttl_thresh, sizeof (int),\r | |
7763 | + 0640, NULL, &proc_dointvec},\r | |
7764 | +#endif\r | |
7765 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r | |
7766 | + {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),\r | |
7767 | + 0640, NULL, &proc_dointvec},\r | |
7768 | + {GS_SOCKET_ALL_GID, "socket_all_gid",\r | |
7769 | + &grsec_socket_all_gid, sizeof (int),\r | |
7770 | + 0640, NULL, &proc_dointvec},\r | |
7771 | +#endif\r | |
7772 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r | |
7773 | + {GS_SOCKET_CLIENT, "socket_client", \r | |
7774 | + &grsec_enable_socket_client, sizeof (int),\r | |
7775 | + 0640, NULL, &proc_dointvec},\r | |
7776 | + {GS_SOCKET_CLIENT_GID, "socket_client_gid", \r | |
7777 | + &grsec_socket_client_gid, sizeof (int),\r | |
7778 | + 0640, NULL, &proc_dointvec},\r | |
7779 | +#endif\r | |
7780 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r | |
7781 | + {GS_SOCKET_SERVER, "socket_server", \r | |
7782 | + &grsec_enable_socket_server, sizeof (int),\r | |
7783 | + 0640, NULL, &proc_dointvec},\r | |
7784 | + {GS_SOCKET_SERVER_GID, "socket_server_gid",\r | |
7785 | + &grsec_socket_server_gid, sizeof (int),\r | |
7786 | + 0640, NULL, &proc_dointvec},\r | |
7787 | +#endif\r | |
7788 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r | |
7789 | + {GS_STEALTH_RST, "stealth_rst", &grsec_enable_stealth_rst, sizeof (int),\r | |
7790 | + 0640, NULL, &proc_dointvec},\r | |
7791 | +#endif\r | |
7792 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
7793 | + {GS_STEALTH_RST_LOG, "stealth_rst_log", &grsec_enable_stealth_rst_log, sizeof (int),\r | |
7794 | + 0640, NULL, &proc_dointvec},\r | |
7795 | +#endif\r | |
7796 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r | |
7797 | + {GS_STEALTH_UDP, "stealth_udp", &grsec_enable_stealth_udp, sizeof (int),\r | |
7798 | + 0640, NULL, &proc_dointvec},\r | |
7799 | +#endif\r | |
7800 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r | |
7801 | + {GS_STEALTH_UDP_LOG, "stealth_udp_log", &grsec_enable_stealth_udp_log, sizeof (int),\r | |
7802 | + 0640, NULL, &proc_dointvec},\r | |
7803 | +#endif\r | |
7804 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r | |
7805 | + {GS_STEALTH_ICMP, "stealth_icmp", \r | |
7806 | + &grsec_enable_stealth_icmp, sizeof (int),\r | |
7807 | + 0640, NULL, &proc_dointvec},\r | |
7808 | +#endif\r | |
7809 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r | |
7810 | + {GS_STEALTH_ICMP_LOG, "stealth_icmp_log", \r | |
7811 | + &grsec_enable_stealth_icmp_log, sizeof (int),\r | |
7812 | + 0640, NULL, &proc_dointvec},\r | |
7813 | +#endif\r | |
7814 | +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
7815 | + {GS_STEALTH_IGMP, "stealth_igmp", \r | |
7816 | + &grsec_enable_stealth_igmp, sizeof (int),\r | |
7817 | + 0640, NULL, &proc_dointvec},\r | |
7818 | +#endif\r | |
7819 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r | |
7820 | + {GS_STEALTH_FLAGS, "stealth_flags", \r | |
7821 | + &grsec_enable_stealth_flags, sizeof (int),\r | |
7822 | + 0640, NULL, &proc_dointvec},\r | |
7823 | +#endif\r | |
7824 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r | |
7825 | + {GS_STEALTH_FLAGS_LOG, "stealth_flags_log", \r | |
7826 | + &grsec_enable_stealth_flags_log, sizeof (int),\r | |
7827 | + 0640, NULL, &proc_dointvec},\r | |
7828 | +#endif\r | |
7829 | + {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0640, NULL,\r | |
7830 | + &proc_dointvec},\r | |
7831 | + {0}\r | |
7832 | +};\r | |
7833 | +#endif\r | |
7834 | +\r | |
7835 | static ctl_table vm_table[] = {\r | |
7836 | {VM_BDFLUSH, "bdflush", &bdf_prm, 9*sizeof(int), 0644, NULL,\r | |
7837 | &proc_dointvec_minmax, &sysctl_intvec, NULL,\r | |
7838 | @@ -827,6 +1054,15 @@\r | |
7839 | }\r | |
7840 | \r | |
7841 | i = (int *) table->data;\r | |
7842 | +#ifdef CONFIG_GRKERNSEC_SYSCTL\r | |
7843 | + if(grsec_lock && write) { \r | |
7844 | + security_alert("attempt to modify grsecurity "\r | |
7845 | + "sysctl value: %.32s by " DEFAULTSECMSG,\r | |
7846 | + "attempted sysctl changes", table->de->name,\r | |
7847 | + DEFAULTSECARGS);\r | |
7848 | + return -EACCES;\r | |
7849 | + }\r | |
7850 | +#endif\r | |
7851 | vleft = table->maxlen / sizeof(int);\r | |
7852 | left = *lenp;\r | |
7853 | \r | |
7854 | diff -urN linux/kernel/time.c linux/kernel/time.c\r | |
7855 | --- linux/kernel/time.c Mon Oct 16 15:58:51 2000\r | |
7856 | +++ linux/kernel/time.c Mon Nov 26 10:38:11 2001\r | |
7857 | @@ -29,6 +29,9 @@\r | |
7858 | #include <linux/smp_lock.h>\r | |
7859 | \r | |
7860 | #include <asm/uaccess.h>\r | |
7861 | +#ifdef CONFIG_GRKERNSEC_TIME\r | |
7862 | +#include <linux/grsecurity.h>\r | |
7863 | +#endif\r | |
7864 | \r | |
7865 | /* \r | |
7866 | * The timezone where the local system is located. Used as a default by some\r | |
7867 | @@ -105,6 +108,11 @@\r | |
7868 | time_maxerror = NTP_PHASE_LIMIT;\r | |
7869 | time_esterror = NTP_PHASE_LIMIT;\r | |
7870 | write_unlock_irq(&xtime_lock);\r | |
7871 | +#ifdef CONFIG_GRKERNSEC_TIME\r | |
