]> git.pld-linux.org Git - packages/kernel.git/blame - grsecurity-1.9-2.4.16.patch
projects / packages / kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- this patch fix twice EXPORT_SYMBOL(br_ioctl_hook); in kernel-source net/netsyms.c
[packages/kernel.git] / grsecurity-1.9-2.4.16.patch
CommitLineData
cab4bb15 1diff -urN linux/Documentation/Configure.help linux/Documentation/Configure.help\r
2--- linux/Documentation/Configure.help Thu Nov 22 13:52:44 2001\r
3+++ linux/Documentation/Configure.help Mon Nov 26 10:37:55 2001\r
4@@ -19692,6 +19692,637 @@\r
5 \r
6 "Area6" will work for most boards. For ADX, select "Area5".\r
7 \r
8+Grsecurity\r
9+CONFIG_GRKERNSEC\r
10+ If you say Y here, you will be able to configure many features that\r
11+ will enhance the security of your system. It is highly recommended\r
12+ that you say Y here and read through the help for each option so\r
13+ you fully understand what its doing and can evaluate its usefulness\r
14+ for your machine.\r
15+\r
16+OpenWall Non-executable Stack\r
17+CONFIG_GRKERNSEC_STACK\r
18+ If you say Y here, your system will not allow execution of\r
19+ code on the stack, making buffer overflow exploitation more difficult.\r
20+ The code for this protection is taken from the Openwall patch for\r
21+ linux 2.2 by Solar Designer. You can view his projects at \r
22+ http://www.openwall.com/linux.\r
23+ Exploits against your machine with this protection will have to dabble \r
24+ in more obscure methods of exploitation(bss,got,heap..)\r
25+\r
26+Gcc trampoline support\r
27+CONFIG_GRKERNSEC_STACK_GCC\r
28+ If you say Y here, the system will support trampoline code along\r
29+ with the stack protection. If you do not have any programs on\r
30+ your system that require this (glibc 2.0 users must say YES to\r
31+ this option) you may say no here.\r
32+\r
33+PaX protection\r
34+CONFIG_GRKERNSEC_PAX \r
35+ By design the IA-32 architecture does not allow for protecting\r
36+ memory pages against execution, i.e. if a page is readable (such\r
37+ as the stack or heap) it is also executable. There is a well\r
38+ known exploit technique that makes use of this fact and a common\r
39+ programming mistake where an attacker can introduce executable\r
40+ code of his choice somewhere in the attacked program's memory\r
41+ (typically the stack or the heap) and then execute it. If the\r
42+ attacked program was running with different (typically higher)\r
43+ privileges than that of the attacker, then he can elevate his\r
44+ own privilege level (e.g. get a root shell, write to files for\r
45+ which he does not have write access to, etc).\r
46+\r
47+ Since the implementation is software based, it comes with a\r
48+ performance impact, you should evaluate your system carefully\r
49+ before deciding to use this feature on production systems.\r
50+\r
51+ Enabling this feature will enforce the non-executable flag on\r
52+ memory pages thereby making it harder to execute 'foreign' code\r
53+ in a program. This will also break programs that rely on the\r
54+ old behaviour and expect that dynamically allocated memory via\r
55+ the malloc() family of functions is executable (which it is not).\r
56+ Notable examples are the XFree86 4.x server, the java runtime\r
57+ and wine.\r
58+\r
59+ NOTE: you can use the 'chpax' utility to enable/disable this\r
60+ feature on a per file basis. chpax is available at\r
61+ http://pageexec.virtualave.net\r
62+\r
63+Emulate trampolines\r
64+CONFIG_GRKERNSEC_PAX_EMUTRAMP\r
65+ There are some programs and libraries that for one reason or\r
66+ another attempt to execute special small code snippets from\r
67+ non-executable memory pages. Most notable examples are the\r
68+ signal handler return code generated by the kernel itself and\r
69+ the GCC trampolines.\r
70+\r
71+ If you enabled CONFIG_GRKERNSEC_PAX then such programs will no\r
72+ longer work under your kernel. As a remedy you can say Y here\r
73+ and use the 'chpax' utility to enable trampoline emulation for\r
74+ the affected programs yet still have the protection provided by\r
75+ CONFIG_GRKERNSEC_PAX. Alternatively you can say N here and use\r
76+ the 'chpax' utility to disable CONFIG_GRKERNSEC_PAX for the\r
77+ affected files. chpax is available at \r
78+ http://pageexec.virtualave.net\r
79+\r
80+ NOTE: enabling this feature *may* open up a loophole in the\r
81+ protection provided by CONFIG_GRKERNSEC_PAX that an attacker\r
82+ could abuse. Therefore the best solution is to not have any\r
83+ files on your system that would require this option. This can\r
84+ be achieved by not using libc5 (which relies on the kernel\r
85+ signal handler return code) and not using or rewriting programs\r
86+ that make use of the nested function implementation of GCC.\r
87+ Skilled users can just fix GCC itself so that it implements\r
88+ nested function calls in a way that does not interfere with PaX.\r
89+\r
90+Restrict mprotect()\r
91+CONFIG_GRKERNSEC_PAX_MPROTECT\r
92+ Enabling this option will prevent programs from changing the\r
93+ executable status of memory pages that were not originally\r
94+ created as executable. The kernel will also prevent programs\r
95+ from making read-only executable pages writable again.\r
96+\r
97+ You should say Y here to complete the protection provided by\r
98+ the enforcement of the PAGE_EXEC flag (CONFIG_GRKERNSEC_PAX).\r
99+\r
100+ NOTE: you can use the 'chpax' utility to enable/disable this\r
101+ feature on a per file basis. chpax is available at\r
102+ http://pageexec.virtualave.net\r
103+\r
104+Randomize mmap() base\r
105+CONFIG_GRKERNSEC_PAX_RANDMMAP\r
106+ By saying Y here the kernel will somewhat randomize the address\r
107+ space of programs at each execution (the top of the stack, the\r
108+ base address for mmap() requests that do not specify one themselves\r
109+ and the base address of dynamic ELF executables).\r
110+\r
111+ As a result all dynamically loaded libraries will appear at random\r
112+ addresses and therefore be harder to exploit by a technique where\r
113+ an attacker attempts to execute library code for his purposes\r
114+ (e.g. spawn a shell from an exploited program that is running at\r
115+ an elevated privilege level).\r
116+\r
117+ Furthermore, if a program is relinked as a dynamic ELF file, its\r
118+ base address will be randomized as well, completing the full\r
119+ randomization of the address space. Attacking such programs becomes\r
120+ a guess game.\r
121+\r
122+ It is strongly recommended to say Y here even if CONFIG_GRKERNSEC_PAX\r
123+ is not enabled as address space randomization has negligible impact\r
124+ on performance yet it provides a very effective protection.\r
125+\r
126+ NOTE: you can use the 'chpax' utility to enable/disable this\r
127+ feature on a per file basis. chpax is available at\r
128+ http://pageexec.virtualave.net\r
129+\r
130+Proc Restrictions\r
131+CONFIG_GRKERNSEC_PROC\r
132+ If you say Y here, the permissions of the /proc filesystem\r
133+ will be altered to enhance system security and privacy. Depending\r
134+ upon the options you choose, you can either restrict users to see\r
135+ only the processes they themselves run, or choose a group that can\r
136+ view all processes and files normally restricted to root if you choose\r
137+ the "restrict to user only" option. NOTE: If you're running identd as \r
138+ a non-root user, you will have to run it as the group you specify here.\r
139+\r
140+Restrict /proc to user only\r
141+CONFIG_GRKERNSEC_PROC_USER\r
142+ If you say Y here, non-root users will only be able to view their own \r
143+ processes, and restricts them from viewing network-related information, \r
144+ running dmesg(8), and viewing kernel symbol and module information.\r
145+\r
146+Restrict /proc to user and group\r
147+CONFIG_GRKERNSEC_PROC_USERGROUP\r
148+ If you say Y here, you will be able to select a group that will be\r
149+ able to view all processes, network-related information, and\r
150+ kernel and symbol information. This option is useful if you want\r
151+ to run identd as a non-root user.\r
152+\r
153+Linking restrictions\r
154+CONFIG_GRKERNSEC_LINK\r
155+ If you say Y here, /tmp race exploits will be prevented, since users\r
156+ will no longer be able to follow symlinks owned by other users in \r
157+ world-writeable +t directories (i.e. /tmp), unless the owner of the \r
158+ symlink is the owner of the directory. users will also not be\r
159+ able to hardlink to files they do not own. If the sysctl option is\r
160+ enabled, a sysctl option with name "linking_restrictions" is created.\r
161+\r
162+FIFO restrictions\r
163+CONFIG_GRKERNSEC_FIFO\r
164+ If you say Y here, users will not be able to write to FIFOs they don't\r
165+ own in world-writeable +t directories (i.e. /tmp), unless the owner of\r
166+ the FIFO is the same owner of the directory it's held in. If the sysctl\r
167+ option is enabled, a sysctl option with name "secure_fds" is created.\r
168+\r
169+Secure file descriptors\r
170+CONFIG_GRKERNSEC_FD\r
171+ If you say Y here, set*id binaries will be protected from data spoofing\r
172+ attacks (eg. making a program read /etc/shadow). The patches do this\r
173+ by opening up /dev/null to any of the stdin, stdout, stderr file descriptors\r
174+ for set*id binaries that are open and run by a user that is not the owner\r
175+ of the file. If the sysctl option is enabled, a sysctl option with name\r
176+ "secure_fds" is created.\r
177+\r
178+Exec process limiting\r
179+CONFIG_GRKERNSEC_EXECVE\r
180+ If you say Y here, users with a resource limit on processes will\r
181+ have the value checked during execve() calls. The current system\r
182+ only checks the system limit during fork() calls. If the sysctl option\r
183+ is enabled, a sysctl option with name "execve_limiting" is created.\r
184+\r
185+Fork-bombing protection\r
186+CONFIG_GRKERNSEC_FORKBOMB\r
187+ If you say Y here, you will be able to configure a group to add to users\r
188+ on your system that you want to be unable to fork-bomb the system.\r
189+ You will be able to specify a maximum process limit for the user and\r
190+ set a rate limit for all forks under their uid. (Fork-bombing is a\r
191+ tactic used by attackers that can be enacted in two ways, (1) loading\r
192+ up thousands of processes until the system can't take any more (this\r
193+ method can be stopped outside of the kernel with PAM, however we place\r
194+ protection for it in the kernel to be more complete and reduce overhead),\r
195+ and (2), by forking processes at a rapid rate, and then killing them\r
196+ off, which cannot be protected against in the same way at tactic 1)\r
197+ The rate limit is specified in forks allowed per second. Set this\r
198+ limit low enough to stop tactic 2, but high enough to allow for\r
199+ normal operation. The protection will kill the offending process.\r
200+ If the sysctl option is enabled, a sysctl option with name \r
201+ "fork_bomb_prot" is created.\r
202+\r
203+Max processes for fork-bomb protection\r
204+CONFIG_GRKERNSEC_FORKBOMB_MAX\r
205+ Here you can configure the maximum number of processes users in the\r
206+ fork-bomb protected group can run. I would not recommend setting a\r
207+ value lower than 8, since some programs like man(1) spawn up to 8\r
208+ processes to run. The default value should be fine for most purposes.\r
209+ If the sysctl option is enabled, a sysctl option with name\r
210+ "fork_bomb_max" is created.\r
211+\r
212+Forks allowed per second\r
213+CONFIG_GRKERNSEC_FORKBOMB_SEC\r
214+ Here you can specify the maximum number of forks allowed per second.\r
215+ You don't want to set this value too low, or else you'll hinder\r
216+ normal operation of your system. The default value should be fine for\r
217+ most users. If the sysctl option is enabled, a sysctl option with name\r
218+ "fork_bomb_sec" is created.\r
219+\r
220+Group for fork-bomb protection\r
221+CONFIG_GRKERNSEC_FORKBOMB_GID\r
222+ Here you can choose the GID to enable fork-bomb protection for.\r
223+ Remember to add the users you want protection enabled for to the GID \r
224+ specified here. If the sysctl option is enabled, whatever you choose\r
225+ here won't matter. You'll have to specify the GID in your bootup \r
226+ script by echoing the GID to the proper /proc entry. View the help\r
227+ on the sysctl option for more information. If the sysctl option is\r
228+ enabled, a sysctl option with name "fork_bomb_gid" is created.\r
229+\r
230+Exec logging for all users\r
231+CONFIG_GRKERNSEC_EXECLOG\r
232+ If you say Y here, all execve() calls will be logged (since the\r
233+ other exec*() calls are frontends to execve(), all execution\r
234+ will be logged). Useful for shell-servers that like to keep track\r
235+ of their users. If the sysctl option is enabled, a sysctl option with\r
236+ name "exec_logging" is created.\r
237+ WARNING: This option when enabled will produce a LOT of logs, especially\r
238+ on an active system.\r
239+\r
240+Exec logging for a single group\r
241+CONFIG_GRKERNSEC_EXECLOG_GROUP\r
242+ If you say Y here, only execs by users in the group you specify will\r
243+ be logged. Useful for shell-servers that like to keep track\r
244+ of their users. If the sysctl option is enabled, a sysctl option with\r
245+ name "exec_group logging" is created.\r
246+ WARNING: Depending on the number of users in the group you specify,\r
247+ this option could produce a lot of logs.\r
248+ \r
249+Group for exec logging\r
250+CONFIG_GRKERNSEC_EXECLOG_GID\r
251+ Here you can choose the GID to log all file executions for.\r
252+ Remember to add the users you want to log to the GID specified here.\r
253+ If the sysctl option is enabled, whatever you choose here won't matter. \r
254+ You'll have to specify the GID in your bootup script by echoing the GID \r
255+ to the proper /proc entry. View the help on the sysctl option for more \r
256+ information. If the sysctl option is enabled, a sysctl option with name \r
257+ "exec_logging_gid" is created.\r
258+\r
259+Set*id logging for all users\r
260+CONFIG_GRKERNSEC_SUID\r
261+ If you say Y here, all set*id() calls will be logged. Such information\r
262+ could be useful when detecting a possible intrusion attempt. This \r
263+ option can produce a lot of logs on an active system. If the sysctl\r
264+ option is enabled, a sysctl option with name "suid_logging" is created.\r
265+\r
266+Set*id logging for root\r
267+CONFIG_GRKERNSEC_SUID\r
268+ If you say Y here, only set*id() calls where a user is changing to the\r
269+ gid or uid of the root user will be logged. Such information\r
270+ could be useful when detecting a possible intrusion attempt. This\r
271+ option will produce less logs than logging all calls. If the sysctl\r
272+ option is enabled, a sysctl option with name "suid_root_logging" is\r
273+ created.\r
274+\r
275+Signal logging\r
276+CONFIG_GRKERNSEC_SIGNAL\r
277+ If you say Y here, certain important signals will be logged, such as\r
278+ SIGSEGV, which will as a result inform you of when a error in a program\r
279+ occurred, which in some cases could mean a possible exploit attempt.\r
280+ If the sysctl option is enabled, a sysctl option with name \r
281+ "signal_logging" is created.\r
282+\r
283+BSD-style coredumps\r
284+CONFIG_GRKERNSEC_COREDUMP\r
285+ If you say Y here, linux will use a style similar to BSD for\r
286+ coredumps, core.processname. Not a security feature, just\r
287+ a useful one. If the sysctl option is enabled, a sysctl option with \r
288+ name "coredump" is created.\r
289+\r
290+Fork failure logging\r
291+CONFIG_GRKERNSEC_FORKFAIL\r
292+ If you say Y here, all failed fork() attempts will be logged.\r
293+ This could suggest a fork bomb, or someone attempting to overstep\r
294+ their process limit. If the sysctl option is enabled, a sysctl option\r
295+ with name "forkfail_logging" is created.\r
296+\r
297+Time change logging\r
298+CONFIG_GRKERNSEC_TIME\r
299+ If you say Y here, any changes of the system clock will be logged.\r
300+ If the sysctl option is enabled, a sysctl option with name \r
301+ "timechange_logging" is created.\r
302+\r
303+Secure keymap loading\r
304+CONFIG_GRKERNSEC_KBMAP\r
305+ If you say Y here, KDSKBENT and KDSKBSENT ioctl calls being\r
306+ called by unprivileged users will be denied. If you answer N,\r
307+ everyone with access to the console will be able to modify keyboard \r
308+ bindings. If the sysctl option is enabled, a sysctl option with name\r
309+ "secure_kbmap" is created.\r
310+\r
311+Enhanced network randomness\r
312+CONFIG_GRKERNSEC_RANDNET\r
313+ If you say Y here, the functions controlling the randomness\r
314+ of the Linux IP stack will be enhanced to decrease the chances\r
315+ of being able to predict certain packets that require some\r
316+ amount of randomness. If the sysctl option is enabled, a sysctl option\r
317+ with name "rand_net" is created.\r
318+\r
319+Chroot jail restrictions\r
320+CONFIG_GRKERNSEC_CHROOT\r
321+ If you say Y here, processes in a chrooted jail will be much more\r
322+ difficult to break out of. It stops most generic ways of breaking\r
323+ a chroot jail. Adding in chroot jail restrictions adds these\r
324+ protective measures to the kernel:\r
325+ No mknod()\r
326+ No ptracing\r
327+ No fchmod +s or chmod +s (usually used to create a rootshell)\r
328+ No double chroots\r
329+ Restricted signal sending to other processes\r
330+ No mounting or remounting of devices\r
331+ Enforced chdir("/") on all chroots\r
332+ If the sysctl option is enabled, a sysctl option with name \r
333+ "chroot_restrictions" is created.\r
334+\r
335+Log all execs within chroot\r
336+CONFIG_GRKERNSEC_CHROOT_EXECLOG\r
337+ If you say Y here, all executions inside a chroot jail will be logged \r
338+ to syslog. If the sysctl option is enabled, a sysctl option with name\r
339+ "chroot_execlog" is created.\r
340+\r
341+Chroot jail capability restrictions\r
342+CONFIG_GRKERNSEC_CHROOT_CAPS\r
343+ If you say Y here, the capabilities on all root processes within a\r
344+ chroot jail will be lowered to stop module insertion, raw i/o,\r
345+ system and net admin tasks, transferring capabilities, and\r
346+ tty configuration tasks. This is left an option because it breaks\r
347+ some apps. Disable this if your chrooted apps are having\r
348+ problems performing those kinds of tasks. If the sysctl option is \r
349+ enabled, a sysctl option with name "chroot_caps" is created.\r
350+\r
351+Trusted path execution\r
352+CONFIG_GRKERNSEC_TPE\r
353+ If you say Y here, you will be able to choose a gid to add to the\r
354+ supplementary groups of users you want to mark as "untrusted."\r
355+ These users will not be able to execute any files that are not in\r
356+ root-owned directories writeable only by root. If the sysctl option\r
357+ is enabled, a sysctl option with name "tpe" is created.\r
358+\r
359+Group for trusted path execution\r
360+CONFIG_GRKERNSEC_TPE_GID\r
361+ Here you can choose the GID to enable trusted path protection for.\r
362+ Remember to add the users you want protection enabled for to the GID \r
363+ specified here. If the sysctl option is enabled, whatever you choose\r
364+ here won't matter. You'll have to specify the GID in your bootup \r
365+ script by echoing the GID to the proper /proc entry. View the help\r
366+ on the sysctl option for more information. If the sysctl option is\r
367+ enabled, a sysctl option with name "tpe_gid" is created.\r
368+\r
369+Partially restrict non-root users\r
370+CONFIG_GRKERNSEC_TPE_ALL\r
371+ If you say Y here, All other non-root users will only be allowed to\r
372+ execute files in directories they own that are not group or\r
373+ world-writeable, or in directories owned by root and writeable only by\r
374+ root. If the sysctl option is enabled, a sysctl option with name \r
375+ "tpe_restrict_all" is created.\r
376+\r
377+Trusted path execution glibc protection\r
378+CONFIG_GRKERNSEC_TPE_GLIBC\r
379+ If you say Y here, all non-root users will not be able to execute\r
380+ any files while glibc specific environment variables such as\r
381+ LD_PRELOAD are set, which could be used to evade the trusted path \r
382+ execution protection. It also protects against evasion through \r
383+ /lib/ld-2.* It is recommended you say Y here also. If the sysctl option \r
384+ is enabled, a sysctl option with name "tpe_glibc" is created.\r
385+\r
386+Restricted ptrace\r
387+CONFIG_GRKERNSEC_PTRACE\r
388+ If you say Y here, no one but root will be able to ptrace processes.\r
389+ Tracing syscalls inside the kernel will also be disabled. All allowed\r
390+ ptraces will be logged when this option is enabled. If the sysctl\r
391+ option is enabled, a sysctl option with name "restrict_ptrace" is\r
392+ created.\r
393+\r
394+Allow ptrace for group\r
395+CONFIG_GRKERNSEC_PTRACE_GROUP\r
396+ If you say Y here, you will be able to choose a GID of whose users\r
397+ will be able to ptrace. If the sysctl option is enabled, a sysctl \r
398+ option with name "allow_ptrace_group" is created.\r
399+\r
400+GID for ptrace\r
401+CONFIG_GRKERNSEC_PTRACE_GID\r
402+ Here you can choose the GID of whose users will be able to ptrace.\r
403+ Remember to add the users you want ptrace enabled for to the GID\r
404+ specified here. If the sysctl option is enabled, whatever you choose\r
405+ here won't matter. You'll have to specify the GID in your bootup\r
406+ script by echoing the GID to the proper /proc entry. View the help\r
407+ on the sysctl option for more information. If the sysctl option is\r
408+ enabled, a sysctl option with name "ptrace_gid" is created.\r
409+\r
410+Randomized PIDs\r
411+CONFIG_GRKERNSEC_RANDPID\r
412+ If you say Y here, all PIDs created on the system will be\r
413+ pseudo-randomly generated. This is extremely effective along\r
414+ with the /proc restrictions to disallow an attacker from guessing\r
415+ pids of daemons, etc. PIDs are also used in some cases as part\r
416+ of a naming system for temporary files, so this option would keep\r
417+ those filenames from being predicted as well. We also use code\r
418+ to make sure that PID numbers aren't reused too soon. If the sysctl\r
419+ option is enabled, a sysctl option with name "rand_pids" is created.\r
420+\r
421+Randomized IP IDs\r
422+CONFIG_GRKERNSEC_RANDID\r
423+ If you say Y here, all the id field on all outgoing packets\r
424+ will be randomized. This hinders os fingerprinters and\r
425+ keeps your machine from being used as a bounce for an untraceable\r
426+ portscan. Ids are used for fragmented packets, fragments belonging\r
427+ to the same packet have the same id. By default linux only\r
428+ increments the id value on each packet sent to an individual host.\r
429+ We use a port of the OpenBSD random ip id code to achieve the\r
430+ randomness, while keeping the possibility of id duplicates to\r
431+ near none. If the sysctl option is enabled, a sysctl option with name\r
432+ "rand_ip_ids" is created.\r
433+\r
434+Randomized TCP source ports\r
435+CONFIG_GRKERNSEC_RANDSRC\r
436+ If you say Y here, situations where a source port is generated on the\r
437+ fly for the TCP protocol (ie. with connect() ) will be altered so that\r
438+ the source port is generated at random, instead of a simple incrementing\r
439+ algorithm. If the sysctl option is enabled, a sysctl option with name\r
440+ "rand_tcp_src_ports" is created.\r
441+\r
442+Altered Ping IDs\r
443+CONFIG_GRKERNSEC_RANDPING\r
444+ If you say Y here, the way Linux handles echo replies will be changed\r
445+ so that the reply uses an ID equal to the ID of the echo request.\r
446+ This will help in confusing OS detection. If the sysctl option is\r
447+ enabled, a sysctl option with name "altered_pings" is created.\r
448+\r
449+Randomized TTL\r
450+CONFIG_GRKERNSEC_RANDTTL\r
451+ If you say Y here, your TTL (time to live) for packets will be set at\r
452+ random, with a base level you specify, to further confuse OS detection.\r
453+ If the sysctl option is enabled, a sysctl option with name "rand_ttl"\r
454+ is created.\r
455+\r
456+Randomized TTL threshold\r
457+CONFIG_GRKERNSEC_RANDTTL_THRESH\r
458+ Here you can choose a base TTL for the randomization. The default value\r
459+ for this setting is the Linux default TTL. Most users will want to \r
460+ leave this setting as-is. The higher you set the base level (note that\r
461+ you can't set it above 255) the more hops your packets will live. \r
462+ If the sysctl option is enabled, whatever you choose here won't matter. \r
463+ You'll have to specify the threshold in your bootup script by echoing \r
464+ the threshold to the proper /proc entry. View the help on the sysctl \r
465+ option for more information. If the sysctl option is enabled, a sysctl \r
466+ option with name "rand_ttl_thresh" is created.\r
467+\r
468+Socket restrictions\r
469+CONFIG_GRKERNSEC_SOCKET\r
470+ If you say Y here, you will be able to choose from several options.\r
471+ If you assign a GID on your system and add it to the supplementary\r
472+ groups of users you want to restrict socket access to, this patch\r
473+ will perform up to three things, based on the option(s) you choose.\r
474+\r
475+Deny all socket access\r
476+CONFIG_GRKERNSEC_SOCKET_ALL\r
477+ If you say Y here, you will be able to choose a GID of whose users will\r
478+ be unable to connect to other hosts from your machine or run server\r
479+ applications from your machine. If the sysctl option is enabled, a\r
480+ sysctl option with name "socket_all" is created.\r
481+\r
482+Group for disabled socket access\r
483+CONFIG_GRKERNSEC_SOCKET_ALL_GID\r
484+ Here you can choose the GID to disable socket access for. Remember to \r
485+ add the users you want socket access disabled for to the GID \r
486+ specified here. If the sysctl option is enabled, whatever you choose\r
487+ here won't matter. You'll have to specify the GID in your bootup \r
488+ script by echoing the GID to the proper /proc entry. View the help\r
489+ on the sysctl option for more information. If the sysctl option is\r
490+ enabled, a sysctl option with name "socket_all_gid" is created.\r
491+\r
492+Deny all client socket access\r
493+CONFIG_GRKERNSEC_SOCKET_CLIENT\r
494+ If you say Y here, you will be able to choose a GID of whose users will\r
495+ be unable to connect to other hosts from your machine, but will be\r
496+ able to run servers. If this option is enabled, all users in the group\r
497+ you specify will have to use passive mode when initiating ftp transfers\r
498+ from the shell on your machine. If the sysctl option is enabled, a\r
499+ sysctl option with name "socket_client" is created.\r
500+\r
501+Group for disabled client socket access\r
502+CONFIG_GRKERNSEC_SOCKET_CLIENT_GID\r
503+ Here you can choose the GID to disable client socket access for. \r
504+ Remember to add the users you want client socket access disabled for to \r
505+ the GID specified here. If the sysctl option is enabled, whatever you \r
506+ choose here won't matter. You'll have to specify the GID in your bootup \r
507+ script by echoing the GID to the proper /proc entry. View the help\r
508+ on the sysctl option for more information. If the sysctl option is\r
509+ enabled, a sysctl option with name "socket_client_gid" is created.\r
510+\r
511+Deny all server socket access\r
512+CONFIG_GRKERNSEC_SOCKET_SERVER\r
513+ If you say Y here, you will be able to choose a GID of whose users will\r
514+ be unable to run server applications from your machine. If the sysctl \r
515+ option is enabled, a sysctl option with name "socket_server" is created.\r
516+\r
517+Group for disabled server socket access\r
518+CONFIG_GRKERNSEC_SOCKET_SERVER_GID\r
519+ Here you can choose the GID to disable server socket access for. \r
520+ Remember to add the users you want server socket access disabled for to \r
521+ the GID specified here. If the sysctl option is enabled, whatever you \r
522+ choose here won't matter. You'll have to specify the GID in your bootup \r
523+ script by echoing the GID to the proper /proc entry. View the help\r
524+ on the sysctl option for more information. If the sysctl option is\r
525+ enabled, a sysctl option with name "socket_server_gid" is created.\r
526+\r
527+Stealth network enhancements\r
528+CONFIG_GRKERNSEC_STEALTH\r
529+ If you say Y here, you will enable several enhancements that will\r
530+ improve your system's protection against portscans.\r
531+ Enabling these options and filtering all open ports should make\r
532+ your machine very hard to detect, while not interfering with (most)\r
533+ normal operation. All the stealth options break RFC, so there's always the\r
534+ possibility that it might affect how certain network applications react\r
535+ to your system. \r
536+\r
537+Do not RSTs on unserved TCP\r
538+CONFIG_GRKERNSEC_STEALTH_RST\r
539+ If you say Y here, your machine will not send RSTs (connection resets)\r
540+ on unserved TCP ports. This will slow down portscanners a great deal,\r
541+ since it has the same effect as dropping all packets to unserved TCP\r
542+ ports. It will also force clients connecting to a non-open port to\r
543+ time out instead of immediately stating "connection refused." If the\r
544+ sysctl option is enabled, a sysctl option with name "stealth_rst" is\r
545+ created.\r
546+\r
547+Do not reply to UDP with ICMP unreachables\r
548+CONFIG_GRKERNSEC_STEALTH_UDP\r
549+ If you say Y here, your machine will not reply with ICMP unreachable\r
550+ packets (type 3) on UDP ports not waiting for data. This hinders\r
551+ portscanners from scanning your UDP ports. Enabling the UDP stealth \r
552+ options is known to slow down SSH connection times, and may also \r
553+ interfere with other protocols as well. Packets travelling across the\r
554+ local loopback interface will not be tampered with. If the sysctl \r
555+ option is enabled, a sysctl option with name "stealth_udp" is created.\r
556+\r
557+Do not process ICMP packets\r
558+CONFIG_GRKERNSEC_STEALTH_ICMP\r
559+ If you say Y here, your machine will drop all ICMP packets but\r
560+ echo-reply (Which allows you to ping from your machine, while not\r
561+ allowing your machine to be pinged). Since ICMP packets can be spoofed\r
562+ and are commonly used in Denial of Service attacks, it is recommended\r
563+ that you say Y here. Theoretically, it is possible that this option \r
564+ could hinder your ability to connect to certain hosts since it also \r
565+ blocks "packet too large" icmp messages, though in reality this \r
566+ occurance is rare. Packets travelling across the local loopback \r
567+ interface will not be tampered with. If the sysctl option is enabled, a \r
568+ sysctl option with name "stealth_icmp" is created.\r
569+\r
570+Do not reply to IGMP requests\r
571+CONFIG_GRKERNSEC_STEALTH_IGMP\r
572+ If you say Y here, your machine will drop all IGMP packets. IGMP\r
573+ stands for Internet Group Management Protocol. Most users should\r
574+ enable this option, unless you are actually connected to a multicast\r
575+ network, which IGMP is used for. If the sysctl option is enabled, a \r
576+ sysctl option with name "stealth_igmp" is created.\r
577+\r
578+Drop packets with illegitimate flags\r
579+CONFIG_GRKERNSEC_STEALTH_FLAGS\r
580+ If you say Y here, your machine will drop packets with TCP flags that\r
581+ are never used in normal communication. Such packets are used in\r
582+ "stealth" scans, and should not be allowed. It is recommended that\r
583+ you say Y here. If the sysctl option is enabled, a sysctl option with\r
584+ name "stealth_flags" is created.\r
585+\r
586+Log requests to unserved TCP ports\r
587+CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
588+ If you say Y here, your machine will log requests to unserved TCP ports.\r
589+ If the sysctl option is enabled, a sysctl option with name \r
590+ "stealth_rst_log" is created.\r
591+\r
592+Log requests to unserved UDP ports\r
593+CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r
594+ If you say Y here, your machine will log packets to UDP ports on your\r
595+ system that are not waiting for data. Packets travelling across the\r
596+ local loopback interface will not be logged. If the sysctl option is \r
597+ enabled, a sysctl option with name "stealth_udp_log" is created.\r
598+\r
599+Log ICMP packets\r
600+CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r
601+ If you say Y here, your machine will log all ICMP packets but\r
602+ echo-reply. Packets travelling across the local loopback interface\r
603+ will not be logged. If the sysctl option is enabled, a sysctl option \r
604+ with name "stealth_icmp_log" is created.\r
605+\r
606+Log packets with illegitimate flags\r
607+CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r
608+ If you say Y here, your machine will log packets with TCP flags that\r
609+ are never used in normal communication. Such packets are used in\r
610+ "stealth" scans, and should not be allowed. If the sysctl option is \r
611+ enabled, a sysctl option with name "stealth_flags_log" is created.\r
612+\r
613+Sysctl support\r
614+CONFIG_GRKERNSEC_SYSCTL\r
615+ If you say Y here, you will be able to change the options that\r
616+ grsecurity runs with at bootup, without having to recompile your\r
617+ kernel. You can echo values to files in /proc/sys/kernel/grsecurity\r
618+ to enable (1) or disable (0) various features. All the sysctl entries\r
619+ are mutable until the "grsec_lock" entry is set to a non-zero value.\r
620+ All features are disabled by default. Please note that this option could \r
621+ reduce the effectiveness of the added security of this patch if an ACL \r
622+ system is not put in place. Your init scripts should be read-only, and \r