7872 | + if(grsec_enable_time)\r | |
7873 | + security_alert("time set by " DEFAULTSECMSG, "time sets",\r | |
7874 | + DEFAULTSECARGS);\r | |
7875 | +#endif\r | |
7876 | return 0;\r | |
7877 | }\r | |
7878 | \r | |
7879 | @@ -181,6 +189,11 @@\r | |
7880 | * globally block out interrupts when it runs.\r | |
7881 | */\r | |
7882 | do_settimeofday(tv);\r | |
7883 | +#ifdef CONFIG_GRKERNSEC_TIME\r | |
7884 | + if(grsec_enable_time)\r | |
7885 | + security_alert("time set by " DEFAULTSECMSG, "time sets", \r | |
7886 | + DEFAULTSECARGS);\r | |
7887 | +#endif\r | |
7888 | }\r | |
7889 | return 0;\r | |
7890 | }\r | |
7891 | diff -urN linux/mm/mmap.c linux/mm/mmap.c\r | |
7892 | --- linux/mm/mmap.c Sun Nov 4 13:17:20 2001\r | |
7893 | +++ linux/mm/mmap.c Mon Nov 26 10:38:11 2001\r | |
7894 | @@ -14,6 +14,7 @@\r | |
7895 | #include <linux/file.h>\r | |
7896 | #include <linux/fs.h>\r | |
7897 | #include <linux/personality.h>\r | |
7898 | +#include <linux/random.h>\r | |
7899 | \r | |
7900 | #include <asm/uaccess.h>\r | |
7901 | #include <asm/pgalloc.h>\r | |
7902 | @@ -429,6 +430,24 @@\r | |
7903 | */\r | |
7904 | vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;\r | |
7905 | \r | |
7906 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
7907 | + if (current->flags & PF_PAX_PAGEEXEC) {\r | |
7908 | + if (flags & MAP_GROWSDOWN)\r | |
7909 | + vm_flags &= ~VM_EXEC;\r | |
7910 | +\r | |
7911 | +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
7912 | + if ((current->flags & PF_PAX_MPROTECT) && !(prot & PROT_EXEC))\r | |
7913 | + vm_flags &= ~VM_MAYEXEC;\r | |
7914 | + if ((current->flags & PF_PAX_MPROTECT) && (flags & MAP_GROWSDOWN))\r | |
7915 | + vm_flags &= ~VM_MAYEXEC;\r | |
7916 | +#endif\r | |
7917 | +\r | |
7918 | + } else {\r | |
7919 | + if (prot & (PROT_READ | PROT_WRITE)) /* they imply PROT_EXEC on IA-32 */\r | |
7920 | + vm_flags |= VM_EXEC;\r | |
7921 | + }\r | |
7922 | +#endif\r | |
7923 | +\r | |
7924 | /* mlock MCL_FUTURE? */\r | |
7925 | if (vm_flags & VM_LOCKED) {\r | |
7926 | unsigned long locked = mm->locked_vm << PAGE_SHIFT;\r | |
7927 | @@ -601,7 +620,20 @@\r | |
7928 | (!vma || addr + len <= vma->vm_start))\r | |
7929 | return addr;\r | |
7930 | }\r | |
7931 | +#if defined(CONFIG_GRKERNSEC_STACK)\r | |
7932 | + addr = TASK_UNMAPPED_BASE(len);\r | |
7933 | + addr = PAGE_ALIGN(TASK_UNMAPPED_BASE(len));\r | |
7934 | +#else\r | |
7935 | + addr = TASK_UNMAPPED_BASE;\r | |
7936 | addr = PAGE_ALIGN(TASK_UNMAPPED_BASE);\r | |
7937 | +#endif\r | |
7938 | +\r | |
7939 | +\r | |
7940 | +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r | |
7941 | + /* PaX: randomize base address if requested */\r | |
7942 | + if (current->flags & PF_PAX_RANDMMAP)\r | |
7943 | + addr += current->mm->delta_mmap;\r | |
7944 | +#endif\r | |
7945 | \r | |
7946 | for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {\r | |
7947 | /* At this point: (!vma || addr < vma->vm_end). */\r | |
7948 | @@ -1050,6 +1082,18 @@\r | |
7949 | MAP_FIXED|MAP_PRIVATE) | mm->def_flags;\r | |
7950 | \r | |
7951 | flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;\r | |
7952 | +\r | |
7953 | +#ifdef CONFIG_GRKERNSEC_PAX\r | |
7954 | + if (current->flags & PF_PAX_PAGEEXEC) {\r | |
7955 | + flags &= ~VM_EXEC;\r | |
7956 | +\r | |
7957 | +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r | |
7958 | + if (current->flags & PF_PAX_MPROTECT)\r | |
7959 | + flags &= ~VM_MAYEXEC;\r | |
7960 | +#endif\r | |
7961 | + }\r | |
7962 | +#endif\r | |
7963 | +\r | |
7964 | \r | |
7965 | /* Can we just expand an old anonymous mapping? */\r | |
7966 | if (rb_parent && vma_merge(mm, prev, rb_parent, addr, addr + len, flags))\r | |
7967 | diff -urN linux/mm/mprotect.c linux/mm/mprotect.c\r | |
7968 | --- linux/mm/mprotect.c Mon Sep 17 18:30:23 2001\r | |
7969 | +++ linux/mm/mprotect.c Mon Nov 26 10:38:11 2001\r | |
7970 | @@ -300,6 +300,12 @@\r | |
cab4bb15 | 7971 | }\r |
7972 | \r | |
842916cd | 7973 | #endif /* CONFIG_XFS_DMAPI */\r |
cab4bb15 | 7974 | +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r |
7975 | + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */\r | |
7976 | + if ((current->flags & PF_PAX_MPROTECT) && (prot & PROT_WRITE) && (vma->vm_flags & VM_MAYEXEC)) {\r | |
7977 | + newflags &= ~VM_MAYWRITE;\r | |
7978 | + }\r | |
7979 | +#endif\r | |
7980 | if (vma->vm_end > end) {\r | |
7981 | error = mprotect_fixup(vma, &prev, nstart, end, newflags);\r | |
7982 | goto out;\r | |
7983 | diff -urN linux/net/core/utils.c linux/net/core/utils.c\r | |
7984 | --- linux/net/core/utils.c Mon Aug 23 13:01:02 1999\r | |
7985 | +++ linux/net/core/utils.c Mon Nov 26 10:38:11 2001\r | |
7986 | @@ -23,16 +23,50 @@\r | |
7987 | \r | |
7988 | static unsigned long net_rand_seed = 152L;\r | |
7989 | \r | |
7990 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
7991 | +#include <linux/random.h>\r | |
7992 | +#include <linux/grsecurity.h>\r | |
7993 | +\r | |
7994 | +#define RNG_N_STORED_WORDS 256\r | |
7995 | +unsigned long rng_storage[RNG_N_STORED_WORDS];\r | |
7996 | +int nleft=0;\r | |
7997 | +#endif\r | |
7998 | +\r | |
7999 | unsigned long net_random(void)\r | |
8000 | {\r | |
8001 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
8002 | + if (grsec_enable_randnet) {\r | |
8003 | + if (!nleft)\r | |
8004 | + {\r | |
8005 | + get_random_bytes(rng_storage,sizeof(rng_storage));\r | |
8006 | + nleft=RNG_N_STORED_WORDS;\r | |
8007 | + }\r | |
8008 | + \r | |
8009 | + nleft--;\r | |
8010 | + return rng_storage[nleft];\r | |
8011 | + } else {\r | |
8012 | + net_rand_seed=net_rand_seed*69069L+1;\r | |
8013 | + return net_rand_seed^jiffies;\r | |
8014 | + }\r | |
8015 | +#else\r | |
8016 | net_rand_seed=net_rand_seed*69069L+1;\r | |
8017 | return net_rand_seed^jiffies;\r | |
8018 | +#endif\r | |
8019 | }\r | |
8020 | \r | |
8021 | void net_srandom(unsigned long entropy)\r | |
8022 | {\r | |
8023 | +#ifdef CONFIG_GRKERNSEC_RANDNET\r | |
8024 | + if(grsec_enable_randnet)\r | |
8025 | + add_mouse_randomness((__u32)entropy);\r | |
8026 | + else {\r | |
8027 | net_rand_seed ^= entropy;\r | |
8028 | net_random();\r | |
8029 | + }\r | |
8030 | +#else\r | |
8031 | + net_rand_seed ^= entropy;\r | |
8032 | + net_random();\r | |
8033 | +#endif\r | |
8034 | }\r | |
8035 | \r | |
8036 | int net_msg_cost = 5*HZ;\r | |
8037 | @@ -71,3 +105,4 @@\r | |
8038 | spin_unlock_irqrestore(&ratelimit_lock, flags);\r | |
8039 | return 0;\r | |
8040 | }\r | |
8041 | +\r | |
8042 | diff -urN linux/net/ipv4/Makefile linux/net/ipv4/Makefile\r | |
8043 | --- linux/net/ipv4/Makefile Tue Oct 30 18:08:12 2001\r | |
8044 | +++ linux/net/ipv4/Makefile Mon Nov 26 10:38:11 2001\r | |
8045 | @@ -13,7 +13,7 @@\r | |
8046 | \r | |
8047 | obj-y := utils.o route.o inetpeer.o proc.o protocol.o \\r | |
8048 | ip_input.o ip_fragment.o ip_forward.o ip_options.o \\r | |
8049 | - ip_output.o ip_sockglue.o \\r | |
8050 | + ip_id.o ip_output.o ip_sockglue.o \\r | |
8051 | tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o tcp_minisocks.o \\r | |
8052 | raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \\r | |
8053 | sysctl_net_ipv4.o fib_frontend.o fib_semantics.o fib_hash.o\r | |
8054 | diff -urN linux/net/ipv4/af_inet.c linux/net/ipv4/af_inet.c\r | |
8055 | --- linux/net/ipv4/af_inet.c Mon Nov 5 12:46:12 2001\r | |
8056 | +++ linux/net/ipv4/af_inet.c Mon Nov 26 10:38:11 2001\r | |
8057 | @@ -83,6 +83,10 @@\r | |
8058 | #include <linux/init.h>\r | |
8059 | #include <linux/poll.h>\r | |
8060 | #include <linux/netfilter_ipv4.h>\r | |
8061 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8062 | +#include <linux/random.h>\r | |
8063 | +#include <linux/grsecurity.h>\r | |
8064 | +#endif\r | |
8065 | \r | |
8066 | #include <asm/uaccess.h>\r | |
8067 | #include <asm/system.h>\r | |
8068 | @@ -322,6 +326,10 @@\r | |
8069 | struct list_head *p;\r | |
8070 | struct inet_protosw *answer;\r | |
8071 | \r | |
8072 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8073 | + unsigned long randttl;\r | |
8074 | +#endif\r | |
8075 | +\r | |
8076 | sock->state = SS_UNCONNECTED;\r | |
8077 | sk = sk_alloc(PF_INET, GFP_KERNEL, 1);\r | |
8078 | if (sk == NULL) \r | |
8079 | @@ -374,7 +382,14 @@\r | |
8080 | else\r | |
8081 | sk->protinfo.af_inet.pmtudisc = IP_PMTUDISC_WANT;\r | |
8082 | \r | |
8083 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8084 | + if(grsec_enable_randid)\r | |
8085 | + sk->protinfo.af_inet.id = htons(ip_randomid());\r | |
8086 | + else\r | |
8087 | + sk->protinfo.af_inet.id = 0;\r | |
8088 | +#else\r | |
8089 | sk->protinfo.af_inet.id = 0;\r | |
8090 | +#endif\r | |
8091 | \r | |
8092 | sock_init_data(sock,sk);\r | |
8093 | \r | |
8094 | @@ -386,7 +401,16 @@\r | |
8095 | \r | |
8096 | sk->backlog_rcv = sk->prot->backlog_rcv;\r | |
8097 | \r | |
8098 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8099 | +if(grsec_enable_randttl){\r | |
8100 | + get_random_bytes(&randttl,sizeof(randttl));\r | |
8101 | + sk->protinfo.af_inet.ttl = grsec_randttl_thresh +\r | |
8102 | + (randttl % (256 - grsec_randttl_thresh));\r | |
8103 | +} else\r | |
8104 | + sk->protinfo.af_inet.ttl = sysctl_ip_default_ttl;\r | |
8105 | +#else \r | |
8106 | sk->protinfo.af_inet.ttl = sysctl_ip_default_ttl;\r | |
8107 | +#endif\r | |
8108 | \r | |
8109 | sk->protinfo.af_inet.mc_loop = 1;\r | |
8110 | sk->protinfo.af_inet.mc_ttl = 1;\r | |
8111 | diff -urN linux/net/ipv4/icmp.c linux/net/ipv4/icmp.c\r | |
8112 | --- linux/net/ipv4/icmp.c Wed Nov 7 17:39:36 2001\r | |
8113 | +++ linux/net/ipv4/icmp.c Mon Nov 26 10:38:11 2001\r | |
8114 | @@ -90,6 +90,15 @@\r | |
8115 | #include <asm/system.h>\r | |
8116 | #include <asm/uaccess.h>\r | |
8117 | #include <net/checksum.h>\r | |
8118 | +#ifdef CONFIG_GRKERNSEC_RANDPING\r | |
8119 | +#include <linux/random.h>\r | |
8120 | +#endif\r | |
8121 | +\r | |
8122 | +#if defined(CONFIG_GRKERNSEC_RANDPING)||\\r | |
8123 | + defined(CONFIG_GRKERNSEC_STEALTH_ICMP) ||\\r | |
8124 | + defined(CONFIG_GRKERNSEC_STEALTH_ICMP_LOG)\r | |
8125 | +#include <linux/grsecurity.h>\r | |