623+ root should not have access to adding modules or performing raw i/o \r
624+ operations. All options should be set at startup, and the grsec_lock \r
625+ entry should be set to a non-zero value after all the options are set. \r
626+ *THIS IS EXTREMELY IMPORTANT*\r
627+\r
628+Oblivion ACL System\r
629+CONFIG_OBV_PROC\r
630+ If you say Y here, you enable the Access Control List system for \r
631+ grsecurity called Oblivion. Oblivion is a very advanced ACL system\r
632+ that is optimized for speed and correctness of ACLS. Unlike many \r
633+ other popular ACL systems, it allows both process and file ACLs.\r
634+ To use the ACL system, you must also download the userspace code\r
635+ and documentation off the grsecurity website: http://grsecurity.net\r
636+ You will then need to run obvadm setup to set your password and create \r
637+ your config files.\r
638+ \r
639 #\r
640 # m68k-specific kernel options\r
641 # Documented by Chris Lawrence <mailto:quango@themall.net> et al.\r
cab4bb15 642diff -urN linux/arch/alpha/config.in linux/arch/alpha/config.in\r
643--- linux/arch/alpha/config.in Tue Nov 20 18:49:31 2001\r
644+++ linux/arch/alpha/config.in Mon Nov 26 10:37:56 2001\r
645@@ -393,3 +393,12 @@\r
646 fi\r
647 \r
648 endmenu\r
649+\r
650+mainmenu_option next_comment\r
651+comment 'Grsecurity'\r
652+bool 'Grsecurity' CONFIG_GRKERNSEC\r
653+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
654+ source grsecurity/Config.in\r
655+fi\r
656+endmenu\r
657+\r
658diff -urN linux/arch/arm/config.in linux/arch/arm/config.in\r
659--- linux/arch/arm/config.in Fri Nov 9 16:58:02 2001\r
660+++ linux/arch/arm/config.in Mon Nov 26 10:37:56 2001\r
661@@ -606,3 +606,12 @@\r
662 dep_bool ' Kernel low-level debugging messages via footbridge serial port' CONFIG_DEBUG_DC21285_PORT $CONFIG_DEBUG_LL $CONFIG_FOOTBRIDGE\r
663 dep_bool ' kernel low-level debugging messages via UART2' CONFIG_DEBUG_CLPS711X_UART2 $CONFIG_DEBUG_LL $CONFIG_ARCH_CLPS711X\r
664 endmenu\r
665+\r
666+mainmenu_option next_comment\r
667+comment 'Grsecurity'\r
668+bool 'Grsecurity' CONFIG_GRKERNSEC\r
669+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
670+ source grsecurity/Config.in\r
671+fi\r
672+endmenu\r
673+\r
674diff -urN linux/arch/cris/config.in linux/arch/cris/config.in\r
675--- linux/arch/cris/config.in Mon Oct 15 16:42:14 2001\r
676+++ linux/arch/cris/config.in Mon Nov 26 10:37:56 2001\r
677@@ -251,3 +251,12 @@\r
678 int ' Profile shift count' CONFIG_PROFILE_SHIFT 2\r
679 fi\r
680 endmenu\r
681+\r
682+mainmenu_option next_comment\r
683+comment 'Grsecurity'\r
684+bool 'Grsecurity' CONFIG_GRKERNSEC\r
685+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
686+ source grsecurity/Config.in\r
687+fi\r
688+endmenu\r
689+\r
690diff -urN linux/arch/i386/config.in linux/arch/i386/config.in\r
691--- linux/arch/i386/config.in Mon Nov 12 14:58:08 2001\r
692+++ linux/arch/i386/config.in Mon Nov 26 10:37:56 2001\r
693@@ -410,3 +410,12 @@\r
694 fi\r
695 \r
696 endmenu\r
697+\r
698+mainmenu_option next_comment\r
699+comment 'Grsecurity'\r
700+bool 'Grsecurity' CONFIG_GRKERNSEC\r
701+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
702+ source grsecurity/Config.in\r
703+fi\r
704+endmenu\r
705+\r
706diff -urN linux/arch/i386/kernel/entry.S linux/arch/i386/kernel/entry.S\r
707--- linux/arch/i386/kernel/entry.S Fri Nov 2 20:18:49 2001\r
708+++ linux/arch/i386/kernel/entry.S Mon Nov 26 10:37:57 2001\r
709@@ -45,6 +45,7 @@\r
710 #include <linux/linkage.h>\r
711 #include <asm/segment.h>\r
712 #include <asm/smp.h>\r
713+#include <asm/page.h>\r
714 \r
715 EBX = 0x00\r
716 ECX = 0x04\r
717@@ -381,8 +382,52 @@\r
718 jmp error_code\r
719 \r
720 ENTRY(page_fault)\r
721+#ifdef CONFIG_GRKERNSEC_PAX\r
722+ ALIGN\r
723+ pushl $ SYMBOL_NAME(pax_do_page_fault)\r
724+ pushl %ds\r
725+ pushl %eax\r
726+ xorl %eax,%eax\r
727+ pushl %ebp\r
728+ pushl %edi\r
729+ pushl %esi\r
730+ pushl %edx\r
731+ decl %eax # eax = -1\r
732+ pushl %ecx\r
733+ pushl %ebx\r
734+ cld\r
735+ movl %es,%ecx\r
736+ movl ORIG_EAX(%esp), %esi # get the error code\r
737+ movl ES(%esp), %edi # get the function address\r
738+ movl %eax, ORIG_EAX(%esp)\r
739+ movl %ecx, ES(%esp)\r
740+ movl %esp,%edx\r
741+ pushl %esi # push the error code\r
742+ pushl %edx # push the pt_regs pointer\r
743+ movl $(__KERNEL_DS),%edx\r
744+ movl %edx,%ds\r
745+ movl %edx,%es\r
746+ GET_CURRENT(%ebx)\r
747+ call *%edi\r
748+ addl $8,%esp\r
749+ decl %eax\r
750+ jnz ret_from_exception\r
751+\r
752+ popl %ebx\r
753+ popl %ecx\r
754+ popl %edx\r
755+ popl %esi\r
756+ popl %edi\r
757+ popl %ebp\r
758+ popl %eax\r
759+ popl %ds\r
760+ popl %es\r
761+ addl $4,%esp\r
762+ jmp system_call\r
763+#else\r
764 pushl $ SYMBOL_NAME(do_page_fault)\r
765 jmp error_code\r
766+#endif\r
767 \r
768 ENTRY(machine_check)\r
769 pushl $0\r
770diff -urN linux/arch/i386/kernel/head.S linux/arch/i386/kernel/head.S\r
771--- linux/arch/i386/kernel/head.S Wed Jun 20 14:00:53 2001\r
772+++ linux/arch/i386/kernel/head.S Mon Nov 26 10:37:57 2001\r
773@@ -433,7 +433,11 @@\r
774 .quad 0x0000000000000000 /* not used */\r
775 .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */\r
776 .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */\r
777+#ifdef CONFIG_GRKERNSEC_STACK\r
778+ .quad 0x00cbfa000000f7ff /* 0x23 user 3GB-8MB code at 0 */\r
779+#else\r
780 .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */\r
781+#endif\r
782 .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */\r
783 .quad 0x0000000000000000 /* not used */\r
784 .quad 0x0000000000000000 /* not used */\r
785diff -urN linux/arch/i386/kernel/ptrace.c linux/arch/i386/kernel/ptrace.c\r
786--- linux/arch/i386/kernel/ptrace.c Wed Nov 21 13:42:41 2001\r
787+++ linux/arch/i386/kernel/ptrace.c Mon Nov 26 11:47:35 2001\r
788@@ -21,6 +21,12 @@\r
789 #include <asm/i387.h>\r
790 #include <asm/debugreg.h>\r
791 \r
792+#if defined(CONFIG_GRKERNSEC_CHROOT) || defined(CONFIG_GRKERNSEC_PTRACE)\r
793+#include <linux/grsecurity.h>\r
794+#endif\r
795+#ifdef CONFIG_GRKERNSEC_CHROOT\r
796+extern struct task_struct *child_reaper;\r
797+#endif\r
798 /*\r
799 * does not yet catch signals sent when the child dies.\r
800 * in exit.c or in signal.c.\r
801@@ -177,6 +183,32 @@\r
802 if (pid == 1) /* you may not mess with init */\r
803 goto out_tsk;\r
804 \r
805+#ifdef CONFIG_GRKERNSEC_PTRACE\r
806+ if(grsec_enable_ptrace && current->uid\r
807+#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r
808+ && ((grsec_enable_ptrace_group && !in_group_p(grsec_ptrace_gid))\r
809+ || !grsec_enable_ptrace_group)\r
810+#endif\r
811+ ) {\r
812+ security_alert("denied ptrace of (%.16s:%d) by " DEFAULTSECMSG,\r
813+ "denied ptraces", child->comm, child->pid, DEFAULTSECARGS);\r
814+ goto out_tsk;\r
815+ }\r
816+ security_alert("ptrace of (%.16s:%d) by " DEFAULTSECMSG,\r
817+ "ptraces", child->comm, child->pid, DEFAULTSECARGS);\r
818+#endif \r
819+#ifdef CONFIG_GRKERNSEC_CHROOT\r
820+ if(grsec_enable_chroot && proc_is_chrooted(current) &&\r
821+ have_same_root(current,child)) {\r
822+ security_alert("denied ptrace of process(%.16s:%d) within chroot jail "\r
823+ "(%.32s:%lu) by " DEFAULTSECMSG, \r
824+ "ptrace from chroot",\r
825+ child->comm,child->pid,kdevname(current->fs->root->d_inode->i_dev),\r
826+ current->fs->root->d_inode->i_ino, \r
827+ DEFAULTSECARGS);\r
828+ goto out_tsk;\r
829+ }\r
830+#endif\r
831 if (request == PTRACE_ATTACH) {\r
832 ret = ptrace_attach(child);\r
833 goto out_tsk;\r
834@@ -439,11 +471,23 @@\r
835 return ret;\r
836 }\r
837 \r
838+#ifdef CONFIG_GRKERNSEC_PTRACE\r
839+asmlinkage void syscall_trace(int unused)\r
840+#else\r
841 asmlinkage void syscall_trace(void)\r
842+#endif\r
843 {\r
844+#ifdef CONFIG_GRKERNSEC_PTRACE\r
845+ struct pt_regs *regs = (struct pt_regs *) &unused;\r
846+#endif\r
847+\r
848 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS)) !=\r
849 (PT_PTRACED|PT_TRACESYS))\r
850 return;\r
851+#ifdef CONFIG_GRKERNSEC_PTRACE\r
852+ if(!user_mode(regs))\r
853+ return;\r
854+#endif\r
855 /* the 0x80 provides a way for the tracing parent to distinguish\r
856 between a syscall stop and SIGTRAP delivery */\r
857 current->exit_code = SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)\r
858diff -urN linux/arch/i386/kernel/signal.c linux/arch/i386/kernel/signal.c\r
859--- linux/arch/i386/kernel/signal.c Fri Sep 14 17:15:40 2001\r
860+++ linux/arch/i386/kernel/signal.c Mon Nov 26 10:37:58 2001\r
861@@ -7,6 +7,7 @@\r
862 * 2000-06-20 Pentium III FXSR, SSE support by Gareth Hughes\r
863 */\r
864 \r
865+#include <linux/config.h>\r
866 #include <linux/sched.h>\r
867 #include <linux/mm.h>\r
868 #include <linux/smp.h>\r
869@@ -421,11 +422,15 @@\r
870 if (ka->sa.sa_flags & SA_RESTORER) {\r
871 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);\r
872 } else {\r
873+#ifdef CONFIG_GRKERNSEC_STACK\r
874+ err |= __put_user(MAGIC_SIGRETURN, &frame->pretcode);\r
875+#else\r
876 err |= __put_user(frame->retcode, &frame->pretcode);\r
877 /* This is popl %eax ; movl $,%eax ; int $0x80 */\r
878 err |= __put_user(0xb858, (short *)(frame->retcode+0));\r
879 err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2));\r
880 err |= __put_user(0x80cd, (short *)(frame->retcode+6));\r
881+#endif\r
882 }\r
883 \r
884 if (err)\r
885@@ -496,11 +501,15 @@\r
886 if (ka->sa.sa_flags & SA_RESTORER) {\r
887 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);\r
888 } else {\r
889+#ifdef CONFIG_GRKERNSEC_STACK\r
890+ err |= __put_user(MAGIC_RT_SIGRETURN, &frame->pretcode);\r
891+#else\r
892 err |= __put_user(frame->retcode, &frame->pretcode);\r
893 /* This is movl $,%eax ; int $0x80 */\r
894 err |= __put_user(0xb8, (char *)(frame->retcode+0));\r
895 err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1));\r
896 err |= __put_user(0x80cd, (short *)(frame->retcode+5));\r
897+#endif\r
898 }\r
899 \r
900 if (err)\r
901@@ -557,6 +566,18 @@\r
902 regs->eip -= 2;\r
903 }\r
904 }\r
905+\r
906+#ifdef CONFIG_GRKERNSEC_PAX\r
907+ /* PaX: clean up as our trace attempt became obsolete */\r
908+ if ((current->flags & PF_PAX_PAGEEXEC) && (current->ptrace & PT_PAX_TRACE)) {\r
909+ if (!(current->ptrace & PT_PAX_OLDTF)) {\r
910+ regs->eflags &= ~TF_MASK;\r
911+ }\r
912+ current->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r
913+ current->thread.pax_faults.eip = 0;\r
914+ current->thread.pax_faults.count = 0;\r
915+ }\r
916+#endif\r
917 \r
918 /* Set up the stack frame */\r
919 if (ka->sa.sa_flags & SA_SIGINFO)\r
920diff -urN linux/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c\r
921--- linux/arch/i386/kernel/traps.c Sun Sep 30 15:26:08 2001\r
922+++ linux/arch/i386/kernel/traps.c Mon Nov 26 10:37:58 2001\r
923@@ -49,6 +49,9 @@\r
924 \r
925 #include <linux/irq.h>\r
926 #include <linux/module.h>\r
927+#ifdef CONFIG_GRKERNSEC_STACK\r
928+#include <linux/grsecurity.h>\r
929+#endif\r
930 \r
931 asmlinkage int system_call(void);\r
932 asmlinkage void lcall7(void);\r
933@@ -348,14 +351,183 @@\r
934 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)\r
935 DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, get_cr2())\r
936 \r
937+#if defined(CONFIG_GRKERNSEC_STACK) && defined(CONFIG_GRKERNSEC_STACK_GCC)\r
938+static unsigned long *get_reg(struct pt_regs *regs, unsigned char regnum)\r
939+{\r
940+ switch (regnum) {\r
941+ case 0: return &regs->eax;\r
942+ case 1: return &regs->ecx;\r
943+ case 2: return &regs->edx;\r
944+ case 3: return &regs->ebx;\r
945+ case 4: return &regs->esp;\r
946+ case 5: return &regs->ebp;\r
947+ case 6: return &regs->esi;\r
948+ case 7: return &regs->edi;\r
949+ }\r
950+ return NULL;\r
951+}\r
952+static unsigned long get_modrm(struct pt_regs *regs, int *err)\r
953+{\r
954+ unsigned char modrm, sib;\r
955+ signed char rel8;\r
956+ unsigned long rel32;\r
957+ int size, regnum, scale;\r
958+ unsigned long index, base, addr, value;\r
959+\r
960+ *err |= __get_user(modrm, (unsigned char *)(regs->eip + 1));\r
961+ size = 2;\r
962+ regnum = modrm & 7;\r
963+ addr = *get_reg(regs, regnum);\r
964+ if (regnum == 4 && (modrm & 0xC0) != 0xC0) {\r
965+ *err |= __get_user(sib, (unsigned char *)(regs->eip + 2));\r
966+ size = 3;\r
967+ scale = sib >> 6;\r
968+ index = *get_reg(regs, (sib >> 3) & 7);\r
969+ base = *get_reg(regs, sib & 7);\r
970+ addr = base + (index << scale);\r
971+ }\r
972+\r
973+ switch (modrm & 0xC0) {\r
974+ case 0x00:\r
975+ if (regnum == 5) {\r
976+ *err |= __get_user(addr,\r
977+ (unsigned long *)(regs->eip + 2));\r
978+ size = 6;\r
979+ }\r
980+ *err |= __get_user(value, (unsigned long *)addr);\r
981+ break;\r
982+\r
983+ case 0x40:\r
984+ *err |= __get_user(rel8, (signed char *)(regs->eip + size));\r
985+ size++;\r
986+ addr += rel8;\r
987+ *err |= __get_user(value, (unsigned long *)addr);\r
988+ break;\r
989+\r
990+ case 0x80:\r
991+ *err |= __get_user(rel32, (unsigned long *)(regs->eip + size));\r
992+ size += 4;\r
993+ addr += rel32;\r
994+ *err |= __get_user(value, (unsigned long *)addr);\r
995+ break;\r
996+\r
997+ case 0xC0:\r
998+ default:\r
999+ value = addr;\r
1000+ }\r
1001+\r
1002+ if (*err) return 0;\r
1003+ regs->eip += size;\r
1004+ return value;\r
1005+}\r
1006+#endif\r
1007 asmlinkage void do_general_protection(struct pt_regs * regs, long error_code)\r
1008 {\r
1009+#ifdef CONFIG_GRKERNSEC_STACK\r
1010+ unsigned long addr;\r
1011+#ifdef CONFIG_GRKERNSEC_STACK_GCC\r
1012+ unsigned char insn;\r
1013+ int err, count;\r
1014+#endif\r
1015+#endif\r
1016 if (regs->eflags & VM_MASK)\r
1017 goto gp_in_vm86;\r
1018 \r
1019 if (!(regs->xcs & 3))\r
1020 goto gp_in_kernel;\r
1021 \r
1022+#ifdef CONFIG_GRKERNSEC_STACK\r
1023+/* Check if it was return from a signal handler */\r
1024+ if ((regs->xcs & 0xFFFF) == __USER_CS)\r
1025+ if (*(unsigned char *)regs->eip == 0xC3)\r
1026+ if (!__get_user(addr, (unsigned long *)regs->esp)) {\r
1027+ if ((addr & 0xFFFFFFFE) == MAGIC_SIGRETURN) {\r
1028+/* Call sys_sigreturn() or sys_rt_sigreturn() to restore the context */\r
1029+ regs->esp += 8;\r
1030+ __asm__("movl %3,%%esi\n\t"\r
1031+ "subl %1,%%esp\n\t"\r
1032+ "movl %2,%%ecx\n\t"\r
1033+ "movl %%esp,%%edi\n\t"\r
1034+ "rep; movsl\n\t"\r
1035+ "testl $1,%4\n\t"\r
1036+ "jnz 1f\n\t"\r
1037+ "call sys_sigreturn\n\t"\r
1038+ "leal %3,%%edi\n\t"\r
1039+ "jmp 2f\n\t"\r
1040+ "1:\n\t"\r
1041+ "call sys_rt_sigreturn\n\t"\r
1042+ "leal %3,%%edi\n\t"\r
1043+ "2:\n\t"\r
1044+ "addl %1,%%edi\n\t"\r
1045+ "movl %%esp,%%esi\n\t"\r
1046+ "movl %2,%%ecx\n\t"\r
1047+ "movl (%%edi),%%edi\n\t"\r
1048+ "rep; movsl\n\t"\r
1049+ "movl %%esi,%%esp"\r
1050+ :\r
1051+/* %eax is returned separately */\r
1052+ "=a" (regs->eax)\r
1053+ :\r
1054+ "i" (sizeof(*regs)),\r
1055+ "i" (sizeof(*regs) >> 2),\r
1056+ "m" (regs),\r
1057+ "r" (addr)\r
1058+ :\r
1059+ "cx", "dx", "si", "di", "cc", "memory");\r
1060+ return;\r
1061+ }\r
1062+/*\r
1063+ * * Check if we're returning to the stack area, which is only likely to happen\r
1064+ * * when attempting to exploit a buffer overflow.\r
1065+ * */\r
1066+ if ((addr & 0xFF800000) == 0xBF800000 ||\r
1067+ (addr >= PAGE_OFFSET - _STK_LIM && addr < PAGE_OFFSET))\r
1068+ security_alert("return onto stack by " DEFAULTSECMSG,\r
1069+ "returns onto stack", DEFAULTSECARGS);\r
1070+ }\r
1071+ \r
1072+#ifdef CONFIG_GRKERNSEC_STACK_GCC\r
1073+/* Check if it could have been a trampoline call */\r
1074+ if ((regs->xcs & 0xFFFF) == __USER_CS)\r
1075+ if (*(unsigned char *)regs->eip == 0xFF)\r
1076+ if (!__get_user(insn, (unsigned char *)(regs->eip + 1)))\r
1077+ if ((insn & 0x38) == 0x10 && insn != 0xD4) { /* call mod r/m */\r
1078+/* First, emulate the call */\r
1079+ err = 0;\r
1080+ addr = get_modrm(regs, &err);\r
1081+ if (!err) {\r
1082+ regs->esp -= 4;\r
1083+ err = __put_user(regs->eip, (unsigned long *)regs->esp);\r
1084+ regs->eip = addr;\r
1085+ } \r
1086+/* Then, start emulating the trampoline itself */\r
1087+ count = 0;\r
1088+ while (!err && !__get_user(insn, (unsigned char *)regs->eip++))\r
1089+ if ((insn & 0xF8) == 0xB8) { /* movl imm32,%reg */\r
1090+/* We only have 8 GP registers, no reason to initialize one twice */\r
1091+ if (count++ >= 8) break;\r
1092+ err |= __get_user(addr, (unsigned long *)regs->eip);\r
1093+ regs->eip += 4;\r
1094+ *get_reg(regs, insn & 7) = addr;\r
1095+ } else\r
1096+ if (insn == 0xFF) {\r
1097+ err |= __get_user(insn, (unsigned char *)regs->eip);\r
1098+ if ((insn & 0xF8) == 0xE0) { /* jmp *%reg */\r
1099+ regs->eip = *get_reg(regs, insn & 7);\r
1100+ if (err) break; else return;\r
1101+ }\r
1102+ break;\r
1103+ } else\r
1104+ if (insn == 0xE9) { /* jmp rel32 */\r
1105+ err |= __get_user(addr, (unsigned long *)regs->eip);\r
1106+ if (err) break;\r
1107+ regs->eip += 4 + addr;\r
1108+ return;\r
1109+ } else\r
1110+ break;\r
1111+ } \r
1112+#endif\r
1113+#endif\r
1114 current->thread.error_code = error_code;\r
1115 current->thread.trap_no = 13;\r
1116 force_sig(SIGSEGV, current);\r
1117@@ -452,6 +624,10 @@\r
1118 inb(0x71); /* dummy */\r
1119 }\r
1120 \r
1121+#ifdef CONFIG_GRKERNSEC_PAX\r
1122+void pax_handle_ptes(struct task_struct *tsk);\r
1123+#endif\r
1124+\r
1125 /*\r
1126 * Our handling of the processor debug registers is non-trivial.\r
1127 * We do not clear them on entry and exit from the kernel. Therefore\r
1128@@ -482,6 +658,22 @@\r
1129 \r
1130 __asm__ __volatile__("movl %%db6,%0" : "=r" (condition));\r
1131 \r
1132+#ifdef CONFIG_GRKERNSEC_PAX\r
1133+ /* PaX: clean up */\r
1134+ if ((tsk->flags & PF_PAX_PAGEEXEC) && (condition & DR_STEP) && (tsk->ptrace & PT_PAX_TRACE)) {\r
1135+ tsk->ptrace &= ~PT_PAX_TRACE;\r
1136+ pax_handle_ptes(tsk);\r
1137+ if (!(tsk->ptrace & PT_PAX_KEEPTF) && !(tsk->ptrace & PT_PAX_OLDTF))\r
1138+ regs->eflags &= ~TF_MASK;\r
1139+ tsk->ptrace &= ~PT_PAX_KEEPTF;\r
1140+ if (!(tsk->ptrace & PT_PAX_OLDTF)) {\r
1141+ condition &= ~DR_STEP;\r
1142+ if (!(condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)))\r
1143+ return;\r
1144+ }\r
1145+ tsk->ptrace &= ~PT_PAX_OLDTF;\r
1146+ }\r
1147+#endif\r
1148 /* Mask out spurious debug traps due to lazy DR7 setting */\r
1149 if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {\r
1150 if (!tsk->thread.debugreg[7])\r
1151diff -urN linux/arch/i386/mm/fault.c linux/arch/i386/mm/fault.c\r
1152--- linux/arch/i386/mm/fault.c Tue Oct 9 18:13:03 2001\r
1153+++ linux/arch/i386/mm/fault.c Mon Nov 26 10:37:58 2001\r
1154@@ -4,6 +4,7 @@\r
1155 * Copyright (C) 1995 Linus Torvalds\r
1156 */\r
1157 \r
1158+#include <linux/config.h>\r
1159 #include <linux/signal.h>\r
1160 #include <linux/sched.h>\r
1161 #include <linux/kernel.h>\r
1162@@ -19,6 +20,9 @@\r
1163 #include <linux/init.h>\r
1164 #include <linux/tty.h>\r
1165 #include <linux/vt_kern.h> /* For unblank_screen() */\r
1166+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_RANDMMAP)\r
1167+#include <linux/unistd.h>\r
1168+#endif\r
1169 \r
1170 #include <asm/system.h>\r
1171 #include <asm/uaccess.h>\r
1172@@ -146,23 +150,31 @@\r
1173 * bit 1 == 0 means read, 1 means write\r
1174 * bit 2 == 0 means kernel, 1 means user-mode\r
1175 */\r
1176+#ifdef CONFIG_GRKERNSEC_PAX\r
1177+asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address)\r
1178+#else\r
1179 asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)\r
1180+#endif\r
1181 {\r
1182 struct task_struct *tsk;\r
1183 struct mm_struct *mm;\r
1184 struct vm_area_struct * vma;\r
1185+#ifndef CONFIG_GRKERNSEC_PAX\r
1186 unsigned long address;\r
1187+#endif\r
1188 unsigned long page;\r
1189 unsigned long fixup;\r
1190 int write;\r
1191 siginfo_t info;\r
1192 \r
1193+#ifndef CONFIG_GRKERNSEC_PAX\r
1194 /* get the address */\r
1195 __asm__("movl %%cr2,%0":"=r" (address));\r
1196 \r
1197 /* It's safe to allow irq's after cr2 has been saved */\r
1198 if (regs->eflags & X86_EFLAGS_IF)\r
1199 local_irq_enable();\r
1200+#endif\r
1201 \r
1202 tsk = current;\r
1203 \r
1204@@ -220,21 +232,37 @@\r
1205 good_area:\r
1206 info.si_code = SEGV_ACCERR;\r
1207 write = 0;\r
1208+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1209+ switch (error_code & 7) {\r
1210+#else\r
1211 switch (error_code & 3) {\r
1212+#endif\r
1213 default: /* 3: write, present */\r
1214 #ifdef TEST_VERIFY_AREA\r
1215 if (regs->cs == KERNEL_CS)\r
1216 printk("WP fault at %08lx\n", regs->eip);\r
1217 #endif\r
1218 /* fall through */\r
1219+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1220+ case 7: /* PaX: write, present, some protection violation */\r
1221+#endif\r
1222 case 2: /* write, not present */\r
1223+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1224+ case 6:\r
1225+#endif\r
1226 if (!(vma->vm_flags & VM_WRITE))\r
1227 goto bad_area;\r
1228 write++;\r
1229 break;\r
1230 case 1: /* read, present */\r
1231 goto bad_area;\r
1232+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1233+ case 5: /* PaX: read, present, protection violation */\r
1234+#endif\r
1235 case 0: /* read, not present */\r
1236+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1237+ case 4:\r
1238+#endif\r
1239 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))\r
1240 goto bad_area;\r
1241 }\r
1242@@ -409,3 +437,441 @@\r
1243 return;\r
1244 }\r
1245 }\r
1246+#ifdef CONFIG_GRKERNSEC_PAX\r
1247+/* PaX: called with the page_table_lock spinlock held */\r
1248+static inline pte_t * pax_get_pte(struct mm_struct *mm, unsigned long address)\r
1249+{\r
1250+ pgd_t *pgd;\r
1251+ pmd_t *pmd;\r
1252+\r
1253+ pgd = pgd_offset(mm, address);\r
1254+ if (!pgd || !pgd_present(*pgd))\r
1255+ return 0;\r
1256+ pmd = pmd_offset(pgd, address);\r
1257+ if (!pmd || !pmd_present(*pmd))\r
1258+ return 0;\r
1259+ return pte_offset(pmd, address);\r
1260+}\r
1261+\r
1262+/*\r
1263+ * PaX: decide what to do with offenders\r
1264+ *\r
1265+ * returns 0 when access should be allowed\r
1266+ * 1 when task should be killed\r
1267+ * 2 when sigreturn trampoline was detected\r
1268+ * 3 when rt_sigreturn trampoline was detected\r
1269+ * 4 when gcc trampoline was detected\r
1270+ */\r
1271+static int pax_handle_read_fault(struct pt_regs *regs, unsigned long address)\r
1272+{\r
1273+ static unsigned char trans[8] = {6, 1, 2, 0, 13, 5, 3, 4};\r
1274+ int err;\r
1275+\r
1276+#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r
1277+ if (!(current->flags & PF_PAX_EMUTRAMP))\r
1278+ return 1;\r
1279+\r
1280+ { /* PaX: sigreturn emulation */\r
1281+ unsigned char pop, mov;\r
1282+ unsigned short sys;\r
1283+ unsigned long nr;\r
1284+\r
1285+ err = __get_user(pop, (unsigned char *)(regs->eip));\r
1286+ err |= __get_user(mov, (unsigned char *)(regs->eip + 1));\r
1287+ err |= __get_user(nr, (unsigned long *)(regs->eip + 2));\r
1288+ err |= __get_user(sys, (unsigned short *)(regs->eip + 6));\r
1289+\r
1290+ if (!err) {\r
1291+ if (pop == 0x58 &&\r
1292+ mov == 0xb8 &&\r
1293+ nr == __NR_sigreturn &&\r
1294+ sys == 0x80cd)\r
1295+ {\r
1296+ regs->esp += 4;\r
1297+ regs->eax = nr;\r
1298+ regs->eip += 8;\r
1299+ return 2;\r
1300+ }\r
1301+ }\r
1302+ }\r
1303+\r
1304+ { /* PaX: rt_sigreturn emulation */\r
1305+ unsigned char mov;\r
1306+ unsigned short sys;\r
1307+ unsigned long nr;\r
1308+\r
1309+ err = __get_user(mov, (unsigned char *)(regs->eip));\r
1310+ err |= __get_user(nr, (unsigned long *)(regs->eip + 1));\r
1311+ err |= __get_user(sys, (unsigned short *)(regs->eip + 5));\r
1312+\r
1313+ if (!err) {\r
1314+ if (mov == 0xb8 &&\r
1315+ nr == __NR_rt_sigreturn &&\r
1316+ sys == 0x80cd)\r
1317+ {\r
1318+ regs->eax = nr;\r
1319+ regs->eip += 7;\r
1320+ return 3;\r
1321+ }\r
1322+ }\r
1323+ }\r
1324+\r
1325+ { /* PaX: gcc trampoline emulation #1 */\r
1326+ unsigned char mov1, mov2;\r
1327+ unsigned short jmp;\r
1328+ unsigned long addr1, addr2, ret;\r
1329+\r
1330+ err = __get_user(mov1, (unsigned char *)(regs->eip));\r
1331+ err |= __get_user(addr1, (unsigned long *)(regs->eip + 1));\r
1332+ err |= __get_user(mov2, (unsigned char *)(regs->eip + 5));\r
1333+ err |= __get_user(addr2, (unsigned long *)(regs->eip + 6));\r
1334+ err |= __get_user(jmp, (unsigned short *)(regs->eip + 10));\r
1335+ err |= __get_user(ret, (unsigned long *)(regs->esp));\r
1336+\r
1337+ if (!err) {\r
1338+ unsigned short call;\r
1339+\r
1340+ err = __get_user(call, (unsigned short *)(ret-2));\r
1341+ if (!err) {\r
1342+ if ((mov1 & 0xF8) == 0xB8 &&\r
1343+ (mov2 & 0xF8) == 0xB8 &&\r
1344+ (mov1 & 0x07) != (mov2 & 0x07) &&\r
1345+ (jmp & 0xF8FF) == 0xE0FF &&\r
1346+ (mov2 & 0x07) == ((jmp>>8) & 0x07) &&\r
1347+ (call & 0xF8FF) == 0xD0FF &&\r
1348+ (regs->eip == ((unsigned long*)regs)[trans[(call>>8) & 0x07]]))\r
1349+ {\r
1350+ ((unsigned long *)regs)[trans[mov1 & 0x07]] = addr1;\r
1351+ ((unsigned long *)regs)[trans[mov2 & 0x07]] = addr2;\r
1352+ regs->eip = addr2;\r
1353+ return 4;\r
1354+ }\r
1355+ }\r
1356+ }\r
1357+ }\r
1358+\r
1359+ { /* PaX: gcc trampoline emulation #2 */\r
1360+ unsigned char mov, jmp;\r
1361+ unsigned long addr1, addr2, ret;\r
1362+\r
1363+ err = __get_user(mov, (unsigned char *)(regs->eip));\r
1364+ err |= __get_user(addr1, (unsigned long *)(regs->eip + 1));\r
1365+ err |= __get_user(jmp, (unsigned char *)(regs->eip + 5));\r
1366+ err |= __get_user(addr2, (unsigned long *)(regs->eip + 6));\r
1367+ err |= __get_user(ret, (unsigned long *)(regs->esp));\r
1368+\r
1369+ if (!err) {\r
1370+ unsigned short call;\r
1371+\r
1372+ err = __get_user(call, (unsigned short *)(ret-2));\r
1373+ if (!err) {\r
1374+ if ((mov & 0xF8) == 0xB8 &&\r
1375+ jmp == 0xE9 &&\r
1376+ (call & 0xF8FF) == 0xD0FF &&\r
1377+ (regs->eip == ((unsigned long*)regs)[trans[(call>>8) & 0x07]]))\r
1378+ {\r
1379+ ((unsigned long *)regs)[trans[mov & 0x07]] = addr1;\r
1380+ regs->eip += addr2 + 10;\r
1381+ return 4;\r
1382+ }\r
1383+ }\r
1384+ }\r
1385+ }\r
1386+#endif\r
1387+\r
1388+ return 1; /* PaX in action */\r
1389+}\r
1390+\r
1391+static int pax_handle_opcode(struct task_struct *tsk, struct pt_regs *regs)\r
1392+{\r
1393+ unsigned long opsize = 1;\r
1394+ unsigned long opsize_override = 0;\r
1395+ unsigned long i;\r
1396+\r
1397+ if (regs->eflags & TF_MASK)\r
1398+ tsk->ptrace |= PT_PAX_OLDTF;\r
1399+ else\r
1400+ tsk->ptrace &= ~PT_PAX_OLDTF;\r
1401+ tsk->ptrace &= ~PT_PAX_KEEPTF;\r
1402+\r
1403+ for (i=0; i<15; i++) {\r
1404+ unsigned char opcode;\r
1405+ if (__get_user(opcode, (unsigned char*)(regs->eip+i)))\r
1406+ break;\r
1407+ switch (opcode) {\r
1408+ case 0x26:\r
1409+ case 0x2E:\r
1410+ case 0x36:\r
1411+ case 0x3E:\r
1412+ case 0x64:\r
1413+ case 0x65:\r
1414+ case 0x67:\r
1415+ case 0xF0:\r
1416+ case 0xF2:\r
1417+ case 0xF3:\r
1418+ break;\r
1419+\r
1420+ case 0x66:\r
1421+ opsize_override = 1;\r
1422+ break;\r
1423+\r
1424+ case 0x9C: /* PUSHF */\r
1425+ if (opsize ^ opsize_override) {\r
1426+ __put_user(regs->eflags & 0x00FCFFFFul, (unsigned long*)(regs->esp-4));\r
1427+ regs->esp -= 4;\r
1428+ } else {\r
1429+ __put_user(regs->eflags, (unsigned short*)(regs->esp-2));\r
1430+ regs->esp -= 2;\r
1431+ }\r
1432+ regs->eip += i + 1;\r
1433+ return 1;\r
1434+\r
1435+ case 0x9D: /* POPF */\r
1436+ case 0xCF: /* IRET */\r
1437+ tsk->ptrace |= PT_PAX_KEEPTF;\r
1438+ return 0;\r
1439+\r
1440+ default:\r
1441+ return 0;\r
1442+ }\r
1443+ }\r
1444+ return 0;\r
1445+}\r
1446+\r
1447+static inline void pax_handle_pte(struct mm_struct *mm, unsigned long address)\r
1448+{\r
1449+ pte_t *pte;\r
1450+ pte = pax_get_pte(mm, address);\r
1451+ if (pte) {\r
1452+ set_pte(pte, pte_exprotect(*pte));\r
1453+ __flush_tlb_one(address);\r
1454+ }\r
1455+}\r
1456+\r
1457+#define PAX_SPIN_COUNT 256\r
1458+\r
1459+void pax_handle_ptes(struct task_struct *tsk)\r
1460+{\r
1461+ struct mm_struct *mm;\r
1462+\r
1463+ mm = tsk->mm;\r
1464+ spin_lock(&mm->page_table_lock);\r
1465+ switch (tsk->thread.pax_faults.count) {\r
1466+ default:\r
1467+ printk(KERN_ERR "PAX: wtf: %s:%d, %ld\n", tsk->comm, tsk->pid, tsk->thread.pax_faults.count);\r
1468+ break;\r
1469+\r
1470+ case PAX_SPIN_COUNT+4:\r
1471+ pax_handle_pte(mm, tsk->thread.pax_faults.addresses[3]);\r
1472+\r
1473+ case PAX_SPIN_COUNT+3:\r
1474+ pax_handle_pte(mm, tsk->thread.pax_faults.addresses[2]);\r
1475+\r
1476+ case PAX_SPIN_COUNT+2:\r
1477+ pax_handle_pte(mm, tsk->thread.pax_faults.addresses[1]);\r
1478+\r
1479+ case PAX_SPIN_COUNT+1:\r
1480+ pax_handle_pte(mm, tsk->thread.pax_faults.addresses[0]);\r
1481+ }\r
1482+ spin_unlock(&mm->page_table_lock);\r
1483+ tsk->thread.pax_faults.eip = 0;\r
1484+ tsk->thread.pax_faults.count = 0;\r
1485+}\r
1486+\r
1487+/*\r
1488+ * PaX: handle the extra page faults or pass it down to the original handler\r
1489+ *\r
1490+ * returns 0 when nothing special was detected\r
1491+ * 1 when sigreturn trampoline (syscall) has to be emulated\r
1492+ */\r
1493+asmlinkage int pax_do_page_fault(struct pt_regs *regs, unsigned long error_code)\r
1494+{\r
1495+ struct task_struct *tsk = current;\r
1496+ struct mm_struct *mm = current->mm;\r
1497+ unsigned long address;\r
1498+ pte_t *pte;\r
1499+ unsigned char pte_mask = _PAGE_ACCESSED | _PAGE_USER;\r
1500+ int ret;\r
1501+ unsigned long i;\r
1502+\r
1503+ __asm__("movl %%cr2,%0":"=r" (address));\r
1504+\r
1505+ /* It's safe to allow irq's after cr2 has been saved */\r
1506+ if (regs->eflags & X86_EFLAGS_IF)\r
1507+ local_irq_enable();\r
1508+\r
1509+ if ((error_code & 5) != 5 || address >= TASK_SIZE || regs->xcs != __USER_CS || (VM_MASK & regs->eflags))\r
1510+ goto chain;\r
1511+\r
1512+ /* PaX: it's our fault, let's handle it if we can */\r
1513+\r
1514+ if (error_code == 7) {\r
1515+ pte_mask |= _PAGE_DIRTY;\r
1516+ /* PaX: take a look at read faults before acquiring any locks */\r
1517+ } else if (regs->eip == address) { /* read/instruction fetch attempt from a protected page in user mode */\r
1518+ ret = pax_handle_read_fault(regs, address);\r
1519+ switch (ret) {\r
1520+ case 4:\r
1521+ tsk->thread.pax_faults.eip = 0;\r
1522+ tsk->thread.pax_faults.count = 0;\r
1523+ return 0;\r
1524+\r
1525+ case 3:\r
1526+ case 2:\r
1527+ tsk->thread.pax_faults.eip = 0;\r
1528+ tsk->thread.pax_faults.count = 0;\r
1529+ return 1;\r
1530+\r
1531+ default:\r
1532+ case 1: {\r
1533+ char* buffer = (char*)__get_free_page(GFP_KERNEL);\r
1534+ char* path=NULL;\r
1535+\r
1536+ if (buffer) {\r
1537+ struct vm_area_struct* vma;\r
1538+\r
1539+ down_read(&mm->mmap_sem);\r
1540+ vma = mm->mmap;\r
1541+ while (vma) {\r
1542+ if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {\r
1543+ break;\r
1544+ }\r
1545+ vma = vma->vm_next;\r
1546+ }\r
1547+ if (vma)\r
1548+ path = d_path(vma->vm_file->f_dentry, vma->vm_file->f_vfsmnt, buffer, PAGE_SIZE);\r
1549+ up_read(&mm->mmap_sem);\r
1550+ }\r
1551+ printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, EIP: %08lX, ESP: %08lX\n", path, tsk->comm, tsk->pid, tsk->uid, tsk->euid, regs->eip, regs->esp);\r
1552+ if (buffer) free_page((unsigned long)buffer);\r
1553+ printk(KERN_ERR "PAX: bytes at EIP: ");\r
1554+ for (i = 0; i < 20; i++) {\r
1555+ unsigned char c;\r
1556+ if (__get_user(c, (unsigned char*)(regs->eip+i))) {\r
1557+ printk("<invalid address>.");\r
1558+ break;\r
1559+ }\r
1560+ printk("%02x ", c);\r
1561+ }\r
1562+ printk("\n");\r
1563+\r
1564+ tsk->thread.pax_faults.eip = 0;\r
1565+ tsk->thread.pax_faults.count = 0;\r
1566+ tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r
1567+ regs->eflags &= ~TF_MASK;\r
1568+ tsk->thread.cr2 = address;\r
1569+ tsk->thread.error_code = error_code;\r
1570+ tsk->thread.trap_no = 14;\r
1571+ force_sig(SIGKILL,tsk);\r
1572+ return 0;\r
1573+ }\r
1574+\r
1575+ case 0:\r
1576+ }\r
1577+ }\r
1578+\r
1579+ spin_lock(&mm->page_table_lock);\r
1580+ pte = pax_get_pte(mm, address);\r
1581+ if (!pte || !(pte_val(*pte) & _PAGE_PRESENT) || pte_exec(*pte)) {\r
1582+ spin_unlock(&mm->page_table_lock);\r
1583+ goto chain;\r
1584+ }\r
1585+\r
1586+ if ((error_code == 7) && !pte_write(*pte)) { /* write attempt to a protected page in user mode */\r
1587+ spin_unlock(&mm->page_table_lock);\r
1588+ goto chain;\r
1589+ }\r
1590+\r
1591+ /*\r
1592+ * PaX: fill DTLB with user rights and retry\r
1593+ */\r
1594+ if (regs->eip != tsk->thread.pax_faults.eip) { /* detect DTLB trashing */\r
1595+ tsk->thread.pax_faults.eip = regs->eip;\r
1596+ tsk->thread.pax_faults.count = 0;\r
1597+\r
1598+pax_emu:\r
1599+ __asm__ __volatile__ (\r
1600+ "orb %2,%1\n"\r
1601+ "invlpg %0\n"\r
1602+ "testb $0,%0\n"\r
1603+ "xorb %3,%1\n"\r
1604+ :\r
1605+ : "m" (*(char*)address), "m" (*(char*)pte) , "r" (pte_mask) , "i" (_PAGE_USER)\r
1606+ : "memory", "cc");\r
1607+ spin_unlock(&mm->page_table_lock);\r
1608+ return 0;\r
1609+ }\r
1610+\r
1611+ if (tsk->thread.pax_faults.count < PAX_SPIN_COUNT) {\r
1612+ ++tsk->thread.pax_faults.count;\r
1613+ goto pax_emu;\r
1614+ }\r
1615+ spin_unlock(&mm->page_table_lock);\r
1616+\r
1617+ if (tsk->thread.pax_faults.count == PAX_SPIN_COUNT) {\r
1618+ if (pax_handle_opcode(tsk, regs)) {\r
1619+ tsk->thread.pax_faults.eip = 0;\r
1620+ tsk->thread.pax_faults.count = 0;\r
1621+ tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r
1622+ return 0;\r
1623+ } else {\r
1624+ ++tsk->thread.pax_faults.count;\r
1625+ }\r
1626+ }\r
1627+\r
1628+ if (tsk->thread.pax_faults.count > PAX_SPIN_COUNT+1+3) {\r
1629+ printk(KERN_ERR "PAX: preventing DoS: %s:%d, EIP: %08lX, ESP: %08lX\n", tsk->comm, tsk->pid, regs->eip, regs->esp);\r
1630+ printk(KERN_ERR "PAX: bytes at EIP: ");\r
1631+ for (i = 0; i < 20; i++) {\r
1632+ unsigned char c;\r
1633+ if (__get_user(c, (unsigned char*)(regs->eip+i))) {\r
1634+ printk("<invalid address>.");\r
1635+ break;\r
1636+ }\r
1637+ printk("%02x ", c);\r
1638+ }\r
1639+ printk("\n");\r
1640+\r
1641+ tsk->thread.pax_faults.eip = 0;\r
1642+ tsk->thread.pax_faults.count = 0;\r
1643+ tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);\r
1644+ regs->eflags &= ~TF_MASK;\r
1645+ tsk->thread.cr2 = address;\r
1646+ tsk->thread.error_code = error_code;\r
1647+ tsk->thread.trap_no = 14;\r
1648+ force_sig(SIGKILL,tsk);\r
1649+ return 0;\r
1650+ }\r
1651+\r
1652+ spin_lock(&mm->page_table_lock);\r