8126 | +#endif\r | |
8127 | \r | |
8128 | /*\r | |
8129 | * Build xmit assembly blocks\r | |
8130 | @@ -738,6 +747,11 @@\r | |
8131 | \r | |
8132 | icmp_param.data.icmph=*skb->h.icmph;\r | |
8133 | icmp_param.data.icmph.type=ICMP_ECHOREPLY;\r | |
8134 | +#ifdef CONFIG_GRKERNSEC_RANDPING\r | |
8135 | + if(grsec_enable_randping)\r | |
8136 | + icmp_param.data.icmph.un.echo.id =\r | |
8137 | + skb->h.icmph->un.echo.id;\r | |
8138 | +#endif\r | |
8139 | icmp_param.skb=skb;\r | |
8140 | icmp_param.offset=0;\r | |
8141 | icmp_param.data_len=skb->len;\r | |
8142 | @@ -907,6 +921,19 @@\r | |
8143 | /*\r | |
8144 | * Parse the ICMP message \r | |
8145 | */\r | |
8146 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r | |
8147 | + if(grsec_enable_stealth_icmp_log && net_ratelimit() && (icmph->type != ICMP_ECHOREPLY)\r | |
8148 | + && strncmp(skb->dev->name, "lo", 2))\r | |
8149 | + printk(KERN_INFO "grsec: icmp type=%d code=%d on %.8s src=%u.%u.%u.%u "\r | |
8150 | + "dst=%u.%u.%u.%u\n", icmph->type, icmph->code, \r | |
8151 | + (skb->dev->name ? skb->dev->name : "unknown"),\r | |
8152 | + NIPQUAD(skb->nh.iph->saddr), NIPQUAD(skb->nh.iph->daddr));\r | |
8153 | +#endif\r | |
8154 | +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r | |
8155 | + if(grsec_enable_stealth_icmp && (icmph->type != ICMP_ECHOREPLY) &&\r | |
8156 | + strncmp(skb->dev->name, "lo", 2))\r | |
8157 | + goto error;\r | |
8158 | +#endif\r | |
8159 | \r | |
8160 | if (rt->rt_flags&(RTCF_BROADCAST|RTCF_MULTICAST)) {\r | |
8161 | /*\r | |
8162 | diff -urN linux/net/ipv4/igmp.c linux/net/ipv4/igmp.c\r | |
8163 | --- linux/net/ipv4/igmp.c Sat Jul 28 15:12:38 2001\r | |
8164 | +++ linux/net/ipv4/igmp.c Mon Nov 26 10:38:11 2001\r | |
8165 | @@ -98,6 +98,9 @@\r | |
8166 | #include <linux/mroute.h>\r | |
8167 | #endif\r | |
8168 | \r | |
8169 | +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
8170 | +#include <linux/grsecurity.h>\r | |
8171 | +#endif\r | |
8172 | \r | |
8173 | #define IP_MAX_MEMBERSHIPS 20\r | |
8174 | \r | |
8175 | @@ -200,6 +203,10 @@\r | |
8176 | struct rtable *rt;\r | |
8177 | u32 dst;\r | |
8178 | \r | |
8179 | +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r | |
8180 | + if(grsec_enable_stealth_igmp)\r | |
8181 | + return(-1);\r | |
8182 | +#endif\r | |
8183 | /* According to IGMPv2 specs, LEAVE messages are\r | |
8184 | * sent to all-routers group.\r | |
8185 | */\r | |
8186 | diff -urN linux/net/ipv4/ip_gre.c linux/net/ipv4/ip_gre.c\r | |
8187 | --- linux/net/ipv4/ip_gre.c Tue Oct 30 18:08:12 2001\r | |
8188 | +++ linux/net/ipv4/ip_gre.c Mon Nov 26 10:38:11 2001\r | |
8189 | @@ -28,6 +28,10 @@\r | |
8190 | #include <linux/inetdevice.h>\r | |
8191 | #include <linux/igmp.h>\r | |
8192 | #include <linux/netfilter_ipv4.h>\r | |
8193 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8194 | +#include <linux/random.h>\r | |
8195 | +#include <linux/grsecurity.h>\r | |
8196 | +#endif\r | |
8197 | \r | |
8198 | #include <net/sock.h>\r | |
8199 | #include <net/ip.h>\r | |
8200 | @@ -842,6 +846,9 @@\r | |
8201 | iph->saddr = rt->rt_src;\r | |
8202 | \r | |
8203 | if ((iph->ttl = tiph->ttl) == 0) {\r | |
8204 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8205 | + unsigned long randttl;\r | |
8206 | +#endif\r | |
8207 | if (skb->protocol == __constant_htons(ETH_P_IP))\r | |
8208 | iph->ttl = old_iph->ttl;\r | |
8209 | #ifdef CONFIG_IPV6\r | |
8210 | @@ -849,6 +856,13 @@\r | |
8211 | iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit;\r | |
8212 | #endif\r | |
8213 | else\r | |
8214 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8215 | + if(grsec_enable_randttl){\r | |
8216 | + get_random_bytes(&randttl,sizeof(randttl));\r | |
8217 | + iph->ttl = grsec_randttl_thresh +\r | |
8218 | + (randttl % (256 - grsec_randttl_thresh)); \r | |
8219 | + } else\r | |
8220 | +#endif\r | |
8221 | iph->ttl = sysctl_ip_default_ttl;\r | |
8222 | }\r | |
8223 | \r | |
8224 | diff -urN linux/net/ipv4/ip_id.c linux/net/ipv4/ip_id.c\r | |
8225 | --- linux/net/ipv4/ip_id.c Wed Dec 31 19:00:00 1969\r | |
8226 | +++ linux/net/ipv4/ip_id.c Mon Nov 26 10:38:11 2001\r | |
8227 | @@ -0,0 +1,146 @@\r | |
8228 | +/*\r | |
8229 | + * This code is based on OpenBSD's ip_id.c, by Niels Provos.\r | |
8230 | + * Ported to Linux 2.2 by Salvatore Sanfilippo.\r | |
8231 | + * Ported to Linux 2.4 by Brad Spengler.\r | |
8232 | + *\r | |
8233 | + * 26-10-1999: Ported from OpenBSD's ip_id.c version 1.2\r | |
8234 | + * (previous versions seems to be predictable\r | |
8235 | + * after David Wagner's auditing)\r | |
8236 | + * Salvatore Sanfilippo <antirez@invece.org>\r | |
8237 | + *\r | |
8238 | + * TODO:\r | |
8239 | + * - Make this code SMP safe\r | |
8240 | + */\r | |
8241 | +\r | |
8242 | +/*\r | |
8243 | + * Copyright 1998 Niels Provos <provos@citi.umich.edu>\r | |
8244 | + * All rights reserved.\r | |
8245 | + * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using\r | |
8246 | + * such a mathematical system to generate more random (yet non-repeating)\r | |