1653+ pte = pax_get_pte(mm, address);\r
1654+ if (pte) {\r
1655+ set_pte(pte, pte_mkexec(*pte));\r
1656+ __flush_tlb_one(address);\r
1657+ tsk->thread.pax_faults.addresses[tsk->thread.pax_faults.count-PAX_SPIN_COUNT-1] = address;\r
1658+ ++tsk->thread.pax_faults.count;\r
1659+ }\r
1660+ spin_unlock(&mm->page_table_lock);\r
1661+ tsk->ptrace |= PT_PAX_TRACE;\r
1662+ regs->eflags |= TF_MASK;\r
1663+\r
1664+#if 0\r
1665+ if (tsk->thread.pax_faults.count > PAX_SPIN_COUNT+1+1) {\r
1666+ printk(KERN_ERR "PAX: DTLB trashing, level %ld: %s:%d,"\r
1667+ "EIP: %08lX, ESP: %08lX, cr2: %08lX\n",\r
1668+ tsk->thread.pax_faults.count - (PAX_SPIN_COUNT+1),\r
1669+ tsk->comm, tsk->pid, regs->eip, regs->esp, address);\r
1670+ printk(KERN_ERR "PAX: DTLB trashing, %08lX, %08lX, %08lX\n",\r
1671+ tsk->thread.pax_faults.addresses[0],\r
1672+ tsk->thread.pax_faults.addresses[1],\r
1673+ tsk->thread.pax_faults.addresses[2]);\r
1674+ }\r
1675+#endif\r
1676+ return 0;\r
1677+\r
1678+chain:\r
1679+ do_page_fault(regs, error_code, address);\r
1680+ return 0;\r
1681+}\r
1682+#endif\r
1683+\r
1684diff -urN linux/arch/i386/mm/init.c linux/arch/i386/mm/init.c\r
1685--- linux/arch/i386/mm/init.c Sun Nov 11 13:09:32 2001\r
1686+++ linux/arch/i386/mm/init.c Mon Nov 26 10:37:58 2001\r
1687@@ -399,7 +399,11 @@\r
1688 pmd = pmd_offset(pgd, vaddr);\r
1689 pte = pte_offset(pmd, vaddr);\r
1690 old_pte = *pte;\r
1691+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1692+ *pte = mk_pte_phys(0, PAGE_READONLY_EXEC);\r
1693+#else\r
1694 *pte = mk_pte_phys(0, PAGE_READONLY);\r
1695+#endif\r
1696 local_flush_tlb();\r
1697 \r
1698 boot_cpu_data.wp_works_ok = do_test_wp_bit(vaddr);\r
1699diff -urN linux/arch/ia64/config.in linux/arch/ia64/config.in\r
1700--- linux/arch/ia64/config.in Fri Nov 9 17:26:17 2001\r
1701+++ linux/arch/ia64/config.in Mon Nov 26 10:37:58 2001\r
1702@@ -276,3 +276,12 @@\r
1703 fi\r
1704 \r
1705 endmenu\r
1706+\r
1707+mainmenu_option next_comment\r
1708+comment 'Grsecurity'\r
1709+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1710+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1711+ source grsecurity/Config.in\r
1712+fi\r
1713+endmenu\r
1714+\r
1715diff -urN linux/arch/m68k/config.in linux/arch/m68k/config.in\r
1716--- linux/arch/m68k/config.in Mon Jun 11 22:15:27 2001\r
1717+++ linux/arch/m68k/config.in Mon Nov 26 10:37:58 2001\r
1718@@ -546,3 +546,12 @@\r
1719 #bool 'Debug kmalloc/kfree' CONFIG_DEBUG_MALLOC\r
1720 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r
1721 endmenu\r
1722+\r
1723+mainmenu_option next_comment\r
1724+comment 'Grsecurity'\r
1725+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1726+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1727+ source grsecurity/Config.in\r
1728+fi\r
1729+endmenu\r
1730+\r
1731diff -urN linux/arch/mips/config.in linux/arch/mips/config.in\r
1732--- linux/arch/mips/config.in Mon Oct 15 16:41:34 2001\r
1733+++ linux/arch/mips/config.in Mon Nov 26 10:37:58 2001\r
1734@@ -520,3 +520,12 @@\r
1735 bool 'Run uncached' CONFIG_MIPS_UNCACHED\r
1736 fi\r
1737 endmenu\r
1738+\r
1739+mainmenu_option next_comment\r
1740+comment 'Grsecurity'\r
1741+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1742+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1743+ source grsecurity/Config.in\r
1744+fi\r
1745+endmenu\r
1746+\r
1747diff -urN linux/arch/mips64/config.in linux/arch/mips64/config.in\r
1748--- linux/arch/mips64/config.in Sun Sep 9 13:43:02 2001\r
1749+++ linux/arch/mips64/config.in Mon Nov 26 10:37:58 2001\r
1750@@ -276,3 +276,12 @@\r
1751 bool 'Run uncached' CONFIG_MIPS_UNCACHED\r
1752 fi\r
1753 endmenu\r
1754+\r
1755+mainmenu_option next_comment\r
1756+comment 'Grsecurity'\r
1757+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1758+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1759+ source grsecurity/Config.in\r
1760+fi\r
1761+endmenu\r
1762+\r
1763diff -urN linux/arch/parisc/config.in linux/arch/parisc/config.in\r
1764--- linux/arch/parisc/config.in Tue Apr 17 20:19:25 2001\r
1765+++ linux/arch/parisc/config.in Mon Nov 26 10:37:58 2001\r
1766@@ -208,3 +208,11 @@\r
1767 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r
1768 endmenu\r
1769 \r
1770+mainmenu_option next_comment\r
1771+comment 'Grsecurity'\r
1772+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1773+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1774+ source grsecurity/Config.in\r
1775+fi\r
1776+endmenu\r
1777+\r
1778diff -urN linux/arch/ppc/config.in linux/arch/ppc/config.in\r
1779--- linux/arch/ppc/config.in Fri Nov 16 13:10:08 2001\r
1780+++ linux/arch/ppc/config.in Mon Nov 26 10:37:59 2001\r
1781@@ -393,3 +393,12 @@\r
1782 bool 'Include kgdb kernel debugger' CONFIG_KGDB\r
1783 bool 'Include xmon kernel debugger' CONFIG_XMON\r
1784 endmenu\r
1785+\r
1786+mainmenu_option next_comment\r
1787+comment 'Grsecurity'\r
1788+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1789+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1790+ source grsecurity/Config.in\r
1791+fi\r
1792+endmenu\r
1793+\r
1794diff -urN linux/arch/s390/config.in linux/arch/s390/config.in\r
1795--- linux/arch/s390/config.in Fri Nov 9 16:58:02 2001\r
1796+++ linux/arch/s390/config.in Mon Nov 26 10:37:59 2001\r
1797@@ -73,3 +73,11 @@\r
1798 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r
1799 endmenu\r
1800 \r
1801+mainmenu_option next_comment\r
1802+comment 'Grsecurity'\r
1803+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1804+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1805+ source grsecurity/Config.in\r
1806+fi\r
1807+endmenu\r
1808+\r
1809diff -urN linux/arch/s390x/config.in linux/arch/s390x/config.in\r
1810--- linux/arch/s390x/config.in Thu Oct 11 12:04:57 2001\r
1811+++ linux/arch/s390x/config.in Mon Nov 26 10:37:59 2001\r
1812@@ -77,3 +77,11 @@\r
1813 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r
1814 endmenu\r
1815 \r
1816+mainmenu_option next_comment\r
1817+comment 'Grsecurity'\r
1818+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1819+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1820+ source grsecurity/Config.in\r
1821+fi\r
1822+endmenu\r
1823+\r
1824diff -urN linux/arch/sh/config.in linux/arch/sh/config.in\r
1825--- linux/arch/sh/config.in Mon Oct 15 16:36:48 2001\r
1826+++ linux/arch/sh/config.in Mon Nov 26 10:37:59 2001\r
1827@@ -386,3 +386,12 @@\r
1828 bool 'Early printk support' CONFIG_SH_EARLY_PRINTK\r
1829 fi\r
1830 endmenu\r
1831+\r
1832+mainmenu_option next_comment\r
1833+comment 'Grsecurity'\r
1834+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1835+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1836+ source grsecurity/Config.in\r
1837+fi\r
1838+endmenu\r
1839+\r
1840diff -urN linux/arch/sparc/config.in linux/arch/sparc/config.in\r
1841--- linux/arch/sparc/config.in Mon Jun 11 22:15:27 2001\r
1842+++ linux/arch/sparc/config.in Mon Nov 26 10:37:59 2001\r
1843@@ -266,3 +266,12 @@\r
1844 \r
1845 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r
1846 endmenu\r
1847+\r
1848+mainmenu_option next_comment\r
1849+comment 'Grsecurity'\r
1850+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1851+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1852+ source grsecurity/Config.in\r
1853+fi\r
1854+endmenu\r
1855+\r
1856diff -urN linux/arch/sparc64/config.in linux/arch/sparc64/config.in\r
1857--- linux/arch/sparc64/config.in Tue Nov 13 12:16:05 2001\r
1858+++ linux/arch/sparc64/config.in Mon Nov 26 10:37:59 2001\r
1859@@ -298,3 +298,12 @@\r
1860 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ\r
1861 #bool 'ECache flush trap support at ta 0x72' CONFIG_EC_FLUSH_TRAP\r
1862 endmenu\r
1863+\r
1864+mainmenu_option next_comment\r
1865+comment 'Grsecurity'\r
1866+bool 'Grsecurity' CONFIG_GRKERNSEC\r
1867+if [ "$CONFIG_GRKERNSEC" = "y" ]; then\r
1868+ source grsecurity/Config.in\r
1869+fi\r
1870+endmenu\r
1871+\r
1872diff -urN linux/drivers/char/mem.c linux/drivers/char/mem.c\r
1873--- linux/drivers/char/mem.c Fri Sep 14 17:04:07 2001\r
1874+++ linux/drivers/char/mem.c Mon Nov 26 10:37:59 2001\r
1875@@ -200,9 +200,21 @@\r
1876 /*\r
1877 * Don't dump addresses that are not real memory to a core file.\r
1878 */\r
1879+#ifdef CONFIG_GRKERNSEC_PAX\r
1880+ if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC)) {\r
1881+#else \r
1882 if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC))\r
1883+#endif\r
1884 vma->vm_flags |= VM_IO;\r
1885 \r
1886+#ifdef CONFIG_GRKERNSEC_PAX\r
1887+ /* it turned out to be device memory (eg. video RAM), don't apply PaX */\r
1888+ if ((current->flags & PF_PAX_PAGEEXEC) &&!(vma->vm_flags & VM_EXEC)) {\r
1889+ vma->vm_flags |= VM_EXEC | VM_MAYEXEC;\r
1890+ vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];\r
1891+ } \r
1892+ }\r
1893+#endif\r
1894 if (remap_page_range(vma->vm_start, offset, vma->vm_end-vma->vm_start,\r
1895 vma->vm_page_prot))\r
1896 return -EAGAIN;\r
1897@@ -365,8 +377,12 @@\r
1898 count = size;\r
1899 \r
1900 zap_page_range(mm, addr, count);\r
1901+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
1902+ zeromap_page_range(addr, count, vma->vm_page_prot); \r
1903+#else\r
1904 zeromap_page_range(addr, count, PAGE_COPY);\r
1905 \r
1906+#endif\r
1907 size -= count;\r
1908 buf += count;\r
1909 addr += count;\r
1910diff -urN linux/drivers/char/random.c linux/drivers/char/random.c\r
1911--- linux/drivers/char/random.c Fri Nov 9 17:01:21 2001\r
1912+++ linux/drivers/char/random.c Mon Nov 26 10:38:00 2001\r
1913@@ -260,6 +260,12 @@\r
1914 /*\r
1915 * Configuration information\r
1916 */\r
1917+#ifdef CONFIG_GRKERNSEC_RANDNET\r
1918+#include <linux/grsecurity.h>\r
1919+#define DEFAULT_POOL_SIZE_RANDNET 4096\r
1920+#define SECONDARY_POOL_SIZE_RANDNET 1024\r
1921+#define BATCH_ENTROPY_SIZE_RANDNET 2048\r
1922+#endif\r
1923 #define DEFAULT_POOL_SIZE 512\r
1924 #define SECONDARY_POOL_SIZE 128\r
1925 #define BATCH_ENTROPY_SIZE 256\r
1926@@ -387,8 +393,13 @@\r
1927 /*\r
1928 * Static global variables\r
1929 */\r
1930+#ifdef CONFIG_GRKERNSEC_RANDPID\r
1931+struct entropy_store *random_state; /* The default global store */\r
1932+struct entropy_store *sec_random_state; /* secondary store */\r
1933+#else\r
1934 static struct entropy_store *random_state; /* The default global store */\r
1935 static struct entropy_store *sec_random_state; /* secondary store */\r
1936+#endif\r
1937 static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);\r
1938 static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);\r
1939 \r
1940@@ -1433,11 +1444,23 @@\r
1941 {\r
1942 int i;\r
1943 \r
1944- if (create_entropy_store(DEFAULT_POOL_SIZE, &random_state))\r
1945+ if (create_entropy_store(\r
1946+#ifdef CONFIG_GRKERNSEC_RANDNET\r
1947+ grsec_enable_randnet?DEFAULT_POOL_SIZE_RANDNET:\r
1948+#endif\r
1949+ DEFAULT_POOL_SIZE, &random_state))\r
1950 return; /* Error, return */\r
1951- if (batch_entropy_init(BATCH_ENTROPY_SIZE, random_state))\r
1952+ if (batch_entropy_init(\r
1953+#ifdef CONFIG_GRKERNSEC_RANDNET\r
1954+ grsec_enable_randnet?BATCH_ENTROPY_SIZE_RANDNET:\r
1955+#endif\r
1956+ BATCH_ENTROPY_SIZE, random_state))\r
1957 return; /* Error, return */\r
1958- if (create_entropy_store(SECONDARY_POOL_SIZE, &sec_random_state))\r
1959+ if (create_entropy_store(\r
1960+#ifdef CONFIG_GRKERNSEC_RANDNET\r
1961+ grsec_enable_randnet?SECONDARY_POOL_SIZE_RANDNET:\r
1962+#endif\r
1963+ SECONDARY_POOL_SIZE, &sec_random_state))\r
1964 return; /* Error, return */\r
1965 clear_entropy_store(random_state);\r
1966 clear_entropy_store(sec_random_state);\r
1967diff -urN linux/drivers/char/vt.c linux/drivers/char/vt.c\r
1968--- linux/drivers/char/vt.c Fri Nov 16 13:08:28 2001\r
1969+++ linux/drivers/char/vt.c Mon Nov 26 10:38:00 2001\r
1970@@ -37,6 +37,10 @@\r
1971 #include <asm/vc_ioctl.h>\r
1972 #endif /* CONFIG_FB_COMPAT_XPMAC */\r
1973 \r
1974+#ifdef CONFIG_GRKERNSEC_KBMAP\r
1975+#include <linux/grsecurity.h>\r
1976+#endif\r
1977+\r
1978 char vt_dont_switch;\r
1979 extern struct tty_driver console_driver;\r
1980 \r
1981@@ -177,7 +181,11 @@\r
1982 val = (i ? K_HOLE : K_NOSUCHMAP);\r
1983 return put_user(val, &user_kbe->kb_value);\r
1984 case KDSKBENT:\r
1985+#ifdef CONFIG_GRKERNSEC_KBMAP\r
1986+ if (!perm || (grsec_enable_kbmap && !suser()))\r
1987+#else \r
1988 if (!perm)\r
1989+#endif\r
1990 return -EPERM;\r
1991 if (!i && v == K_NOSUCHMAP) {\r
1992 /* disallocate map */\r
1993@@ -298,7 +306,11 @@\r
1994 return -EFAULT;\r
1995 return ((p && *p) ? -EOVERFLOW : 0);\r
1996 case KDSKBSENT:\r
1997+#ifdef CONFIG_GRKERNSEC_KBMAP\r
1998+ if (!perm || (grsec_enable_kbmap && !suser()))\r
1999+#else \r
2000 if (!perm)\r
2001+#endif\r
2002 return -EPERM;\r
2003 \r
2004 q = func_table[i];\r
2005diff -urN linux/drivers/ieee1394/video1394.c linux/drivers/ieee1394/video1394.c\r
2006--- linux/drivers/ieee1394/video1394.c Tue Oct 2 00:24:25 2001\r
2007+++ linux/drivers/ieee1394/video1394.c Mon Nov 26 10:38:00 2001\r
2008@@ -829,7 +829,11 @@\r
2009 pos=(unsigned long) d->buf;\r
2010 while (size > 0) {\r
2011 page = kvirt_to_pa(pos);\r
2012+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2013+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r
2014+#else\r
2015 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r
2016+#endif\r
2017 return -EAGAIN;\r
2018 start+=PAGE_SIZE;\r
2019 pos+=PAGE_SIZE;\r
2020diff -urN linux/drivers/media/video/bttv-driver.c linux/drivers/media/video/bttv-driver.c\r
2021--- linux/drivers/media/video/bttv-driver.c Wed Oct 17 17:19:20 2001\r
2022+++ linux/drivers/media/video/bttv-driver.c Mon Nov 26 10:38:01 2001\r
2023@@ -2052,7 +2052,11 @@\r
2024 pos=(unsigned long) btv->fbuffer;\r
2025 while (size > 0) {\r
2026 page = kvirt_to_pa(pos);\r
2027+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2028+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r
2029+#else\r
2030 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r
2031+#endif\r
2032 return -EAGAIN;\r
2033 start+=PAGE_SIZE;\r
2034 pos+=PAGE_SIZE;\r
2035diff -urN linux/drivers/media/video/cpia.c linux/drivers/media/video/cpia.c\r
2036--- linux/drivers/media/video/cpia.c Thu Oct 25 16:53:47 2001\r
2037+++ linux/drivers/media/video/cpia.c Mon Nov 26 10:38:01 2001\r
2038@@ -3005,7 +3005,11 @@\r
2039 pos = (unsigned long)(cam->frame_buf);\r
2040 while (size > 0) {\r
2041 page = kvirt_to_pa(pos);\r
2042+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2043+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {\r
2044+#else\r
2045 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {\r
2046+#endif\r
2047 up(&cam->busy_lock);\r
2048 return -EAGAIN;\r
2049 }\r
2050diff -urN linux/drivers/media/video/meye.c linux/drivers/media/video/meye.c\r
2051--- linux/drivers/media/video/meye.c Thu Oct 25 16:53:47 2001\r
2052+++ linux/drivers/media/video/meye.c Mon Nov 26 10:38:02 2001\r
2053@@ -1263,7 +1263,11 @@\r
2054 \r
2055 while (size > 0) {\r
2056 page = kvirt_to_pa(pos);\r
2057+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2058+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {\r
2059+#else\r
2060 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {\r
2061+#endif\r
2062 up(&meye.lock);\r
2063 return -EAGAIN;\r
2064 }\r
2065diff -urN linux/drivers/media/video/planb.c linux/drivers/media/video/planb.c\r
2066--- linux/drivers/media/video/planb.c Thu Oct 25 16:53:47 2001\r
2067+++ linux/drivers/media/video/planb.c Mon Nov 26 10:38:03 2001\r
2068@@ -2009,7 +2009,11 @@\r
2069 }\r
2070 for (i = 0; i < pb->rawbuf_size; i++) {\r
2071 if (remap_page_range(start, virt_to_phys((void *)pb->rawbuf[i]),\r
2072+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2073+ PAGE_SIZE, PAGE_SHARED_EXEC))\r
2074+#else\r
2075 PAGE_SIZE, PAGE_SHARED))\r
2076+#endif\r
2077 return -EAGAIN;\r
2078 start += PAGE_SIZE;\r
2079 if (size <= PAGE_SIZE)\r
2080diff -urN linux/drivers/media/video/zr36067.c linux/drivers/media/video/zr36067.c\r
2081--- linux/drivers/media/video/zr36067.c Fri Nov 9 17:01:22 2001\r
2082+++ linux/drivers/media/video/zr36067.c Mon Nov 26 10:38:03 2001\r
2083@@ -4322,7 +4322,11 @@\r
2084 frag_tab[2 * j];\r
2085 page = virt_to_phys(bus_to_virt(pos)); /* should just be pos on i386 */\r
2086 if (remap_page_range\r
2087+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2088+ (start, page, todo, PAGE_SHARED_EXEC)) {\r
2089+#else\r
2090 (start, page, todo, PAGE_SHARED)) {\r
2091+#endif\r
2092 printk(KERN_ERR\r
2093 "%s: zoran_mmap(V4L): remap_page_range failed\n",\r
2094 zr->name);\r
2095@@ -4363,7 +4367,11 @@\r
2096 ("V4L remap page range %d 0x%lx %ld to 0x%lx\n",\r
2097 i, page, todo, start));\r
2098 if (remap_page_range\r
2099+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2100+ (start, page, todo, PAGE_SHARED_EXEC)) {\r
2101+#else\r
2102 (start, page, todo, PAGE_SHARED)) {\r
2103+#endif\r
2104 printk(KERN_ERR\r
2105 "%s: zoran_mmap(V4L): remap_page_range failed\n",\r
2106 zr->name);\r
2107diff -urN linux/drivers/media/video/zr36120.c linux/drivers/media/video/zr36120.c\r
2108--- linux/drivers/media/video/zr36120.c Fri Nov 9 17:01:22 2001\r
2109+++ linux/drivers/media/video/zr36120.c Mon Nov 26 10:38:04 2001\r
2110@@ -1484,7 +1484,11 @@\r
2111 pos = (unsigned long)ztv->fbuffer;\r
2112 while (size>0) {\r
2113 unsigned long page = virt_to_phys((void*)pos);\r
2114+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2115+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r
2116+#else\r
2117 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r
2118+#endif\r
2119 return -EAGAIN;\r
2120 start += PAGE_SIZE;\r
2121 pos += PAGE_SIZE;\r
2122diff -urN linux/drivers/usb/ov511.c linux/drivers/usb/ov511.c\r
2123--- linux/drivers/usb/ov511.c Fri Sep 14 17:04:07 2001\r
2124+++ linux/drivers/usb/ov511.c Mon Nov 26 10:38:04 2001\r
2125@@ -2769,7 +2769,11 @@\r
2126 pos = (unsigned long)ov511->fbuf;\r
2127 while (size > 0) {\r
2128 page = kvirt_to_pa(pos);\r
2129+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2130+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r
2131+#else\r
2132 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r
2133+#endif\r
2134 return -EAGAIN;\r
2135 start += PAGE_SIZE;\r
2136 pos += PAGE_SIZE;\r
2137diff -urN linux/drivers/usb/pwc-if.c linux/drivers/usb/pwc-if.c\r
2138--- linux/drivers/usb/pwc-if.c Wed Oct 17 17:34:06 2001\r
2139+++ linux/drivers/usb/pwc-if.c Mon Nov 26 10:38:04 2001\r
2140@@ -1569,7 +1569,11 @@\r
2141 pos = (unsigned long)pdev->image_data;\r
2142 while (size > 0) {\r
2143 page = kvirt_to_pa(pos);\r
2144+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2145+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r
2146+#else\r
2147 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r
2148+#endif\r
2149 return -EAGAIN;\r
2150 \r
2151 start += PAGE_SIZE;\r
2152diff -urN linux/drivers/usb/se401.c linux/drivers/usb/se401.c\r
2153--- linux/drivers/usb/se401.c Fri Sep 14 17:27:10 2001\r
2154+++ linux/drivers/usb/se401.c Mon Nov 26 10:38:05 2001\r
2155@@ -1374,7 +1374,11 @@\r
2156 pos = (unsigned long)se401->fbuf;\r
2157 while (size > 0) {\r
2158 page = kvirt_to_pa(pos);\r
2159+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2160+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {\r
2161+#else\r
2162 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {\r
2163+#endif\r
2164 up(&se401->lock);\r
2165 return -EAGAIN;\r
2166 }\r
2167diff -urN linux/drivers/usb/usbvideo.c linux/drivers/usb/usbvideo.c\r
2168--- linux/drivers/usb/usbvideo.c Thu Oct 11 02:42:46 2001\r
2169+++ linux/drivers/usb/usbvideo.c Mon Nov 26 10:38:05 2001\r
2170@@ -1199,7 +1199,11 @@\r
2171 pos = (unsigned long) uvd->fbuf;\r
2172 while (size > 0) {\r
2173 page = usbvideo_kvirt_to_pa(pos);\r
2174+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2175+ if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))\r
2176+#else\r
2177 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))\r
2178+#endif\r
2179 return -EAGAIN;\r
2180 \r
2181 start += PAGE_SIZE;\r
2182diff -urN linux/fs/binfmt_aout.c linux/fs/binfmt_aout.c\r
2183--- linux/fs/binfmt_aout.c Fri Nov 2 20:39:20 2001\r
2184+++ linux/fs/binfmt_aout.c Mon Nov 26 10:38:05 2001\r
2185@@ -5,6 +5,7 @@\r
2186 */\r
2187 \r
2188 #include <linux/module.h>\r
2189+#include <linux/config.h>\r
2190 \r
2191 #include <linux/sched.h>\r
2192 #include <linux/kernel.h>\r
2193@@ -307,6 +308,25 @@\r
2194 current->mm->mmap = NULL;\r
2195 compute_creds(bprm);\r
2196 current->flags &= ~PF_FORKNOEXEC;\r
2197+#ifdef CONFIG_GRKERNSEC_STACK\r
2198+ if (N_FLAGS(ex) & F_STACKEXEC) current->flags |= PF_STACKEXEC;\r
2199+#endif\r
2200+\r
2201+#ifdef CONFIG_GRKERNSEC_PAX\r
2202+ if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC))\r
2203+ current->flags |= PF_PAX_PAGEEXEC;\r
2204+#endif\r
2205+\r
2206+#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r
2207+ if (N_FLAGS(ex) & F_PAX_EMUTRAMP)\r
2208+ current->flags |= PF_PAX_EMUTRAMP;\r
2209+#endif\r
2210+\r
2211+#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r
2212+ if (!(N_FLAGS(ex) & F_PAX_MPROTECT)) \r
2213+ current->flags |= PF_PAX_MPROTECT;\r
2214+#endif\r
2215+\r
2216 #ifdef __sparc__\r
2217 if (N_MAGIC(ex) == NMAGIC) {\r
2218 loff_t pos = fd_offset;\r
2219@@ -393,7 +413,11 @@\r
2220 \r
2221 down_write(&current->mm->mmap_sem);\r
2222 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,\r
2223+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2224+ PROT_READ | PROT_WRITE,\r
2225+#else\r
2226 PROT_READ | PROT_WRITE | PROT_EXEC,\r
2227+#endif\r
2228 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,\r
2229 fd_offset + ex.a_text);\r
2230 up_write(&current->mm->mmap_sem);\r
2231diff -urN linux/fs/binfmt_elf.c linux/fs/binfmt_elf.c\r
2232--- linux/fs/binfmt_elf.c Sat Oct 20 22:16:59 2001\r
2233+++ linux/fs/binfmt_elf.c Mon Nov 26 10:38:05 2001\r
2234@@ -11,6 +11,7 @@\r
2235 \r
2236 #include <linux/module.h>\r
2237 \r
2238+#include <linux/config.h>\r
2239 #include <linux/fs.h>\r
2240 #include <linux/stat.h>\r
2241 #include <linux/sched.h>\r
2242@@ -33,6 +34,9 @@\r
2243 #include <linux/smp_lock.h>\r
2244 #include <linux/compiler.h>\r
2245 #include <linux/limits.h>\r
2246+#if defined(CONFIG_GRKERNSEC_PAX_RANDMMAP) || defined(CONFIG_GRKERNSEC_PAX)\r
2247+#include <linux/random.h>\r
2248+#endif\r
2249 \r
2250 #include <asm/uaccess.h>\r
2251 #include <asm/param.h>\r
2252@@ -73,7 +77,10 @@\r
2253 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))\r
2254 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))\r
2255 \r
2256-static struct linux_binfmt elf_format = {\r
2257+#ifndef CONFIG_GRKERNSEC_STACK\r
2258+static\r
2259+#endif\r
2260+struct linux_binfmt elf_format = {\r
2261 NULL, THIS_MODULE, load_elf_binary, load_elf_library, elf_core_dump, ELF_EXEC_PAGESIZE\r
2262 };\r
2263 \r
2264@@ -138,6 +145,11 @@\r
2265 } else\r
2266 u_platform = p;\r
2267 \r
2268+#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r
2269+ if (current->flags & PF_PAX_RANDMMAP)\r
2270+ u_platform -= (current->mm->delta_stack & ~PAGE_MASK);\r
2271+#endif\r
2272+\r
2273 /*\r
2274 * Force 16 byte _final_ alignment here for generality.\r
2275 */\r
2276@@ -599,7 +611,49 @@\r
2277 current->mm->end_data = 0;\r
2278 current->mm->end_code = 0;\r
2279 current->mm->mmap = NULL;\r
2280+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2281+ current->mm->delta_mmap = 0;\r
2282+ current->mm->delta_exec = 0;\r
2283+ current->mm->delta_stack = 0;\r
2284+#endif\r
2285 current->flags &= ~PF_FORKNOEXEC;\r
2286+\r
2287+#ifdef CONFIG_GRKERNSEC_STACK\r
2288+ if (elf_ex.e_flags & EF_STACKEXEC)\r
2289+ current->flags |= PF_STACKEXEC;\r
2290+#endif\r
2291+\r
2292+#ifdef CONFIG_GRKERNSEC_PAX\r
2293+ if (!(elf_ex.e_flags & EF_PAX_PAGEEXEC))\r
2294+ current->flags |= PF_PAX_PAGEEXEC;\r
2295+#endif\r
2296+\r
2297+#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r
2298+ if (elf_ex.e_flags & EF_PAX_EMUTRAMP)\r
2299+ current->flags |= PF_PAX_EMUTRAMP;\r
2300+#endif\r
2301+\r
2302+#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r
2303+ if (!(elf_ex.e_flags & EF_PAX_MPROTECT))\r
2304+ current->flags |= PF_PAX_MPROTECT;\r
2305+#endif\r
2306+\r
2307+#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r
2308+ if (!(elf_ex.e_flags & EF_PAX_RANDMMAP)) {\r
2309+ unsigned short delta;\r
2310+ current->flags |= PF_PAX_RANDMMAP;\r
2311+\r
2312+ get_random_bytes(&delta, sizeof(delta));\r
2313+ current->mm->delta_mmap = (unsigned long)delta << PAGE_SHIFT;\r
2314+\r
2315+ get_random_bytes(&delta, sizeof(delta));\r
2316+ current->mm->delta_exec = (unsigned long)delta << PAGE_SHIFT;\r
2317+\r
2318+ get_random_bytes(&delta, sizeof(delta));\r
2319+ current->mm->delta_stack = (unsigned long)delta << 4;\r
2320+ }\r
2321+#endif\r
2322+\r
2323 elf_entry = (unsigned long) elf_ex.e_entry;\r
2324 \r
2325 /* Do this immediately, since STACK_TOP as used in setup_arg_pages\r
2326@@ -654,6 +708,13 @@\r
2327 base, as well as whatever program they might try to exec. This\r
2328 is because the brk will follow the loader, and is not movable. */\r
2329 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);\r
2330+#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r
2331+ /* PaX: randomize base address at the default exe base if requested */\r
2332+ if (current->flags | PF_PAX_RANDMMAP) {\r
2333+ load_bias = ELF_PAGESTART(0x08048000 - vaddr + current->mm->delta_exec);\r
2334+ }\r
2335+#endif\r
2336+\r
2337 }\r
2338 \r
2339 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);\r
2340diff -urN linux/fs/devices.c linux/fs/devices.c\r
2341--- linux/fs/devices.c Sat Sep 22 23:35:43 2001\r
2342+++ linux/fs/devices.c Mon Nov 26 10:38:05 2001\r
2343@@ -162,7 +162,11 @@\r
2344 * is contain the open that then fills in the correct operations\r
2345 * depending on the special file...\r
2346 */\r
2347-static struct file_operations def_chr_fops = {\r
2348+\r
2349+#ifndef CONFIG_GRKERNSEC_FD\r
2350+static\r
2351+#endif\r
2352+struct file_operations def_chr_fops = {\r
2353 open: chrdev_open,\r
2354 };\r
2355 \r
2356diff -urN linux/fs/exec.c linux/fs/exec.c\r
2357--- linux/fs/exec.c Fri Nov 2 20:39:20 2001\r
2358+++ linux/fs/exec.c Mon Nov 26 10:38:06 2001\r
2359@@ -48,6 +48,28 @@\r
2360 \r
2361 int core_uses_pid;\r
2362 \r
2363+#ifdef CONFIG_OBV_PROC\r
2364+#include <linux/obvext.h>\r
2365+#include <linux/grsecurity.h>\r
2366+#endif\r
2367+\r
2368+#if defined(CONFIG_GRKERNSEC_FD) || defined(CONFIG_GRKERNSEC_EXECVE) ||\\r
2369+ defined(CONFIG_GRKERNSEC_COREDUMP)||defined(CONFIG_GRKERNSEC_TPE) ||\\r
2370+ defined(CONFIG_GRKERNSEC_CHROOT_EXECLOG) || \\r
2371+ defined(CONFIG_GRKERNSEC_EXECLOG) ||\\r
2372+ defined(CONFIG_GRKERNSEC_EXECLOG_GROUP) || defined(CONFIG_GRKERNSEC_PTRACE)\r
2373+#include <linux/grsecurity.h>\r
2374+#endif\r
2375+\r
2376+#ifdef CONFIG_GRKERNSEC_FD\r
2377+#include <linux/major.h>\r
2378+extern struct file_operations def_chr_fops;\r
2379+#endif\r
2380+\r
2381+#ifdef CONFIG_GRKERNSEC_CHROOT\r
2382+extern struct task_struct *child_reaper;\r
2383+#endif\r
2384+\r
2385 static struct linux_binfmt *formats;\r
2386 static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;\r
2387 \r
2388@@ -278,7 +300,12 @@\r
2389 lru_cache_add(page);\r
2390 flush_dcache_page(page);\r
2391 flush_page_to_ram(page);\r
2392+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2393+ set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page,\r
2394+ (tsk->flags & PF_PAX_PAGEEXEC)?PAGE_COPY_NOEXEC:PAGE_COPY_EXEC))));\r
2395+#else\r
2396 set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY))));\r
2397+#endif\r
2398 tsk->mm->rss++;\r
2399 spin_unlock(&tsk->mm->page_table_lock);\r
2400 \r
2401@@ -299,6 +326,12 @@\r
2402 \r
2403 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;\r
2404 \r
2405+#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r
2406+ if (current->flags & PF_PAX_RANDMMAP)\r
2407+ stack_base = PAGE_MASK & (stack_base - current->mm->delta_stack);\r
2408+\r
2409+#endif\r
2410+ \r
2411 bprm->p += stack_base;\r
2412 if (bprm->loader)\r
2413 bprm->loader += stack_base;\r
2414@@ -312,9 +345,15 @@\r
2415 {\r
2416 mpnt->vm_mm = current->mm;\r
2417 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;\r
2418+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
2419+ mpnt->vm_end = stack_base + MAX_ARG_PAGES*PAGE_SIZE;\r
2420+ mpnt->vm_page_prot = (current->flags & PF_PAX_PAGEEXEC)?PAGE_COPY_NOEXEC:PAGE_COPY_EXEC;\r
2421+ mpnt->vm_flags = (current->flags & PF_PAX_PAGEEXEC)?VM_STACK_FLAGS:(VM_STACK_FLAGS|VM_EXEC|VM_MAYEXEC);\r
2422+#else\r
2423 mpnt->vm_end = STACK_TOP;\r
2424 mpnt->vm_page_prot = PAGE_COPY;\r
2425 mpnt->vm_flags = VM_STACK_FLAGS;\r
2426+#endif\r
2427 mpnt->vm_ops = NULL;\r
2428 mpnt->vm_pgoff = 0;\r
2429 mpnt->vm_file = NULL;\r
2430@@ -473,6 +512,69 @@\r
2431 if (atomic_dec_and_test(&oldsig->count))\r
2432 kmem_cache_free(sigact_cachep, oldsig);\r
2433 }\r
2434+#ifdef CONFIG_GRKERNSEC_FD\r
2435+static inline int tweak_fd_open_null(struct linux_binprm *bprm)\r
2436+{\r
2437+ struct inode *i;\r
2438+ struct dentry *d;\r
2439+ struct file *f;\r
2440+\r
2441+ if(!(i = get_empty_inode()))\r
2442+ return -ENOMEM;\r
2443+ if(!(d = dget(d_alloc_root(i)))) {\r
2444+ iput(i);\r
2445+ return -ENOMEM;\r
2446+ }\r
2447+ if(!(f = get_empty_filp())) {\r
2448+ dput(d);\r
2449+ iput(i);\r
2450+ return -ENFILE;\r
2451+ }\r
2452+ i->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;\r
2453+ i->i_uid = current->fsuid;\r
2454+ i->i_gid = current->fsgid;\r
2455+ i->i_rdev = MKDEV(MEM_MAJOR,3);\r
2456+ i->i_blksize = PAGE_SIZE;\r
2457+ i->i_blocks = 0;\r
2458+ i->i_atime = i->i_mtime = i->i_ctime = CURRENT_TIME;\r
2459+ i->i_fop = &def_chr_fops;\r
2460+ i->i_state = I_DIRTY;\r
2461+\r
2462+ f->f_flags = O_RDWR;\r
2463+ f->f_mode = FMODE_READ | FMODE_WRITE;\r
2464+ f->f_dentry = d;\r
2465+ f->f_op = i->i_fop;\r
2466+ f->f_pos = 0;\r
2467+ f->f_reada = 0;\r
2468+ f->f_op->open(i,f);\r
2469+\r
2470+ bprm->tweak_fd_null = f;\r
2471+\r
2472+ return 0;\r
2473+}\r
2474+\r
2475+static int tweak_fd_0_1_2(struct linux_binprm *bprm)\r
2476+{\r
2477+ int fd,new,retval;\r
2478+\r
2479+ for(fd=0;fd<=2;fd++) {\r
2480+ if(current->files->fd[fd]) continue;\r
2481+ if((new = get_unused_fd()) != fd) {\r
2482+ if(new >= 0) put_unused_fd(new);\r
2483+ return -EMFILE;\r
2484+ }\r
2485+ if(bprm->tweak_fd_null)\r
2486+ atomic_inc(&bprm->tweak_fd_null->f_count);\r
2487+ else\r
2488+ if((retval = tweak_fd_open_null(bprm)))\r
2489+ return retval;\r
2490+\r
2491+ fd_install(fd,bprm->tweak_fd_null);\r
2492+ bprm->tweak_fd_mask |= 1 << fd;\r
2493+ }\r
2494+ return 0;\r
2495+}\r
2496+#endif\r
2497 \r
2498 /*\r
2499 * These functions flushes out all traces of the currently running executable\r
2500@@ -563,6 +665,25 @@\r
2501 current->comm[i++] = ch;\r
2502 }\r
2503 current->comm[i] = '\0';\r
2504+#ifdef CONFIG_GRKERNSEC_STACK\r
2505+ current->flags &= ~PF_STACKEXEC;\r
2506+#endif\r
2507+\r
2508+#ifdef CONFIG_GRKERNSEC_PAX\r
2509+ current->flags &= ~PF_PAX_PAGEEXEC;\r
2510+#endif\r
2511+\r
2512+#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP\r
2513+ current->flags &= ~PF_PAX_EMUTRAMP;\r
2514+#endif\r
2515+\r
2516+#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r
2517+ current->flags &= ~PF_PAX_MPROTECT;\r
2518+#endif\r
2519+\r
2520+#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r
2521+ current->flags &= ~PF_PAX_RANDMMAP;\r
2522+#endif\r
2523 \r
2524 flush_thread();\r
2525 \r
2526@@ -580,6 +701,10 @@\r
2527 flush_signal_handlers(current);\r
2528 flush_old_files(current->files);\r
2529 \r
2530+#ifdef CONFIG_GRKERNSEC_FD\r
2531+ if(grsec_enable_fd && bprm->priv_change)\r
2532+ return tweak_fd_0_1_2(bprm);\r
2533+#endif\r
2534 return 0;\r
2535 \r
2536 mmap_failed:\r
2537@@ -610,6 +735,9 @@\r
2538 {\r
2539 int mode;\r
2540 struct inode * inode = bprm->file->f_dentry->d_inode;\r
2541+#ifdef CONFIG_GRKERNSEC_FD\r
2542+ if (grsec_enable_fd) bprm->priv_change = 0;\r
2543+#endif\r
2544 \r
2545 mode = inode->i_mode;\r
2546 /*\r
2547@@ -626,8 +754,16 @@\r
2548 \r
2549 if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {\r
2550 /* Set-uid? */\r
2551- if (mode & S_ISUID)\r
2552- bprm->e_uid = inode->i_uid;\r
2553+#ifdef CONFIG_GRKERNSEC_FD\r
2554+ if (mode & S_ISUID) {\r
2555+ bprm->e_uid = inode->i_uid;\r
2556+ if(grsec_enable_fd && (bprm->e_uid != current->euid))\r
2557+ bprm->priv_change = 1;\r
2558+ }\r
2559+#else\r
2560+ if (mode & S_ISUID)\r
2561+ bprm->e_uid = inode->i_uid;\r
2562+#endif\r
2563 \r
2564 /* Set-gid? */\r
2565 /*\r
2566@@ -635,9 +771,17 @@\r
2567 * is a candidate for mandatory locking, not a setgid\r
2568 * executable.\r
2569 */\r
2570- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))\r
2571- bprm->e_gid = inode->i_gid;\r
2572- }\r
2573+#ifdef CONFIG_GRKERNSEC_FD\r
2574+ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {\r
2575+ bprm->e_gid = inode->i_gid;\r
2576+ if(grsec_enable_fd && !in_group_p(bprm->e_gid))\r
2577+ bprm->priv_change = 1;\r
2578+ }\r
2579+#else\r
2580+ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))\r
2581+ bprm->e_gid = inode->i_gid;\r
2582+#endif \r
2583+}\r
2584 \r
2585 /* We don't have VFS support for capabilities yet */\r
2586 cap_clear(bprm->cap_inheritable);\r
2587@@ -660,7 +804,26 @@\r
2588 if (bprm->e_uid == 0) \r
2589 cap_set_full(bprm->cap_effective);\r
2590 }\r
2591-\r
2592+#ifdef CONFIG_GRKERNSEC_PTRACE\r
2593+ if (current->ptrace & PT_PTRACED){\r
2594+ if(current->uid && grsec_enable_ptrace\r
2595+#ifdef CONFIG_GRKERNSEC_GROUP\r
2596+ && ((grsec_enable_ptrace_group && !in_group_p(grsec_ptrace_gid))\r
2597+ || !grsec_enable_ptrace_group)\r
2598+#endif\r
2599+ ) {\r
2600+ security_alert("denied ptrace of [%.32s:%lu] (%s) by " DEFAULTSECMSG,\r
2601+ "denied ptraces", kdevname(bprm->file->f_dentry->d_inode->i_dev),\r
2602+ bprm->file->f_dentry->d_inode->i_ino, bprm->filename, \r
2603+ DEFAULTSECARGS);\r
2604+ return -EPERM;\r
2605+ }\r
2606+ security_alert("ptrace of [%.32s:%lu] (%s) by " DEFAULTSECMSG,\r
2607+ "ptraces", kdevname(bprm->file->f_dentry->d_inode->i_dev),\r
2608+ bprm->file->f_dentry->d_inode->i_ino, bprm->filename, \r
2609+ DEFAULTSECARGS);\r
2610+ }\r
2611+#endif\r
2612 memset(bprm->buf,0,BINPRM_BUF_SIZE);\r
2613 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);\r
2614 }\r
2615@@ -708,6 +871,9 @@\r
2616 current->cap_permitted);\r
2617 }\r
2618 }\r
2619+#ifdef CONFIG_GRKERNSEC_FD\r
2620+ if (grsec_enable_fd) tweak_fd_0_1_2(bprm);\r
2621+#endif\r
2622 do_unlock = 1;\r
2623 }\r
2624 \r
2625@@ -859,6 +1025,20 @@\r
2626 struct file *file;\r
2627 int retval;\r
2628 int i;\r
2629+#if defined(CONFIG_GRKERNSEC_EXECLOG) || defined(CONFIG_GRKERNSEC_EXECLOG_GROUP)\r
2630+ int x;\r
2631+ char *grargs;\r
2632+ char grarg[68];\r
2633+#endif\r
2634+\r
2635+#ifdef CONFIG_GRKERNSEC_EXECVE\r
2636+ if(grsec_enable_execve && current->user)\r
2637+ if(atomic_read(&current->user->processes) > current->rlim[RLIMIT_NPROC].rlim_cur) {\r
2638+ security_alert("Attempt to overstep process limit by " DEFAULTSECMSG,\r
2639+ "proc limit overstep", DEFAULTSECARGS);\r
2640+ return -EAGAIN;\r
2641+ }\r
2642+#endif\r
2643 \r
2644 file = open_exec(filename);\r
2645 \r
2646@@ -866,6 +1046,16 @@\r
2647 if (IS_ERR(file))\r
2648 return retval;\r
2649 \r
2650+#ifdef CONFIG_OBV_PROC\r
2651+if( ( (obv_search(file->f_dentry,OBV_EXEC,file->f_vfsmnt)) == OBV_DENY) ) {\r
2652+ obv_seclog("denying execution of %.1024s by " DEFAULTSECMSG,\r
2653+ filename, DEFAULTSECARGS);\r
2654+ allow_write_access(file);\r
2655+ fput(file);\r
2656+ return -EPERM;\r
2657+}\r
2658+#endif\r
2659+\r
2660 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);\r
2661 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0])); \r
2662 \r
2663@@ -886,10 +1076,111 @@\r
2664 return bprm.envc;\r
2665 }\r
2666 \r
2667+#ifdef CONFIG_GRKERNSEC_FD\r
2668+ if (grsec_enable_fd) {\r
2669+ bprm.tweak_fd_mask = 0;\r
2670+ bprm.tweak_fd_null = NULL;\r
2671+ }\r
2672+#endif\r
2673 retval = prepare_binprm(&bprm);\r
2674 if (retval < 0) \r
2675 goto out; \r
2676 \r
2677+\r
2678+#ifdef CONFIG_GRKERNSEC_TPE\r
2679+if (grsec_enable_tpe) {\r
2680+#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r
2681+if (grsec_enable_tpe_glibc) {\r
2682+#ifdef CONFIG_GRKERNSEC_TPE_ALL\r
2683+if(grsec_enable_tpe_all?current->uid:in_group_p(grsec_tpe_gid)){\r
2684+#else\r
2685+if(in_group_p(grsec_tpe_gid)){\r
2686+#endif\r
2687+ char **envpp=envp,*envpt;\r
2688+ while(*envpp){\r
2689+ envpt=*envpp;\r
2690+ if((*envpt == 'L') && (*(envpt + 1) == 'D') &&\r
2691+ (*(envpt + 2) == '_') && strchr(envpt,'=')){\r
2692+ security_alert("denied exec of %.32s by " DEFAULTSECMSG\r
2693+ "reason: malicious environment","denied execs",\r
2694+ filename, DEFAULTSECARGS);\r
2695+ dput(file->f_dentry);\r
2696+ return -EACCES;\r
2697+ }\r
2698+ *envpp=*++envpp;\r
2699+ }\r
2700+ if(!strncmp(file->f_dentry->d_name.name,"ld-2.",5) &&\r
2701+ !strncmp(file->f_dentry->d_parent->d_name.name,"lib",3)){\r
2702+ security_alert("denied exec of %.32s by " DEFAULTSECMSG\r
2703+ "reason: tried to bypass via ld","denied execs",\r
2704+ filename, DEFAULTSECARGS);\r
2705+ dput(file->f_dentry);\r
2706+ return -EACCES;\r
2707+ }\r
2708+}\r
2709+}\r
2710+#endif\r
2711+if((current->uid) &&\r
2712+ ((file->f_dentry->d_parent->d_inode->i_uid) ||\r
2713+ (!(file->f_dentry->d_parent->d_inode->i_uid) &&\r
2714+ ((file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) ||\r
2715+ (file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH)))) &&\r
2716+ (in_group_p(grsec_tpe_gid))){\r
2717+ security_alert("denied exec of %.32s by " DEFAULTSECMSG\r
2718+ "reason: untrusted","denied execs",\r
2719+ filename, DEFAULTSECARGS);\r
2720+ dput(file->f_dentry);\r
2721+ return -EACCES;\r
2722+}\r
2723+#ifdef CONFIG_GRKERNSEC_TPE_ALL\r
2724+else if(grsec_enable_tpe_all &&\r
2725+ (current->uid) && !(((!(file->f_dentry->d_parent->d_inode->i_uid) &&\r
2726+ !(file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) &&\r
2727+ !(file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH)) ||\r
2728+ ((file->f_dentry->d_parent->d_inode->i_uid == current->uid) &&\r
2729+ !(file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) &&\r
2730+ !(file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH))))){\r
2731+ security_alert("denied exec of %.32s by " DEFAULTSECMSG\r
2732+ "reason: untrusted","denied execs",\r
2733+ filename, DEFAULTSECARGS);\r
2734+ dput(file->f_dentry);\r
2735+ return -EACCES;\r
2736+}\r
2737+#endif\r
2738+}\r
2739+#endif\r
2740+\r
2741+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r
2742+ if(grsec_enable_chroot_execlog && proc_is_chrooted(current)) {\r
2743+ printk(KERN_INFO "grsec: exec of %.64s within chroot "\r
2744+ "jail (%.32s:%lu) by process " DEFAULTSECMSG "\n",\r
2745+ filename,kdevname(current->fs->root->d_inode->i_dev),\r
2746+ current->fs->root->d_inode->i_ino,\r
2747+ DEFAULTSECARGS);\r
2748+ }\r
2749+#endif\r
2750+\r
2751+#if defined(CONFIG_GRKERNSEC_EXECLOG) || defined(CONFIG_GRKERNSEC_EXECLOG_GROUP)\r
2752+#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r
2753+ if (in_group_p(grsec_execlog_gid) && grsec_enable_execlog_group) {\r
2754+#else\r
2755+ if (grsec_enable_execlog) {\r
2756+#endif\r
2757+ for(x=0;x<sizeof(grarg);x++)\r
2758+ grarg[x]='\0';\r
2759+ for(x=0;x<bprm.argc;x++) {\r
2760+ if((strlen(argv[x]) + strlen(grarg) + 2) < sizeof(grarg)) {\r
2761+ grargs=strcat(grarg,argv[x]);\r
2762+ if(x<bprm.argc-1)\r
2763+ grargs=strcat(grarg," ");\r
2764+ }\r
2765+ }\r
2766+ printk(KERN_INFO "grsec: exec of [%.32s:%lu] (%.68s) by " DEFAULTSECMSG\r
2767+ "\n", kdevname(file->f_dentry->d_inode->i_dev),\r
2768+ file->f_dentry->d_inode->i_ino, grarg, DEFAULTSECARGS);\r
2769+ }\r
2770+#endif\r
2771+\r
2772 retval = copy_strings_kernel(1, &bprm.filename, &bprm);\r
2773 if (retval < 0) \r
2774 goto out; \r
2775@@ -904,9 +1195,19 @@\r
2776 goto out; \r
2777 \r
2778 retval = search_binary_handler(&bprm,regs);\r
2779- if (retval >= 0)\r
2780+ if (retval >= 0) {\r
2781+#ifdef CONFIG_OBV_PROC\r
2782+ if(obv_set_proc_acl(file->f_dentry,current,filename,file->f_vfsmnt)) {\r
2783+ obv_seclog("could not set acl for %ld %d",\r
2784+ file->f_dentry->d_inode->i_ino,\r
2785+ file->f_dentry->d_inode->i_dev);\r
2786+ goto out; \r
2787+ }\r
2788+#endif\r
2789+\r
2790 /* execve success */\r
2791 return retval;\r
2792+ }\r
2793 \r
2794 out:\r
2795 /* Something went wrong, return the inode and free the argument pages*/\r
2796@@ -920,6 +1221,13 @@\r
2797 __free_page(page);\r
2798 }\r
2799 \r
2800+#ifdef CONFIG_GRKERNSEC_FD\r
2801+ if(grsec_enable_fd && bprm.tweak_fd_mask) { \r
2802+ for(i=0;i<=2;i++)\r
2803+ if(bprm.tweak_fd_mask & (1 << i))\r
2804+ (void)sys_close(i);\r
2805+ }\r
2806+#endif\r
2807 return retval;\r
2808 }\r
2809 \r
2810@@ -952,7 +1260,14 @@\r
2811 goto fail;\r
2812 \r
2813 memcpy(corename,"core.", 5);\r
2814+#ifdef CONFIG_GRKERNSEC_COREDUMP\r
2815+ if(grsec_enable_coredump)\r
2816+ memcpy(corename+5,current->comm,sizeof(current->comm));\r
2817+ else\r
2818+ corename[4] = '\0';\r
2819+#else\r
2820 corename[4] = '\0';\r
2821+#endif\r
2822 if (core_uses_pid || atomic_read(&current->mm->mm_users) != 1)\r
2823 sprintf(&corename[4], ".%d", current->pid);\r
2824 file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);\r
2825@@ -970,7 +1285,11 @@\r
2826 goto close_fail;\r
2827 if (!file->f_op->write)\r
2828 goto close_fail;\r
2829+#ifdef CONFIG_OBV_PROC\r
2830+ if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)\r
2831+#else\r
2832 if (do_truncate(file->f_dentry, 0) != 0)\r
2833+#endif\r
2834 goto close_fail;\r
2835 \r
2836 down_read(&current->mm->mmap_sem);\r
2837diff -urN linux/fs/namei.c linux/fs/namei.c\r
2838--- linux/fs/namei.c Wed Oct 17 17:46:29 2001\r
2839+++ linux/fs/namei.c Mon Nov 26 10:38:06 2001\r
2840@@ -26,8 +26,22 @@\r
2841 #include <asm/namei.h>\r
2842 #include <asm/uaccess.h>\r
2843 \r
2844+#if defined(CONFIG_GRKERNSEC_LINK) || defined(CONFIG_GRKERNSEC_FIFO) ||\\r
2845+ defined(CONFIG_GRKERNSEC_CHROOT)\r
2846+#include <linux/grsecurity.h>\r
2847+#endif\r
2848+\r
2849+#ifdef CONFIG_OBV_PROC\r
2850+#include <linux/obvext.h>\r
2851+#include <linux/grsecurity.h>\r
2852+#endif\r
2853+\r
2854 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])\r
2855 \r
2856+#ifdef CONFIG_GRKERNSEC_CHROOT\r
2857+extern struct task_struct *child_reaper;\r
2858+#endif\r
2859+\r
2860 /* [Feb-1997 T. Schoebel-Theuer]\r
2861 * Fundamental changes in the pathname lookup mechanisms (namei)\r
2862 * were necessary because of omirr. The reason is that omirr needs\r
2863@@ -342,6 +356,27 @@\r
2864 current->state = TASK_RUNNING;\r
2865 schedule();\r
2866 }\r
2867+\r
2868+#ifdef CONFIG_GRKERNSEC_LINK\r
2869+ if(grsec_enable_link && S_ISLNK(dentry->d_inode->i_mode) &&\r
2870+ (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&\r
2871+ dentry->d_parent->d_inode->i_uid != dentry->d_inode->i_uid &&\r
2872+ (dentry->d_parent->d_inode->i_mode & S_IWOTH) &&\r
2873+ current->fsuid != dentry->d_inode->i_uid) {\r
2874+ security_alert("not following symlink (%.30s/%.30s) of [%.32s]:%lu owned by %d.%d "\r
2875+ "by " DEFAULTSECMSG,"symlinks not followed",\r
2876+ dentry->d_parent->d_name.name,\r
2877+ dentry->d_name.name,\r
2878+ kdevname(dentry->d_inode->i_dev),\r
2879+ dentry->d_inode->i_ino,\r
2880+ dentry->d_inode->i_uid,\r
2881+ dentry->d_inode->i_gid,\r
2882+ DEFAULTSECARGS);\r
2883+ path_release(nd);\r
2884+ return -EACCES;\r
2885+ }\r
2886+#endif\r
2887+\r
2888 current->link_count++;\r
2889 current->total_link_count++;\r
2890 UPDATE_ATIME(dentry->d_inode);\r
2891@@ -625,6 +660,20 @@\r
2892 else if (this.len == 2 && this.name[1] == '.')\r
2893 nd->last_type = LAST_DOTDOT;\r
2894 return_base:\r
2895+#ifdef CONFIG_OBV_PROC\r
2896+ if(nd->dentry && !(IS_ERR(nd->dentry)))\r
2897+ if( ( (obv_check_hidden(nd->dentry,nd->mnt)) == OBV_DENY) ) {\r
2898+ obv_seclog("attempt to access hidden file "\r
2899+ "with inode %ld dev %d by " DEFAULTSECMSG,\r
2900+ nd->dentry->d_inode->i_ino,\r
2901+ nd->dentry->d_inode->i_dev, DEFAULTSECARGS);\r
2902+ err = -ENOENT; /*Fake that its not there*/\r
2903+ dput(dentry);\r
2904+ path_release(nd);\r
2905+ goto return_err;\r
2906+ }\r
2907+#endif\r
2908+\r
2909 return 0;\r
2910 out_dput:\r
2911 dput(dentry);\r
2912@@ -976,6 +1025,49 @@\r
2913 struct dentry *dentry;\r
2914 struct dentry *dir;\r
2915 int count = 0;\r
2916+#ifdef CONFIG_OBV_PROC\r
2917+ int tmp;\r
2918+ if(flag & OBV_NONEXISTANT) {\r
2919+ flag &= ~OBV_NONEXISTANT;\r
2920+ if(path_init(pathname,lookup_flags(flag)|LOOKUP_PARENT,nd))\r
2921+ error = path_walk(pathname,nd);\r
2922+ if(error) return error;\r
2923+ } else {\r
2924+ if(path_init(pathname,lookup_flags(flag),nd))\r
2925+ error = path_walk(pathname,nd);\r
2926+ if(error) return error;\r
2927+ }\r
2928+ if( (tmp = (flag&O_ACCMODE)) > 0) {\r
2929+ if(tmp & FMODE_READ ) {\r
2930+ if( (obv_search(nd->dentry,OBV_READ,nd->mnt)) == OBV_DENY) {\r
2931+ obv_seclog("attempt to open %.1024s read-only "\r
2932+ "by " DEFAULTSECMSG, pathname, DEFAULTSECARGS);\r
2933+ error = -EPERM;\r
2934+ goto exit;\r
2935+ }\r
2936+ }\r
2937+ else if(flag & O_APPEND) {\r
2938+ if( (obv_search(nd->dentry,OBV_APPEND,nd->mnt)) == OBV_DENY) {\r
2939+ obv_seclog("attempt to open %.1024s "\r
2940+ "append-only by " DEFAULTSECMSG,\r
2941+ pathname, DEFAULTSECARGS);\r
2942+ error = -EPERM;\r
2943+ goto exit;\r
2944+ }\r
2945+ }\r
2946+ if(tmp & FMODE_WRITE && (!(flag & O_APPEND))) { /* its write*/\r
2947+ if( ( (obv_search(nd->dentry,OBV_WRITE,nd->mnt)) == OBV_DENY) ) {\r
2948+ obv_seclog("attempt to open %.1024s "\r
2949+ "for writing by " DEFAULTSECMSG,\r
2950+ pathname, DEFAULTSECARGS);\r
2951+ error = -EPERM;\r
2952+ goto exit;\r
2953+ }\r
2954+ }\r
2955+ }\r
2956+ path_release(nd);\r
2957+#endif\r
2958+\r
2959 \r
2960 acc_mode = ACC_MODE(flag);\r
2961 \r
2962@@ -1083,6 +1175,22 @@\r
2963 * actually live on the filesystem itself, and as such you\r
2964 * can write to them even if the filesystem is read-only.\r
2965 */\r
2966+#ifdef CONFIG_GRKERNSEC_FIFO\r
2967+ if (grsec_enable_fifo &&\r
2968+ S_ISFIFO(inode->i_mode) && !(flag & O_EXCL) &&\r
2969+ (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&\r
2970+ inode->i_uid != dentry->d_parent->d_inode->i_uid &&\r
2971+ current->fsuid != inode->i_uid) {\r
2972+ if (!permission(inode, acc_mode))\r
2973+ security_alert("denied writing FIFO (%.32s/%.32s) of %d.%d "\r
2974+ "by " DEFAULTSECMSG,\r
2975+ "writes into a FIFO denied",dentry->d_parent->d_name.name,dentry->d_name.name,\r
2976+ inode->i_uid, inode->i_gid,\r
2977+ DEFAULTSECARGS);\r
2978+ error = -EACCES;\r
2979+ goto exit_dput;\r
2980+ }\r
2981+#endif\r
2982 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {\r
2983 flag &= ~O_TRUNC;\r
2984 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {\r
2985@@ -1126,7 +1234,11 @@\r
2986 if (!error) {\r
2987 DQUOT_INIT(inode);\r
2988 \r
2989+#ifdef CONFIG_OBV_PROC\r
2990+ error = do_truncate(dentry,0,nd->mnt);\r
2991+#else\r
2992 error = do_truncate(dentry, 0);\r
2993+#endif\r
2994 }\r
2995 put_write_access(inode);\r
2996 if (error)\r
2997@@ -1157,6 +1269,24 @@\r
2998 * stored in nd->last.name and we will have to putname() it when we\r
2999 * are done. Procfs-like symlinks just set LAST_BIND.\r
3000 */\r
3001+#ifdef CONFIG_GRKERNSEC_LINK\r
3002+ if(grsec_enable_link && S_ISLNK(dentry->d_inode->i_mode) &&\r
3003+ (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&\r
3004+ dentry->d_parent->d_inode->i_uid != dentry->d_inode->i_uid &&\r
3005+ (dentry->d_parent->d_inode->i_mode & S_IWOTH) &&\r
3006+ current->fsuid != dentry->d_inode->i_uid) {\r
3007+ security_alert("not following symlink (%.30s/%.30s) [%.32s]:%lu of %d.%d "\r
3008+ "by " DEFAULTSECMSG,"symlinks not followed",\r
3009+ dentry->d_parent->d_name.name, dentry->d_name.name, \r
3010+ kdevname(dentry->d_inode->i_dev), \r
3011+ dentry->d_inode->i_ino, dentry->d_inode->i_uid,\r
3012+ dentry->d_inode->i_gid,\r
3013+ DEFAULTSECARGS);\r
3014+ error = -EACCES;\r
3015+ goto exit_dput;\r
3016+ }\r
3017+#endif\r
3018+\r
3019 UPDATE_ATIME(dentry->d_inode);\r
3020 error = dentry->d_inode->i_op->follow_link(dentry, nd);\r
3021 dput(dentry);\r
3022@@ -1241,6 +1371,9 @@\r
3023 struct dentry * dentry;\r
3024 struct nameidata nd;\r
3025 \r
3026+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3027+ char grdevmode;\r
3028+#endif\r
3029 if (S_ISDIR(mode))\r
3030 return -EPERM;\r
3031 tmp = getname(filename);\r
3032@@ -1256,6 +1389,37 @@\r
3033 \r
3034 mode &= ~current->fs->umask;\r
3035 if (!IS_ERR(dentry)) {\r
3036+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3037+ if (grsec_enable_chroot && !S_ISFIFO(mode) && proc_is_chrooted(current)) {\r
3038+ switch (mode & S_IFMT) {\r
3039+ case S_IFREG: grdevmode = 'r'; break;\r
3040+ case S_IFCHR: grdevmode = 'c'; break;\r
3041+ case S_IFBLK: grdevmode = 'b'; break;\r
3042+ case S_IFSOCK: grdevmode = 's'; break;\r
3043+ default: grdevmode = 'u';\r
3044+ }\r
3045+ security_alert("refused attempt to mknod(%c:%.32s) (%.30s) from chroot() jail (%s:%lu) "\r
3046+ "owned by %d %d by " DEFAULTSECMSG, \r
3047+ "mknods in chroot denied",grdevmode,kdevname(dev),tmp,\r
3048+ kdevname(current->fs->root->d_inode->i_dev),current->fs->root->d_inode->i_ino,\r
3049+ current->fs->root->d_inode->i_uid,current->fs->root->d_inode->i_gid,\r
3050+ DEFAULTSECARGS);\r
3051+ error = -EPERM;\r
3052+ dput(dentry);\r
3053+ goto out_dput;\r
3054+ }\r
3055+#endif \r
3056+#ifdef CONFIG_OBV_PROC\r
3057+ if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY) ) {\r
3058+ obv_seclog("attempt to mknod %.1024s (dev %d) by "\r
3059+ DEFAULTSECMSG, filename, dev,\r
3060+ DEFAULTSECARGS);\r
3061+ error = -EPERM;\r
3062+ dput(dentry);\r
3063+ goto out_dput;\r
3064+ }\r
3065+#endif\r
3066+ \r
3067 switch (mode & S_IFMT) {\r
3068 case 0: case S_IFREG:\r
3069 error = vfs_create(nd.dentry->d_inode,dentry,mode);\r
3070@@ -1271,6 +1435,7 @@\r
3071 }\r
3072 dput(dentry);\r
3073 }\r
3074+out_dput:\r
3075 up(&nd.dentry->d_inode->i_sem);\r
3076 path_release(&nd);\r
3077 out:\r
3078@@ -1323,6 +1488,17 @@\r
cab4bb15 3079 if (!IS_ERR(dentry)) {\r
842916cd
JR		 3080 if (!IS_POSIX_ACL(nd.dentry->d_inode))\r
3081 mode &= ~current->fs->umask;\r
cab4bb15 3082+#ifdef CONFIG_OBV_PROC\r
3083+ error = 0;\r
3084+ if( ( ((obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY))){\r
3085+ obv_seclog("attempt to mkdir %.1024s by "\r
3086+ DEFAULTSECMSG, pathname,\r
3087+ DEFAULTSECARGS);\r
3088+ error = -EPERM;\r
3089+ }\r
3090+ if(!error)\r
3091+#endif\r
3092+\r
842916cd 3093 error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);\r
cab4bb15 3094 dput(dentry);\r
842916cd 3095 }\r
cab4bb15 3096@@ -1431,7 +1607,17 @@\r
3097 dentry = lookup_hash(&nd.last, nd.dentry);\r
3098 error = PTR_ERR(dentry);\r
3099 if (!IS_ERR(dentry)) {\r
3100- error = vfs_rmdir(nd.dentry->d_inode, dentry);\r
3101+#ifdef CONFIG_OBV_PROC\r
3102+ error = 0;\r
3103+ if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r
3104+ obv_seclog("attempt to rmdir %.1024s by "\r
3105+ DEFAULTSECMSG, pathname,\r
3106+ DEFAULTSECARGS);\r
3107+ error = -EPERM;\r
3108+ }\r
3109+ if(!error)\r
3110+#endif\r
3111+ error = vfs_rmdir(nd.dentry->d_inode, dentry);\r
3112 dput(dentry);\r
3113 }\r
3114 up(&nd.dentry->d_inode->i_sem);\r
3115@@ -1494,7 +1680,17 @@\r
3116 /* Why not before? Because we want correct error value */\r
3117 if (nd.last.name[nd.last.len])\r
3118 goto slashes;\r
3119- error = vfs_unlink(nd.dentry->d_inode, dentry);\r
3120+#ifdef CONFIG_OBV_PROC\r
3121+ error = 0;\r
3122+ if( ( (obv_search(dentry,OBV_WRITE, nd.mnt)) == OBV_DENY)) {\r
3123+ obv_seclog("attempt to unlink %.1024s by " DEFAULTSECMSG,\r
3124+ name, DEFAULTSECARGS);\r
3125+ error = -EPERM;\r
3126+ }\r
3127+ if(!error)\r
3128+#endif\r
3129+\r
3130+ error = vfs_unlink(nd.dentry->d_inode, dentry);\r
3131 exit2:\r
3132 dput(dentry);\r
3133 }\r
3134@@ -1559,7 +1755,19 @@\r
3135 dentry = lookup_create(&nd, 0);\r
3136 error = PTR_ERR(dentry);\r
3137 if (!IS_ERR(dentry)) {\r
3138- error = vfs_symlink(nd.dentry->d_inode, dentry, from);\r
3139+#ifdef CONFIG_OBV_PROC\r
3140+ error = 0;\r
3141+ if( obv_search(nd.dentry,OBV_WRITE,nd.mnt) == OBV_DENY)\r
3142+ {\r
3143+ obv_seclog("attempt to symlink %.1024s"\r
3144+ "to %.1024s by " DEFAULTSECMSG,\r
3145+ from, to, DEFAULTSECARGS);\r
3146+ error = -EPERM;\r
3147+ }\r
3148+\r
3149+ if(!error) \r
3150+#endif\r
3151+ error = vfs_symlink(nd.dentry->d_inode, dentry, from);\r
3152 dput(dentry);\r
3153 }\r
3154 up(&nd.dentry->d_inode->i_sem);\r
3155@@ -1650,6 +1858,35 @@\r
3156 new_dentry = lookup_create(&nd, 0);\r
3157 error = PTR_ERR(new_dentry);\r
3158 if (!IS_ERR(new_dentry)) {\r
3159+#ifdef CONFIG_GRKERNSEC_LINK\r
3160+ if(grsec_enable_link) {\r
3161+ error = -EPERM;\r
3162+ if(current->fsuid != old_nd.dentry->d_inode->i_uid &&\r
3163+ (!S_ISREG(old_nd.dentry->d_inode->i_mode) ||\r
3164+ (old_nd.dentry->d_inode->i_mode & S_ISUID) ||\r
3165+ ((old_nd.dentry->d_inode->i_mode & (S_ISGID | S_IXGRP)) == \r
3166+ (S_ISGID | S_IXGRP)) || (error = permission(old_nd.dentry->d_inode,\r
3167+ MAY_READ | MAY_WRITE))) && !capable(CAP_FOWNER) \r
3168+ && current->uid) {\r
3169+ security_alert("denied hardlink of %.30s (owned by %d.%d) to %.30s for "\r
3170+ DEFAULTSECMSG, "denied hardlinks",oldname,old_nd.dentry->d_inode->i_uid,\r
3171+ old_nd.dentry->d_inode->i_gid,newname,DEFAULTSECARGS);\r
3172+ dput(new_dentry);\r
3173+ goto out_release;\r
3174+ }\r
3175+ }\r
3176+#endif \r
3177+#ifdef CONFIG_OBV_PROC\r
3178+ error = 0;\r
3179+ if( obv_search(old_nd.dentry,OBV_WRITE,old_nd.mnt) == OBV_DENY || obv_search(nd.dentry,OBV_WRITE,nd.mnt) == OBV_DENY) {\r
3180+ obv_seclog("attempt to link %.1024s to %.1024s by " \r
3181+ DEFAULTSECMSG, oldname, newname,\r
3182+ DEFAULTSECARGS);\r
3183+ error = -EPERM;\r
3184+ }\r
3185+ if(!error)\r
3186+#endif\r
3187+\r
3188 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);\r
3189 dput(new_dentry);\r
3190 }\r
3191@@ -1887,11 +2124,25 @@\r
3192 error = PTR_ERR(new_dentry);\r
3193 if (IS_ERR(new_dentry))\r
3194 goto exit4;\r
3195+#ifdef CONFIG_OBV_PROC\r
3196+ error = 0;\r
3197+ if( obv_search(old_dir,OBV_WRITE,oldnd.mnt) == OBV_DENY || obv_search(new_dir,OBV_WRITE,newnd.mnt) == OBV_DENY) {\r
3198+ obv_seclog("attempt to rename %.1024s to %.1024s by " \r
3199+ DEFAULTSECMSG, oldname, newname,\r
3200+ DEFAULTSECARGS);\r
3201+ error = -EPERM;\r
3202+ }\r
3203+ if(!error) {\r
3204+#endif\r
3205+\r
3206 \r
3207 lock_kernel();\r
3208 error = vfs_rename(old_dir->d_inode, old_dentry,\r
3209 new_dir->d_inode, new_dentry);\r
3210 unlock_kernel();\r
3211+#ifdef CONFIG_OBV_PROC\r
3212+ }\r
3213+#endif\r
3214 \r
3215 dput(new_dentry);\r
3216 exit4:\r
3217diff -urN linux/fs/namespace.c linux/fs/namespace.c\r
3218--- linux/fs/namespace.c Sun Nov 11 14:23:14 2001\r
3219+++ linux/fs/namespace.c Mon Nov 26 10:38:06 2001\r
3220@@ -16,6 +16,11 @@\r
3221 #include <linux/acct.h>\r
3222 #include <linux/module.h>\r
3223 #include <linux/devfs_fs_kernel.h>\r
3224+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3225+#include <linux/sched.h>\r
3226+#include <linux/grsecurity.h>\r
3227+extern struct task_struct *child_reaper;\r
3228+#endif\r
3229 \r
3230 #include <asm/uaccess.h>\r
3231 \r
3232@@ -714,6 +719,20 @@\r
3233 retval = path_walk(dir_name, &nd);\r
3234 if (retval)\r
3235 return retval;\r
3236+\r
3237+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3238+ if (grsec_enable_chroot && proc_is_chrooted(current)) {\r
3239+ security_alert("denied attempt to mount (%.30s) as %.64s from chroot jail (%.32s:%lu) "\r
3240+ "of %d.%d by " DEFAULTSECMSG, "denied mounts in chroot",\r
3241+ dev_name,dir_name, kdevname(current->fs->root->d_inode->i_dev),\r
3242+ current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,\r
3243+ current->fs->root->d_inode->i_gid, DEFAULTSECARGS);\r
3244+ retval = -EPERM;\r
3245+ path_release(&nd);\r
3246+ return retval;\r
3247+ }\r
3248+#endif\r
3249+\r
3250 \r
3251 if (flags & MS_REMOUNT)\r
3252 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,\r
3253diff -urN linux/fs/open.c linux/fs/open.c\r
3254--- linux/fs/open.c Fri Oct 12 16:48:42 2001\r
3255+++ linux/fs/open.c Mon Nov 26 10:38:06 2001\r
3256@@ -18,8 +18,36 @@\r
3257 \r
3258 #include <asm/uaccess.h>\r
3259 \r
3260+#if defined(CONFIG_GRKERNSEC_CHROOT)||\\r
3261+ defined(CONFIG_GRKERNSEC_CHROOT_CAPS)\r
3262+#include <linux/grsecurity.h>\r
3263+#endif\r
3264+\r
3265+#ifdef CONFIG_OBV_PROC\r
3266+#include <linux/obvext.h>\r
3267+#include <linux/grsecurity.h>\r
3268+#endif\r
3269+\r
3270 #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))\r
3271 \r
3272+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3273+extern struct task_struct *child_reaper;\r
3274+#endif\r
3275+\r
3276+#ifdef CONFIG_OBV_PROC\r
3277+static int conv_flags(int p) {\r
3278+ int retval = LOOKUP_FOLLOW;\r
3279+ if(p & O_NOFOLLOW)\r
3280+ retval &= ~LOOKUP_FOLLOW;\r
3281+ if( (p & (O_CREAT|O_EXCL)) == (O_CREAT | O_EXCL))\r
3282+ retval &= ~LOOKUP_FOLLOW;\r
3283+ if(p & O_DIRECTORY)\r
3284+ retval |= LOOKUP_DIRECTORY;\r
3285+ return retval;\r
3286+}\r
3287+#endif\r
3288+\r
3289+\r
3290 int vfs_statfs(struct super_block *sb, struct statfs *buf)\r
3291 {\r
3292 int retval = -ENODEV;\r
3293@@ -71,7 +99,11 @@\r
3294 return error;\r
3295 }\r
3296 \r
3297+#ifdef CONFIG_OBV_PROC\r
3298+int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)\r
3299+#else\r
3300 int do_truncate(struct dentry *dentry, loff_t length)\r
3301+#endif\r
3302 {\r
3303 struct inode *inode = dentry->d_inode;\r
3304 int error;\r
3305@@ -81,6 +113,17 @@\r
3306 if (length < 0)\r
3307 return -EINVAL;\r
3308 \r
3309+#ifdef CONFIG_OBV_PROC\r
3310+ if( ( (obv_search(dentry,OBV_WRITE,mnt)) == OBV_DENY)) {\r
3311+ obv_seclog("attempted to truncate file with inode %ld dev "\r
3312+ "%d by " DEFAULTSECMSG,\r
3313+ dentry->d_inode->i_ino,\r
3314+ dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3315+ return -EPERM;\r
3316+ }\r
3317+#endif\r
3318+\r
3319+\r
3320 down(&inode->i_sem);\r
3321 newattrs.ia_size = length;\r
3322 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;\r
3323@@ -139,7 +182,11 @@\r
3324 error = locks_verify_truncate(inode, NULL, length);\r
3325 if (!error) {\r
3326 DQUOT_INIT(inode);\r
3327+#ifdef CONFIG_OBV_PROC\r
3328+ error = do_truncate(nd.dentry, length, nd.mnt);\r
3329+#else\r
3330 error = do_truncate(nd.dentry, length);\r
3331+#endif\r
3332 }\r
3333 put_write_access(inode);\r
3334 \r
3335@@ -191,7 +238,11 @@\r
3336 \r
3337 error = locks_verify_truncate(inode, file, length);\r
3338 if (!error)\r
3339+#ifdef CONFIG_OBV_PROC\r
3340+ error = do_truncate(dentry, length, file->f_vfsmnt);\r
3341+#else\r
3342 error = do_truncate(dentry, length);\r
3343+#endif\r
3344 out_putf:\r
3345 fput(file);\r
3346 out:\r
3347@@ -245,6 +296,18 @@\r
3348 if (IS_RDONLY(inode))\r
3349 goto dput_and_out;\r
3350 \r
3351+#ifdef CONFIG_OBV_PROC\r
3352+ if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r
3353+ obv_seclog("attempted to change access time for file" \r
3354+ "with inode %ld dev %d by " DEFAULTSECMSG,\r
3355+ nd.dentry->d_inode->i_ino,\r
3356+ nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3357+ error = -EPERM;\r
3358+ goto dput_and_out;\r
3359+ }\r
3360+#endif\r
3361+\r
3362+\r
3363 /* Don't worry, the checks are done in inode_change_ok() */\r
3364 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;\r
3365 if (times) {\r
3366@@ -290,6 +353,18 @@\r
3367 if (IS_RDONLY(inode))\r
3368 goto dput_and_out;\r
3369 \r
3370+#ifdef CONFIG_OBV_PROC\r
3371+ if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r
3372+ obv_seclog("attempted to change access time for file with"\r
3373+ "inode %ld dev %d by " DEFAULTSECMSG,\r
3374+ nd.dentry->d_inode->i_ino,\r
3375+ nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3376+ error = -EPERM;\r
3377+ goto dput_and_out;\r
3378+ }\r
3379+#endif\r
3380+\r
3381+\r
3382 /* Don't worry, the checks are done in inode_change_ok() */\r
3383 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;\r
3384 if (utimes) {\r
3385@@ -341,6 +416,16 @@\r
3386 \r
3387 res = user_path_walk(filename, &nd);\r
3388 if (!res) {\r
3389+#ifdef CONFIG_OBV_PROC\r
3390+ if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r
3391+ obv_seclog("attempted to access file with inode %ld dev "\r
3392+ "%d by " DEFAULTSECMSG, nd.dentry->d_inode->i_ino,\r
3393+ nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3394+ path_release(&nd);\r
3395+ return -EPERM;\r
3396+ }\r
3397+#endif\r
3398+\r
3399 res = permission(nd.dentry->d_inode, mode);\r
3400 /* SuS v2 requires we report a read only fs too */\r
3401 if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)\r
3402@@ -378,6 +463,16 @@\r
3403 if (error)\r
3404 goto dput_and_out;\r
3405 \r
3406+#ifdef CONFIG_OBV_PROC\r
3407+ if( ( (obv_search(nd.dentry,OBV_READ,nd.mnt)) == OBV_DENY)) {\r
3408+ obv_seclog("Attempted to chdir to directory with inode %ld dev "\r
3409+ "%d by " DEFAULTSECMSG, nd.dentry->d_inode->i_ino,\r
3410+ nd.dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3411+ error = -EPERM;\r
3412+ goto dput_and_out;\r
3413+ }\r
3414+#endif\r
3415+\r
3416 set_fs_pwd(current->fs, nd.mnt, nd.dentry);\r
3417 \r
3418 dput_and_out:\r
3419@@ -408,6 +503,16 @@\r
3420 goto out_putf;\r
3421 \r
3422 error = permission(inode, MAY_EXEC);\r
3423+\r
3424+#ifdef CONFIG_OBV_PROC\r
3425+ if( ( (obv_search(file->f_dentry,OBV_WRITE,file->f_vfsmnt)) == OBV_DENY)) {\r
3426+ obv_seclog("attempted to truncate file with inode %ld dev "\r
3427+ "%d by " DEFAULTSECMSG,file->f_dentry->d_inode->i_ino,\r
3428+ file->f_dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3429+ error = -EPERM;\r
3430+ }\r
3431+#endif\r
3432+\r
3433 if (!error)\r
3434 set_fs_pwd(current->fs, mnt, dentry);\r
3435 out_putf:\r
3436@@ -441,9 +546,39 @@\r
3437 error = -EPERM;\r
3438 if (!capable(CAP_SYS_CHROOT))\r
3439 goto dput_and_out;\r
3440+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3441+ if(grsec_enable_chroot && proc_is_chrooted(current)) {\r
3442+ security_alert("denied attempt to chroot() from (%.32s:%lu) to (%.30s)"\r
3443+ ", process " DEFAULTSECMSG,\r
3444+ "double chroot() denied",\r
3445+ kdevname(current->fs->root->d_inode->i_dev),\r
3446+ current->fs->root->d_inode->i_ino,name,\r
3447+ DEFAULTSECARGS);\r
3448+ goto dput_and_out;\r
3449+ }\r
3450+#endif \r
3451 \r
3452 set_fs_root(current->fs, nd.mnt, nd.dentry);\r
3453 set_fs_altroot();\r
3454+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r
3455+ if(grsec_enable_chroot_caps && current->pid && current->pid > 1) {\r
3456+ cap_lower(current->cap_permitted,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &\r
3457+ CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &\r
3458+ CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &\r
3459+ CAP_SYS_TTY_CONFIG);\r
3460+ cap_lower(current->cap_inheritable,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &\r
3461+ CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &\r
3462+ CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &\r
3463+ CAP_SYS_TTY_CONFIG);\r
3464+ cap_lower(current->cap_effective,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &\r
3465+ CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &\r
3466+ CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &\r
3467+ CAP_SYS_TTY_CONFIG);\r
3468+ }\r
3469+#endif\r
3470+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3471+ if (grsec_enable_chroot) set_fs_pwd(current->fs, nd.mnt, nd.dentry);\r
3472+#endif\r
3473 error = 0;\r
3474 dput_and_out:\r
3475 path_release(&nd);\r
3476@@ -472,8 +607,35 @@\r
3477 err = -EPERM;\r
3478 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))\r
3479 goto out_putf;\r
3480+\r
3481+#ifdef CONFIG_OBV_PROC\r
3482+ if( ( (obv_search(dentry,OBV_WRITE,file->f_vfsmnt)) == OBV_DENY)) {\r
3483+ obv_seclog("Attempt to fchmod program with inode %ld dev %d "\r
3484+ "by " DEFAULTSECMSG, dentry->d_inode->i_ino,\r
3485+ dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3486+\r
3487+ err = -EPERM;\r
3488+ goto out_putf;\r
3489+ }\r
3490+#endif\r
3491+\r
3492 if (mode == (mode_t) -1)\r
3493 mode = inode->i_mode;\r
3494+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3495+ if(grsec_enable_chroot && ((mode & S_ISUID) || (mode & S_ISGID))\r
3496+ && proc_is_chrooted(current)) {\r
3497+ security_alert("denied attempt to fchmod +s (%.32s:%lu) owned by %d.%d to mode 0%07o "\r
3498+ "from chroot jail (%.32s:%lu) of %d.%d by "\r
3499+ DEFAULTSECMSG,\r
3500+ "denied fchmod +s in chroot",\r
3501+ kdevname(inode->i_dev),inode->i_ino,inode->i_uid,inode->i_gid,mode,\r
3502+ kdevname(current->fs->root->d_inode->i_dev),current->fs->root->d_inode->i_ino,\r
3503+ current->fs->root->d_inode->i_uid,current->fs->root->d_inode->i_gid,\r
3504+ DEFAULTSECARGS);\r
3505+ err = -EPERM;\r
3506+ goto out_putf;\r
3507+ } \r
3508+#endif\r
3509 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);\r
3510 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;\r
3511 err = notify_change(dentry, &newattrs);\r
3512@@ -504,8 +666,33 @@\r
3513 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))\r
3514 goto dput_and_out;\r
3515 \r
3516+#ifdef CONFIG_OBV_PROC\r
3517+ if( ( (obv_search(nd.dentry,OBV_WRITE,nd.mnt)) == OBV_DENY)) {\r
3518+ obv_seclog("Attempt to chmod file %1024s by "\r
3519+ DEFAULTSECMSG, filename, DEFAULTSECARGS); \r
3520+ error = -EPERM;\r
3521+ goto dput_and_out;\r
3522+ }\r
3523+#endif\r
3524+\r
3525+\r
3526 if (mode == (mode_t) -1)\r
3527 mode = inode->i_mode;\r
3528+#ifdef CONFIG_GRKERNSEC_CHROOT\r
3529+ if (grsec_enable_chroot && ((mode & S_ISUID) || (mode & S_ISGID))\r
3530+ && proc_is_chrooted(current)) {\r
3531+ security_alert("denied attempt to chmod +s (%.32s:%lu) (%.30s) owned by %d.%d to mode 0%07o "\r
3532+ "from chroot jail (%.32s:%lu) of %d.%d by "\r
3533+ DEFAULTSECMSG,"denied chmod +s in chroot",\r
3534+ kdevname(inode->i_dev),inode->i_ino,filename,inode->i_uid,inode->i_gid,\r
3535+ mode,kdevname(current->fs->root->d_inode->i_dev),\r
3536+ current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,\r
3537+ current->fs->root->d_inode->i_gid,\r
3538+ DEFAULTSECARGS);\r
3539+ error = -EPERM;\r
3540+ goto dput_and_out;\r
3541+ }\r
3542+#endif\r
3543 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);\r
3544 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;\r
3545 error = notify_change(nd.dentry, &newattrs);\r
3546@@ -516,7 +703,11 @@\r
3547 return error;\r
3548 }\r
3549 \r
3550+#ifdef CONFIG_OBV_PROC\r
3551+static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)\r
3552+#else\r
3553 static int chown_common(struct dentry * dentry, uid_t user, gid_t group)\r
3554+#endif\r
3555 {\r
3556 struct inode * inode;\r
3557 int error;\r
3558@@ -533,6 +724,17 @@\r
3559 error = -EPERM;\r
3560 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))\r
3561 goto out;\r
3562+#ifdef CONFIG_OBV_PROC\r
3563+ if( ( (obv_search(dentry,OBV_WRITE,mnt)) == OBV_DENY)) {\r
3564+ obv_seclog("Attempt to chown file with inode %ld dev %d "\r
3565+ "to %d.%d by " DEFAULTSECMSG,\r
3566+ dentry->d_inode->i_ino,dentry->d_inode->i_dev,\r
3567+ user, group, DEFAULTSECARGS);\r
3568+ error = -EPERM;\r
3569+ goto out;\r
3570+ }\r
3571+#endif\r
3572+\r
3573 if (user == (uid_t) -1)\r
3574 user = inode->i_uid;\r
3575 if (group == (gid_t) -1)\r
3576@@ -583,7 +785,11 @@\r
3577 \r
3578 error = user_path_walk(filename, &nd);\r
3579 if (!error) {\r
3580+#ifdef CONFIG_OBV_PROC\r
3581+ error = chown_common(nd.dentry, user, group, nd.mnt);\r
3582+#else\r
3583 error = chown_common(nd.dentry, user, group);\r
3584+#endif\r
3585 path_release(&nd);\r
3586 }\r
3587 return error;\r
3588@@ -596,7 +802,11 @@\r
3589 \r
3590 error = user_path_walk_link(filename, &nd);\r
3591 if (!error) {\r