8247 | + * ids to solve the resolver/named problem. But Niels designed the\r | |
8248 | + * actual system based on the constraints.\r | |
8249 | + *\r | |
8250 | + * Redistribution and use in source and binary forms, with or without\r | |
8251 | + * modification, are permitted provided that the following conditions\r | |
8252 | + * are met:\r | |
8253 | + * 1. Redistributions of source code must retain the above copyright\r | |
8254 | + * notice, this list of conditions and the following disclaimer,\r | |
8255 | + * 2. Redistributions in binary form must reproduce the above copyright\r | |
8256 | + * notice, this list of conditions and the following disclaimer in the\r | |
8257 | + * documentation and/or other materials provided with the distribution.\r | |
8258 | + * 3. All advertising materials mentioning features or use of this software\r | |
8259 | + * must display the following acknowledgement:\r | |
8260 | + * This product includes software developed by Niels Provos.\r | |
8261 | + * 4. The name of the author may not be used to endorse or promote products\r | |
8262 | + * derived from this software without specific prior written permission.\r | |
8263 | + *\r | |
8264 | + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\r | |
8265 | + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\r | |
8266 | + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\r | |
8267 | + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\r | |
8268 | + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\r | |
8269 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\r | |
8270 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\r | |
8271 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\r | |
8272 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\r | |
8273 | + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r | |
8274 | + */\r | |
8275 | +#include <linux/types.h>\r | |
8276 | +#include <linux/sched.h>\r | |
8277 | +#include <linux/random.h>\r | |
8278 | +#include <linux/grsecurity.h>\r | |
8279 | +\r | |
8280 | +#define RU_OUT 180\r | |
8281 | +#define RU_MAX 30000\r | |
8282 | +#define RU_GEN 2\r | |
8283 | +#define RU_N 32749\r | |
8284 | +#define RU_AGEN 7\r | |
8285 | +#define RU_M 31104\r | |
8286 | +#define PFAC_N 3\r | |
8287 | +const static __u16 pfacts[PFAC_N] = { 2,3,2729 };\r | |
8288 | +\r | |
8289 | +static __u16 ru_x;\r | |
8290 | +static __u16 ru_seed, ru_seed2;\r | |
8291 | +static __u16 ru_a, ru_b;\r | |
8292 | +static __u16 ru_g;\r | |
8293 | +static __u16 ru_counter = 0;\r | |
8294 | +static __u16 ru_msb = 0;\r | |
8295 | +static __u32 ru_reseed;\r | |
8296 | +static __u32 tmp;\r | |
8297 | +\r | |
8298 | +static __u16 pmod(u_int16_t, u_int16_t, u_int16_t);\r | |
8299 | +static void ip_initid (void);\r | |
8300 | +__u16 ip_randomip (void);\r | |
8301 | +\r | |
8302 | +static __u16 pmod(__u16 gen, __u16 exp, __u16 mod) {\r | |
8303 | + __u16 s, t, u;\r | |
8304 | +\r | |
8305 | + s = 1;\r | |
8306 | + t = gen;\r | |
8307 | + u = exp;\r | |
8308 | +\r | |
8309 | + while(u) {\r | |
8310 | + if (u & 1)\r | |
8311 | + s = (s*t) % mod;\r | |
8312 | + u >>=1;\r | |
8313 | + t = (t*t) % mod;\r | |
8314 | + }\r | |
8315 | + return(s);\r | |
8316 | +}\r | |
8317 | +\r | |
8318 | +static void ip_initid (void) { \r | |
8319 | + __u16 j, i;\r | |
8320 | + int noprime = 1;\r | |
8321 | +\r | |
8322 | + get_random_bytes((void *) &tmp, sizeof(tmp));\r | |
8323 | + ru_x = (tmp & 0xFFFF) % RU_M;\r | |
8324 | + ru_seed = (tmp >> 16) & 0x7FFF;\r | |
8325 | + get_random_bytes((void *) &tmp, sizeof(tmp));\r | |
8326 | + ru_seed2 = tmp & 0x7FFF;\r | |
8327 | + \r | |
8328 | + get_random_bytes((void *) &tmp, sizeof(tmp));\r | |
8329 | + \r | |
8330 | + ru_b = (tmp & 0xfffe) | 1;\r | |
8331 | + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);\r | |
8332 | + while (ru_b % 3 == 0)\r | |
8333 | + ru_b += 2;\r | |
8334 | +\r | |
8335 | + get_random_bytes((void *) &tmp, sizeof(tmp));\r | |
8336 | + j = tmp % RU_N;\r | |
8337 | + tmp = tmp >> 16;\r | |
8338 | + \r | |
8339 | + while(noprime) {\r | |
8340 | + for (i=0; i<PFAC_N; i++)\r | |
8341 | + if(j%pfacts[i] == 0)\r | |
8342 | + break;\r | |
8343 | + \r | |
8344 | + if (i>=PFAC_N)\r | |
8345 | + noprime = 0;\r | |
8346 | + else\r | |
8347 | + j = (j+1) % RU_N;\r | |
8348 | + }\r | |
8349 | +\r | |
8350 | + ru_g = pmod(RU_GEN,j,RU_N);\r | |
8351 | + ru_counter = 0;\r | |
8352 | + ru_reseed = jiffies + (RU_OUT * HZ);\r | |
8353 | + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;\r | |
8354 | +}\r | |
8355 | +\r | |
8356 | +__u16 ip_randomid (void) {\r | |
8357 | + int i, n;\r | |
8358 | + \r | |
8359 | + if (ru_counter >= RU_MAX || jiffies > ru_reseed)\r | |
8360 | + ip_initid();\r | |
8361 | +\r | |
8362 | + if (!tmp)\r | |
8363 | + get_random_bytes((void *) &tmp, sizeof(tmp));\r | |
8364 | +\r | |
8365 | + n = tmp & 0x3; tmp = tmp >> 2;\r | |
8366 | + if (ru_counter + n >= RU_MAX)\r | |
8367 | + ip_initid();\r | |