3592+#ifdef CONFIG_OBV_PROC\r
3593+ error = chown_common(nd.dentry, user, group, nd.mnt);\r
3594+#else\r
3595 error = chown_common(nd.dentry, user, group);\r
3596+#endif\r
3597 path_release(&nd);\r
3598 }\r
3599 return error;\r
3600@@ -610,7 +820,11 @@\r
3601 \r
3602 file = fget(fd);\r
3603 if (file) {\r
3604+#ifdef CONFIG_OBV_PROC\r
3605+ error = chown_common(file->f_dentry, user, group, file->f_vfsmnt);\r
3606+#else\r
3607 error = chown_common(file->f_dentry, user, group);\r
3608+#endif\r
3609 fput(file);\r
3610 }\r
3611 return error;\r
3612@@ -634,12 +848,39 @@\r
3613 {\r
3614 int namei_flags, error;\r
3615 struct nameidata nd;\r
3616+#ifdef CONFIG_OBV_PROC\r
3617+ struct nameidata obv;\r
3618+#endif\r
3619 \r
3620 namei_flags = flags;\r
3621 if ((namei_flags+1) & O_ACCMODE)\r
3622 namei_flags++;\r
3623 if (namei_flags & O_TRUNC)\r
3624 namei_flags |= 2;\r
3625+\r
3626+#ifdef CONFIG_OBV_PROC\r
3627+ error = 0;\r
3628+ if(path_init(filename,conv_flags(namei_flags),&obv))\r
3629+ error = path_walk(filename,&obv);\r
3630+ if(error) goto out;\r
3631+ if(!obv.dentry->d_inode)\r
3632+ nd.flags |= OBV_NONEXISTANT;\r
3633+ else \r
3634+ if(S_ISBLK(obv.dentry->d_inode->i_mode) && !capable(CAP_SYS_RAWIO)) {\r
3635+ obv_seclog("Attempt to block device %ld %d with "\r
3636+ "insuffificent capabilities by process "\r
3637+ DEFAULTSECMSG,obv.dentry->d_inode->i_ino,\r
3638+ obv.dentry->d_inode->i_dev, DEFAULTSECARGS);\r
3639+ path_release(&obv);\r
3640+ error = -EPERM;\r
3641+ return ERR_PTR(error);\r
3642+ }\r
3643+\r
3644+ path_release(&obv);\r
3645+out:\r
3646+\r
3647+#endif\r
3648+\r
3649 \r
3650 error = open_namei(filename, namei_flags, mode, &nd);\r
3651 if (!error)\r
3652diff -urN linux/fs/proc/base.c linux/fs/proc/base.c\r
3653--- linux/fs/proc/base.c Thu Oct 11 02:42:47 2001\r
3654+++ linux/fs/proc/base.c Mon Nov 26 10:38:06 2001\r
3655@@ -24,6 +24,10 @@\r
3656 #include <linux/file.h>\r
3657 #include <linux/string.h>\r
3658 \r
3659+#ifdef CONFIG_OBV_PROC\r
3660+#include <linux/obvext.h>\r
3661+#endif\r
3662+\r
3663 /*\r
3664 * For hysterical raisins we keep the same inumbers as in the old procfs.\r
3665 * Feel free to change the macro below - just keep the range distinct from\r
3666@@ -663,7 +667,11 @@\r
3667 inode->i_gid = 0;\r
3668 if (ino == PROC_PID_INO || task_dumpable(task)) {\r
3669 inode->i_uid = task->euid;\r
3670+#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP\r
3671 inode->i_gid = task->egid;\r
3672+#else\r
3673+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;\r
3674+#endif\r
3675 }\r
3676 \r
3677 out:\r
3678@@ -966,13 +974,27 @@\r
3679 if (!task)\r
3680 goto out;\r
3681 \r
3682+#ifdef CONFIG_OBV_PROC\r
3683+ if(obv_check_hidden_proc(task->obvacl)) {\r
3684+ free_task_struct(task);\r
3685+ goto out;\r
3686+ }\r
3687+#endif\r
3688+\r
3689+\r
3690 inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);\r
3691 \r
3692 free_task_struct(task);\r
3693 \r
3694 if (!inode)\r
3695 goto out;\r
3696+#ifdef CONFIG_GRKERNSEC_PROC_USER\r
3697+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;\r
3698+#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r
3699+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;\r
3700+#else\r
3701 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;\r
3702+#endif\r
3703 inode->i_op = &proc_base_inode_operations;\r
3704 inode->i_fop = &proc_base_operations;\r
3705 inode->i_nlink = 3;\r
3706@@ -1012,8 +1034,13 @@\r
3707 int pid = p->pid;\r
3708 if (!pid)\r
3709 continue;\r
3710+#ifdef CONFIG_OBV_PROC\r
3711+ if(obv_check_hidden_proc(p->obvacl)) \r
3712+ continue;\r
3713+#endif\r
3714 if (--index >= 0)\r
3715 continue;\r
3716+\r
3717 pids[nr_pids] = pid;\r
3718 nr_pids++;\r
3719 if (nr_pids >= PROC_MAXPIDS)\r
3720diff -urN linux/fs/proc/generic.c linux/fs/proc/generic.c\r
3721--- linux/fs/proc/generic.c Fri Sep 7 13:53:59 2001\r
3722+++ linux/fs/proc/generic.c Mon Nov 26 10:38:07 2001\r
3723@@ -491,6 +491,22 @@\r
3724 return ent;\r
3725 }\r
3726 \r
3727+#ifdef CONFIG_GRKERNSEC_PROC\r
3728+struct proc_dir_entry *proc_priv_mkdir(const char *name, mode_t mode, struct proc_dir_entry *parent)\r
3729+{\r
3730+ struct proc_dir_entry *ent;\r
3731+\r
3732+ ent = proc_create(&parent, name, mode, 2);\r
3733+ if (ent) {\r
3734+ ent->proc_fops = &proc_dir_operations;\r
3735+ ent->proc_iops = &proc_dir_inode_operations;\r
3736+\r
3737+ proc_register(parent, ent);\r
3738+ }\r
3739+ return ent;\r
3740+}\r
3741+#endif\r
3742+\r
3743 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,\r
3744 struct proc_dir_entry *parent)\r
3745 {\r
3746diff -urN linux/fs/proc/inode.c linux/fs/proc/inode.c\r
3747--- linux/fs/proc/inode.c Sat Nov 17 14:24:32 2001\r
3748+++ linux/fs/proc/inode.c Mon Nov 26 10:38:07 2001\r
3749@@ -152,7 +152,11 @@\r
3750 if (de->mode) {\r
3751 inode->i_mode = de->mode;\r
3752 inode->i_uid = de->uid;\r
3753+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP\r
3754+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;\r
3755+#else\r
3756 inode->i_gid = de->gid;\r
3757+#endif\r
3758 }\r
3759 if (de->size)\r
3760 inode->i_size = de->size;\r
3761diff -urN linux/fs/proc/proc_misc.c linux/fs/proc/proc_misc.c\r
3762--- linux/fs/proc/proc_misc.c Wed Nov 21 00:29:09 2001\r
3763+++ linux/fs/proc/proc_misc.c Mon Nov 26 10:38:07 2001\r
3764@@ -507,8 +507,10 @@\r
3765 {"meminfo", meminfo_read_proc},\r
3766 {"version", version_read_proc},\r
3767 #ifdef CONFIG_MODULES\r
3768+#ifndef CONFIG_GRKERNSEC_PROC\r
3769 {"modules", modules_read_proc},\r
3770 #endif\r
3771+#endif\r
3772 {"stat", kstat_read_proc},\r
3773 {"devices", devices_read_proc},\r
3774 {"partitions", partitions_read_proc},\r
3775@@ -531,6 +533,13 @@\r
3776 for (p = simple_ones; p->name; p++)\r
3777 create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);\r
3778 \r
3779+#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)\r
3780+#ifdef CONFIG_GRKERNSEC_PROC_USER\r
3781+ create_proc_read_entry("modules", S_IRUSR, NULL, &modules_read_proc, NULL);\r
3782+#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r
3783+ create_proc_read_entry("modules", S_IRUSR | S_IRGRP, NULL, &modules_read_proc, NULL);\r
3784+#endif\r
3785+#endif\r
3786 /* And now for trickier ones */\r
3787 entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);\r
3788 if (entry)\r
3789@@ -538,7 +547,13 @@\r
3790 create_seq_entry("mounts", 0, &proc_mounts_operations);\r
3791 create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);\r
3792 #ifdef CONFIG_MODULES\r
3793+#ifdef CONFIG_GRKERNSEC_PROC_USER\r
3794+ create_seq_entry("ksyms", S_IRUSR, &proc_ksyms_operations);\r
3795+#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r
3796+ create_seq_entry("ksyms", S_IRUSR | S_IRGRP, &proc_ksyms_operations);\r
3797+#else\r
3798 create_seq_entry("ksyms", 0, &proc_ksyms_operations);\r
3799+#endif\r
3800 #endif\r
3801 proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);\r
3802 if (proc_root_kcore) {\r
3803diff -urN linux/fs/proc/proc_tty.c linux/fs/proc/proc_tty.c\r
3804--- linux/fs/proc/proc_tty.c Fri Apr 21 18:17:57 2000\r
3805+++ linux/fs/proc/proc_tty.c Mon Nov 26 10:38:07 2001\r
3806@@ -174,7 +174,13 @@\r
3807 if (!proc_mkdir("tty", 0))\r
3808 return;\r
3809 proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);\r
3810+#ifdef CONFIG_GRKERNSEC_PROC_USER\r
3811+ proc_tty_driver = proc_priv_mkdir("tty/driver", S_IFDIR|S_IRUSR|S_IXUSR, 0);\r
3812+#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r
3813+ proc_tty_driver = proc_priv_mkdir("tty/driver", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);\r
3814+#else\r
3815 proc_tty_driver = proc_mkdir("tty/driver", 0);\r
3816+#endif\r
3817 \r
3818 create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);\r
3819 create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);\r
3820diff -urN linux/fs/proc/root.c linux/fs/proc/root.c\r
3821--- linux/fs/proc/root.c Sat Oct 20 22:14:42 2001\r
3822+++ linux/fs/proc/root.c Mon Nov 26 10:38:07 2001\r
3823@@ -37,13 +37,25 @@\r
3824 return;\r
3825 }\r
3826 proc_misc_init();\r
3827+#ifdef CONFIG_GRKERNSEC_PROC_USER\r
3828+ proc_net = proc_priv_mkdir("net", S_IFDIR|S_IRUSR|S_IXUSR, 0);\r
3829+#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r
3830+ proc_net = proc_priv_mkdir("net", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);\r
3831+#else\r
3832 proc_net = proc_mkdir("net", 0);\r
3833+#endif\r
3834 #ifdef CONFIG_SYSVIPC\r
3835 proc_mkdir("sysvipc", 0);\r
3836 #endif\r
3837 #ifdef CONFIG_SYSCTL\r
3838+#ifdef CONFIG_GRKERNSEC_PROC_USER\r
3839+ proc_sys_root = proc_priv_mkdir("sys", S_IFDIR|S_IRUSR|S_IXUSR, 0);\r
3840+#elif CONFIG_GRKERNSEC_PROC_USERGROUP\r
3841+ proc_sys_root = proc_priv_mkdir("sys", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);\r
3842+#else\r
3843 proc_sys_root = proc_mkdir("sys", 0);\r
3844 #endif\r
3845+#endif\r
3846 #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE)\r
3847 proc_mkdir("sys/fs", 0);\r
3848 proc_mkdir("sys/fs/binfmt_misc", 0);\r
3849@@ -132,6 +144,9 @@\r
3850 EXPORT_SYMBOL(proc_symlink);\r
3851 EXPORT_SYMBOL(proc_mknod);\r
3852 EXPORT_SYMBOL(proc_mkdir);\r
3853+#ifdef CONFIG_GRKERNSEC_PROC\r
3854+EXPORT_SYMBOL(proc_priv_mkdir);\r
3855+#endif\r
3856 EXPORT_SYMBOL(create_proc_entry);\r
3857 EXPORT_SYMBOL(remove_proc_entry);\r
3858 EXPORT_SYMBOL(proc_root);\r
3859diff -urN linux/fs/readdir.c linux/fs/readdir.c\r
3860--- linux/fs/readdir.c Sun Aug 12 17:59:08 2001\r
3861+++ linux/fs/readdir.c Mon Nov 26 10:38:07 2001\r
3862@@ -13,6 +13,10 @@\r
3863 \r
3864 #include <asm/uaccess.h>\r
3865 \r
3866+#ifdef CONFIG_OBV_PROC\r
3867+#include <linux/obvext.h>\r
3868+#endif\r
3869+\r
3870 int vfs_readdir(struct file *file, filldir_t filler, void *buf)\r
3871 {\r
3872 struct inode *inode = file->f_dentry->d_inode;\r
3873@@ -120,6 +124,10 @@\r
3874 struct readdir_callback {\r
3875 struct old_linux_dirent * dirent;\r
3876 int count;\r
3877+#ifdef CONFIG_OBV_PROC\r
3878+ struct dentry *dentry;\r
3879+ struct vfsmount *mnt;\r
3880+#endif\r
3881 };\r
3882 \r
3883 static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset,\r
3884@@ -127,9 +135,27 @@\r
3885 {\r
3886 struct readdir_callback * buf = (struct readdir_callback *) __buf;\r
3887 struct old_linux_dirent * dirent;\r
3888+#ifdef CONFIG_OBV_PROC\r
3889+ ino_t old_ino;\r
3890+#endif\r
3891 \r
3892 if (buf->count)\r
3893 return -EINVAL;\r
3894+#ifdef CONFIG_OBV_PROC\r
3895+ if(buf->dentry && buf->dentry->d_inode) {\r
3896+ old_ino = buf->dentry->d_inode->i_ino;\r
3897+ buf->dentry->d_inode->i_ino = ino;\r
3898+#ifdef CONFIG_OBV_DEBUG\r
3899+ printk("Guess what: %ld %d is about to get a readdir check\n",buf->dentry->d_inode->i_ino,buf->dentry->d_inode->i_dev);\r
3900+#endif\r
3901+ if( obv_check_hidden(buf->dentry,buf->mnt) == OBV_DENY) {\r
3902+ buf->dentry->d_inode->i_ino = old_ino;\r
3903+ return 0;\r
3904+ }\r
3905+ buf->dentry->d_inode->i_ino = ino;\r
3906+ }\r
3907+#endif\r
3908+ \r
3909 buf->count++;\r
3910 dirent = buf->dirent;\r
3911 put_user(ino, &dirent->d_ino);\r
3912@@ -153,6 +179,10 @@\r
3913 \r
3914 buf.count = 0;\r
3915 buf.dirent = dirent;\r
3916+#ifdef CONFIG_OBV_PROC\r
3917+ buf.dentry = file->f_dentry;\r
3918+ buf.mnt = file->f_vfsmnt;\r
3919+#endif\r
3920 \r
3921 error = vfs_readdir(file, fillonedir, &buf);\r
3922 if (error >= 0)\r
3923@@ -181,6 +211,10 @@\r
3924 struct linux_dirent * previous;\r
3925 int count;\r
3926 int error;\r
3927+#ifdef CONFIG_OBV_PROC\r
3928+ struct dentry *dentry;\r
3929+ struct vfsmount *mnt;\r
3930+#endif\r
3931 };\r
3932 \r
3933 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,\r
3934@@ -189,10 +223,27 @@\r
3935 struct linux_dirent * dirent;\r
3936 struct getdents_callback * buf = (struct getdents_callback *) __buf;\r
3937 int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 1);\r
3938+#ifdef CONFIG_OBV_PROC\r
3939+ ino_t old_ino;\r
3940+#endif\r
3941 \r
3942 buf->error = -EINVAL; /* only used if we fail.. */\r
3943 if (reclen > buf->count)\r
3944 return -EINVAL;\r
3945+#ifdef CONFIG_OBV_PROC\r
3946+ if(buf->dentry && buf->dentry->d_inode) {\r
3947+ old_ino = buf->dentry->d_inode->i_ino;\r
3948+ buf->dentry->d_inode->i_ino = ino;\r
3949+#ifdef CONFIG_OBV_DEBUG\r
3950+ printk("Guess what: %ld %d is about to get a readdir check\n",buf->dentry->d_inode->i_ino,buf->dentry->d_inode->i_dev);\r
3951+#endif\r
3952+ if( obv_check_hidden(buf->dentry,buf->mnt) == OBV_DENY) {\r
3953+ buf->dentry->d_inode->i_ino = old_ino;\r
3954+ return 0;\r
3955+ }\r
3956+ buf->dentry->d_inode->i_ino = old_ino;\r
3957+ }\r
3958+#endif\r
3959 dirent = buf->previous;\r
3960 if (dirent)\r
3961 put_user(offset, &dirent->d_off);\r
3962@@ -224,6 +275,10 @@\r
3963 buf.previous = NULL;\r
3964 buf.count = count;\r
3965 buf.error = 0;\r
3966+#ifdef CONFIG_OBV_PROC\r
3967+ buf.dentry = file->f_dentry;\r
3968+ buf.mnt = file->f_vfsmnt;\r
3969+#endif\r
3970 \r
3971 error = vfs_readdir(file, filldir, &buf);\r
3972 if (error < 0)\r
3973@@ -259,6 +314,10 @@\r
3974 struct linux_dirent64 * previous;\r
3975 int count;\r
3976 int error;\r
3977+#ifdef CONFIG_OBV_PROC\r
3978+ struct dentry *dentry;\r
3979+ struct vfsmount *mnt;\r
3980+#endif\r
3981 };\r
3982 \r
3983 static int filldir64(void * __buf, const char * name, int namlen, loff_t offset,\r
3984@@ -268,9 +327,26 @@\r
3985 struct getdents_callback64 * buf = (struct getdents_callback64 *) __buf;\r
3986 int reclen = ROUND_UP64(NAME_OFFSET(dirent) + namlen + 1);\r
3987 \r
3988+#ifdef CONFIG_OBV_PROC\r
3989+ ino_t old_ino;\r
3990+#endif\r
3991 buf->error = -EINVAL; /* only used if we fail.. */\r
3992 if (reclen > buf->count)\r
3993 return -EINVAL;\r
3994+#ifdef CONFIG_OBV_PROC\r
3995+ if(buf->dentry && buf->dentry->d_inode) {\r
3996+ old_ino = buf->dentry->d_inode->i_ino;\r
3997+ buf->dentry->d_inode->i_ino = ino;\r
3998+ if((obv_check_hidden(buf->dentry,buf->mnt)) == OBV_DENY) {\r
3999+ buf->dentry->d_inode->i_ino = old_ino;\r
4000+ return 0;\r
4001+ }\r
4002+ buf->dentry->d_inode->i_ino = old_ino;\r
4003+ }\r
4004+#endif\r
4005+\r
4006+\r
4007+ \r
4008 dirent = buf->previous;\r
4009 if (dirent) {\r
4010 d.d_off = offset;\r
4011@@ -307,6 +383,11 @@\r
4012 buf.previous = NULL;\r
4013 buf.count = count;\r
4014 buf.error = 0;\r
4015+#ifdef CONFIG_OBV_PROC\r
4016+ buf.mnt = file->f_vfsmnt;\r
4017+ buf.dentry = file->f_dentry;\r
4018+#endif\r
4019+\r
4020 \r
4021 error = vfs_readdir(file, filldir64, &buf);\r
4022 if (error < 0)\r
4023diff -urN linux/grsecurity/Config.in linux/grsecurity/Config.in\r
4024--- linux/grsecurity/Config.in Wed Dec 31 19:00:00 1969\r
4025+++ linux/grsecurity/Config.in Mon Nov 26 10:38:07 2001\r
4026@@ -0,0 +1,153 @@\r
4027+mainmenu_option next_comment\r
4028+comment 'Buffer Overflow Protection'\r
4029+if [ "$CONFIG_X86" != "n" ]; then\r
4030+if [ "$CONFIG_GRKERNSEC_PAX" != "y" ]; then\r
4031+bool 'Openwall non-executable stack' CONFIG_GRKERNSEC_STACK\r
4032+if [ "$CONFIG_GRKERNSEC_STACK" != "n" ]; then\r
4033+bool ' Gcc trampoline support' CONFIG_GRKERNSEC_STACK_GCC\r
4034+fi\r
4035+fi\r
4036+if [ "$CONFIG_GRKERNSEC_STACK" != "y" ]; then\r
4037+bool 'PaX protection' CONFIG_GRKERNSEC_PAX\r
4038+if [ "$CONFIG_GRKERNSEC_PAX" = "y" ]; then\r
4039+ bool ' Emulate trampolines' CONFIG_GRKERNSEC_PAX_EMUTRAMP\r
4040+ bool ' Restrict mprotect()' CONFIG_GRKERNSEC_PAX_MPROTECT\r
4041+fi\r
4042+ bool 'Randomize mmap() base' CONFIG_GRKERNSEC_PAX_RANDMMAP\r
4043+fi\r
4044+fi\r
4045+endmenu\r
4046+mainmenu_option next_comment\r
4047+comment 'Access Control Lists'\r
4048+bool 'Enable Oblivion ACL system' CONFIG_OBV_PROC\r
4049+if [ "$CONFIG_OBV_PROC" = "y" ]; then\r
4050+ int 'Maximum Number of Oblivion Rulesets for Files, Processes' CONFIG_OBV_MAX_RULESET 256\r
4051+ int 'Seconds in between Oblivion log messages(minimum)' CONFIG_OBV_FLOODTIME 3\r
4052+ choice 'Default ruleset for programs without acls' \\r
4053+ "Deny CONFIG_OBV_DEF_DENY \\r
4054+ Allow CONFIG_OBV_DEF_ALLOW \\r
4055+ Deny_if_running_as_root CONFIG_OBV_DEF_DENY_ROOT " Allow\r
4056+ bool 'Enable Oblivion Debugging Messages' CONFIG_OBV_DEBUG\r
4057+ string 'Path to obvadm' CONFIG_OBVADM_PATH "/sbin/obvadm"\r
4058+ int 'Maximum tries before password lockout' CONFIG_OBV_MAXTRIES 3\r
4059+ int 'Time to wait after max password tries, in seconds' CONFIG_OBV_TIMEOUT 30\r
4060+fi\r
4061+endmenu\r
4062+mainmenu_option next_comment\r
4063+comment 'Filesystem Protections'\r
4064+bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC\r
4065+if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then\r
4066+bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER\r
4067+if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then\r
4068+bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP\r
4069+if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then\r
4070+int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001\r
4071+fi\r
4072+fi\r
4073+fi\r
4074+bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK\r
4075+bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO\r
4076+bool 'Secure file descriptors' CONFIG_GRKERNSEC_FD\r
4077+bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT\r
4078+bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG\r
4079+bool 'Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS\r
4080+bool 'Secure keymap loading' CONFIG_GRKERNSEC_KBMAP\r
4081+endmenu\r
4082+mainmenu_option next_comment\r
4083+comment 'Security Logging'\r
4084+if [ "$CONFIG_GRKERNSEC_EXECLOG_GROUP" != "y" ]; then\r
4085+bool 'Exec logging for all users' CONFIG_GRKERNSEC_EXECLOG\r
4086+fi\r
4087+if [ "$CONFIG_GRKERNSEC_EXECLOG" != "y" ]; then\r
4088+bool 'Exec logging for a single group' CONFIG_GRKERNSEC_EXECLOG_GROUP\r
4089+if [ "$CONFIG_GRKERNSEC_EXECLOG_GROUP" != "n" ]; then\r
4090+int ' GID of logged execs' CONFIG_GRKERNSEC_EXECLOG_GID 1007\r
4091+fi\r
4092+fi\r
4093+if [ "$CONFIG_GRKERNSEC_SUID_ROOT" != "y" ]; then\r
4094+bool 'Set*id logging for all users' CONFIG_GRKERNSEC_SUID\r
4095+fi\r
4096+if [ "$CONFIG_GRKERNSEC_SUID" != "y" ]; then\r
4097+bool 'Set*id logging for root' CONFIG_GRKERNSEC_SUID_ROOT\r
4098+fi\r
4099+bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL\r
4100+bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL\r
4101+bool 'Time change logging' CONFIG_GRKERNSEC_TIME\r
4102+endmenu\r
4103+mainmenu_option next_comment\r
4104+comment 'Executable Protections'\r
4105+bool 'Exec process limiting' CONFIG_GRKERNSEC_EXECVE\r
4106+bool 'Randomized PIDs' CONFIG_GRKERNSEC_RANDPID\r
4107+bool 'Fork-bomb protection' CONFIG_GRKERNSEC_FORKBOMB\r
4108+if [ "$CONFIG_GRKERNSEC_FORKBOMB" != "n" ]; then\r
4109+int ' GID for restricted users' CONFIG_GRKERNSEC_FORKBOMB_GID 1006\r
4110+int ' Forks allowed per second' CONFIG_GRKERNSEC_FORKBOMB_SEC 40\r
4111+int ' Maximum processes allowed' CONFIG_GRKERNSEC_FORKBOMB_MAX 20\r
4112+fi\r
4113+bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE\r
4114+if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then\r
4115+bool ' Glibc protection' CONFIG_GRKERNSEC_TPE_GLIBC\r
4116+bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL\r
4117+int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005\r
4118+fi\r
4119+if [ "$CONFIG_X86" != "n" ]; then\r
4120+bool 'Restricted ptrace' CONFIG_GRKERNSEC_PTRACE\r
4121+if [ "$CONFIG_GRKERNSEC_PTRACE" != "n" ]; then\r
4122+bool ' Allow ptrace for group' CONFIG_GRKERNSEC_PTRACE_GROUP\r
4123+if [ "$CONFIG_GRKERNSEC_PTRACE_GROUP" != "n" ]; then\r
4124+int ' GID for ptrace' CONFIG_GRKERNSEC_PTRACE_GID 1008\r
4125+fi\r
4126+fi\r
4127+fi\r
4128+endmenu\r
4129+mainmenu_option next_comment\r
4130+comment 'Network Protections'\r
4131+bool 'Randomized IP IDs' CONFIG_GRKERNSEC_RANDID\r
4132+bool 'Randomized TCP source ports' CONFIG_GRKERNSEC_RANDSRC\r
4133+bool 'Altered Ping IDs' CONFIG_GRKERNSEC_RANDPING\r
4134+bool 'Randomized TTL' CONFIG_GRKERNSEC_RANDTTL\r
4135+if [ "$CONFIG_GRKERNSEC_RANDTTL" != "n" ]; then\r
4136+int ' TTL starting point:' CONFIG_GRKERNSEC_RANDTTL_THRESH 64\r
4137+fi\r
4138+bool 'Enhanced network randomness' CONFIG_GRKERNSEC_RANDNET\r
4139+bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET\r
4140+if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then\r
4141+bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL\r
4142+if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then\r
4143+int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004\r
4144+fi\r
4145+bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT\r
4146+if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then\r
4147+int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003\r
4148+fi\r
4149+bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER\r
4150+if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then\r
4151+int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002\r
4152+fi\r
4153+fi\r
4154+bool 'Stealth networking' CONFIG_GRKERNSEC_STEALTH\r
4155+if [ "$CONFIG_GRKERNSEC_STEALTH" != "n" ]; then\r
4156+bool ' Do not send RSTs on unserved TCP' CONFIG_GRKERNSEC_STEALTH_RST\r
4157+bool ' Do not reply to UDP with ICMP unreachables' CONFIG_GRKERNSEC_STEALTH_UDP\r
4158+bool ' Do not process ICMP packets' CONFIG_GRKERNSEC_STEALTH_ICMP\r
4159+bool ' Do not reply to IGMP requests' CONFIG_GRKERNSEC_STEALTH_IGMP\r
4160+bool ' Drop packets with illegitimate flags' CONFIG_GRKERNSEC_STEALTH_FLAGS\r
4161+fi\r
4162+endmenu\r
4163+mainmenu_option next_comment\r
4164+comment 'Network Logging'\r
4165+bool 'Log requests to unserved TCP ports' CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
4166+bool 'Log requests to unserved UDP ports' CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r
4167+bool 'Log ICMP packets' CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r
4168+bool 'Log packets with illegitimate flags' CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r
4169+endmenu\r
4170+if [ "$CONFIG_SYSCTL" != "n" ]; then\r
4171+mainmenu_option next_comment\r
4172+comment 'Sysctl support'\r
4173+bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL\r
4174+endmenu\r
4175+fi\r
4176+mainmenu_option next_comment\r
4177+comment 'Miscellaneous Enhancements'\r
4178+bool 'BSD-style coredumps' CONFIG_GRKERNSEC_COREDUMP\r
4179+endmenu\r
4180diff -urN linux/include/asm-i386/a.out.h linux/include/asm-i386/a.out.h\r
4181--- linux/include/asm-i386/a.out.h Fri Jun 16 14:33:06 1995\r
4182+++ linux/include/asm-i386/a.out.h Mon Nov 26 10:38:07 2001\r
4183@@ -19,8 +19,12 @@\r
4184 \r
4185 #ifdef __KERNEL__\r
4186 \r
4187+#ifdef CONFIG_GRKERNSEC_STACK\r
4188+#define STACK_TOP ((current->flags & PF_STACKEXEC) ? TASK_SIZE - _STK_LIM : TASK_SIZE)\r
4189+#else\r
4190 #define STACK_TOP TASK_SIZE\r
4191 \r
4192+#endif\r
4193 #endif\r
4194 \r
4195 #endif /* __A_OUT_GNU_H__ */\r
4196diff -urN linux/include/asm-i386/pgtable.h linux/include/asm-i386/pgtable.h\r
4197--- linux/include/asm-i386/pgtable.h Thu Nov 22 14:46:19 2001\r
4198+++ linux/include/asm-i386/pgtable.h Mon Nov 26 11:15:22 2001\r
4199@@ -192,9 +192,26 @@\r
4200 #define _PAGE_CHG_MASK (PTE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY)\r
4201 \r
4202 #define PAGE_NONE __pgprot(_PAGE_PROTNONE | _PAGE_ACCESSED)\r
4203+\r
4204+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4205+#define PAGE_SHARED_EXEC __pgprot(_PAGE_PRESENT | _PAGE_RW |_PAGE_USER |_PAGE_ACCESSED)\r
4206+#define PAGE_COPY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r
4207+#define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r
4208+#else\r
4209 #define PAGE_SHARED __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | _PAGE_ACCESSED)\r
4210 #define PAGE_COPY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r
4211 #define PAGE_READONLY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)\r
4212+#endif\r
4213+\r
4214+#ifdef CONFIG_GRKERNSEC_PAX\r
4215+#define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED)\r
4216+#define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)\r
4217+#define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED) \r
4218+#else\r
4219+#define PAGE_SHARED_NOEXEC PAGE_SHARED_EXEC\r
4220+#define PAGE_COPY_NOEXEC PAGE_COPY_EXEC\r
4221+#define PAGE_READONLY_NOEXEC PAGE_READONLY_EXEC\r
4222+#endif\r
4223 \r
4224 #define __PAGE_KERNEL \\r
4225 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED)\r
4226@@ -228,6 +245,15 @@\r
4227 * This is the closest we can get..\r
4228 */\r
4229 #define __P000 PAGE_NONE\r
4230+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4231+#define __P001 PAGE_READONLY_NOEXEC\r
4232+#define __P010 PAGE_COPY_NOEXEC\r
4233+#define __P011 PAGE_COPY_NOEXEC\r
4234+#define __P100 PAGE_READONLY_EXEC\r
4235+#define __P101 PAGE_READONLY_EXEC\r
4236+#define __P110 PAGE_COPY_EXEC\r
4237+#define __P111 PAGE_COPY_EXEC\r
4238+#else\r
4239 #define __P001 PAGE_READONLY\r
4240 #define __P010 PAGE_COPY\r
4241 #define __P011 PAGE_COPY\r
4242@@ -235,8 +261,18 @@\r
4243 #define __P101 PAGE_READONLY\r
4244 #define __P110 PAGE_COPY\r
4245 #define __P111 PAGE_COPY\r
4246+#endif\r
4247 \r
4248 #define __S000 PAGE_NONE\r
4249+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4250+#define __S001 PAGE_READONLY_NOEXEC\r
4251+#define __S010 PAGE_SHARED_NOEXEC\r
4252+#define __S011 PAGE_SHARED_NOEXEC\r
4253+#define __S100 PAGE_READONLY_EXEC\r
4254+#define __S101 PAGE_READONLY_EXEC\r
4255+#define __S110 PAGE_SHARED_EXEC\r
4256+#define __S111 PAGE_SHARED_EXEC\r
4257+#else\r
4258 #define __S001 PAGE_READONLY\r
4259 #define __S010 PAGE_SHARED\r
4260 #define __S011 PAGE_SHARED\r
4261@@ -244,6 +280,7 @@\r
4262 #define __S101 PAGE_READONLY\r
4263 #define __S110 PAGE_SHARED\r
4264 #define __S111 PAGE_SHARED\r
4265+#endif\r
4266 \r
4267 /*\r
4268 * Define this if things work differently on an i386 and an i486:\r
4269diff -urN linux/include/asm-i386/processor.h linux/include/asm-i386/processor.h\r
4270--- linux/include/asm-i386/processor.h Thu Nov 22 14:46:19 2001\r
4271+++ linux/include/asm-i386/processor.h Mon Nov 26 11:15:21 2001\r
4272@@ -267,11 +267,25 @@\r
4273 */\r
4274 #define TASK_SIZE (PAGE_OFFSET)\r
4275 \r
4276+#ifdef CONFIG_GRKERNSEC_STACK\r
4277+#define MAGIC_SIGRETURN (PAGE_OFFSET + 0xDE0000)\r
4278+#define MAGIC_RT_SIGRETURN (PAGE_OFFSET + 0xDE0001)\r
4279+#endif\r
4280 /* This decides where the kernel will search for a free chunk of vm\r
4281 * space during mmap's.\r
4282 */\r
4283+#ifdef CONFIG_GRKERNSEC_STACK\r
4284+extern struct linux_binfmt elf_format;\r
4285+#define TASK_UNMAPPED_BASE(size) ( \\r
4286+ current->binfmt == &elf_format && \\r
4287+ !(current->flags & PF_STACKEXEC) && \\r
4288+ (size) < 0x00ef0000UL \\r
4289+ ? 0x00110000UL \\r
4290+ : TASK_SIZE / 3 ) \r
4291+#else\r
4292 #define TASK_UNMAPPED_BASE (TASK_SIZE / 3)\r
4293 \r
4294+#endif\r
4295 /*\r
4296 * Size of io_bitmap in longwords: 32 is ports 0-0x3ff.\r
4297 */\r
4298@@ -362,6 +376,14 @@\r
4299 unsigned long __cacheline_filler[5];\r
4300 };\r
4301 \r
4302+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4303+struct pax_fault_info {\r
4304+ unsigned long eip;\r
4305+ unsigned long addresses[4];\r
4306+ unsigned long count;\r
4307+};\r
4308+#endif\r
4309+\r
4310 struct thread_struct {\r
4311 unsigned long esp0;\r
4312 unsigned long eip;\r
4313@@ -372,6 +394,11 @@\r
4314 unsigned long debugreg[8]; /* %%db0-7 debug registers */\r
4315 /* fault info */\r
4316 unsigned long cr2, trap_no, error_code;\r
4317+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4318+/* PaX fault info */\r
4319+ struct pax_fault_info pax_faults;\r
4320+#endif\r
4321+\r
4322 /* floating point info */\r
4323 union i387_union i387;\r
4324 /* virtual 86 mode info */\r
4325diff -urN linux/include/linux/a.out.h linux/include/linux/a.out.h\r
4326--- linux/include/linux/a.out.h Thu Nov 22 14:46:18 2001\r
4327+++ linux/include/linux/a.out.h Mon Nov 26 11:15:21 2001\r
4328@@ -37,6 +37,14 @@\r
4329 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */\r
4330 };\r
4331 \r
4332+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4333+/* Constants for the N_FLAGS field */\r
4334+#define F_PAX_PAGEEXEC 1 /* Enforce PAGE_EXEC */\r
4335+#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */\r
4336+#define F_PAX_MPROTECT 4 /* Restrict mprotect() */\r
4337+#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */ \r
4338+#endif\r
4339+\r
4340 #if !defined (N_MAGIC)\r
4341 #define N_MAGIC(exec) ((exec).a_info & 0xffff)\r
4342 #endif\r
4343@@ -57,6 +65,9 @@\r
4344 ((exec).a_info = \\r
4345 ((exec).a_info&0x00ffffff) | (((flags) & 0xff) << 24))\r
4346 \r
4347+#ifdef CONFIG_GRKERNSEC_STACK\r
4348+#define F_STACKEXEC 1\r
4349+#endif\r
4350 /* Code indicating object file or impure executable. */\r
4351 #define OMAGIC 0407\r
4352 /* Code indicating pure executable. */\r
4353diff -urN linux/include/linux/binfmts.h linux/include/linux/binfmts.h\r
4354--- linux/include/linux/binfmts.h Thu Nov 22 14:46:19 2001\r
4355+++ linux/include/linux/binfmts.h Mon Nov 26 11:15:22 2001\r
4356@@ -1,6 +1,7 @@\r
4357 #ifndef _LINUX_BINFMTS_H\r
4358 #define _LINUX_BINFMTS_H\r
4359 \r
4360+#include <linux/config.h>\r
4361 #include <linux/ptrace.h>\r
4362 #include <linux/capability.h>\r
4363 \r
4364@@ -30,6 +31,11 @@\r
4365 int argc, envc;\r
4366 char * filename; /* Name of binary */\r
4367 unsigned long loader, exec;\r
4368+#ifdef CONFIG_GRKERNSEC_FD\r
4369+ int priv_change;\r
4370+ int tweak_fd_mask;\r
4371+ struct file *tweak_fd_null;\r
4372+#endif\r
4373 };\r
4374 \r
4375 /*\r
4376diff -urN linux/include/linux/elf.h linux/include/linux/elf.h\r
4377--- linux/include/linux/elf.h Thu Nov 22 14:48:29 2001\r
4378+++ linux/include/linux/elf.h Mon Nov 26 11:29:02 2001\r
4379@@ -87,6 +87,9 @@\r
4380 */\r
4381 #define EM_ALPHA 0x9026\r
4382 \r
4383+#ifdef CONFIG_GRKERNSEC_STACK\r
4384+#define EF_STACKEXEC 1\r
4385+#endif\r
4386 /*\r
4387 * This is the old interim value for S/390 architecture\r
4388 */\r
4389@@ -255,6 +258,13 @@\r
4390 #define R_MIPS_LOVENDOR 100\r
4391 #define R_MIPS_HIVENDOR 127\r
4392 \r
4393+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4394+/* Constants for the e_flags field */\r
4395+#define EF_PAX_PAGEEXEC 1 /* 0: Enforce PAGE_EXEC */\r
4396+#define EF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */\r
4397+#define EF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */\r
4398+#define EF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ \r
4399+#endif\r
4400 \r
4401 /*\r
4402 * Sparc ELF relocation types\r
4403diff -urN linux/include/linux/fs.h linux/include/linux/fs.h\r
4404--- linux/include/linux/fs.h Mon Nov 26 08:29:17 2001\r
4405+++ linux/include/linux/fs.h Mon Nov 26 11:15:22 2001\r
4406@@ -1044,7 +1044,11 @@\r
4407 \r
4408 asmlinkage long sys_open(const char *, int, int);\r
4409 asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */\r
4410+#ifdef CONFIG_OBV_PROC\r
4411+extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);\r
4412+#else\r
4413 extern int do_truncate(struct dentry *, loff_t start);\r
4414+#endif\r
4415 \r
4416 extern struct file *filp_open(const char *, int, int);\r
4417 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);\r
4418diff -urN linux/include/linux/grsecurity.h linux/include/linux/grsecurity.h\r
4419--- linux/include/linux/grsecurity.h Wed Dec 31 19:00:00 1969\r
4420+++ linux/include/linux/grsecurity.h Mon Nov 26 10:38:10 2001\r
4421@@ -0,0 +1,79 @@\r
4422+extern int grsec_enable_link;\r
4423+extern int grsec_enable_fifo; \r
4424+extern int grsec_enable_fd;\r
4425+extern int grsec_enable_execve;\r
4426+extern int grsec_enable_forkbomb;\r
4427+extern int grsec_forkbomb_gid;\r
4428+extern int grsec_forkbomb_sec;\r
4429+extern int grsec_forkbomb_max;\r
4430+extern int grsec_enable_execlog;\r
4431+extern int grsec_enable_execlog_group;\r
4432+extern int grsec_execlog_gid;\r
4433+extern int grsec_enable_suid;\r
4434+extern int grsec_enable_suid_root;\r
4435+extern int grsec_enable_signal;\r
4436+extern int grsec_enable_coredump;\r
4437+extern int grsec_enable_forkfail;\r
4438+extern int grsec_enable_time;\r
4439+extern int grsec_enable_kbmap;\r
4440+extern int grsec_enable_randnet;\r
4441+extern int grsec_enable_chroot;\r
4442+extern int grsec_enable_chroot_execlog;\r
4443+extern int grsec_enable_chroot_caps;\r
4444+extern int grsec_enable_tpe;\r
4445+extern int grsec_tpe_gid;\r
4446+extern int grsec_enable_tpe_glibc;\r
4447+extern int grsec_enable_tpe_all; \r
4448+extern int grsec_enable_ptrace; \r
4449+extern int grsec_enable_ptrace_group; \r
4450+extern int grsec_ptrace_gid; \r
4451+extern int grsec_enable_sidcaps;\r
4452+extern int grsec_enable_randpid;\r
4453+extern int grsec_enable_randid; \r
4454+extern int grsec_enable_randsrc;\r
4455+extern int grsec_enable_randping;\r
4456+extern int grsec_enable_randttl; \r
4457+extern int grsec_randttl_thresh; \r
4458+extern int grsec_enable_socket_all;\r
4459+extern int grsec_socket_all_gid;\r
4460+extern int grsec_enable_socket_client;\r
4461+extern int grsec_socket_client_gid;\r
4462+extern int grsec_enable_socket_server; \r
4463+extern int grsec_socket_server_gid; \r
4464+extern int grsec_enable_stealth_rst;\r
4465+extern int grsec_enable_stealth_udp;\r
4466+extern int grsec_enable_stealth_icmp;\r
4467+extern int grsec_enable_stealth_igmp;\r
4468+extern int grsec_enable_stealth_flags;\r
4469+extern int grsec_enable_stealth_rst_log;\r
4470+extern int grsec_enable_stealth_udp_log;\r
4471+extern int grsec_enable_stealth_icmp_log;\r
4472+extern int grsec_enable_stealth_flags_log;\r
4473+extern int grsec_lock;\r
4474+\r
4475+#define proc_is_chrooted(tsk_a) ((tsk_a->fs->root->d_inode->i_dev != \\r
4476+ child_reaper->fs->root->d_inode->i_dev) || \\r
4477+ (tsk_a->fs->root->d_inode->i_ino != \\r
4478+ child_reaper->fs->root->d_inode->i_ino)) \r
4479+\r
4480+#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_dev == \\r
4481+ tsk_b->fs->root->d_inode->i_dev) && \\r
4482+ (tsk_a->fs->root->d_inode->i_ino == \\r
4483+ tsk_b->fs->root->d_inode->i_ino)) \r