8368 | + for (i=0; i <= n; i++)\r | |
8369 | + ru_x = (ru_a*ru_x + ru_b) % RU_M;\r | |
8370 | + ru_counter += i;\r | |
8371 | + \r | |
8372 | + return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x, RU_N)) | ru_msb;\r | |
8373 | +}\r | |
8374 | diff -urN linux/net/ipv4/ip_output.c linux/net/ipv4/ip_output.c\r | |
8375 | --- linux/net/ipv4/ip_output.c Wed Oct 17 17:16:39 2001\r | |
8376 | +++ linux/net/ipv4/ip_output.c Mon Nov 26 10:38:12 2001\r | |
8377 | @@ -77,6 +77,10 @@\r | |
8378 | #include <linux/netfilter_ipv4.h>\r | |
8379 | #include <linux/mroute.h>\r | |
8380 | #include <linux/netlink.h>\r | |
8381 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8382 | +#include <linux/random.h>\r | |
8383 | +#include <linux/grsecurity.h>\r | |
8384 | +#endif\r | |
8385 | \r | |
8386 | /*\r | |
8387 | * Shall we try to damage output packets if routing dev changes?\r | |
8388 | @@ -510,6 +514,12 @@\r | |
8389 | * Begin outputting the bytes.\r | |
8390 | */\r | |
8391 | \r | |
8392 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8393 | + if(grsec_enable_randid){ \r | |
8394 | + get_random_bytes(&id,(sizeof(id) / 2));\r | |
8395 | + sk->protinfo.af_inet.id = id;\r | |
8396 | + } else\r | |
8397 | +#endif\r | |
8398 | id = sk->protinfo.af_inet.id++;\r | |
8399 | \r | |
8400 | do {\r | |
8401 | diff -urN linux/net/ipv4/ip_sockglue.c linux/net/ipv4/ip_sockglue.c\r | |
8402 | --- linux/net/ipv4/ip_sockglue.c Tue Oct 30 18:08:12 2001\r | |
8403 | +++ linux/net/ipv4/ip_sockglue.c Mon Nov 26 10:38:12 2001\r | |
8404 | @@ -42,6 +42,10 @@\r | |
8405 | \r | |
8406 | #include <linux/errqueue.h>\r | |
8407 | #include <asm/uaccess.h>\r | |
8408 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8409 | +#include <linux/random.h>\r | |
8410 | +#include <linux/grsecurity.h>\r | |
8411 | +#endif\r | |
8412 | \r | |
8413 | #define IP_CMSG_PKTINFO 1\r | |
8414 | #define IP_CMSG_TTL 2\r | |
8415 | @@ -382,6 +386,9 @@\r | |
8416 | {\r | |
8417 | int val=0,err;\r | |
8418 | \r | |
8419 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8420 | + unsigned long randttl;\r | |
8421 | +#endif\r | |
8422 | if (level != SOL_IP)\r | |
8423 | return -ENOPROTOOPT;\r | |
8424 | \r | |
8425 | @@ -492,8 +499,16 @@\r | |
8426 | case IP_TTL:\r | |
8427 | if (optlen<1)\r | |
8428 | goto e_inval;\r | |
8429 | - if(val==-1)\r | |
8430 | + if(val==-1) {\r | |
8431 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8432 | + if(grsec_enable_randttl){\r | |
8433 | + get_random_bytes(&randttl,sizeof(randttl));\r | |
8434 | + val = grsec_randttl_thresh +\r | |
8435 | + (randttl % (256 - grsec_randttl_thresh));\r | |
8436 | + } else\r | |
8437 | +#endif\r | |
8438 | val = sysctl_ip_default_ttl;\r | |
8439 | + }\r | |
8440 | if(val<1||val>255)\r | |
8441 | goto e_inval;\r | |
8442 | sk->protinfo.af_inet.ttl=val;\r | |
8443 | diff -urN linux/net/ipv4/tcp_ipv4.c linux/net/ipv4/tcp_ipv4.c\r | |
8444 | --- linux/net/ipv4/tcp_ipv4.c Mon Nov 5 12:46:12 2001\r | |
8445 | +++ linux/net/ipv4/tcp_ipv4.c Mon Nov 26 10:38:12 2001\r | |
8446 | @@ -63,6 +63,15 @@\r | |
8447 | #include <linux/stddef.h>\r | |
8448 | #include <linux/ipsec.h>\r | |
8449 | \r | |
8450 | +#if defined(CONFIG_GRKERNSEC_RANDID)||defined(CONFIG_GRKERNSEC_RANDSRC)||\\r | |
8451 | + defined(CONFIG_GRKERNSEC_STEALTH_RST)||\\r | |
8452 | + defined(CONFIG_GRKERNSEC_STEALTH_FLAGS) ||\\r | |
8453 | + defined(CONFIG_GRKERNSEC_STEALTH_RST_LOG)||\\r | |
8454 | + defined(CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG)\r | |
8455 | +#include <linux/grsecurity.h>\r | |
8456 | +#endif\r | |
8457 | +\r | |
8458 | +\r | |
8459 | extern int sysctl_ip_dynaddr;\r | |
8460 | \r | |
8461 | /* Check TCP sequence numbers in ICMP packets. */\r | |
8462 | @@ -208,12 +217,37 @@\r | |
8463 | int high = sysctl_local_port_range[1];\r | |
8464 | int remaining = (high - low) + 1;\r | |
8465 | int rover;\r | |
8466 | +#ifdef CONFIG_GRKERNSEC_RANDSRC\r | |
8467 | + unsigned long longrover;\r | |
8468 | + int count = 0;\r | |
8469 | +#endif\r | |
8470 | \r | |
8471 | spin_lock(&tcp_portalloc_lock);\r | |
8472 | rover = tcp_port_rover;\r | |
8473 | +#ifdef CONFIG_GRKERNSEC_RANDSRC\r | |
8474 | + do {\r | |
8475 | + if(grsec_enable_randsrc) {\r | |
8476 | + if(count < 64) {\r | |
8477 | + get_random_bytes(&longrover,sizeof(longrover));\r | |
8478 | + rover=low+(longrover % (high - low));\r | |
8479 | + } else if(count == 64)\r | |
8480 | + rover = tcp_port_rover;\r | |
8481 | + else if(count > 64) {\r | |
8482 | + rover++;\r | |
8483 | + if ((rover < low) || (rover > high))\r | |
8484 | + rover = low;\r | |
8485 | + }\r | |
8486 | + count++;\r | |
8487 | + } else {\r | |
8488 | + rover++;\r | |
8489 | + if ((rover < low) || (rover > high))\r | |
8490 | + rover = low;\r | |
8491 | + }\r | |
8492 | +#else\r | |
8493 | do { rover++;\r | |
8494 | if ((rover < low) || (rover > high))\r | |
8495 | rover = low;\r | |
8496 | +#endif\r | |
8497 | head = &tcp_bhash[tcp_bhashfn(rover)];\r | |
8498 | spin_lock(&head->lock);\r | |