4484+\r
4485+#define DEFAULTSECMSG "(%.16s:%d) UID(%d) EUID(%d), parent (%.16s:%d) " \\r
4486+ "UID(%d) EUID(%d)"\r
4487+\r
4488+#define DEFAULTSECARGS current->comm, current->pid, current->uid, \\r
4489+ current->euid, current->p_pptr->comm, \\r
4490+ current->p_pptr->pid, current->p_pptr->uid, \\r
4491+ current->p_pptr->euid\r
4492+\r
4493+#define CHROOTLONGCHECK t->pid && t->fs && t->fs->root && \\r
4494+ t->fs->root->d_inode && t->p_pptr && \\r
4495+ current->pid && current->fs && current->fs->root && \\r
4496+ current->fs->root->d_inode && \\r
4497+ current->p_pptr && child_reaper && child_reaper->pid && \\r
4498+ child_reaper->fs && child_reaper->fs->root && \\r
4499+ child_reaper->fs->root->d_inode && \\r
4500+ grsec_enable_chroot\r
4501diff -urN linux/include/linux/kernel.h linux/include/linux/kernel.h\r
4502--- linux/include/linux/kernel.h Thu Nov 22 14:46:18 2001\r
4503+++ linux/include/linux/kernel.h Mon Nov 26 11:15:21 2001\r
4504@@ -121,6 +121,47 @@\r
4505 ((unsigned char *)&addr)[1], \\r
4506 ((unsigned char *)&addr)[2], \\r
4507 ((unsigned char *)&addr)[3]\r
4508+#ifndef CONFIG_OBV_DEBUG\r
4509+#define obv_seclog(default_msg, args...) \\r
4510+({ \\r
4511+ static unsigned long msg_time = 0, getting_messages = 0; \\r
4512+ static spinlock_t oblivion_lock = SPIN_LOCK_UNLOCKED; \\r
4513+ \\r
4514+ spin_lock(&oblivion_lock); \\r
4515+ \\r
4516+ if((!msg_time) || (jiffies - msg_time > CONFIG_OBV_FLOODTIME * HZ)) { \\r
4517+ getting_messages = 1; \\r
4518+ msg_time = jiffies; \\r
4519+ printk(KERN_INFO "obv: " default_msg "\n", ##args ); \\r
4520+ } else if(getting_messages) { \\r
4521+ msg_time = jiffies; \\r
4522+ getting_messages = 0; \\r
4523+ printk(KERN_ALERT "Flooded with msgs. Logging disabled for %i seconds \n", CONFIG_OBV_FLOODTIME); \\r
4524+ \\r
4525+ } \\r
4526+ spin_unlock(&oblivion_lock); \\r
4527+})\r
4528+#else\r
4529+#define obv_seclog(msg,args...) printk(KERN_INFO "obv " msg "\n", ##args);\r
4530+#endif\r
4531+\r
4532+#define security_alert(normal_msg,flood_msg,args...) \\r
4533+({ \\r
4534+ static unsigned long warning_time = 0, no_flood_yet = 0; \\r
4535+ static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED; \\r
4536+ \\r
4537+ spin_lock(&security_alert_lock); \\r
4538+ if(!warning_time || jiffies - warning_time > 30 * HZ) { \\r
4539+ warning_time = jiffies; no_flood_yet = 1; \\r
4540+ printk(KERN_ALERT "grsec: " normal_msg "\n", ## args); \\r
4541+ } else if (no_flood_yet) { \\r
4542+ warning_time = jiffies; no_flood_yet = 0; \\r
4543+ printk(KERN_ALERT "grsec: more " flood_msg \\r
4544+ ", logging disabled for 30 seconds\n"); \\r
4545+ } \\r
4546+ \\r
4547+ spin_unlock(&security_alert_lock); \\r
4548+})\r
4549 \r
4550 #define HIPQUAD(addr) \\r
4551 ((unsigned char *)&addr)[3], \\r
4552diff -urN linux/include/linux/mm.h linux/include/linux/mm.h\r
4553--- linux/include/linux/mm.h Mon Nov 26 08:29:17 2001\r
4554+++ linux/include/linux/mm.h Mon Nov 26 11:15:22 2001\r
4555@@ -103,7 +103,11 @@\r
4556 #define VM_DONTEXPAND 0x00040000 /* Cannot expand with mremap() */\r
4557 #define VM_RESERVED 0x00080000 /* Don't unmap it from swap_out */\r
4558 \r
4559+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4560+#define VM_STACK_FLAGS 0x00000133 \r
4561+#else\r
4562 #define VM_STACK_FLAGS 0x00000177\r
4563+#endif\r
4564 \r
4565 #define VM_READHINTMASK (VM_SEQ_READ | VM_RAND_READ)\r
4566 #define VM_ClearReadHint(v) (v)->vm_flags &= ~VM_READHINTMASK\r
4567diff -urN linux/include/linux/oblivion.h linux/include/linux/oblivion.h\r
4568--- linux/include/linux/oblivion.h Wed Dec 31 19:00:00 1969\r
4569+++ linux/include/linux/oblivion.h Mon Nov 26 11:15:31 2001\r
4570@@ -0,0 +1,145 @@\r
4571+\r
4572+#include <linux/obvdefs.h>\r
4573+\r
4574+/* * * * * * * * * * * * * * * * * * * * *\r
4575+ * Oblivion kernel Modification\r
4576+ * Main header file\r
4577+ * Purpose: define most Oblivion data structures \r
4578+ * * * * * * * * * * * * * * * * * * * * */\r
4579+\r
4580+#define OBV_VERSION "oblivion v1.0"\r
4581+\r
4582+#define OBV_SHUTDOWN_MODE 0\r
4583+#define OBV_ENABLE_MODE 1\r
4584+#define OBV_CHCAPS_MODE 2\r
4585+#define OBV_AUTH_MODE 3\r
4586+#define OBV_GOD_MODE 4\r
4587+\r
4588+/* required headers: <linux/kdev_t.h>, <linux/types.h> */\r
4589+\r
4590+/* I need to include linux/fs.h in oblivion.c and it would be\r
4591+ * overkill to include kdev_t.h twice(once here and once in fs.h)\r
4592+ * so I just did the other necessary header inclusion before including oblivion.h*/\r
4593+\r
4594+\r
4595+\r
4596+#define OBV_MAX_PW_LEN 129\r
4597+#define OBV_SHASUM_SIZE 20\r
4598+#define OBV_MAX_EXTRA_LEN 1025\r
4599+\r
4600+/* Begin Data Structures */\r
4601+struct obv_pw {\r
4602+ char pw[OBV_MAX_PW_LEN];\r
4603+ char extra[OBV_MAX_EXTRA_LEN];\r
4604+ __u8 sum[OBV_SHASUM_SIZE]; /* 160-bit SHA hash of the password*/\r
4605+ __u8 mode; /* On/Off/Restart(Restart is not ready yet..*/\r
4606+};\r
4607+\r
4608+struct obv_sum {\r
4609+ __u8 sum[OBV_SHASUM_SIZE];\r
4610+ ino_t file_inode;\r
4611+ kdev_t file_dev;\r
4612+};\r
4613+\r
4614+struct obv_sum_db {\r
4615+ struct obv_sum *db;\r
4616+ int max_ref;\r
4617+};\r
4618+\r
4619+\r
4620+struct obv_file_acl {\r
4621+ ino_t file_inode;\r
4622+ kdev_t file_dev;\r
4623+ __u32 mode; \r
4624+};\r
4625+\r
4626+/* When sorting/searching, we can effectively search obv_file_acl and obv_acl structures since their identifying information(inodes/devs) are the same name and their size, due to the above padding, is also the same*/\r
4627+\r
4628+struct obv_file_db {\r
4629+ struct obv_file_acl *db;\r
4630+ int max_ref;\r
4631+};\r
4632+\r
4633+\r
4634+/* information about r/w/x info for a file by a process */\r
4635+/* Uses a (balanced )binary tree for its implementation...ideas are welcome for \r
4636+ * a more efficient way however=)*/\r
4637+\r
4638+struct obv_proc_acl {\r
4639+ ino_t file_inode;\r
4640+ kdev_t file_dev; \r
4641+ /* to do rules like /tmp * set the dir /tmp rw .. best solution I can find*/\r
4642+ __u16 mode;\r
4643+ /* you may consider the file inode, file_dev, and mode to(combined) be the key */\r
4644+ struct obv_proc_acl *left;\r
4645+ struct obv_proc_acl *right;\r
4646+ __u16 height; /* used for avl rebalancing*/\r
4647+};\r
4648+\r
4649+\r
4650+\r
4651+/* information about a process */\r
4652+struct obv_acl {\r
4653+ ino_t file_inode;\r
4654+ kdev_t file_dev;\r
4655+ __u8 mode;\r
4656+ kernel_cap_t file_caps; /* capability set*/\r
4657+ struct obv_proc_acl *tree;\r
4658+};\r
4659+\r
4660+/* database - contains process ACLs */\r
4661+struct obv_proc_db {\r
4662+ struct obv_acl *db;\r
4663+ int max_ref;\r
4664+};\r
4665+\r
4666+/* Temporary storage--see kernel/oblivion.c */\r
4667+struct obv_temp {\r
4668+ ino_t file_inode;\r
4669+ kdev_t file_dev;\r
4670+ __u16 mode;\r
4671+};\r
4672+/* Begin Capabilities subsection */\r
4673+\r
4674+#define CONFIG_OBV_MAX_CAP 30\r
4675+\r
4676+struct obv_cap {\r
4677+ char * capname;\r
4678+ kernel_cap_t capval;\r
4679+};\r
4680+\r
4681+struct obv_cap_list {\r
4682+ struct obv_cap table[CONFIG_OBV_MAX_CAP];\r
4683+};\r
4684+/* End Capabilities subsection */\r
4685+/* End Data Structures */\r
4686+\r
4687+/* Begin SHA hash section */\r
4688+#define SHA1HANDSOFF /* Copies data before messing with it. */\r
4689+\r
4690+struct SHA1_CTX {\r
4691+ unsigned long state[5];\r
4692+ unsigned long count[2];\r
4693+ unsigned char buffer[64];\r
4694+};\r
4695+\r
4696+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))\r
4697+\r
4698+/* blk0() and blk() perform the initial expand. */\r
4699+/* I got the idea of expanding during the round function from SSLeay */\r
4700+#ifdef __LITTLE_ENDIAN\r
4701+#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \\r
4702+ |(rol(block->l[i],8)&0x00FF00FF))\r
4703+#else\r
4704+#define blk0(i) block->l[i]\r
4705+#endif /* __LITTLE_ENDIAN */\r
4706+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \\r
4707+ ^block->l[(i+2)&15]^block->l[i&15],1))\r
4708+\r
4709+ /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */\r
4710+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);\r
4711+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);\r
4712+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);\r
4713+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);\r
4714+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);\r
4715+/* End SHA hash section */\r
4716diff -urN linux/include/linux/obvcipher.h linux/include/linux/obvcipher.h\r
4717--- linux/include/linux/obvcipher.h Wed Dec 31 19:00:00 1969\r
4718+++ linux/include/linux/obvcipher.h Mon Nov 26 10:38:10 2001\r
4719@@ -0,0 +1,4 @@\r
4720+extern void SHA1Init(struct SHA1_CTX *context);\r
4721+extern void SHA1Update(struct SHA1_CTX *context, unsigned char *data,unsigned int len);\r
4722+extern void SHA1Final(unsigned char digest[20],struct SHA1_CTX *context);\r
4723+extern int obv_chkpw(struct obv_pw *entry);\r
4724diff -urN linux/include/linux/obvdefs.h linux/include/linux/obvdefs.h\r
4725--- linux/include/linux/obvdefs.h Wed Dec 31 19:00:00 1969\r
4726+++ linux/include/linux/obvdefs.h Mon Nov 26 11:15:31 2001\r
4727@@ -0,0 +1,83 @@\r
4728+\r
4729+/* Begin Status/Return value declarations */\r
4730+\r
4731+#define OBV_ALLOW 1\r
4732+#define OBV_NOTFOUND -1\r
4733+#define OBV_DENY 0\r
4734+\r
4735+#define OBV_LOADING 0x01\r
4736+#define OBV_DISABLED 0x02\r
4737+#define OBV_READY 0x04\r
4738+#define OBV_1ST 0x08\r
4739+/* Debugging mode*/ \r
4740+#define OBV_TESTING 0x080\r
4741+\r
4742+#ifdef CONFIG_OBV_DEF_DENY\r
4743+#define OBV_DEFAULT OBV_DENY\r
4744+#endif\r
4745+#ifdef CONFIG_OBV_DEF_DENY_ROOT\r
4746+#define OBV_DEFAULT !(current->euid) ? OBV_DENY : OBV_ALLOW;\r
4747+#endif\r
4748+#ifdef CONFIG_OBV_DEF_ALLOW\r
4749+#define OBV_DEFAULT OBV_ALLOW\r
4750+#endif\r
4751+\r
4752+/* End Status declarations */\r
4753+\r
4754+\r
4755+\r
4756+\r
4757+/* Begin ACL declarations */\r
4758+#define OBV_READ 0x01\r
4759+#define OBV_APPEND 0x02\r
4760+#define OBV_WRITE 0x04\r
4761+#define OBV_EXEC 0x08\r
4762+#define OBV_HIDDEN 0x10\r
4763+#define OBV_OVERRIDE 0x20 /* Override File ACL, useful for proc only*/\r
4764+#define OBV_PROTECTED 0x40\r
4765+#define OBV_NONEXISTANT 0x40000000 /* File does not exist, check parent. Done when *checking* for a file's ACL */\r
4766+\r
4767+\r
4768+/* Standard stuff done, on to File ACL stuff */\r
4769+\r
4770+#define OBV_FILE_READ OBV_READ\r
4771+#define OBV_FILE_APPEND OBV_APPEND\r
4772+#define OBV_FILE_WRITE (OBV_WRITE | OBV_APPEND)\r
4773+#define OBV_FILE_EXEC OBV_EXEC\r
4774+#define OBV_FILE_HIDDEN OBV_HIDDEN\r
4775+\r
4776+\r
4777+#define OBV_PROC_READ OBV_READ\r
4778+#define OBV_PROC_APPEND OBV_APPEND\r
4779+#define OBV_PROC_WRITE (OBV_WRITE|OBV_APPEND); /* write access implies append access*/\r
4780+#define OBV_PROC_EXEC OBV_EXEC\r
4781+#define OBV_PROC_ACCESS OBV_HIDDEN\r
4782+#define OBV_PROC_OVERRIDE OBV_OVERRIDE\r
4783+#define OBV_PROC_IGN_DEFAULT OBV_IGN_DEFAULT\r
4784+#define OBV_PROC_HIDDEN OBV_HIDDEN /* Hidden, unkillable(except by init) process. Good for hiding your IDSes / logging daemons:)*/\r
4785+#define OBV_PROC_PROTECTED OBV_PROTECTED\r
4786+ \r
4787+/* Begin TODO */\r
4788+#define OBV_REQSUM 0x200 /* Require program to have SHAsum in database*/\r
4789+#define OBV_INHERIT 0x400 /* Children inherit parent's process acls*/\r
4790+#define OBV_AUTH 0x100 /* Require secondary authentication before execution*/\r
4791+#define OBV_AUTH_IF_ROOT 0x800 /* Require secondary authentication IF the user has root priveleges */\r
4792+\r
4793+#define OBV_FILE_REQSUM OBV_REQSUM\r
4794+#define OBV_FILE_AUTH OBV_AUTH\r
4795+#define OBV_PROC_REQSUM OBV_REQSUM\r
4796+#define OBV_PROC_INHERIT OBV_INHERIT\r
4797+#define OBV_PROC_AUTH OBV_AUTH\r
4798+#define OBV_PROC_AUTH_IF_ROOT OBV_AUTH_IF_ROOT\r
4799+/* End TODO */\r
4800+\r
4801+#define OBV_PROC_EXTRA (OBV_PROC_OVERRIDE|OBV_PROC_REQSUM|OBV_PROC_INHERIT|OBV_PROC_AUTH)\r
4802+/* Extra things that must be checked after a search*/\r
4803+\r
4804+#define OBV_FILE_EXTRA (OBV_FILE_REQSUM|OBV_FILE_AUTH)\r
4805+#define OBV_RW (OBV_READ|OBV_WRITE)\r
4806+#define OBV_RX (OBV_READ|OBV_EXEC)\r
4807+#define OBV_RWX (OBV_READ|OBV_WRITE|OBV_EXEC)\r
4808+\r
4809+/* End ACL Declarations */\r
4810+\r
4811diff -urN linux/include/linux/obvext.h linux/include/linux/obvext.h\r
4812--- linux/include/linux/obvext.h Wed Dec 31 19:00:00 1969\r
4813+++ linux/include/linux/obvext.h Mon Nov 26 11:16:21 2001\r
4814@@ -0,0 +1,17 @@\r
4815+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r
4816+ * Oblivion external header\r
4817+ * Used for sections of the kernel that must access oblivion\r
4818+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\r
4819+\r
4820+#include <linux/dcache.h>\r
4821+#include <linux/sysctl.h>\r
4822+#include <linux/obvdefs.h>\r
4823+\r
4824+extern int obv_status;\r
4825+extern int obv_disable;\r
4826+extern int obv_check_hidden(struct dentry *dentry, struct vfsmount *mnt);\r
4827+extern int obv_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt);\r
4828+extern int obv_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt);\r
4829+extern int obv_check_hidden_proc(struct task_struct *tsk);\r
4830+extern int obv_check_protected(struct task_struct *tsk);\r
4831+extern int obv_proc_handler(ctl_table *table,int write, struct file *filp, void *buffer, size_t *lenp);\r
4832diff -urN linux/include/linux/proc_fs.h linux/include/linux/proc_fs.h\r
4833--- linux/include/linux/proc_fs.h Thu Nov 22 14:46:23 2001\r
4834+++ linux/include/linux/proc_fs.h Mon Nov 26 11:16:21 2001\r
4835@@ -137,6 +137,9 @@\r
4836 extern struct proc_dir_entry *proc_mknod(const char *,mode_t,\r
4837 struct proc_dir_entry *,kdev_t);\r
4838 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);\r
4839+#ifdef CONFIG_GRKERNSEC_PROC\r
4840+extern struct proc_dir_entry *proc_priv_mkdir(const char *, mode_t mode, struct proc_dir_entry *);\r
4841+#endif\r
4842 \r
4843 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,\r
4844 mode_t mode, struct proc_dir_entry *base, \r
4845diff -urN linux/include/linux/sched.h linux/include/linux/sched.h\r
4846--- linux/include/linux/sched.h Thu Nov 22 14:46:19 2001\r
4847+++ linux/include/linux/sched.h Mon Nov 26 11:15:22 2001\r
4848@@ -29,6 +29,10 @@\r
4849 \r
4850 struct exec_domain;\r
4851 \r
4852+#ifdef CONFIG_OBV_PROC\r
4853+struct obv_acl;\r
4854+#endif\r
4855+\r
4856 /*\r
4857 * cloning flags:\r
4858 */\r
4859@@ -225,6 +229,12 @@\r
4860 unsigned long cpu_vm_mask;\r
4861 unsigned long swap_address;\r
4862 \r
4863+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4864+ unsigned long delta_mmap; /* PaX: randomized offset */\r
4865+ unsigned long delta_exec; /* PaX: randomized offset */\r
4866+ unsigned long delta_stack; /* PaX: randomized offset */\r
4867+#endif\r
4868+ \r
4869 unsigned dumpable:1;\r
4870 \r
4871 /* Architecture-specific MM context */\r
4872@@ -401,6 +411,10 @@\r
4873 int (*notifier)(void *priv);\r
4874 void *notifier_data;\r
4875 sigset_t *notifier_mask;\r
4876+\r
4877+#ifdef CONFIG_OBV_PROC\r
4878+ struct obv_acl *obvacl;\r
4879+#endif\r
4880 \r
4881 /* Thread group tracking */\r
4882 u32 parent_exec_id;\r
4883@@ -429,6 +443,13 @@\r
4884 \r
4885 #define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */\r
4886 \r
4887+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4888+#define PF_PAX_PAGEEXEC 0x01000000 /* PaX: Enforce PAGE_EXEC */\r
4889+#define PF_PAX_EMUTRAMP 0x02000000 /* PaX: Emulate trampolines */\r
4890+#define PF_PAX_MPROTECT 0x04000000 /* PaX: Restrict mprotect() */\r
4891+#define PF_PAX_RANDMMAP 0x08000000 /* PaX: Randomize mmap() base */\r
4892+#endif\r
4893+\r
4894 /*\r
4895 * Ptrace flags\r
4896 */\r
4897@@ -436,8 +457,18 @@\r
4898 #define PT_PTRACED 0x00000001\r
4899 #define PT_TRACESYS 0x00000002\r
4900 #define PT_DTRACE 0x00000004 /* delayed trace (used on m68k, i386) */\r
4901+#ifdef CONFIG_GRKERNSEC_STACK\r
4902+#define PF_STACKEXEC 0x01000000\r
4903+#endif\r
4904 #define PT_TRACESYSGOOD 0x00000008\r
4905 #define PT_PTRACE_CAP 0x00000010 /* ptracer can follow suid-exec */\r
4906+\r
4907+#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)\r
4908+/* PaX: for handling DTLB trashing */\r
4909+#define PT_PAX_TRACE 0x00000020\r
4910+#define PT_PAX_KEEPTF 0x00000040\r
4911+#define PT_PAX_OLDTF 0x00000080\r
4912+#endif\r
4913 \r
4914 /*\r
4915 * Limit the stack by to some sane default: root can always\r
4916diff -urN linux/include/linux/sysctl.h linux/include/linux/sysctl.h\r
4917--- linux/include/linux/sysctl.h Mon Nov 26 08:29:17 2001\r
4918+++ linux/include/linux/sysctl.h Mon Nov 26 11:15:37 2001\r
4919@@ -124,6 +124,8 @@\r
cab4bb15 4920 KERN_TAINTED=53, /* int: various kernel tainted flags */\r
4921 KERN_CADPID=54, /* int: PID of the process to notify on CAD */\r
842916cd 4922 KERN_KDB=55, /* int: kdb on/off */\r
cab4bb15 4923+ KERN_GRSECURITY=68, /* grsecurity */\r
4924+ KERN_OBV = 69 /* struct obv_pw, controls oblivion*/\r
4925 };\r
4926 \r
4927 \r
4928diff -urN linux/include/net/inetpeer.h linux/include/net/inetpeer.h\r
4929--- linux/include/net/inetpeer.h Thu Nov 22 14:47:11 2001\r
4930+++ linux/include/net/inetpeer.h Mon Nov 26 11:28:13 2001\r
4931@@ -14,6 +14,11 @@\r
4932 #include <linux/sched.h>\r
4933 #include <linux/spinlock.h>\r
4934 #include <asm/atomic.h>\r
4935+#include <linux/config.h>\r
4936+#ifdef CONFIG_GRKERNSEC_RANDID\r
4937+#include <linux/grsecurity.h>\r
4938+extern __u16 ip_randomid(void);\r
4939+#endif\r
4940 \r
4941 struct inet_peer\r
4942 {\r
4943@@ -58,6 +63,11 @@\r
4944 __u16 id;\r
4945 \r
4946 spin_lock_bh(&inet_peer_idlock);\r
4947+#ifdef CONFIG_GRKERNSEC_RANDID\r
4948+ if(grsec_enable_randid)\r
4949+ id = htons(ip_randomid());\r
4950+ else\r
4951+#endif\r
4952 id = p->ip_id_count++;\r
4953 spin_unlock_bh(&inet_peer_idlock);\r
4954 return id;\r
4955diff -urN linux/include/net/ip.h linux/include/net/ip.h\r
4956--- linux/include/net/ip.h Thu Nov 22 14:47:15 2001\r
4957+++ linux/include/net/ip.h Mon Nov 26 11:28:13 2001\r
4958@@ -38,6 +38,11 @@\r
4959 \r
4960 #include <net/sock.h> /* struct sock */\r
4961 \r
4962+#ifdef CONFIG_GRKERNSEC_RANDID\r
4963+#include <linux/grsecurity.h>\r
4964+extern __u16 ip_randomid(void);\r
4965+#endif\r
4966+\r
4967 struct inet_skb_parm\r
4968 {\r
4969 struct ip_options opt; /* Compiled IP options */\r
4970@@ -196,6 +201,11 @@\r
4971 * does not change, they drop every other packet in\r
4972 * a TCP stream using header compression.\r
4973 */\r
4974+#ifdef CONFIG_GRKERNSEC_RANDID\r
4975+ if(grsec_enable_randid)\r
4976+ iph->id = htons(ip_randomid());\r
4977+ else\r
4978+#endif\r
4979 iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);\r
4980 } else\r
4981 __ip_select_ident(iph, dst);\r
4982diff -urN linux/init/main.c linux/init/main.c\r
4983--- linux/init/main.c Fri Nov 9 17:15:00 2001\r
4984+++ linux/init/main.c Mon Nov 26 10:38:11 2001\r
4985@@ -69,6 +69,12 @@\r
4986 #include <asm/smp.h>\r
4987 #endif\r
4988 \r
4989+#ifdef CONFIG_OBV_PROC\r
4990+#include <linux/obvext.h>\r
4991+#endif\r
4992+\r
4993+\r
4994+\r
4995 /*\r
4996 * Versions of gcc older than that listed below may actually compile\r
4997 * and link okay, but the end product can have subtle run time bugs.\r
4998@@ -107,6 +113,12 @@\r
4999 extern void ipc_init(void);\r
5000 #endif\r
5001 \r
5002+#ifdef CONFIG_OBV_PROC\r
5003+static __init int obv_setup(char *line);\r
5004+#endif\r
5005+\r
5006+\r
5007+\r
5008 /*\r
5009 * Boot command-line arguments\r
5010 */\r
5011@@ -307,6 +319,19 @@\r
5012 }\r
5013 \r
5014 __setup("root=", root_dev_setup);\r
5015+\r
5016+#ifdef CONFIG_OBV_PROC\r
5017+static int __init obv_setup(char *str) \r
5018+{\r
5019+#ifdef CONFIG_OBV_DEBUG\r
5020+ obv_seclog("Obv got %.3s at startup\n",str);\r
5021+#endif\r
5022+ if(*str == '0') obv_disable = 1;\r
5023+ return 1;\r
5024+}\r
5025+__setup("oblivion=",obv_setup);\r
5026+#endif\r
5027+\r
5028 \r
5029 static int __init checksetup(char *line)\r
5030 {\r
5031diff -urN linux/kernel/Makefile linux/kernel/Makefile\r
5032--- linux/kernel/Makefile Mon Sep 17 00:22:40 2001\r
5033+++ linux/kernel/Makefile Mon Nov 26 10:38:11 2001\r
842916cd 5034@@ -14,12 +14,13 @@\r
cab4bb15 5035 obj-y = sched.o dma.o fork.o exec_domain.o panic.o printk.o \\r
5036 module.o exit.o itimer.o info.o time.o softirq.o resource.o \\r
5037 sysctl.o acct.o capability.o ptrace.o timer.o user.o \\r
5038- signal.o sys.o kmod.o context.o\r
5039+ signal.o sys.o grsecurity.o kmod.o context.o\r
5040 \r
5041 obj-$(CONFIG_UID16) += uid16.o\r
5042 obj-$(CONFIG_MODULES) += ksyms.o\r
5043 obj-$(CONFIG_PM) += pm.o\r
842916cd 5044 obj-$(CONFIG_KALLSYMS) += kallsyms.o\r
cab4bb15 5045+obj-$(CONFIG_OBV_PROC) += oblivion.o obvqsort.o obvhash.o\r
5046 \r
5047 ifneq ($(CONFIG_IA64),y)\r
5048 # According to Alan Modra <alan@linuxcare.com.au>, the -fno-omit-frame-pointer is\r
5049diff -urN linux/kernel/exit.c linux/kernel/exit.c\r
5050--- linux/kernel/exit.c Wed Nov 21 17:42:27 2001\r
5051+++ linux/kernel/exit.c Mon Nov 26 10:38:11 2001\r
5052@@ -20,6 +20,10 @@\r
5053 #include <asm/pgtable.h>\r
5054 #include <asm/mmu_context.h>\r
5055 \r
5056+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5057+#include <linux/grsecurity.h>\r
5058+#endif\r
5059+\r
5060 extern void sem_exit (void);\r
5061 extern struct task_struct *child_reaper;\r
5062 \r
5063@@ -416,6 +420,10 @@\r
5064 write_unlock_irq(&tasklist_lock);\r
5065 }\r
5066 \r
5067+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5068+pid_t last_pids[64];\r
5069+int cur_n_pids;\r
5070+#endif\r
5071 NORET_TYPE void do_exit(long code)\r
5072 {\r
5073 struct task_struct *tsk = current;\r
5074@@ -436,6 +444,12 @@\r
5075 __exit_mm(tsk);\r
5076 \r
5077 lock_kernel();\r
5078+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5079+ if(grsec_enable_randpid){\r
5080+ last_pids[cur_n_pids++] = tsk -> pid;\r
5081+ cur_n_pids &= 63;\r
5082+ }\r
5083+#endif\r
5084 sem_exit();\r
5085 __exit_files(tsk);\r
5086 __exit_fs(tsk);\r
5087diff -urN linux/kernel/fork.c linux/kernel/fork.c\r
5088--- linux/kernel/fork.c Wed Nov 21 13:18:42 2001\r
5089+++ linux/kernel/fork.c Mon Nov 26 10:38:11 2001\r
5090@@ -20,12 +20,29 @@\r
5091 #include <linux/vmalloc.h>\r
5092 #include <linux/completion.h>\r
5093 #include <linux/personality.h>\r
5094+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5095+#include <linux/random.h>\r
5096+#endif\r
5097+\r
5098+#if defined(CONFIG_GRKERNSEC_FORKFAIL)||defined(CONFIG_GRKERNSEC_RANDPID) \\r
5099+ || defined(CONFIG_GRKERNSEC_FORKBOMB)\r
5100+#include <linux/grsecurity.h>\r
5101+#endif\r
5102 \r
5103 #include <asm/pgtable.h>\r
5104 #include <asm/pgalloc.h>\r
5105 #include <asm/uaccess.h>\r
5106 #include <asm/mmu_context.h>\r
5107 \r
5108+#ifdef CONFIG_OBV_PROC\r
5109+#include <linux/oblivion.h>\r
5110+#endif\r
5111+\r
5112+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5113+extern struct entropy_store *random_state;\r
5114+extern struct entropy_store *sec_random_state;\r
5115+#endif\r
5116+\r
5117 /* The idle threads do not count.. */\r
5118 int nr_threads;\r
5119 int nr_running;\r
5120@@ -36,6 +53,13 @@\r
5121 \r
5122 struct task_struct *pidhash[PIDHASH_SZ];\r
5123 \r
5124+#ifdef CONFIG_OBV_PROC\r
5125+static __inline__ int obv_copy_acl(struct task_struct *tsk) {\r
5126+ tsk->obvacl = current->obvacl;\r
5127+ return 0;\r
5128+}\r
5129+#endif\r
5130+\r
5131 void add_wait_queue(wait_queue_head_t *q, wait_queue_t * wait)\r
5132 {\r
5133 unsigned long flags;\r
5134@@ -81,9 +105,18 @@\r
5135 /* Protects next_safe and last_pid. */\r
5136 spinlock_t lastpid_lock = SPIN_LOCK_UNLOCKED;\r
5137 \r
5138+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5139+extern pid_t last_pids[64];\r
5140+extern int cur_n_pids;\r
5141+#endif\r
5142+\r
5143 static int get_pid(unsigned long flags)\r
5144 {\r
5145 static int next_safe = PID_MAX;\r
5146+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5147+ int loops; \r
5148+#endif\r
5149+\r
5150 struct task_struct *p;\r
5151 \r
5152 if (flags & CLONE_PID)\r
5153@@ -91,32 +124,72 @@\r
5154 \r
5155 spin_lock(&lastpid_lock);\r
5156 if((++last_pid) & 0xffff8000) {\r
5157+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5158+ if(!grsec_enable_randpid || (current->p_pptr->pid < 1))\r
5159+#endif\r
5160 last_pid = 300; /* Skip daemons etc. */\r
5161 goto inside;\r
5162 }\r
5163- if(last_pid >= next_safe) {\r
5164+ if(last_pid >= \r
5165+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5166+ (grsec_enable_randpid && (current->p_pptr->pid >= 1))?2:\r
5167+#endif\r
5168+ next_safe) {\r
5169 inside:\r
5170+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5171+ if(!grsec_enable_randpid || (current->p_pptr->pid < 1))\r
5172+#endif\r
5173 next_safe = PID_MAX;\r
5174 read_lock(&tasklist_lock);\r
5175 repeat:\r
5176+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5177+ if (grsec_enable_randpid && (current->p_pptr->pid >= 1)) {\r
5178+ if((random_state) || (sec_random_state)){\r
5179+ do {\r
5180+ get_random_bytes(&last_pid, sizeof(last_pid));\r
5181+ last_pid %= PID_MAX;\r
5182+ if(last_pid < 0)\r
5183+ last_pid = -1 * last_pid;\r
5184+ } while (last_pid <= 1);\r
5185+ } else\r
5186+ last_pid = 1+((xtime.tv_usec * total_forks) % PID_MAX);\r
5187+ for(loops=0;loops<64;loops++){\r
5188+ if(last_pids[loops] == last_pid)\r
5189+ goto repeat;\r
5190+ }\r
5191+ }\r
5192+#endif\r
5193+\r
5194 for_each_task(p) {\r
5195 if(p->pid == last_pid ||\r
5196 p->pgrp == last_pid ||\r
5197 p->tgid == last_pid ||\r
5198 p->session == last_pid) {\r
5199- if(++last_pid >= next_safe) {\r
5200+ if(\r
5201+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5202+ (!grsec_enable_randpid || \r
5203+ (current->p_pptr->pid < 1)) &&\r
5204+#endif\r
5205+ ++last_pid >= next_safe) {\r
5206 if(last_pid & 0xffff8000)\r
5207 last_pid = 300;\r
5208 next_safe = PID_MAX;\r
5209 }\r
5210 goto repeat;\r
5211 }\r
5212+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5213+ if(!grsec_enable_randpid || \r
5214+ (current->p_pptr->pid < 1)){\r
5215+#endif\r
5216 if(p->pid > last_pid && next_safe > p->pid)\r
5217 next_safe = p->pid;\r
5218 if(p->pgrp > last_pid && next_safe > p->pgrp)\r
5219 next_safe = p->pgrp;\r
5220 if(p->session > last_pid && next_safe > p->session)\r
5221 next_safe = p->session;\r
5222+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5223+ }\r
5224+#endif\r
5225 }\r
5226 read_unlock(&tasklist_lock);\r
5227 }\r
5228@@ -565,6 +638,39 @@\r
5229 int retval;\r
5230 struct task_struct *p;\r
5231 struct completion vfork;\r
5232+#ifdef CONFIG_GRKERNSEC_FORKBOMB\r
5233+ int fork_user;\r
5234+ int sec_forks = 0;\r
5235+ int user_tasks = 0;\r
5236+ unsigned long curr_time = jiffies;\r
5237+\r
5238+fork_user = current->uid;\r
5239+if(grsec_enable_forkbomb) {\r
5240+if(in_group_p(grsec_forkbomb_gid) && fork_user){\r
5241+ read_lock(&tasklist_lock);\r
5242+ for_each_task(p)\r
5243+ {\r
5244+ if ((p->uid) == fork_user)\r
5245+ {\r
5246+ user_tasks++;\r
5247+ if ( (curr_time - (p->start_time)) <= 100)\r
5248+ sec_forks++;\r
5249+ }\r
5250+ }\r
5251+ read_unlock(&tasklist_lock);\r
5252+\r
5253+ if (user_tasks >= grsec_forkbomb_max){\r
5254+ security_alert("max process limit reached with "\r
5255+ DEFAULTSECMSG,"max proc limits reached",DEFAULTSECARGS);\r
5256+ return(kill_pg(current->pgrp,SIGKILL,0));\r
5257+ } else if (sec_forks >= grsec_forkbomb_sec){\r
5258+ security_alert("fork rate-limit reached with "\r
5259+ DEFAULTSECMSG,"fork rate-limits reached", DEFAULTSECARGS);\r
5260+ return(kill_pg(current->pgrp,SIGKILL,0));\r
5261+ }\r
5262+}\r
5263+}\r
5264+#endif\r
5265 \r
5266 retval = -EPERM;\r
5267 \r
5268@@ -661,6 +767,11 @@\r
5269 goto bad_fork_cleanup_fs;\r
5270 if (copy_mm(clone_flags, p))\r
5271 goto bad_fork_cleanup_sighand;\r
5272+#ifdef CONFIG_OBV_PROC\r
5273+ if (obv_copy_acl(p))\r
5274+ goto bad_fork_cleanup_sighand;\r
5275+#endif\r
5276+\r
5277 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);\r
5278 if (retval)\r
5279 goto bad_fork_cleanup_mm;\r
5280@@ -747,6 +858,11 @@\r
5281 free_uid(p->user);\r
5282 bad_fork_free:\r
5283 free_task_struct(p);\r
5284+#ifdef CONFIG_GRKERNSEC_FORKFAIL\r
5285+ if(grsec_enable_forkfail)\r
5286+ security_alert("failed fork with errno %d by " DEFAULTSECMSG,\r
5287+ "failed forks",retval, DEFAULTSECARGS);\r
5288+#endif\r
5289 goto fork_out;\r
5290 }\r
5291 \r
5292diff -urN linux/kernel/grsecurity.c linux/kernel/grsecurity.c\r
5293--- linux/kernel/grsecurity.c Wed Dec 31 19:00:00 1969\r
5294+++ linux/kernel/grsecurity.c Mon Nov 26 10:38:11 2001\r
5295@@ -0,0 +1,266 @@\r
5296+#include <linux/config.h>\r
5297+\r
5298+#ifdef CONFIG_GRKERNSEC_SYSCTL\r
5299+#ifdef CONFIG_GRKERNSEC_LINK\r
5300+int grsec_enable_link = 0;\r
5301+#endif\r
5302+#ifdef CONFIG_GRKERNSEC_FIFO\r
5303+int grsec_enable_fifo = 0;\r
5304+#endif\r
5305+#ifdef CONFIG_GRKERNSEC_FD\r
5306+int grsec_enable_fd = 0;\r
5307+#endif\r
5308+#ifdef CONFIG_GRKERNSEC_EXECVE\r
5309+int grsec_enable_execve = 0;\r
5310+#endif\r
5311+#ifdef CONFIG_GRKERNSEC_FORKBOMB\r
5312+int grsec_enable_forkbomb = 0;\r
5313+int grsec_forkbomb_gid = 0;\r
5314+int grsec_forkbomb_sec = 0;\r
5315+int grsec_forkbomb_max = 0;\r
5316+#endif\r
5317+#ifdef CONFIG_GRKERNSEC_EXECLOG\r
5318+int grsec_enable_execlog = 0;\r
5319+#endif\r
5320+#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r
5321+int grsec_enable_execlog_group = 0;\r
5322+int grsec_execlog_gid = 0;\r
5323+#endif\r
5324+#ifdef CONFIG_GRKERNSEC_SUID\r
5325+int grsec_enable_suid = 0;\r
5326+#endif\r
5327+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
5328+int grsec_enable_suid_root = 0;\r
5329+#endif\r
5330+#ifdef CONFIG_GRKERNSEC_SIGNAL\r
5331+int grsec_enable_signal = 0;\r
5332+#endif\r
5333+#ifdef CONFIG_GRKERNSEC_COREDUMP\r
5334+int grsec_enable_coredump = 0;\r
5335+#endif\r
5336+#ifdef CONFIG_GRKERNSEC_FORKFAIL\r
5337+int grsec_enable_forkfail = 0;\r
5338+#endif\r
5339+#ifdef CONFIG_GRKERNSEC_TIME\r
5340+int grsec_enable_time = 0;\r
5341+#endif\r
5342+#ifdef CONFIG_GRKERNSEC_KBMAP\r
5343+int grsec_enable_kbmap = 0;\r
5344+#endif\r
5345+#ifdef CONFIG_GRKERNSEC_RANDNET\r
5346+int grsec_enable_randnet = 0;\r
5347+#endif\r
5348+#ifdef CONFIG_GRKERNSEC_CHROOT\r
5349+int grsec_enable_chroot = 0;\r
5350+#endif\r
5351+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r
5352+int grsec_enable_chroot_execlog = 0;\r
5353+#endif\r
5354+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r
5355+int grsec_enable_chroot_caps = 0;\r
5356+#endif\r
5357+#ifdef CONFIG_GRKERNSEC_TPE\r
5358+int grsec_enable_tpe = 0;\r
5359+int grsec_tpe_gid = 0;\r
5360+#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r
5361+int grsec_enable_tpe_glibc = 0;\r
5362+#endif\r
5363+#ifdef CONFIG_GRKERNSEC_TPE_ALL\r
5364+int grsec_enable_tpe_all = 0;\r
5365+#endif\r
5366+#endif\r
5367+#ifdef CONFIG_GRKERNSEC_PTRACE\r
5368+int grsec_enable_ptrace = 0;\r
5369+#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r
5370+int grsec_enable_ptrace_group = 0;\r
5371+int grsec_ptrace_gid = 0;\r
5372+#endif\r
5373+#endif\r
5374+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5375+int grsec_enable_randpid = 0;\r
5376+#endif\r
5377+#ifdef CONFIG_GRKERNSEC_RANDID\r
5378+int grsec_enable_randid = 0;\r
5379+#endif\r
5380+#ifdef CONFIG_GRKERNSEC_RANDSRC\r
5381+int grsec_enable_randsrc = 0;\r
5382+#endif\r
5383+#ifdef CONFIG_GRKERNSEC_RANDPING\r
5384+int grsec_enable_randping = 0;\r
5385+#endif\r
5386+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
5387+int grsec_enable_randttl = 0;\r
5388+int grsec_randttl_thresh = 0;\r
5389+#endif\r
5390+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r
5391+int grsec_enable_socket_all = 0;\r
5392+int grsec_socket_all_gid = 0;\r
5393+#endif\r
5394+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r
5395+int grsec_enable_socket_client = 0;\r
5396+int grsec_socket_client_gid = 0;\r
5397+#endif\r
5398+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r
5399+int grsec_enable_socket_server = 0;\r
5400+int grsec_socket_server_gid = 0;\r
5401+#endif\r
5402+#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r
5403+int grsec_enable_stealth_rst = 0;\r
5404+#endif\r
5405+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r
5406+int grsec_enable_stealth_udp = 0;\r
5407+#endif\r
5408+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r
5409+int grsec_enable_stealth_icmp = 0;\r
5410+#endif\r
5411+#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r
5412+int grsec_enable_stealth_igmp = 0;\r
5413+#endif\r
5414+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r
5415+int grsec_enable_stealth_flags = 0;\r
5416+#endif\r
5417+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r
5418+int grsec_enable_stealth_flags_log = 0;\r
5419+#endif\r
5420+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r
5421+int grsec_enable_stealth_udp_log = 0;\r
5422+#endif\r
5423+#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
5424+int grsec_enable_stealth_rst_log = 0;\r
5425+#endif\r
5426+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r
5427+int grsec_enable_stealth_icmp_log = 0;\r
5428+#endif\r
5429+int grsec_lock = 0;\r
5430+#else\r
5431+#ifdef CONFIG_GRKERNSEC_LINK\r
5432+int grsec_enable_link = 1;\r
5433+#endif\r
5434+#ifdef CONFIG_GRKERNSEC_FIFO\r
5435+int grsec_enable_fifo = 1;\r
5436+#endif\r
5437+#ifdef CONFIG_GRKERNSEC_FD\r
5438+int grsec_enable_fd = 1;\r
5439+#endif\r
5440+#ifdef CONFIG_GRKERNSEC_EXECVE\r
5441+int grsec_enable_execve = 1;\r
5442+#endif\r
5443+#ifdef CONFIG_GRKERNSEC_FORKBOMB\r
5444+int grsec_enable_forkbomb = 1;\r
5445+int grsec_forkbomb_gid = CONFIG_GRKERNSEC_FORKBOMB_GID;\r
5446+int grsec_forkbomb_sec = CONFIG_GRKERNSEC_FORKBOMB_SEC;\r
5447+int grsec_forkbomb_max = CONFIG_GRKERNSEC_FORKBOMB_MAX;\r
5448+#endif\r
5449+#ifdef CONFIG_GRKERNSEC_EXECLOG\r
5450+int grsec_enable_execlog = 1;\r
5451+#endif\r
5452+#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r