8499 | for (tb = head->chain; tb; tb = tb->next)\r | |
8500 | @@ -725,6 +759,11 @@\r | |
8501 | tp->ext_header_len = 0;\r | |
8502 | if (sk->protinfo.af_inet.opt)\r | |
8503 | tp->ext_header_len = sk->protinfo.af_inet.opt->optlen;\r | |
8504 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8505 | + if(grsec_enable_randid)\r | |
8506 | + sk->protinfo.af_inet.id = htons(ip_randomid());\r | |
8507 | + else\r | |
8508 | +#endif\r | |
8509 | sk->protinfo.af_inet.id = tp->write_seq^jiffies;\r | |
8510 | \r | |
8511 | tp->mss_clamp = 536;\r | |
8512 | @@ -1450,6 +1489,11 @@\r | |
8513 | newtp->ext_header_len = 0;\r | |
8514 | if (newsk->protinfo.af_inet.opt)\r | |
8515 | newtp->ext_header_len = newsk->protinfo.af_inet.opt->optlen;\r | |
8516 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8517 | + if(grsec_enable_randid)\r | |
8518 | + newsk->protinfo.af_inet.id = htons(ip_randomid());\r | |
8519 | + else\r | |
8520 | +#endif\r | |
8521 | newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;\r | |
8522 | \r | |
8523 | tcp_sync_mss(newsk, dst->pmtu);\r | |
8524 | @@ -1563,8 +1607,20 @@\r | |
8525 | goto discard;\r | |
8526 | \r | |
8527 | if (nsk != sk) {\r | |
8528 | - if (tcp_child_process(sk, nsk, skb))\r | |
8529 | + if (tcp_child_process(sk, nsk, skb)) {\r | |
8530 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
8531 | + if(grsec_enable_stealth_rst_log && net_ratelimit())\r | |
8532 | + printk(KERN_INFO "grsec: unserved TCP on %.8s "\r | |
8533 | + "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu\n",\r | |
8534 | + (skb->dev->name ? skb->dev->name : "unknown"), \r | |
8535 | + NIPQUAD(skb->nh.iph->saddr), ntohs(skb->h.th->source), \r | |
8536 | + NIPQUAD(skb->nh.iph->daddr), ntohs(skb->h.th->dest));\r | |
8537 | +#endif\r | |
8538 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r | |
8539 | + if(grsec_enable_stealth_rst) goto discard;\r | |
8540 | +#endif\r | |
8541 | goto reset;\r | |
8542 | + }\r | |
8543 | return 0;\r | |
8544 | }\r | |
8545 | }\r | |
8546 | @@ -1614,6 +1670,32 @@\r | |
8547 | \r | |
8548 | if (th->doff < sizeof(struct tcphdr)/4)\r | |
8549 | goto bad_packet;\r | |
8550 | +\r | |
8551 | +#if defined(CONFIG_GRKERNSEC_STEALTH_FLAGS) || defined(CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG)\r | |
8552 | + if((th->fin && th->syn) || \r | |
8553 | + (!(th->ack || th->syn || th->rst) || th->res1) ||\r | |
8554 | + (th->fin && th->psh && th->urg)) {\r | |
8555 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r | |
8556 | + if(grsec_enable_stealth_flags_log && net_ratelimit())\r | |
8557 | + printk(KERN_INFO "grsec: illegitimate flags on %.8s "\r | |
8558 | + "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu"\r | |
8559 | + "%.4s%.4s%.4s%.4s%.4s%.4s\n",\r | |
8560 | + (skb->dev->name ? skb->dev->name : "unknown"),\r | |
8561 | + NIPQUAD(skb->nh.iph->saddr), ntohs(th->source),\r | |
8562 | + NIPQUAD(skb->nh.iph->daddr), ntohs(th->dest),\r | |
8563 | + th->syn ? " SYN" : "",\r | |
8564 | + th->fin ? " FIN" : "",\r | |
8565 | + th->rst ? " RST" : "",\r | |
8566 | + th->psh ? " PSH" : "",\r | |
8567 | + th->ack ? " ACK" : "",\r | |
8568 | + th->urg ? " URG" : "");\r | |
8569 | +#endif\r | |
8570 | +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r | |
8571 | + if(grsec_enable_stealth_flags)\r | |
8572 | + goto discard_it;\r | |
8573 | +#endif\r | |
8574 | + }\r | |
8575 | +#endif\r | |
8576 | if (!pskb_may_pull(skb, th->doff*4))\r | |
8577 | goto discard_it;\r | |
8578 | \r | |
8579 | @@ -1667,6 +1749,17 @@\r | |
8580 | bad_packet:\r | |
8581 | TCP_INC_STATS_BH(TcpInErrs);\r | |
8582 | } else {\r | |
8583 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r | |
8584 | + if(grsec_enable_stealth_rst_log && net_ratelimit())\r | |
8585 | + printk(KERN_INFO "grsec: unserved TCP on %.8s "\r | |
8586 | + "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu\n",\r | |
8587 | + (skb->dev->name ? skb->dev->name : "unknown"), \r | |
8588 | + NIPQUAD(skb->nh.iph->saddr), ntohs(skb->h.th->source), \r | |
8589 | + NIPQUAD(skb->nh.iph->daddr), ntohs(skb->h.th->dest));\r | |
8590 | +#endif\r | |
8591 | +#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r | |
8592 | + if(grsec_enable_stealth_rst) goto discard_it;\r | |
8593 | +#endif\r | |
8594 | tcp_v4_send_reset(skb);\r | |
8595 | }\r | |
8596 | \r | |
8597 | diff -urN linux/net/ipv4/udp.c linux/net/ipv4/udp.c\r | |
8598 | --- linux/net/ipv4/udp.c Wed Oct 17 17:16:39 2001\r | |
8599 | +++ linux/net/ipv4/udp.c Mon Nov 26 10:38:12 2001\r | |
8600 | @@ -94,6 +94,11 @@\r | |
8601 | #include <net/inet_common.h>\r | |
8602 | #include <net/checksum.h>\r | |
8603 | \r | |
8604 | +#if defined(CONFIG_GRKERNSEC_RANDID) ||\\r | |
8605 | + defined(CONFIG_GRKERNSEC_STEALTH_UDP) ||\\r | |
8606 | + defined(CONFIG_GRKERNSEC_STEALTH_UDP_LOG)\r | |
8607 | +#include <linux/grsecurity.h>\r | |
8608 | +#endif\r | |
8609 | /*\r | |
8610 | * Snmp MIB for the UDP layer\r | |
8611 | */\r | |
8612 | @@ -738,6 +743,12 @@\r | |
8613 | sk->daddr = rt->rt_dst;\r | |
8614 | sk->dport = usin->sin_port;\r | |
8615 | sk->state = TCP_ESTABLISHED;\r | |
8616 | +\r | |
8617 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8618 | + if(grsec_enable_randid)\r | |
8619 | + sk->protinfo.af_inet.id = htons(ip_randomid());\r | |
8620 | + else\r | |
8621 | +#endif\r | |
8622 | sk->protinfo.af_inet.id = jiffies;\r | |
8623 | \r | |
8624 | sk_dst_set(sk, &rt->u.dst);\r | |
8625 | @@ -915,6 +926,16 @@\r | |
8626 | goto csum_error;\r | |
8627 | \r | |
8628 | UDP_INC_STATS_BH(UdpNoPorts);\r | |
8629 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r | |
8630 | + if(grsec_enable_stealth_udp_log && net_ratelimit() &&\r | |
8631 | + strncmp(skb->dev->name,"lo",2))\r | |
8632 | + printk(KERN_INFO "grsec: unserved UDP on %.8s src=%u.%u.%u.%u:%hu "\r | |
8633 | + "dst=%u.%u.%u.%u:%hu\n", skb->dev->name, NIPQUAD(saddr),\r | |
8634 | + ntohs(uh->source), NIPQUAD(daddr), ntohs(uh->dest));\r | |
8635 | +#endif\r | |
8636 | +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r | |
8637 | + if(!grsec_enable_stealth_udp || !strncmp(skb->dev->name, "lo", 2))\r | |
8638 | +#endif \r | |
8639 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);\r | |
8640 | \r | |
8641 | /*\r | |
8642 | diff -urN linux/net/netsyms.c linux/net/netsyms.c\r | |
8643 | --- linux/net/netsyms.c Mon Nov 5 12:46:12 2001\r | |
8644 | +++ linux/net/netsyms.c Mon Nov 26 10:38:12 2001\r | |
8645 | @@ -583,4 +583,16 @@\r | |
8646 | EXPORT_SYMBOL(net_call_rx_atomic);\r | |
8647 | EXPORT_SYMBOL(softnet_data);\r | |
8648 | \r | |
8649 | +#if defined(CONFIG_GRKERNSEC_RANDID) || defined(CONFIG_GRKERNSEC_RANDTTL)\r | |
8650 | +#include <linux/grsecurity.h>\r | |
8651 | +#endif\r | |
8652 | +#ifdef CONFIG_GRKERNSEC_RANDID\r | |
8653 | +EXPORT_SYMBOL(grsec_enable_randid);\r | |
8654 | +EXPORT_SYMBOL(ip_randomid);\r | |
8655 | +#endif\r | |
8656 | +#ifdef CONFIG_GRKERNSEC_RANDTTL\r | |
8657 | +EXPORT_SYMBOL(grsec_enable_randttl);\r | |
8658 | +EXPORT_SYMBOL(grsec_randttl_thresh);\r | |
8659 | +#endif\r | |
8660 | +\r | |
8661 | #endif /* CONFIG_NET */\r | |
8662 | diff -urN linux/net/socket.c linux/net/socket.c\r | |
8663 | --- linux/net/socket.c Wed Oct 17 17:38:28 2001\r | |
8664 | +++ linux/net/socket.c Mon Nov 26 10:38:12 2001\r | |
8665 | @@ -87,6 +87,13 @@\r | |
8666 | #include <net/scm.h>\r | |
8667 | #include <linux/netfilter.h>\r | |
8668 | \r | |
8669 | +#if defined(CONFIG_GRKERNSEC_SOCKET_ALL)||\\r | |
8670 | + defined(CONFIG_GRKERNSEC_SOCKET_CLIENT)||\\r | |
8671 | + defined(CONFIG_GRKERNSEC_SOCKET_SERVER)\r | |
8672 | +#include <linux/grsecurity.h>\r | |
8673 | +#endif\r | |
8674 | +\r | |
8675 | +\r | |
8676 | static int sock_no_open(struct inode *irrelevant, struct file *dontcare);\r | |
8677 | static loff_t sock_lseek(struct file *file, loff_t offset, int whence);\r | |
8678 | static ssize_t sock_read(struct file *file, char *buf,\r | |
8679 | @@ -914,6 +921,16 @@\r | |
8680 | int retval;\r | |
8681 | struct socket *sock;\r | |
8682 | \r | |
8683 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r | |
8684 | + if(grsec_enable_socket_all &&\r | |
8685 | + (in_group_p(grsec_socket_all_gid)) && (family != AF_UNIX) && (family != AF_LOCAL)){\r | |
8686 | + security_alert("attempted socket(%d,%d,%d) by "\r | |
8687 | + DEFAULTSECMSG,"attempted sockets",family,type,protocol,\r | |
8688 | + DEFAULTSECARGS);\r | |
8689 | + retval = -EACCES;\r | |
8690 | + goto out_release;\r | |
8691 | + }\r | |
8692 | +#endif\r | |
8693 | retval = sock_create(family, type, protocol, &sock);\r | |
8694 | if (retval < 0)\r | |
8695 | goto out;\r | |
8696 | @@ -1011,6 +1028,14 @@\r | |
8697 | char address[MAX_SOCK_ADDR];\r | |
8698 | int err;\r | |
8699 | \r | |
8700 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r | |
8701 | + if(grsec_enable_socket_server &&\r | |
8702 | + (in_group_p(grsec_socket_server_gid)) && (umyaddr->sa_family != AF_UNIX) && (umyaddr->sa_family != AF_LOCAL)){\r | |
8703 | + security_alert("attempted bind() by " DEFAULTSECMSG,\r | |
8704 | + "attempted binds", DEFAULTSECARGS);\r | |
8705 | + return -EACCES;\r | |
8706 | + }\r | |
8707 | +#endif\r | |
8708 | if((sock = sockfd_lookup(fd,&err))!=NULL)\r | |
8709 | {\r | |
8710 | if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)\r | |
8711 | @@ -1119,6 +1144,16 @@\r | |
8712 | char address[MAX_SOCK_ADDR];\r | |
8713 | int err;\r | |
8714 | \r | |
8715 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r | |
8716 | + if(grsec_enable_socket_client &&\r | |
8717 | + (in_group_p(grsec_socket_client_gid)) && (uservaddr->sa_family != AF_UNIX) && (uservaddr->sa_family != AF_LOCAL)){\r | |
8718 | + security_alert("attempted connect() to fd %d by "\r | |
8719 | + DEFAULTSECMSG, "attempted connects", fd, \r | |
8720 | + DEFAULTSECARGS);\r | |
8721 | + err = -EACCES;\r | |
8722 | + goto out;\r | |
8723 | + }\r | |
8724 | +#endif\r | |
8725 | sock = sockfd_lookup(fd, &err);\r | |
8726 | if (!sock)\r | |
8727 | goto out;\r |