5453+int grsec_enable_execlog_group = 1;\r
5454+int grsec_execlog_gid= CONFIG_GRKERNSEC_EXECLOG_GID;\r
5455+#endif\r
5456+#ifdef CONFIG_GRKERNSEC_SUID\r
5457+int grsec_enable_suid = 1;\r
5458+#endif\r
5459+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
5460+int grsec_enable_suid_root = 1;\r
5461+#endif\r
5462+#ifdef CONFIG_GRKERNSEC_SIGNAL\r
5463+int grsec_enable_signal = 1;\r
5464+#endif\r
5465+#ifdef CONFIG_GRKERNSEC_COREDUMP\r
5466+int grsec_enable_coredump = 1;\r
5467+#endif\r
5468+#ifdef CONFIG_GRKERNSEC_FORKFAIL\r
5469+int grsec_enable_forkfail = 1;\r
5470+#endif\r
5471+#ifdef CONFIG_GRKERNSEC_TIME\r
5472+int grsec_enable_time = 1;\r
5473+#endif\r
5474+#ifdef CONFIG_GRKERNSEC_KBMAP\r
5475+int grsec_enable_kbmap = 1;\r
5476+#endif\r
5477+#ifdef CONFIG_GRKERNSEC_RANDNET\r
5478+int grsec_enable_randnet = 1;\r
5479+#endif\r
5480+#ifdef CONFIG_GRKERNSEC_CHROOT\r
5481+int grsec_enable_chroot = 1;\r
5482+#endif\r
5483+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r
5484+int grsec_enable_chroot_execlog = 1;\r
5485+#endif\r
5486+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r
5487+int grsec_enable_chroot_caps = 1;\r
5488+#endif\r
5489+#ifdef CONFIG_GRKERNSEC_TPE\r
5490+int grsec_enable_tpe = 1;\r
5491+int grsec_tpe_gid= CONFIG_GRKERNSEC_TPE_GID;\r
5492+#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r
5493+int grsec_enable_tpe_glibc = 1;\r
5494+#endif\r
5495+#ifdef CONFIG_GRKERNSEC_TPE_ALL\r
5496+int grsec_enable_tpe_all = 1;\r
5497+#endif\r
5498+#endif\r
5499+#ifdef CONFIG_GRKERNSEC_PTRACE\r
5500+int grsec_enable_ptrace = 1;\r
5501+#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r
5502+int grsec_enable_ptrace_group = 1;\r
5503+int grsec_ptrace_gid = CONFIG_GRKERNSEC_PTRACE_GID;\r
5504+#endif\r
5505+#endif\r
5506+#ifdef CONFIG_GRKERNSEC_RANDPID\r
5507+int grsec_enable_randpid = 1;\r
5508+#endif\r
5509+#ifdef CONFIG_GRKERNSEC_RANDID\r
5510+int grsec_enable_randid = 1;\r
5511+#endif\r
5512+#ifdef CONFIG_GRKERNSEC_RANDSRC\r
5513+int grsec_enable_randsrc = 1;\r
5514+#endif\r
5515+#ifdef CONFIG_GRKERNSEC_RANDPING\r
5516+int grsec_enable_randping = 1;\r
5517+#endif\r
5518+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
5519+int grsec_enable_randttl = 1;\r
5520+int grsec_randttl_thresh= CONFIG_GRKERNSEC_RANDTTL_THRESH;\r
5521+#endif\r
5522+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r
5523+int grsec_enable_socket_all = 1;\r
5524+int grsec_socket_all_gid= CONFIG_GRKERNSEC_SOCKET_ALL_GID;\r
5525+#endif\r
5526+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r
5527+int grsec_enable_socket_client = 1;\r
5528+int grsec_socket_client_gid= CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;\r
5529+#endif\r
5530+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r
5531+int grsec_enable_socket_server = 1;\r
5532+int grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;\r
5533+#endif\r
5534+#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r
5535+int grsec_enable_stealth_rst = 1;\r
5536+#endif\r
5537+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r
5538+int grsec_enable_stealth_udp = 1;\r
5539+#endif\r
5540+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r
5541+int grsec_enable_stealth_icmp = 1;\r
5542+#endif\r
5543+#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r
5544+int grsec_enable_stealth_igmp = 1;\r
5545+#endif\r
5546+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r
5547+int grsec_enable_stealth_flags = 1;\r
5548+#endif\r
5549+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r
5550+int grsec_enable_stealth_flags_log = 1;\r
5551+#endif\r
5552+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r
5553+int grsec_enable_stealth_udp_log = 1;\r
5554+#endif\r
5555+#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
5556+int grsec_enable_stealth_rst_log = 1;\r
5557+#endif\r
5558+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r
5559+int grsec_enable_stealth_icmp_log = 1;\r
5560+#endif\r
5561+#endif\r
5562diff -urN linux/kernel/oblivion.c linux/kernel/oblivion.c\r
5563--- linux/kernel/oblivion.c Wed Dec 31 19:00:00 1969\r
5564+++ linux/kernel/oblivion.c Mon Nov 26 10:38:11 2001\r
5565@@ -0,0 +1,1348 @@\r
5566+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r
5567+ * Oblivion: A Security-Enhancing Linux Kernel Modification\r
5568+ * Author: Michael Dalton\r
5569+ * E-Mail: michael@linux.com\r
5570+ * Information: This modification is designed to give \r
5571+ * fine-tuned control over processes, to prevent\r
5572+ * the damage of buffer overflows by disallowing them to run or\r
5573+ * write to anything that is abnormal. It also protects files from\r
5574+ * access by unauthorized programs(read only/append only/hidden modes)\r
5575+ * and has capability management features.\r
5576+ *\r
5577+ * Modifications\r
5578+ * 4-20-2001 - Began development of OPM .3 \r
5579+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\r
5580+\r
5581+/* Access Layers */\r
5582+\r
5583+/* Files -\r
5584+ * file database -> file info\r
5585+ */\r
5586+\r
5587+/* Process\r
5588+ * process database -> process entry (and capabilities) -> process file access rights \r
5589+ */\r
5590+\r
5591+#include <linux/kernel.h>\r
5592+#include <linux/mm.h>\r
5593+#include <linux/ctype.h>\r
5594+#include <asm/uaccess.h>\r
5595+#include <asm/errno.h>\r
5596+#include <linux/file.h>\r
5597+#include <linux/fs.h>\r
5598+#include <linux/slab.h>\r
5599+#include <linux/types.h>\r
5600+#include <linux/capability.h>\r
5601+#include <linux/sched.h>\r
5602+#include <linux/oblivion.h>\r
5603+#include <linux/obvcipher.h>\r
5604+#include <linux/sysctl.h>\r
5605+#include <linux/grsecurity.h>\r
5606+\r
5607+#define OBV_SET_AUTH 1\r
5608+#define OBV_SET_INHERIT 2\r
5609+#define OBV_SET_PROC 3\r
5610+\r
5611+#define CONFIG_OBV_PROCACL_CONF "/etc/obv/proc.acl"\r
5612+#define CONFIG_OBV_FILEACL_CONF "/etc/obv/file.acl"\r
5613+#define CONFIG_OBV_SUM_CONF "/etc/obv/sum.db"\r
5614+#define CONFIG_OBV_PW_CONF "/etc/obv/pw"\r
5615+#define CONFIG_OBVADM_ACL CONFIG_OBVADM_PATH ## " fx"\r
5616+#define CONFIG_GODMODE_ACL "/ frwxoi"\r
5617+/* i.e. this would become "/sbin/obvadm x" for executable access only to\r
5618+ * /sbin/obvadm (and find it if its hidden) */\r
5619+\r
5620+#define obv_empty_tree (struct obv_proc_acl *) NULL\r
5621+\r
5622+#define obv_heightof(tree) ( (tree == obv_empty_tree) ? 0 : (tree->height) )\r
5623+\r
5624+#define INIT_CAP_TABLE(table) \\r
5625+table[0].capname = "CAP_CHOWN";\\r
5626+table[0].capval = CAP_CHOWN; \\r
5627+table[1].capname = "CAP_DAC_OVERRIDE"; \\r
5628+table[1].capval = CAP_DAC_OVERRIDE; \\r
5629+table[2].capname = "CAP_DAC_READ_SEARCH"; \\r
5630+table[2].capval = CAP_DAC_READ_SEARCH; \\r
5631+table[3].capname = "CAP_FOWNER"; \\r
5632+table[3].capval = CAP_FOWNER; \\r
5633+table[4].capname = "CAP_FSETID"; \\r
5634+table[4].capval = CAP_FSETID; \\r
5635+table[5].capname = "CAP_FS_MASK"; \\r
5636+table[5].capval = CAP_FS_MASK; \\r
5637+table[6].capname = "CAP_KILL"; \\r
5638+table[6].capval = CAP_KILL; \\r
5639+table[7].capname = "CAP_SETGID"; \\r
5640+table[7].capval = CAP_SETGID; \\r
5641+table[8].capname = "CAP_SETUID"; \\r
5642+table[8].capval = CAP_SETUID; \\r
5643+table[9].capname = "CAP_SETPCAP"; \\r
5644+table[9].capval = CAP_SETPCAP; \\r
5645+table[10].capname = "CAP_LINUX_IMMUTABLE"; \\r
5646+table[10].capval = CAP_LINUX_IMMUTABLE; \\r
5647+table[11].capname = "CAP_NET_BIND_SERVICE"; \\r
5648+table[11].capval = CAP_NET_BIND_SERVICE; \\r
5649+table[12].capname = "CAP_NET_BROADCAST"; \\r
5650+table[12].capval = CAP_NET_BROADCAST;\\r
5651+table[13].capname = "CAP_NET_ADMIN"; \\r
5652+table[13].capval = CAP_NET_ADMIN; \\r
5653+table[14].capname = "CAP_NET_RAW"; \\r
5654+table[14].capval = CAP_NET_RAW; \\r
5655+table[15].capname = "CAP_IPC_LOCK"; \\r
5656+table[15].capval = CAP_IPC_LOCK; \\r
5657+table[16].capname = "CAP_IPC_OWNER"; \\r
5658+table[16].capval = CAP_IPC_OWNER; \\r
5659+table[17].capname = "CAP_SYS_MODULE"; \\r
5660+table[17].capval = CAP_SYS_MODULE; \\r
5661+table[18].capname = "CAP_SYS_RAWIO"; \\r
5662+table[18].capval = CAP_SYS_RAWIO; \\r
5663+table[19].capname = "CAP_SYS_CHROOT"; \\r
5664+table[19].capval = CAP_SYS_CHROOT; \\r
5665+table[20].capname = "CAP_SYS_PTRACE"; \\r
5666+table[20].capval = CAP_SYS_PTRACE; \\r
5667+table[21].capname = "CAP_SYS_PACCT"; \\r
5668+table[21].capval = CAP_SYS_PACCT; \\r
5669+table[22].capname = "CAP_SYS_ADMIN"; \\r
5670+table[22].capval = CAP_SYS_ADMIN; \\r
5671+table[23].capname = "CAP_SYS_BOOT"; \\r
5672+table[23].capval = CAP_SYS_BOOT; \\r
5673+table[24].capname = "CAP_SYS_NICE"; \\r
5674+table[24].capval = CAP_SYS_NICE; \\r
5675+table[25].capname = "CAP_SYS_RESOURCE"; \\r
5676+table[25].capval = CAP_SYS_RESOURCE; \\r
5677+table[26].capname = "CAP_SYS_TIME"; \\r
5678+table[26].capval = CAP_SYS_TIME; \\r
5679+table[27].capname = "CAP_SYS_TTY_CONFIG"; \\r
5680+table[27].capval = CAP_SYS_TTY_CONFIG; \\r
5681+table[28].capname = "CAP_MKNOD"; \\r
5682+table[28].capval = CAP_MKNOD; \\r
5683+table[29].capname = "CAP_LEASE"; \\r
5684+table[29].capval = CAP_LEASE;\r
5685+\r
5686+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r
5687+ * Global variables\r
5688+ * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * */\r
5689+\r
5690+int _enable_oblivion_load = 0;\r
5691+int obv_disable = 0; /* handles boot time disabling of oblivion*/\r
5692+static struct obv_proc_db procdb;\r
5693+static struct obv_file_db filedb;\r
5694+/* Main variables for holding the rulesets*/\r
5695+static spinlock_t obv_lock = SPIN_LOCK_UNLOCKED;\r
5696+__u8 obv_status = (OBV_1ST | OBV_DISABLED);\r
5697+struct obv_pw obv_pwent;\r
5698+struct obv_cap_list *caplist; \r
5699+struct obv_acl obv_god_mode = { 0,0,0,~0,obv_empty_tree};\r
5700+/* iddqd style god mode;) Full caps/access rights*/\r
5701+extern kdev_t ROOT_DEV;\r
5702+struct obv_acl obv_auth = { 0,0,(__u8)OBV_PROC_AUTH,CAP_INIT_EFF_SET,obv_empty_tree };\r
5703+/* acl for authentication mode */\r
5704+\r
5705+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\r
5706+ * Sorting Routines\r
5707+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\r
5708+\r
5709+\r
5710+\r
5711+static __inline__ int obv_procacl_less(const struct obv_temp *a, const struct obv_proc_acl *b) \r
5712+{\r
5713+ return ( (a->file_inode < b->file_inode) || ( (a->file_inode == b->file_inode) && (a->file_dev < b->file_dev) ) ) ? 1 : 0;\r
5714+}\r
5715+\r
5716+#define obv_proc_acl_less(a,b) obv_procacl_less(a,b)\r
5717+\r
5718+static __inline__ int obv_procacl_eq(const struct obv_temp *a, const struct obv_proc_acl *b)\r
5719+{\r
5720+ return ( (a->file_inode == b->file_inode) && (a->file_dev == b->file_dev) ) ? 1:0;\r
5721+}\r
5722+\r
5723+\r
5724+static __inline__ int obv_acl_eq(const struct obv_acl *a, const struct obv_acl *b) \r
5725+{\r
5726+ return ( (a->file_inode == b->file_inode) && (a->file_dev == b->file_dev)) ? 1 : 0;\r
5727+}\r
5728+\r
5729+extern void obv_qsort(void *const pbase,size_t total_elems,size_t size,int (*cmp) (const void *, const void *));\r
5730+\r
5731+/* see obvqsort.c for above. Slightly adapted from gnu libc's qsort*/\r
5732+\r
5733+static __inline__ int obv_file_acl_cmp(const void *va, const void *vb) \r
5734+{\r
5735+ struct obv_file_acl *a = (struct obv_file_acl *) va;\r
5736+ struct obv_file_acl *b = (struct obv_file_acl *) vb;\r
5737+ if (a->file_inode < b->file_inode) \r
5738+ return -1;\r
5739+ else if(a->file_inode == b->file_inode) {\r
5740+ if(a->file_dev < b->file_dev) \r
5741+ return -1;\r
5742+ else if(a->file_dev == b->file_dev)\r
5743+ return 0;\r
5744+ }\r
5745+ return 1;\r
5746+}\r
5747+\r
5748+static __inline__ int obv_fileacl_less(const struct obv_file_acl *f1, const struct obv_temp *f2) {\r
5749+ return ( ((f1->file_inode < f2->file_inode)) || (f1->file_inode == f2->file_inode && f1->file_dev < f2->file_dev) ) ? 1 : 0;\r
5750+}\r
5751+\r
5752+static __inline__ int obv_fileacl_eq(const struct obv_file_acl *f1, const struct obv_temp *f2) {\r
5753+ return ( (f1->file_inode == f2->file_inode) && (f1->file_dev == f2->file_dev)) ? 1 : 0;\r
5754+}\r
5755+static __inline__ int obv_acl_cmp(const void *va, const void *vb) \r
5756+{\r
5757+ struct obv_acl *a = (struct obv_acl *) va;\r
5758+ struct obv_acl *b = (struct obv_acl *) vb;\r
5759+ if (a->file_inode < b->file_inode) \r
5760+ return -1;\r
5761+\r
5762+ else if(a->file_inode == b->file_inode) {\r
5763+ if(a->file_dev < b->file_dev) \r
5764+ return -1;\r
5765+ else if(a->file_dev == b->file_dev) \r
5766+ return 0;\r
5767+ }\r
5768+ return 1;\r
5769+}\r
5770+#define obv_acl_less(a,b) (((obv_acl_cmp((const void *)a,(const void *)b)) < 0))\r
5771+\r
5772+static struct obv_proc_acl * obv_rotl(struct obv_proc_acl *tree) \r
5773+{\r
5774+ struct obv_proc_acl *tmp = tree->right;\r
5775+ tree->right = tmp->left;\r
5776+ tmp->left = tree;\r
5777+ if(obv_heightof(tree->left) >= obv_heightof(tree->right))\r
5778+ tree->height = obv_heightof(tree->left) +1;\r
5779+ else\r
5780+ tree->height = obv_heightof(tree->right) + 1;\r
5781+ if(obv_heightof(tmp->left) >= obv_heightof(tmp->right))\r
5782+ tmp->height = obv_heightof(tmp->left) + 1;\r
5783+ else\r
5784+ tmp->height = obv_heightof(tmp->right) + 1;\r
5785+ return tmp;\r
5786+}\r
5787+\r
5788+static struct obv_proc_acl * obv_rotr(struct obv_proc_acl *tree)\r
5789+{\r
5790+ struct obv_proc_acl *tmp = tree->left;\r
5791+ tree->left = tmp->right;\r
5792+ tmp->right = tree;\r
5793+ if(obv_heightof(tree->left) >= obv_heightof(tree->right))\r
5794+ tree->height=obv_heightof(tree->left) + 1;\r
5795+ else\r
5796+ tree->height = obv_heightof(tree->right) + 1;\r
5797+ if(obv_heightof(tmp->left) >= obv_heightof(tmp->right))\r
5798+ tmp->height = obv_heightof(tmp->left) + 1;\r
5799+ else\r
5800+ tmp->height = obv_heightof(tmp->right) + 1; \r
5801+ return tmp;\r
5802+}\r
5803+\r
5804+static struct obv_proc_acl * obv_drlr(struct obv_proc_acl *tree) {\r
5805+ tree->right = obv_rotr(tree->right);\r
5806+ return obv_rotl(tree);\r
5807+}\r
5808+\r
5809+static struct obv_proc_acl * obv_dlrr(struct obv_proc_acl *tree) {\r
5810+ tree->left = obv_rotl(tree->left);\r
5811+ return obv_rotr(tree);\r
5812+}\r
5813+\r
5814+\r
5815+static void obv_sort(void) \r
5816+{\r
5817+ obv_qsort((void *)procdb.db,procdb.max_ref,sizeof(struct obv_acl),obv_acl_cmp);\r
5818+ obv_qsort((void *)filedb.db,filedb.max_ref,sizeof(struct obv_file_acl),obv_file_acl_cmp);\r
5819+}\r
5820+\r
5821+#ifdef CONFIG_OBV_SUPERDEBUG\r
5822+static void obv_list_file_acls(void)\r
5823+{\r
5824+ int i;\r
5825+ for(i=0;i<filedb.max_ref;i++) {\r
5826+ obv_seclog("File ACL pos %d has inode %ld dev %d mode %x",\r
5827+ i,filedb.db[i].file_inode,filedb.db[i].file_dev,\r
5828+ filedb.db[i].mode);\r
5829+ }\r
5830+}\r
5831+\r
5832+static void obv_traverse(struct obv_proc_acl *head) \r
5833+{\r
5834+ if(!head) {\r
5835+ obv_seclog("null tree");\r
5836+ return;\r
5837+ }\r
5838+ obv_seclog("Tree: %ld %d %x",head->file_inode,head->file_dev,\r
5839+ head->mode);\r
5840+ if(head->left != obv_empty_tree) {\r
5841+ obv_seclog("Doing left proc acl");\r
5842+ obv_traverse(head->left);\r
5843+ }\r
5844+ if(head->right != obv_empty_tree) {\r
5845+ obv_seclog("Doing right proc acl");\r
5846+ obv_traverse(head->right);\r
5847+ }\r
5848+}\r
5849+\r
5850+static void obv_list_proc_acls(void) \r
5851+{\r
5852+ int i;\r
5853+ for(i=0;i<procdb.max_ref;i++) {\r
5854+ obv_seclog("ACL pos %d has inode %ld dev %d",i,\r
5855+ procdb.db[i].file_inode,procdb.db[i].file_dev);\r
5856+ obv_seclog("ACL tree is..");\r
5857+ obv_traverse(procdb.db[i].tree);\r
5858+ }\r
5859+}\r
5860+#endif\r
5861+\r
5862+/* * * * * * * * * * * * * * * * * * * * * * * * * * *\r
5863+ * Config file management\r
5864+ * Yikes! If anyone has cleanup ideas I'd love to hear em\r
5865+ * * * * * * * * * * * * * * * * * * * * * * * * * * */\r
5866+\r
5867+\r
5868+\r
5869+\r
5870+static int obv_add_pw_conf(void)\r
5871+{\r
5872+ struct file *filp;\r
5873+ int retval;\r
5874+ mm_segment_t old_fs = get_fs();\r
5875+ filp = filp_open(CONFIG_OBV_PW_CONF, O_RDONLY, O_RDONLY);\r
5876+ if( ( IS_ERR(filp) ) || (filp == NULL) || (!(filp->f_op->read)) ) {\r
5877+ obv_seclog("Could not open config file %.1024s",\r
5878+ CONFIG_OBV_PW_CONF);\r
5879+ return 1;\r
5880+ }\r
5881+ filp->f_pos = 0;\r
5882+ set_fs(KERNEL_DS);\r
5883+ retval = filp->f_op->read(filp,obv_pwent.sum,sizeof(obv_pwent.sum)/sizeof(obv_pwent.sum[0]),&filp->f_pos);\r
5884+ set_fs(old_fs);\r
5885+ if(retval != sizeof(obv_pwent.sum)/sizeof(obv_pwent.sum[0])) {\r
5886+ obv_seclog("Invalid pw entry detected, got %d wanted %d",\r
5887+ retval,sizeof(obv_pwent.sum));\r
5888+ retval = 1;\r
5889+ } else retval = 0;\r
5890+ filp_close(filp,NULL);\r
5891+ return retval;\r
5892+}\r
5893+\r
5894+\r
5895+\r
5896+\r
5897+static int obv_add_file_acl(char *line) \r
5898+{\r
5899+ char *p, *q;\r
5900+ struct nameidata filedata;\r
5901+ int working = 1;\r
5902+ struct obv_file_acl *curr;\r
5903+\r
5904+ if( (p = memscan(line,'/',strlen(line))) == line + strlen(line) ) {\r
5905+ // obv_seclog("Line %.1024s seems wrong",line);\r
5906+ return 0;\r
5907+ }\r
5908+ else curr = &(filedb.db[filedb.max_ref]);\r
5909+\r
5910+ if( (q = memscan(p,' ',strlen(p))) == p + strlen(p))\r
5911+ return 0;\r
5912+ *q++ = '\0';\r
5913+ if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&filedata)) \r
5914+ if(path_walk(p,&filedata)) {\r
5915+ obv_seclog("Unable to locate file %.1024s",p);\r
5916+ //goto out;\r
5917+ return 0;\r
5918+ }\r
5919+ if( !(filedata.dentry) || IS_ERR(filedata.dentry) ) {\r
5920+ obv_seclog("Error adding file acl for file %.1024s",p);\r
5921+ // goto out;\r
5922+ return 0;\r
5923+ }\r
5924+ curr->file_inode = filedata.dentry->d_inode->i_ino;\r
5925+ curr->file_dev = filedata.dentry->d_inode->i_dev;\r
5926+ curr->mode = 0;\r
5927+\r
5928+ while(*q == ' ') q++;\r
5929+ while(working) { \r
5930+ switch(*q) {\r
5931+ case 'r' :\r
5932+ curr->mode |= OBV_FILE_READ;\r
5933+ q++;\r
5934+ break;\r
5935+ case 'h' :\r
5936+ curr->mode |= OBV_FILE_HIDDEN;\r
5937+ q++;\r
5938+ break;\r
5939+ case 'a' :\r
5940+ curr->mode |= OBV_FILE_APPEND;\r
5941+ q++;\r
5942+ break;\r
5943+ case 'w' :\r
5944+ curr->mode |= OBV_FILE_WRITE;\r
5945+ q++;\r
5946+ break;\r
5947+ case 'x':\r
5948+ curr->mode |= OBV_FILE_EXEC;\r
5949+ q++;\r
5950+ break;\r
5951+ /* Note: 's' and 'a' only come into play when something is executed*/\r
5952+ case 's' :\r
5953+ filedb.db[filedb.max_ref].mode |= OBV_FILE_REQSUM;\r
5954+ q++;\r
5955+ break;\r
5956+ case 'u' :\r
5957+ filedb.db[filedb.max_ref].mode |= OBV_FILE_AUTH;\r
5958+ q++;\r
5959+ break;\r
5960+ default: /* if anything else, the '\0' at the end of the line will hit here and cause us to terminate, so it won't go on indefinately and start accessing memory it shouldn't*/\r
5961+ working = 0;\r
5962+ break;\r
5963+ }\r
5964+ }\r
5965+#ifdef CONFIG_OBV_DEBUG\r
5966+ obv_seclog("Added File ACL for inode %ld dev %d with mode %x and max_ref %d",\r
5967+ curr->file_inode,curr->file_dev,curr->mode,filedb.max_ref);\r
5968+#endif\r
5969+ filedb.max_ref++;\r
5970+ path_release(&filedata); \r
5971+ return 0;\r
5972+}\r
5973+\r
5974+\r
5975+static __inline__ struct obv_proc_acl * obv_set(struct obv_temp *data, struct obv_proc_acl *left, struct obv_proc_acl *right,__u16 height) \r
5976+{\r
5977+ struct obv_proc_acl *dest = kmalloc(sizeof(struct obv_proc_acl),GFP_KERNEL);\r
5978+ if(dest == NULL) {\r
5979+ obv_seclog("Memory allocation failure, Oblivion panicing");\r
5980+ return procdb.db[procdb.max_ref].tree;\r
5981+ }\r
5982+ dest->file_inode = data->file_inode;\r
5983+ dest->file_dev = data->file_dev;\r
5984+ dest->mode = data->mode;\r
5985+ dest->left = left; dest->right = right;\r
5986+ dest->height = height;\r
5987+ return dest;\r
5988+}\r
5989+\r
5990+\r
5991+static struct obv_proc_acl * obv_tree_ins(struct obv_proc_acl *tree, struct obv_temp *entry) \r
5992+{\r
5993+ if(tree == obv_empty_tree) {\r
5994+ tree = obv_set(entry,obv_empty_tree,obv_empty_tree,0);\r
5995+ return tree;\r
5996+ }\r
5997+ else if(obv_procacl_less(entry,tree)) {\r
5998+ tree->left = obv_tree_ins(tree->left,entry);\r
5999+ if(obv_heightof(tree->left) > obv_heightof(tree->right) + 1) {\r
6000+ if(obv_procacl_less(entry,tree->left)) \r
6001+ tree = obv_rotr(tree);\r
6002+ else\r
6003+ tree = obv_dlrr(tree);\r
6004+ }\r
6005+ }\r
6006+ else /* assuming no duplicate entries*/ {\r
6007+ tree->right = obv_tree_ins(tree->right,entry);\r
6008+ if(obv_heightof(tree->right) > obv_heightof(tree->left) + 1) {\r
6009+ if(obv_procacl_less(entry,tree->right)) \r
6010+ tree = obv_drlr(tree);\r
6011+ else\r
6012+ tree = obv_rotl(tree);\r
6013+ }\r
6014+ }\r
6015+ if(obv_heightof(tree->left) >= obv_heightof(tree->right))\r
6016+ tree->height = obv_heightof(tree->left) + 1;\r
6017+ else\r
6018+ tree->height = obv_heightof(tree->right) + 1;\r
6019+ return tree;\r
6020+}\r
6021+\r
6022+static kernel_cap_t obv_cap_conv(char *p)\r
6023+{\r
6024+ kernel_cap_t cap;\r
6025+ int i;\r
6026+ char *q;\r
6027+ cap_t(cap) = 0;\r
6028+ if(!p) return cap;\r
6029+ if( (q = memscan(p,'\n',strlen(p))) != p + strlen(p))\r
6030+ *q = '\0';\r
6031+\r
6032+ while(*p == ' ') p++;\r
6033+ if( (strncmp(p,"CAP",3)) != 0) \r
6034+ goto out;\r
6035+ for(i=0;i<CONFIG_OBV_MAX_CAP;i++) {\r
6036+ if(!(strcmp(p,caplist->table[i].capname))) {\r
6037+ cap_t(cap) = CAP_TO_MASK(caplist->table[i].capval);\r
6038+ return cap;\r
6039+ }\r
6040+ }\r
6041+out:\r
6042+ return cap;\r
6043+}\r
6044+\r
6045+\r
6046+static int obv_add_proc_acl(char *line,struct obv_acl *obv) \r
6047+{\r
6048+ char *p, *q;\r
6049+ struct nameidata nd;\r
6050+ int working = 1;\r
6051+ struct obv_temp curr;\r
6052+ if( (p = memscan(line,'+',strlen(line)) ) != line + strlen(line) ) {\r
6053+ cap_t(obv->file_caps) |= cap_t(obv_cap_conv(++p));\r
6054+ return 0;\r
6055+ }\r
6056+ else if ( (p = memscan(line,'-',strlen(line)) ) != line + strlen(line) ) {\r
6057+ cap_t(obv->file_caps) &= ~cap_t(obv_cap_conv(++p));\r
6058+ return 0;\r
6059+ } \r
6060+\r
6061+ else {\r
6062+ if( (p = memscan(line,'/',strlen(line))) == line + strlen(line)) {\r
6063+ obv_seclog("Line %.1024s missing a /",line);\r
6064+ return 0;\r
6065+ }\r
6066+ if ( (q = memscan(p,' ',strlen(p))) == p + strlen(p)) {\r
6067+ obv_seclog("Missing a space in obv proc acl entry, line %.1024s",line);\r
6068+ return 0;\r
6069+ }\r
6070+ *q++ = '\0';\r
6071+ if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&nd))\r
6072+ if(path_walk(p,&nd)) {\r
6073+ obv_seclog("Unable to locate file %.1024s",p);\r
6074+ return 0;\r
6075+ }\r
6076+ if( (!nd.dentry) || (IS_ERR(nd.dentry)) || (!(nd.dentry->d_inode)) ) {\r
6077+ if(nd.dentry)\r
6078+ path_release(&nd);\r
6079+ obv_seclog("Unable to locate file %.1024s",p);\r
6080+ return 0;\r
6081+ }\r
6082+ curr.file_inode = nd.dentry->d_inode->i_ino;\r
6083+ curr.file_dev = nd.dentry->d_inode->i_dev;\r
6084+ curr.mode = 0;\r
6085+\r
6086+ while(*q == ' ') q++;\r
6087+ while(working) {\r
6088+ switch(*q) {\r
6089+ case 'r' :\r
6090+ curr.mode |= OBV_PROC_READ;\r
6091+ q++;\r
6092+ break;\r
6093+ case 'w' :\r
6094+ curr.mode |= OBV_PROC_WRITE;\r
6095+ q++;\r
6096+ break;\r
6097+ case 'x' :\r
6098+ curr.mode |= OBV_PROC_EXEC;\r
6099+ q++;\r
6100+ break;\r
6101+ case 'a' :\r
6102+ curr.mode |= OBV_PROC_APPEND;\r
6103+ q++;\r
6104+ break;\r
6105+ case 'f':\r
6106+ curr.mode |= OBV_PROC_ACCESS;\r
6107+ q++;\r
6108+ break;\r
6109+ case 'o':\r
6110+ curr.mode |= OBV_PROC_OVERRIDE;\r
6111+ q++;\r
6112+ break;\r
6113+ case 'u' :\r
6114+ curr.mode |= OBV_PROC_AUTH;\r
6115+ q++;\r
6116+ break;\r
6117+ case 'R' :\r
6118+ curr.mode |= OBV_PROC_AUTH_IF_ROOT;\r
6119+ q++;\r
6120+ break;\r
6121+ case 'i' :\r
6122+ curr.mode |= OBV_PROC_INHERIT;\r
6123+ q++;\r
6124+ break;\r
6125+ case 's' :\r
6126+ curr.mode |= OBV_PROC_REQSUM;\r
6127+ q++;\r
6128+ break;\r
6129+ default: \r
6130+ working = 0;\r
6131+ break;\r
6132+ }\r
6133+ }\r
6134+#ifdef CONFIG_OBV_DEBUG\r
6135+ obv_seclog("About to insert %ld %d %.1024s mode %x",\r
6136+ curr.file_inode,curr.file_dev,line,curr.mode);\r
6137+#endif\r
6138+ obv->tree = obv_tree_ins(obv->tree,&curr);\r
6139+ path_release(&nd);\r
6140+ return 0;\r
6141+ }\r
6142+ return 1; /* we should never make it here*/\r
6143+}\r
6144+\r
6145+static int obv_add_pw(char *pw)\r
6146+{\r
6147+ struct SHA1_CTX context;\r
6148+ SHA1Init(&context);\r
6149+ SHA1Update(&context,pw,strlen(pw));\r
6150+ SHA1Final(obv_pwent.sum,&context);\r
6151+ return 0;\r
6152+}\r
6153+\r
6154+static int obv_add_line(char *line, int type) \r
6155+{\r
6156+ static int mode = 0;\r
6157+ char *p,*q;\r
6158+ struct dentry *file;\r
6159+ struct nameidata filed;\r
6160+ static struct obv_acl *curr;\r
6161+ int working;\r
6162+ /* mode = 0 : we are ready for a new program acl\r
6163+ * mode = 1 : we are in the middle of reading a program acl*/\r
6164+ switch(type) {\r
6165+ case 2 : return obv_add_pw(line);\r
6166+ case 1 : return obv_add_file_acl(line);\r
6167+ case 0 : break; /* handled below*/\r
6168+ default: obv_seclog("Unknown type %d passed",type);\r
6169+ return 1;\r
6170+ break;\r
6171+ }\r
6172+\r
6173+ if(!mode) {\r
6174+ if(procdb.max_ref >= CONFIG_OBV_MAX_RULESET) return 1;\r
6175+ if( (p = memscan (line,'/',strlen(line))) == (line+strlen(line)) ) {\r
6176+ obv_seclog("Could not find a '/' in line %.1024s",line);\r
6177+ return 0;\r
6178+ }\r
6179+ else curr = &(procdb.db[procdb.max_ref]);\r
6180+\r
6181+\r
6182+ if( (q = memscan(p,' ',strlen(p)) ) != p + strlen(p) )\r
6183+ *q++= '\0';\r
6184+\r
6185+ if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&filed) ) \r
6186+ if(path_walk(p,&filed)) {\r
6187+ obv_seclog("Add file error for file %.1024s",p);\r
6188+ return 1;\r
6189+ }\r
6190+ file = filed.dentry;\r
6191+ if (IS_ERR(file) || !file || !(file->d_inode)) {\r
6192+ if(file)\r
6193+ path_release(&filed);\r
6194+ obv_seclog("Could not lookup file on line %.1024s",line);\r
6195+ return 1;\r
6196+ }\r
6197+ curr->file_inode = file->d_inode->i_ino;\r
6198+ curr->file_dev = file->d_inode->i_dev;\r
6199+ while(*q == ' ') q++;\r
6200+ curr->mode = 0;\r
6201+ working = 1;\r
6202+ while(working) {\r
6203+ switch(*q) {\r
6204+ case 'p':\r
6205+ curr->mode |= OBV_PROC_PROTECTED;\r
6206+ q++;\r
6207+ break;\r
6208+ case 'h':\r
6209+ curr->mode |= OBV_PROC_HIDDEN;\r
6210+ q++;\r
6211+ break;\r
6212+ default:\r
6213+ working = 0;\r
6214+ }\r
6215+ }\r
6216+ curr->file_caps = cap_bset;\r
6217+ mode = 1;\r
6218+#ifdef CONFIG_OBV_DEBUG\r
6219+ obv_seclog("Added program (full entry) with inode %ld dev %d mode %x line %.1024s",\r
6220+ curr->file_inode,curr->file_dev,curr->mode,line); \r
6221+#endif\r
6222+ path_release(&filed);\r
6223+ curr->tree = obv_empty_tree;\r
6224+ return 0;\r
6225+ }\r
6226+ else if( (p=memscan(line,'}',strlen(line))) != (line + strlen(line)) ) {\r
6227+ procdb.max_ref++;\r
6228+ mode = 0;\r
6229+ return 0;\r
6230+ } else {\r
6231+ return obv_add_proc_acl(line,curr);\r
6232+ }\r
6233+}\r
6234+\r
6235+static int obv_init_variables(void) \r
6236+{\r
6237+ caplist = kmalloc(sizeof(struct obv_cap_list),GFP_KERNEL);\r
6238+ if(caplist) {\r
6239+ INIT_CAP_TABLE(caplist->table)\r
6240+ }\r
6241+\r
6242+ procdb.db = kmalloc(sizeof(struct obv_acl) * CONFIG_OBV_MAX_RULESET,GFP_KERNEL);\r
6243+ filedb.db = kmalloc(sizeof(struct obv_file_acl) * CONFIG_OBV_MAX_RULESET,GFP_KERNEL);\r
6244+ procdb.max_ref = filedb.max_ref = 0;\r
6245+\r
6246+ if( (obv_add_proc_acl(CONFIG_OBVADM_ACL,&obv_auth)) )\r
6247+ return 1;\r
6248+ else if( (obv_add_proc_acl(CONFIG_GODMODE_ACL,&obv_god_mode)) )\r
6249+ return 1;\r
6250+ else if( (obv_add_proc_acl("/etc r",&obv_auth)) )\r
6251+ return 1;\r
6252+ else if( (obv_add_proc_acl("/lib r",&obv_auth)) )\r
6253+ return 1;\r
6254+\r
6255+ return procdb.db && filedb.db && caplist ? 0 : 1;\r
6256+}\r
6257+\r
6258+\r
6259+static int obv_conf_parse(const char *conffile,const int type)\r
6260+{\r
6261+ /* Purpose: open and read from oblivion config file */\r
6262+ struct file *filp;\r
6263+ int bytes_read = 0, end = 0, obv_fatal = 0;\r
6264+ char buffer[1024];\r
6265+ char *filepos = NULL,*memscanp = NULL;\r
6266+ mm_segment_t old_fs = get_fs();\r
6267+ filepos = buffer;\r
6268+ filp = filp_open(conffile, O_RDONLY, O_RDONLY);\r
6269+ if( ( IS_ERR(filp) ) || (filp == NULL) ) {\r
6270+ obv_seclog("Could not open config file %.1024s",conffile);\r
6271+\r
6272+ obv_fatal = 1;\r
6273+ return obv_fatal;\r
6274+ } else if ( filp->f_op->read == NULL ) {\r
6275+ fput(filp);\r
6276+ obv_fatal = 2;\r
6277+ return obv_fatal;\r
6278+ }\r
6279+ filp->f_pos = 0;\r
6280+ /* end error checking, now for the real work */\r
6281+ while ( ! end ) {\r
6282+ filepos = buffer;\r
6283+ /* if current task isn't from the kernel, we'll\r
6284+ have a current->addr_limit.seg that isn't 0xFFFFFFFF\r
6285+\r
6286+ and we can't have that */\r
6287+ set_fs(KERNEL_DS);\r
6288+ bytes_read = filp->f_op->read (filp,buffer,(sizeof(buffer)/sizeof(buffer[0])),&filp->f_pos);\r
6289+ filp->f_pos -= bytes_read;\r
6290+ set_fs(old_fs);\r
6291+ if(bytes_read < (sizeof(buffer)/sizeof(buffer[0])) ) {\r
6292+ end = 1;\r
6293+ filepos[bytes_read++] = '\n'; /* make sure it ends on a '\n' */\r
6294+ } \r
6295+ \r
6296+ while ( bytes_read > 0 && ( memscanp = memscan(filepos,'\n',bytes_read) ) != filepos + bytes_read ) {\r
6297+ *memscanp++ = '\0' ;\r
6298+ filp->f_pos += (int) (memscanp - filepos);\r
6299+ bytes_read -= (int) (memscanp - filepos);\r
6300+ /* necessary for later strlen()'s...*/\r
6301+ if( (*filepos != '#') ) \r
6302+ if(obv_add_line(filepos,type))\r
6303+ return 1;\r
6304+ filepos = memscanp; /* next area to search .. */\r
6305+ }\r
6306+ }\r
6307+ filp_close(filp,NULL);\r
6308+ return obv_fatal;\r
6309+}\r
6310+\r
6311+static int oblivion_init(void) \r
6312+{\r
6313+ int error = 0;\r
6314+ spin_lock(&obv_lock);\r
6315+ obv_status &= ~OBV_DISABLED;\r
6316+ obv_status |= OBV_LOADING;\r
6317+ if(obv_init_variables() )\r
6318+ error = -1;\r
6319+ else if(obv_add_pw_conf())\r
6320+ error = -2;\r
6321+ else if (obv_conf_parse(CONFIG_OBV_PROCACL_CONF,0))\r
6322+ error = -3;\r
6323+ else if(obv_conf_parse(CONFIG_OBV_FILEACL_CONF,1))\r
6324+ error = -4;\r
6325+ if(!error) {\r
6326+#ifdef CONFIG_OBV_SUPERDEBUG\r
6327+ obv_list_proc_acls();\r
6328+ obv_list_file_acls();\r
6329+#endif\r
6330+ obv_sort();\r
6331+ obv_status |= OBV_READY; /* locked, cocked, and ready to rock*/ \r
6332+ }else {\r
6333+ obv_status |= OBV_DISABLED;\r
6334+ obv_seclog("Error loading , trying to run kernel with oblivion disabled. To disable oblivion at startup use <kernel image name> oblivion=off from your boot loader");\r
6335+ }\r
6336+ obv_status &= ~OBV_LOADING;\r
6337+ spin_unlock(&obv_lock);\r
6338+ return error;\r
6339+}\r
6340+\r
6341+/* * * * * * * * * * * * * * * * * * * * * * *\r
6342+ * Begin Misc Section \r
6343+ * * * * * * * * * * * * * * * * * * * * * * */\r
6344+\r
6345+/* Searching stuff, program exit cleanup, and sysctl parsing */\r
6346+\r
6347+/* Nonrecursive binary sort, idea from libc, implementation is slightly different but the inspirationw as found there=) */\r
6348+\r
6349+static __inline__ int do_obv_file_acl_search(struct obv_temp *curr) \r
6350+{\r
6351+ int high, low; \r
6352+ struct obv_file_acl *pos;\r
6353+ high = filedb.max_ref;\r
6354+ low = 0;\r
6355+ while(low < high) {\r
6356+ pos = &filedb.db[((low+high)/2)];\r
6357+ if(obv_fileacl_less(pos,curr))\r
6358+ low = (( (low + high) / 2) + 1 );\r
6359+ else if(obv_fileacl_eq(pos,curr)) {\r
6360+ if(pos->mode & curr->mode) {\r
6361+#ifdef CONFIG_OBV_DEBUG\r
6362+ obv_seclog("File ACL allow, req %x allowed %x\n source: %ld %d dest %ld %d",\r
6363+ curr->mode,pos->mode,pos->file_inode,pos->file_dev,curr->file_inode,curr->file_dev);\r
6364+#endif\r
6365+ return OBV_ALLOW;\r
6366+ }\r
6367+ else {\r
6368+#ifdef CONFIG_OBV_DEBUG\r
6369+ if(!(curr->mode & OBV_FILE_HIDDEN))\r
6370+ obv_seclog("File ACL deny, req %x allowed %x\n source %ld %d dest %ld %d",\r
6371+ curr->mode,pos->mode,pos->file_inode,pos->file_dev,curr->file_inode,curr->file_dev);\r
6372+#endif\r
6373+ return OBV_DENY;\r
6374+ }\r
6375+ }\r
6376+ else high = ( (low + high) / 2);\r
6377+ }\r
6378+ return OBV_NOTFOUND;\r
6379+}\r
6380+\r
6381+static __inline__ int do_obv_proc_acl_search(struct obv_acl *proc,struct obv_proc_acl *root,struct obv_temp *curr) \r
6382+{\r
6383+ /* Nonrecursively search down the Red-Black tree to see if we have an acl for this file*/\r
6384+ struct obv_proc_acl *pos = root;\r
6385+ if(proc == NULL || pos == NULL) /* no entry*/ {\r
6386+ return OBV_DEFAULT;\r
6387+ }\r
6388+ // obv_seclog("Got called...and there's an entry (curr is %ld %d",curr->file_inode,curr->file_dev);\r
6389+ while(pos != obv_empty_tree) {\r
6390+ if(obv_procacl_eq(curr,pos)) {\r
6391+ if(curr->mode & pos->mode) {\r
6392+ __u16 tmp;\r
6393+#ifdef CONFIG_OBV_DEBUG\r
6394+ obv_seclog("Process %ld %d allowed for file %ld %d tried for mode %x allowed mode %x",\r
6395+ proc->file_inode,proc->file_dev,curr->file_inode,curr->file_dev,curr->mode,pos->mode);\r
6396+#endif\r
6397+ tmp = pos->mode & OBV_PROC_EXTRA;\r
6398+ curr->mode |= tmp; /* Store any "extra" access rights like \r
6399+ inherit or override*/\r
6400+ return OBV_ALLOW;\r
6401+ } else {\r
6402+#ifdef CONFIG_OBV_DEBUG\r
6403+ obv_seclog("Process %ld %d denied for file %ld %d tried for mode %x allowed mode %x",\r
6404+ proc->file_inode,proc->file_dev,curr->file_inode,curr->file_dev,curr->mode,pos->mode);\r
6405+#endif\r
6406+ return OBV_DENY;\r
6407+ }\r
6408+ }\r
6409+ else if(obv_procacl_less(curr,pos)) \r
6410+ pos = pos->left;\r
6411+ else \r
6412+ pos=pos->right;\r
6413+ }\r
6414+\r
6415+ return OBV_NOTFOUND; \r
6416+}\r
6417+\r
6418+static __inline__ int obv_chk_proc_acls(struct dentry * dentry, struct obv_temp *searchval, struct vfsmount *mnt)\r
6419+{\r
6420+ struct dentry *curr = dentry;\r
6421+ int retval = OBV_NOTFOUND;\r
6422+ struct nameidata tmp = {NULL, NULL};\r
6423+ struct vfsmount *parent;\r
6424+\r
6425+loop : \r
6426+ do {\r
6427+ if(!curr || !curr->d_inode) break;\r
6428+ searchval->file_inode = curr->d_inode->i_ino;\r
6429+ searchval->file_dev = curr->d_inode->i_dev;\r
6430+ retval = do_obv_proc_acl_search(current->obvacl,current->obvacl->tree,searchval); \r
6431+ if(curr->d_inode == curr->d_parent->d_inode) break;\r
6432+ curr = curr->d_parent;\r
6433+ } while( (curr) && (retval == OBV_NOTFOUND) );\r
6434+ if(retval == OBV_NOTFOUND && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV ) {\r
6435+ if(tmp.mnt) {\r
6436+ if(tmp.mnt == tmp.mnt->mnt_parent) goto exit;\r
6437+ }\r
6438+ else if(mnt == mnt->mnt_parent) goto exit;\r
6439+\r
6440+\r
6441+ if(!tmp.mnt) {\r
6442+ tmp.mnt = mnt->mnt_parent;\r
6443+ tmp.dentry = dget(mnt->mnt_mountpoint);\r
6444+\r
6445+ }\r
6446+\r
6447+ else {\r
6448+ parent = tmp.mnt->mnt_parent;\r
6449+ dput(tmp.dentry);\r
6450+ tmp.dentry = dget(tmp.mnt->mnt_mountpoint);\r
6451+ mntput(tmp.mnt);\r
6452+ tmp.mnt = parent;\r
6453+ }\r
6454+ mntget(tmp.mnt);\r
6455+ curr = tmp.dentry;\r
6456+ goto loop;\r
6457+ }\r
6458+exit: \r
6459+ if(tmp.mnt) mntput(tmp.mnt);\r
6460+ if(tmp.dentry) dput(tmp.dentry);\r
6461+\r
6462+\r
6463+ return retval == OBV_NOTFOUND ? OBV_DENY : retval;\r
6464+ /* if its not in a program's ACL list it should be denied */\r
6465+\r
6466+}\r
6467+\r
6468+static __inline__ int obv_chk_file_acls(struct dentry * dentry, struct obv_temp *searchval, struct vfsmount *mnt) \r
6469+{\r
6470+ struct dentry *curr = dentry;\r
6471+ int retval = OBV_NOTFOUND;\r
6472+ struct vfsmount *parent;\r
6473+ struct nameidata tmp = {NULL,NULL};\r
6474+loop: \r
6475+ do {\r
6476+ if(!curr || !curr->d_inode) break;\r
6477+ searchval->file_inode = curr->d_inode->i_ino;\r
6478+ searchval->file_dev = curr->d_inode->i_dev;\r
6479+ retval = do_obv_file_acl_search(searchval); \r
6480+ if(curr->d_inode == curr->d_parent->d_inode) break;\r
6481+ curr = curr->d_parent;\r
6482+ } while( (curr) && (retval == OBV_NOTFOUND) );\r
6483+\r
6484+ if(retval == OBV_NOTFOUND && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV ) {\r
6485+ if(tmp.mnt) {\r
6486+ if(tmp.mnt == tmp.mnt->mnt_parent) goto exit;\r
6487+ }\r
6488+ else if(mnt == mnt->mnt_parent) goto exit;\r
6489+ if(!tmp.mnt) {\r
6490+ tmp.mnt = mnt->mnt_parent;\r
6491+ tmp.dentry = dget(mnt->mnt_mountpoint);\r
6492+\r
6493+ }\r
6494+\r
6495+ else {\r
6496+ parent = tmp.mnt->mnt_parent;\r
6497+ dput(tmp.dentry);\r
6498+ tmp.dentry = dget(tmp.mnt->mnt_mountpoint);\r
6499+ mntput(tmp.mnt);\r
6500+ tmp.mnt = parent;\r
6501+ }\r
6502+ mntget(tmp.mnt);\r
6503+ curr = tmp.dentry;\r
6504+ goto loop;\r
6505+ }\r
6506+exit: \r
6507+ if(tmp.mnt) mntput(tmp.mnt);\r
6508+ if(tmp.dentry) dput(tmp.dentry);\r
6509+\r
6510+\r
6511+\r
6512+ return retval;\r
6513+ }\r
6514+\r
6515+\r
6516+int obv_check_hidden(struct dentry *dentry, struct vfsmount *mnt) {\r
6517+ /* This has to be done a little differently than a normal search.\r
6518+ * If a file "allows" hidden access it is hidden, and thus requires \r
6519+ * a process that has hidden file access capabilities to access it.\r
6520+ * If the file acl denies hidden access/has no acl then no proc acl \r
6521+ * check is needed*/\r
6522+ struct obv_temp searchval;\r
6523+ searchval.mode = OBV_HIDDEN;\r
6524+ if(!dentry) return OBV_ALLOW;\r
6525+ if(obv_status & OBV_READY) {\r
6526+ if( (obv_chk_file_acls(dentry,&searchval,mnt)) == OBV_ALLOW) {\r
6527+ if(current->obvacl && current->obvacl->tree)\r
6528+ return obv_chk_proc_acls(dentry,&searchval,mnt);\r
6529+ else return OBV_DENY;\r
6530+ }\r
6531+ }\r
6532+ return OBV_ALLOW;\r
6533+}\r
6534+\r
6535+int obv_check_hidden_proc(struct obv_acl * acl) \r
6536+{\r
6537+ if((obv_status & OBV_READY) && acl) {\r
6538+ if( acl->mode & OBV_PROC_HIDDEN) \r
6539+ return 1; /* next release adds processes allowed to view hidden ones*/\r
6540+ }\r
6541+ return 0;\r
6542+}\r
6543+\r
6544+int obv_check_protected(struct task_struct *tsk)\r
6545+{\r
6546+ if(obv_status & OBV_READY)\r
6547+ if(tsk && tsk->obvacl)\r
6548+ if(tsk->obvacl->mode & OBV_PROC_PROTECTED)\r
6549+ return 1;\r
6550+ return 0;\r
6551+}\r
6552+\r
6553+\r
6554+int obv_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt) \r
6555+{\r
6556+ int proc_retval = OBV_NOTFOUND, file_retval = OBV_NOTFOUND;\r
6557+ int retval = OBV_DEFAULT;\r
6558+ if(dentry && dentry->d_inode && mnt) {\r
6559+ if(obv_status & OBV_READY) {\r
6560+ struct obv_temp searchval;\r
6561+ searchval.mode = mode;\r
6562+ if(current->obvacl && current->obvacl->tree) {\r
6563+ if( ( proc_retval = obv_chk_proc_acls(dentry,&searchval,mnt) ) == OBV_DENY) {\r
6564+ if( (current->obvacl->mode & OBV_AUTH) && (S_ISCHR(dentry->d_inode->i_mode)))\r
6565+ retval = OBV_NOTFOUND;\r
6566+ /* Okay. This process is under\r
6567+ * authentication mode. Let it\r
6568+ * read/write to the tty (and pass it on\r
6569+ * to the file acls just in case\r
6570+ * Does anyone know how to gain the ino$\r
6571+ * from current->tty? It seems only the\r
6572+ * device num(major/minor) is stored*/\r
6573+\r
6574+ else {\r
6575+ retval = OBV_DENY;\r
6576+ goto out;\r
6577+ }\r
6578+ }\r
6579+ }\r
6580+\r
6581+\r
6582+ if( (proc_retval == OBV_ALLOW) && (searchval.mode & OBV_PROC_OVERRIDE)){\r
6583+ retval = OBV_ALLOW;\r
6584+ goto out;\r
6585+ }\r
6586+\r
6587+ if( (file_retval = obv_chk_file_acls(dentry,&searchval,mnt)) == OBV_DENY) {\r
6588+ retval = OBV_DENY;\r
6589+ goto out;\r
6590+ }\r
6591+\r
6592+ if( (proc_retval != file_retval) || (proc_retval == OBV_ALLOW)) {\r
6593+ /* The choice to check for proc_retval being OBV_ALLOW was\r
6594+ * random. If proc_retval and file_retval are equal and\r
6595+ * either one is the value OBV_ALLOW then both are OBV_ALLOW\r
6596+ * */\r
6597+ retval = OBV_ALLOW;\r
6598+ goto out;\r
6599+ }\r
6600+ } else retval = OBV_ALLOW; /* we aren't loaded, must be early in bootup*/\r
6601+ }\r
6602+out: \r
6603+\r
6604+return retval; /* Else both returned OBV_NOTFOUND..must be the default*/\r
6605+}\r
6606+\r
6607+\r
6608+static __inline__ struct obv_acl * do_obv_find_proc(struct obv_acl *curr) \r
6609+{\r
6610+ int high,low;\r
6611+ struct obv_acl *pos;\r
6612+ low = 0;\r
6613+ high = procdb.max_ref;\r
6614+ while(low < high) {\r
6615+ pos = &procdb.db[((low+high)/2)];\r
6616+ if(obv_acl_less(pos,curr))\r
6617+ low = ( ( (low + high) / 2) +1 );\r
6618+ else if(obv_acl_eq(pos,curr))\r
6619+ return pos;\r
6620+ else\r
6621+ high = ( (high + low) / 2);\r
6622+ }\r
6623+ return NULL;\r
6624+}\r
6625+\r
6626+static int __inline__ obv_chk_inherit(struct dentry *dentry, struct vfsmount *mnt)\r
6627+{\r
6628+ struct obv_temp temp;\r
6629+ temp.mode = OBV_PROC_INHERIT;\r
6630+ if( (obv_chk_proc_acls(dentry,&temp,mnt)) == OBV_ALLOW) \r
6631+ return 1;\r
6632+ return 0;\r
6633+}\r
6634+\r
6635+static int __inline__ obv_chk_auth(struct dentry *dentry, struct vfsmount *mnt)\r
6636+{\r
6637+ struct obv_temp temp;\r
6638+ temp.mode = OBV_PROC_AUTH;\r
6639+ if( (obv_chk_proc_acls(dentry,&temp,mnt)) == OBV_ALLOW)\r
6640+ return 1;\r
6641+ else if(!current->uid || !current->gid || !current->euid || !current->egid || !current->suid || !current->sgid || !current->fsuid || !current->fsgid) \r
6642+ {\r
6643+ temp.mode = OBV_PROC_AUTH_IF_ROOT;\r
6644+ if( (obv_chk_proc_acls(dentry,&temp,mnt)) == OBV_ALLOW)\r
6645+ return 1;\r
6646+ }\r
6647+ \r
6648+ return 0; \r
6649+}\r
6650+\r
6651+static int obv_do_auth(void)\r
6652+{\r
6653+#define OBV_AUTH_MSG "Authorize yourself to Oblivion please\n"\r
6654+\r
6655+ char *p = OBV_AUTH_MSG; \r
6656+ if(!(current->tty) || (!current->tty->driver.write)) return 1;\r
6657+ current->tty->driver.write(current->tty,0,p,strlen(p));\r
6658+ current->obvacl = &obv_auth;\r
6659+ return 0;\r
6660+}\r
6661+\r
6662+static int do_set_proc_acl(struct dentry *dentry, struct vfsmount *mnt, int mode) \r
6663+{\r
6664+ struct vfsmount *parent;\r
6665+ struct nameidata tmp = {NULL, NULL};\r
6666+ struct obv_acl curracl, *retval = NULL;\r
6667+ struct dentry *curr = dentry;\r
6668+\r
6669+\r
6670+ switch(mode) {\r
6671+ case OBV_SET_AUTH:\r
6672+ return obv_chk_auth(dentry,mnt);\r
6673+ break;\r
6674+ case OBV_SET_INHERIT:\r
6675+ return obv_chk_inherit(dentry,mnt);\r
6676+ break;\r
6677+ case OBV_SET_PROC: \r
6678+ break;\r
6679+ default :\r
6680+ obv_seclog("BUG! Received unknown mode %d for set_proc_acl",mode);\r
6681+ return (unsigned long)NULL;\r
6682+ break;\r
6683+ }\r
6684+ /* Okay now we handle OBV_SET_PROC */\r
6685+loop: \r
6686+ do {\r
6687+\r
6688+ if(!curr || !curr->d_inode) break;\r
6689+ curracl.file_inode = curr->d_inode->i_ino;\r
6690+ curracl.file_dev = curr->d_inode->i_dev;\r
6691+ retval = do_obv_find_proc(&curracl); \r
6692+ if(curr->d_inode == curr->d_parent->d_inode) break;\r
6693+ curr = curr->d_parent;\r
6694+ } while( (curr) && (!retval) );\r
6695+ if(!retval && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV) {\r
6696+ if(tmp.mnt) {\r
6697+ if(tmp.mnt == tmp.mnt->mnt_parent) \r
6698+ goto exit;\r
6699+ }\r
6700+ else if(mnt == mnt->mnt_parent) \r
6701+ goto exit;\r
6702+\r
6703+ if(!tmp.mnt) {\r
6704+ tmp.mnt = mnt->mnt_parent;\r
6705+ tmp.dentry = dget(mnt->mnt_mountpoint);\r
6706+\r
6707+ }\r
6708+\r
6709+ else {\r
6710+ parent = tmp.mnt->mnt_parent;\r
6711+ dput(tmp.dentry);\r
6712+ tmp.dentry = dget(tmp.mnt->mnt_mountpoint);\r
6713+ mntput(tmp.mnt);\r
6714+ tmp.mnt = parent;\r
6715+ }\r
6716+ mntget(tmp.mnt);\r
6717+ curr = tmp.dentry;\r
6718+ goto loop;\r
6719+ }\r
6720+exit:\r
6721+ if(tmp.mnt) mntput(tmp.mnt);\r
6722+ if(tmp.dentry) dput(tmp.dentry);\r
6723+\r
6724+ return (unsigned long)retval;\r
6725+\r
6726+}\r
6727+\r
6728+static int do_obv_inherit(void) \r
6729+{\r
6730+ return 0; \r
6731+ /* Note: for copying due to fork() we use the code the oblivin code in\r
6732+ * kernel/fork.c. If we're inheriting then our current ACL\r
6733+ * (that of the program calling execve) is the ACL we inherit, \r
6734+ * so no work needs to be done. Just return success \r
6735+ */\r
6736+}\r
6737+\r
6738+\r
6739+int obv_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt) \r
6740+{\r
6741+ struct obv_acl *temp = NULL;\r
6742+ if(obv_status & OBV_READY) {\r
6743+ if(current->obvacl) {\r
6744+ if(do_set_proc_acl(dentry,mnt,OBV_SET_INHERIT))\r
6745+ return do_obv_inherit();\r
6746+ \r
6747+ else if(do_set_proc_acl(dentry,mnt,OBV_SET_AUTH))\r
6748+ return obv_do_auth();\r
6749+ }\r
6750+ temp = (struct obv_acl *)do_set_proc_acl(dentry,mnt,OBV_SET_PROC);\r
6751+ } \r
6752+ tsk->obvacl = temp;\r
6753+ if(tsk->obvacl)\r
6754+ tsk->cap_permitted = tsk->cap_effective = tsk->obvacl->file_caps;\r
6755+ return 0;\r
6756+}\r
6757+\r
6758+\r
6759+static int obv_chcaps(struct obv_pw *entry)\r
6760+{\r
6761+ char *p = entry->extra;\r
6762+ char *q;\r
6763+ char *mode;\r
6764+ p[OBV_MAX_EXTRA_LEN-1] = '\0'; /* take no chances*/\r
6765+ while( (q = memscan(p,'\n',strlen(p))) != p + strlen(p)) {\r
6766+ mode = p++;\r
6767+ *q++ = '\0';\r
6768+ switch(*mode) {\r
6769+ case '+' :\r
6770+ cap_bset |= cap_t(obv_cap_conv(p));\r
6771+ break;\r
6772+ case '-' :\r
6773+ cap_bset &= ~cap_t(obv_cap_conv(p));\r
6774+ break;\r
6775+ default:\r
6776+ break;\r
6777+ }\r
6778+ p = q;\r
6779+ }\r
6780+#ifdef CONFIG_OBV_DEBUG\r
6781+ obv_seclog("cap bset is now %x",cap_bset);\r
6782+#endif\r
6783+ return 0;\r
6784+}\r
6785+\r
6786+/* The following variables are needed for timer manipulation */\r
6787+static struct timer_list obv_badpw;\r
6788+static int failures = 0;\r
6789+static int during_wait = 0;\r
6790+\r
6791+static void obv_timer(unsigned long ignored)\r
6792+{\r
6793+ failures = 0;\r
6794+ during_wait = 0;\r
6795+ del_timer(&obv_badpw); \r
6796+}\r
6797+\r
6798+int obv_proc_handler(ctl_table *table, int write, struct file *filp, void *buffer, size_t *lenp) \r
6799+{\r
6800+ /* This is the main todo. simply I allow disabling oblivion only\r
6801+ * at bootup(after its turned on). I don't have time today to \r
6802+ * impelement a good pw scheme. The first thing I do when I get back is to do that.\r
6803+ */\r
6804+ struct obv_pw *usermode = (struct obv_pw *) buffer;\r
6805+ int error = sizeof(struct obv_pw);\r
6806+ if(*lenp != sizeof(struct obv_pw)){\r
6807+ obv_seclog("Proc handler: being fed garbage %d byte send %d required",*lenp,sizeof(struct obv_pw)); \r
6808+ return -EINVAL;\r
6809+ }\r
6810+ if(during_wait) return -EPERM;\r
6811+ switch (usermode->mode){\r
6812+ case OBV_SHUTDOWN_MODE:\r
6813+ if(obv_status & OBV_READY) {\r
6814+ if(!(obv_chkpw(usermode))) {\r
6815+ obv_seclog("shutdown auth success for "\r
6816+ DEFAULTSECMSG,DEFAULTSECARGS);\r
6817+ spin_lock(&obv_lock);\r
6818+ obv_status &= ~OBV_READY;\r
6819+ obv_status |= OBV_DISABLED;\r
6820+ spin_unlock(&obv_lock);\r
6821+ break;\r
6822+ } else \r
6823+ error = -EPERM;\r
6824+ }\r
6825+ break;\r
6826+ case OBV_ENABLE_MODE:\r
6827+ if(obv_disable) {\r
6828+ obv_seclog("Disabled at boot time, ignoring load request");\r
6829+ break;\r
6830+ }\r
6831+ else if(obv_status & OBV_1ST) {\r
6832+ obv_seclog("Loading %.32s",OBV_VERSION);\r
6833+ oblivion_init();\r
6834+ spin_lock(&obv_lock);\r
6835+ obv_status &= ~OBV_1ST; \r
6836+ spin_unlock(&obv_lock);\r
6837+ break;\r
6838+ }\r
6839+ else {\r
6840+ obv_seclog("%.32s already loaded, re-enabling",OBV_VERSION);\r
6841+ spin_lock(&obv_lock);\r
6842+ obv_status &= ~OBV_DISABLED;\r
6843+ obv_status |= OBV_READY;\r
6844+ spin_unlock(&obv_lock);\r
6845+ break;\r
6846+ }\r
6847+\r
6848+ case OBV_CHCAPS_MODE : \r
6849+ if(obv_status & OBV_1ST) {\r
6850+ oblivion_init();\r
6851+ }\r
6852+ if(obv_status & OBV_1ST ||( obv_status & OBV_READY && !(obv_chkpw(usermode)))) {\r
6853+ if(!(obv_chcaps(usermode))) {\r
6854+ obv_seclog("successful capability change by "\r
6855+ DEFAULTSECMSG,\r
6856+ DEFAULTSECARGS);\r
6857+ }\r
6858+ obv_status &= ~OBV_1ST;\r
6859+ }\r
6860+ else\r
6861+ error = -EPERM;\r
6862+ break;\r
6863+ case OBV_GOD_MODE:\r
6864+ if(obv_status & OBV_READY) {\r
6865+ if(!(obv_chkpw(usermode))) {\r
6866+ obv_seclog("successful change to admin mode by "\r
6867+ DEFAULTSECMSG,\r
6868+ DEFAULTSECARGS);\r
6869+ if(current->p_pptr)\r
6870+ current->p_pptr->obvacl = &obv_god_mode;\r
6871+ }\r
6872+ else\r
6873+ error = -EPERM;\r
6874+ }\r
6875+ break;\r
6876+ case OBV_AUTH_MODE:\r
6877+ if(obv_status & OBV_READY) {\r
6878+ if(!(obv_chkpw(usermode)) ) {\r
6879+ obv_seclog("successful authentication by "\r
6880+ DEFAULTSECMSG,\r
6881+ DEFAULTSECARGS);\r
6882+ if(current->p_pptr)\r
6883+ current->p_pptr->obvacl = NULL;\r
6884+ /* The parent invoked obvadm, it is the\r
6885+ * task that we must deal with */\r
6886+ }\r
6887+ else\r
6888+ error = -EPERM;\r
6889+ }\r
6890+ break;\r
6891+\r
6892+ default:\r
6893+ obv_seclog("Invalid value %d by " DEFAULTSECMSG,\r
6894+ usermode->mode, DEFAULTSECARGS);\r
6895+ break;\r
6896+ }\r
6897+\r
6898+ if(error < 0) {\r
6899+ failures++;\r
6900+ if(failures > CONFIG_OBV_MAXTRIES) {\r
6901+ obv_seclog("Maximum pw attempts reached, locking "\r
6902+ "password authentication");\r
6903+ init_timer(&obv_badpw);\r
6904+ obv_badpw.data = 0;\r
6905+ obv_badpw.function = obv_timer;\r
6906+ obv_badpw.expires = jiffies + CONFIG_OBV_TIMEOUT*HZ;\r
6907+ add_timer(&obv_badpw);\r
6908+ during_wait = 1;\r
6909+ }\r
6910+ }\r
6911+\r
6912+ return error;\r
6913+}\r
6914diff -urN linux/kernel/obvhash.c linux/kernel/obvhash.c\r
6915--- linux/kernel/obvhash.c Wed Dec 31 19:00:00 1969\r
6916+++ linux/kernel/obvhash.c Mon Nov 26 10:38:11 2001\r
6917@@ -0,0 +1,160 @@\r
6918+#include <linux/kernel.h>\r
6919+#include <linux/types.h>\r
6920+#include <linux/fs.h>\r
6921+#include <linux/capability.h>\r
6922+#include <linux/oblivion.h>\r
6923+\r
6924+/*\r
6925+Modified for use in OPM by Michael Dalton <michael@linux.com> \r
6926+Modified for kerneli by Andrew McDonald <andrew@mcdonald.org.uk>\r
6927+from:\r
6928+\r
6929+SHA-1 in C\r
6930+By Steve Reid <steve@edmweb.com>\r
6931+100% Public Domain\r
6932+Available from:\r
6933+ftp://ftp.zedz.net/pub/crypto/crypto/HASH/sha/sha1.c\r
6934+\r
6935+Test Vectors (from FIPS PUB 180-1)\r
6936+"abc"\r
6937+ A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\r
6938+"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"\r
6939+ 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\r
6940+A million repetitions of "a"\r
6941+ 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\r
6942+*/\r
6943+\r
6944+\r
6945+extern struct obv_pw obv_pwent;\r
6946+\r
6947+void SHA1Transform(unsigned long state[5], unsigned char buffer[64])\r
6948+{\r
6949+ unsigned long a, b, c, d, e;\r
6950+ typedef union {\r
6951+ unsigned char c[64];\r
6952+ unsigned long l[16];\r
6953+ } CHAR64LONG16;\r
6954+ CHAR64LONG16* block;\r
6955+#ifdef SHA1HANDSOFF\r
6956+ static unsigned char workspace[64];\r
6957+ block = (CHAR64LONG16*)workspace;\r
6958+ memcpy(block, buffer, 64);\r
6959+#else\r
6960+ block = (CHAR64LONG16*)buffer;\r
6961+#endif\r
6962+ /* Copy context->state[] to working vars */\r
6963+ a = state[0];\r
6964+ b = state[1];\r
6965+ c = state[2];\r
6966+ d = state[3];\r
6967+ e = state[4];\r
6968+ /* 4 rounds of 20 operations each. Loop unrolled. */\r
6969+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);\r
6970+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);\r
6971+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);\r
6972+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);\r
6973+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);\r
6974+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);\r
6975+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);\r
6976+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);\r
6977+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);\r
6978+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);\r
6979+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);\r
6980+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);\r
6981+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);\r
6982+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);\r
6983+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);\r
6984+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);\r
6985+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);\r
6986+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);\r
6987+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);\r
6988+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);\r
6989+ /* Add the working vars back into context.state[] */\r
6990+ state[0] += a;\r
6991+ state[1] += b;\r
6992+ state[2] += c;\r
6993+ state[3] += d;\r
6994+ state[4] += e;\r
6995+ /* Wipe variables */\r
6996+ a = b = c = d = e = 0;\r
6997+}\r
6998+\r
6999+\r
7000+/* SHA1Init - Initialize new context */\r
7001+\r
7002+void SHA1Init(struct SHA1_CTX* context)\r
7003+{\r
7004+ /* SHA1 initialization constants */\r
7005+ context->state[0] = 0x67452301;\r
7006+ context->state[1] = 0xEFCDAB89;\r
7007+ context->state[2] = 0x98BADCFE;\r
7008+ context->state[3] = 0x10325476;\r
7009+ context->state[4] = 0xC3D2E1F0;\r
7010+ context->count[0] = context->count[1] = 0;\r
7011+}\r
7012+\r
7013+\r
7014+/* Run your data through this. */\r
7015+\r
7016+void SHA1Update(struct SHA1_CTX* context, unsigned char* data, unsigned int len)\r
7017+{\r
7018+ unsigned int i, j;\r
7019+\r
7020+ j = (context->count[0] >> 3) & 63;\r
7021+ if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;\r
7022+ context->count[1] += (len >> 29);\r
7023+ if ((j + len) > 63) {\r
7024+ memcpy(&context->buffer[j], data, (i = 64-j));\r
7025+ SHA1Transform(context->state, context->buffer);\r
7026+ for ( ; i + 63 < len; i += 64) {\r
7027+ SHA1Transform(context->state, &data[i]);\r
7028+ }\r
7029+ j = 0;\r
7030+ }\r
7031+ else i = 0;\r
7032+ memcpy(&context->buffer[j], &data[i], len - i);\r
7033+}\r
7034+\r
7035+\r
7036+/* Add padding and return the message digest. */\r
7037+\r
7038+void SHA1Final(unsigned char digest[20], struct SHA1_CTX* context)\r
7039+{\r
7040+ unsigned long i, j;\r
7041+ unsigned char finalcount[8];\r
7042+\r
7043+ for (i = 0; i < 8; i++) {\r
7044+ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]\r
7045+ >> ((3-(i & 3)) * 8) ) & 255); \r
7046+ /* Endian independent */\r
7047+ }\r
7048+ SHA1Update(context, (unsigned char *)"\200", 1);\r
7049+ while ((context->count[0] & 504) != 448) {\r
7050+ SHA1Update(context, (unsigned char *)"\0", 1);\r
7051+ }\r
7052+ SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */\r
7053+ for (i = 0; i < 20; i++) {\r
7054+ digest[i] = (unsigned char)\r
7055+ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);\r
7056+ }\r
7057+ /* Wipe variables */\r
7058+ i = j = 0;\r
7059+ memset(context->buffer, 0, 64);\r
7060+ memset(context->state, 0, 20);\r
7061+ memset(context->count, 0, 8);\r
7062+ memset(&finalcount, 0, 8);\r
7063+#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */\r
7064+ SHA1Transform(context->state, context->buffer);\r
7065+#endif\r
7066+}\r
7067+\r
7068+int obv_chkpw(struct obv_pw *entry) \r
7069+{\r
7070+ struct SHA1_CTX context;\r
7071+ char *pos = memscan(entry->pw,'\n',strlen(entry->pw));\r
7072+ if(pos != entry->pw + strlen(entry->pw)) *pos = '\0';\r
7073+ SHA1Init(&context);\r
7074+ SHA1Update(&context,entry->pw,strlen(entry->pw));\r
7075+ SHA1Final(entry->sum,&context);\r
7076+ return memcmp(obv_pwent.sum,entry->sum,OBV_SHASUM_SIZE);\r
7077+}\r
7078diff -urN linux/kernel/obvqsort.c linux/kernel/obvqsort.c\r
7079--- linux/kernel/obvqsort.c Wed Dec 31 19:00:00 1969\r
7080+++ linux/kernel/obvqsort.c Mon Nov 26 11:18:12 2001\r
7081@@ -0,0 +1,229 @@\r
7082+/* * * * * * * * * * * * * * * * * * * * * * * * *\r
7083+ * The following code is a slightly modified qsort found in glibc\r
7084+ * The best implementation for a non-recursive qsort around\r
7085+ * that I could find, and probably\r
7086+ * better than what I would have come up with=)\r
7087+ * * * * * * * * * * * * * * * * * * * * * * * * */\r
7088+#include <linux/kernel.h>\r
7089+#include <linux/types.h>\r
7090+#include <linux/slab.h>\r
7091+\r
7092+\r
7093+\r
7094+/* Byte-wise swap two items of size SIZE. */\r
7095+#define SWAP(a, b, size) \\r
7096+ do \\r
7097+ { \\r
7098+ register size_t __size = (size); \\r
7099+ register char *__a = (a), *__b = (b); \\r
7100+ do \\r
7101+ { \\r
7102+ char __tmp = *__a; \\r
7103+ *__a++ = *__b; \\r
7104+ *__b++ = __tmp; \\r
7105+ } while (--__size > 0); \\r
7106+ } while (0)\r
7107+\r
7108+/* Discontinue quicksort algorithm when partition gets below this size.\r
7109+ This particular magic number was chosen to work best on a Sun 4/260. */\r
7110+#define MAX_THRESH 4\r
7111+\r
7112+/* Stack node declarations used to store unfulfilled partition obligations. */\r
7113+typedef struct\r
7114+ {\r
7115+ char *lo;\r
7116+ char *hi;\r
7117+ } stack_node;\r
7118+\r
7119+/* The next 4 #defines implement a very fast in-line stack abstraction. */\r
7120+#define STACK_SIZE (8 * sizeof(unsigned long int))\r
7121+#define PUSH(low, high) ((void) ((top->lo = (low)), (top->hi = (high)), ++top))\r
7122+#define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi)))\r
7123+#define STACK_NOT_EMPTY (stack < top)\r
7124+\r
7125+\r
7126+/* Order size using quicksort. This implementation incorporates\r
7127+ four optimizations discussed in Sedgewick:\r
7128+\r
7129+ 1. Non-recursive, using an explicit stack of pointer that store the\r
7130+ next array partition to sort. To save time, this maximum amount\r
7131+ of space required to store an array of MAX_INT is allocated on the\r
7132+ stack. Assuming a 32-bit integer, this needs only 32 *\r
7133+ sizeof(stack_node) == 136 bits. Pretty cheap, actually.\r
7134+\r
7135+ 2. Chose the pivot element using a median-of-three decision tree.\r
7136+ This reduces the probability of selecting a bad pivot value and\r
7137+ eliminates certain extraneous comparisons.\r
7138+\r
7139+ 3. Only quicksorts TOTAL_ELEMS / MAX_THRESH partitions, leaving\r
7140+ insertion sort to order the MAX_THRESH items within each partition.\r
7141+ This is a big win, since insertion sort is faster for small, mostly\r
7142+ sorted array segments.\r
7143+\r
7144+ 4. The larger of the two sub-partitions is always pushed onto the\r
7145+ stack first, with the algorithm then concentrating on the\r
7146+ smaller partition. This *guarantees* no more than log (n)\r
7147+ stack size is needed (actually O(1) in this case)! */\r
7148+\r
7149+\r
7150+void obv_qsort (void *pbase, size_t total_elems, size_t size, int (*cmp) (const void *, const void*))\r
7151+{\r
7152+ register char *base_ptr = (char *) pbase;\r
7153+\r
7154+ /* Allocating SIZE bytes for a pivot buffer facilitates a better\r
7155+ algorithm below since we can do comparisons directly on the pivot. */\r
7156+ char *pivot_buffer = (char *) kmalloc(size,GFP_KERNEL);\r
7157+ const size_t max_thresh = MAX_THRESH * size;\r
7158+\r
7159+ if (total_elems == 0)\r
7160+ /* Avoid lossage with unsigned arithmetic below. */\r
7161+ return;\r
7162+\r
7163+ if (total_elems > MAX_THRESH)\r
7164+ {\r
7165+ char *lo = base_ptr;\r
7166+ char *hi = &lo[size * (total_elems - 1)];\r
7167+ /* Largest size needed for 32-bit int!!! */\r
7168+ stack_node stack[STACK_SIZE];\r
7169+ stack_node *top = stack + 1;\r
7170+\r
7171+ while (STACK_NOT_EMPTY)\r
7172+ {\r
7173+ char *left_ptr;\r
7174+ char *right_ptr;\r
7175+\r
7176+ char *pivot = pivot_buffer;\r
7177+\r
7178+ /* Select median value from among LO, MID, and HI. Rearrange\r
7179+ LO and HI so the three values are sorted. This lowers the\r
7180+ probability of picking a pathological pivot value and\r
7181+ skips a comparison for both the LEFT_PTR and RIGHT_PTR. */\r
7182+\r
7183+ char *mid = lo + size * ((hi - lo) / size >> 1);\r
7184+\r
7185+ if ((*cmp) ((void *) mid, (void *) lo) < 0)\r
7186+ SWAP (mid, lo, size);\r
7187+ if ((*cmp) ((void *) hi, (void *) mid) < 0)\r
7188+ SWAP (mid, hi, size);\r
7189+ else\r
7190+ goto jump_over;\r
7191+ if ((*cmp) ((void *) mid, (void *) lo) < 0)\r
7192+ SWAP (mid, lo, size);\r
7193+ jump_over:;\r
7194+ memcpy (pivot, mid, size);\r
7195+ pivot = pivot_buffer;\r
7196+\r
7197+ left_ptr = lo + size;\r
7198+ right_ptr = hi - size;\r
7199+\r
7200+ /* Here's the famous ``collapse the walls'' section of quicksort.\r
7201+ Gotta like those tight inner loops! They are the main reason\r
7202+ that this algorithm runs much faster than others. */\r
7203+ do\r
7204+ {\r
7205+ while ((*cmp) ((void *) left_ptr, (void *) pivot) < 0)\r
7206+ left_ptr += size;\r
7207+\r
7208+ while ((*cmp) ((void *) pivot, (void *) right_ptr) < 0)\r
7209+ right_ptr -= size;\r
7210+\r
7211+ if (left_ptr < right_ptr)\r
7212+ {\r
7213+ SWAP (left_ptr, right_ptr, size);\r
7214+ left_ptr += size;\r
7215+ right_ptr -= size;\r
7216+ }\r
7217+ else if (left_ptr == right_ptr)\r
7218+ {\r
7219+ left_ptr += size;\r
7220+ right_ptr -= size;\r
7221+ break;\r
7222+ }\r
7223+ }\r
7224+ while (left_ptr <= right_ptr);\r
7225+\r
7226+ /* Set up pointers for next iteration. First determine whether\r
7227+ left and right partitions are below the threshold size. If so,\r
7228+ ignore one or both. Otherwise, push the larger partition's\r
7229+ bounds on the stack and continue sorting the smaller one. */\r
7230+\r
7231+ if ((size_t) (right_ptr - lo) <= max_thresh)\r
7232+ {\r
7233+ if ((size_t) (hi - left_ptr) <= max_thresh)\r
7234+ /* Ignore both small partitions. */\r
7235+ POP (lo, hi);\r
7236+ else\r
7237+ /* Ignore small left partition. */\r
7238+ lo = left_ptr;\r
7239+ }\r
7240+ else if ((size_t) (hi - left_ptr) <= max_thresh)\r
7241+ /* Ignore small right partition. */\r
7242+ hi = right_ptr;\r
7243+ else if ((right_ptr - lo) > (hi - left_ptr))\r
7244+ {\r
7245+ /* Push larger left partition indices. */\r
7246+ PUSH (lo, right_ptr);\r
7247+ lo = left_ptr;\r
7248+ }\r
7249+ else\r
7250+ {\r
7251+ /* Push larger right partition indices. */\r
7252+ PUSH (left_ptr, hi);\r
7253+ hi = right_ptr;\r
7254+ }\r
7255+ }\r
7256+ }\r
7257+ kfree(pivot_buffer);\r
7258+\r
7259+ /* Once the BASE_PTR array is partially sorted by quicksort the rest\r
7260+ is completely sorted using insertion sort, since this is efficient\r
7261+ for partitions below MAX_THRESH size. BASE_PTR points to the beginning\r
7262+ of the array to sort, and END_PTR points at the very last element in\r
7263+ the array (*not* one beyond it!). */\r
7264+\r
7265+\r
7266+ {\r
7267+ char *const end_ptr = &base_ptr[size * (total_elems - 1)];\r
7268+ char *tmp_ptr = base_ptr;\r
7269+ char *thresh = min(end_ptr, base_ptr + max_thresh);\r
7270+ register char *run_ptr;\r
7271+\r
7272+ /* Find smallest element in first threshold and place it at the\r
7273+ array's beginning. This is the smallest array element,\r
7274+ and the operation speeds up insertion sort's inner loop. */\r
7275+\r
7276+ for (run_ptr = tmp_ptr + size; run_ptr <= thresh; run_ptr += size)\r
7277+ if ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0)\r
7278+ tmp_ptr = run_ptr;\r
7279+\r
7280+ if (tmp_ptr != base_ptr)\r
7281+ SWAP (tmp_ptr, base_ptr, size);\r
7282+\r
7283+ /* Insertion sort, running from left-hand-side up to right-hand-side. */\r
7284+\r
7285+ run_ptr = base_ptr + size;\r
7286+ while ((run_ptr += size) <= end_ptr)\r
7287+ {\r
7288+ tmp_ptr = run_ptr - size;\r
7289+ while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0)\r
7290+ tmp_ptr -= size;\r
7291+\r
7292+ tmp_ptr += size;\r
7293+ if (tmp_ptr != run_ptr)\r
7294+ {\r
7295+ char *trav;\r
7296+\r
7297+ trav = run_ptr + size;\r
7298+ while (--trav >= run_ptr)\r
7299+ {\r
7300+ char c = *trav;\r
7301+ char *hi, *lo;\r
7302+\r
7303+ for (hi = lo = trav; (lo -= size) >= tmp_ptr; hi = lo)\r
7304+ *hi = *lo;\r
7305+ *hi = c;\r
7306+ }\r
7307+ }\r
7308+ }\r
7309+ }\r
7310+}\r
7311diff -urN linux/kernel/printk.c linux/kernel/printk.c\r
7312--- linux/kernel/printk.c Sun Nov 11 13:20:21 2001\r
7313+++ linux/kernel/printk.c Mon Nov 26 10:38:11 2001\r
7314@@ -286,7 +286,11 @@\r
7315 \r
7316 asmlinkage long sys_syslog(int type, char * buf, int len)\r
7317 {\r
7318+#ifdef CONFIG_GRKERNSEC_PROC\r
7319+ if (!capable(CAP_SYS_ADMIN))\r
7320+#else\r
7321 if ((type != 3) && !capable(CAP_SYS_ADMIN))\r
7322+#endif\r
7323 return -EPERM;\r
7324 return do_syslog(type, buf, len);\r
7325 }\r
7326diff -urN linux/kernel/signal.c linux/kernel/signal.c\r
7327--- linux/kernel/signal.c Wed Nov 21 19:26:27 2001\r
7328+++ linux/kernel/signal.c Mon Nov 26 10:38:11 2001\r
7329@@ -16,6 +16,21 @@\r
7330 \r
7331 #include <asm/uaccess.h>\r
7332 \r
7333+#if defined(CONFIG_GRKERNSEC_SIGNAL) || defined(CONFIG_GRKERNSEC_CHROOT)\r
7334+#include <linux/grsecurity.h>\r
7335+#endif\r
7336+\r
7337+#ifdef CONFIG_OBV_PROC\r
7338+#include <linux/fs.h>\r
7339+#include <linux/obvext.h>\r
7340+#endif\r
7341+\r
7342+\r
7343+\r
7344+#ifdef CONFIG_GRKERNSEC_CHROOT\r
7345+extern struct task_struct *child_reaper;\r
7346+#endif\r
7347+\r
7348 /*\r
7349 * SLAB caches for signal bits.\r
7350 */\r
7351@@ -526,8 +541,37 @@\r
7352 goto out_nolock;\r
7353 \r
7354 spin_lock_irqsave(&t->sigmask_lock, flags);\r
7355+#ifdef CONFIG_GRKERNSEC_CHROOT\r
7356+ if(CHROOTLONGCHECK &&\r
7357+ !( sig == SIGALRM || sig == SIGIO || !proc_is_chrooted(current) ||\r
7358+ have_same_root(current,t) ||\r
7359+ (t->pid == current->p_pptr->pid && sig == SIGCHLD) ) ) {\r
7360+ security_alert("denied signal %d out of chroot jail (%.32s:%lu) of %d.%d "\r
7361+ "by " DEFAULTSECMSG " to " DEFAULTSECMSG,\r
7362+ "denied signals in chroot",sig,kdevname(current->fs->root->d_inode->i_dev),\r
7363+ current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,\r
7364+ current->fs->root->d_inode->i_gid,DEFAULTSECARGS,\r
7365+ t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,\r
7366+ t->p_pptr->pid,t->p_pptr->uid,t->p_pptr->euid);\r
7367+ goto out;\r
7368+ }\r
7369+#endif\r
7370 handle_stop_signal(sig, t);\r
7371-\r
7372+#ifdef CONFIG_GRKERNSEC_SIGNAL\r
7373+ if(grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) || \r
7374+ (sig == SIGABRT) || (sig == SIGBUS))) {\r
7375+ if(t->pid == current->pid) {\r
7376+ security_alert("signal %d sent to " DEFAULTSECMSG,"signal warnings",sig,\r
7377+ t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,t->p_pptr->pid,\r
7378+ t->p_pptr->uid,t->p_pptr->euid);\r
7379+ } else {\r
7380+ security_alert("signal %d sent to " DEFAULTSECMSG " by "\r
7381+ DEFAULTSECMSG, "signal warnings",\r
7382+ sig,t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,t->p_pptr->pid,\r
7383+ t->p_pptr->uid,t->p_pptr->euid, DEFAULTSECARGS);\r
7384+ }\r
7385+ } \r
7386+#endif\r
7387 /* Optimize away the signal, if it's a signal that can be\r
7388 handled immediately (ie non-blocked and untraced) and\r
7389 that is ignored (either explicitly or by default). */\r
7390@@ -592,6 +636,9 @@\r
7391 retval = -ESRCH;\r
7392 read_lock(&tasklist_lock);\r
7393 for_each_task(p) {\r
7394+#ifdef CONFIG_OBV_PROC\r
7395+ if( !(obv_check_protected(p)) || current->pid == 1)\r
7396+#endif\r
7397 if (p->pgrp == pgrp) {\r
7398 int err = send_sig_info(sig, info, p);\r
7399 if (retval)\r
7400@@ -619,6 +666,9 @@\r
7401 retval = -ESRCH;\r
7402 read_lock(&tasklist_lock);\r
7403 for_each_task(p) {\r
7404+#ifdef CONFIG_OBV_PROC\r
7405+ if( !(obv_check_protected(p)) || current->pid == 1)\r
7406+#endif\r
7407 if (p->leader && p->session == sess) {\r
7408 int err = send_sig_info(sig, info, p);\r
7409 if (retval)\r
7410@@ -640,6 +690,9 @@\r
7411 p = find_task_by_pid(pid);\r
7412 error = -ESRCH;\r
7413 if (p)\r
7414+#ifdef CONFIG_OBV_PROC\r
7415+ if( !(obv_check_protected(p)) || current->pid == 1)\r
7416+#endif\r
7417 error = send_sig_info(sig, info, p);\r
7418 read_unlock(&tasklist_lock);\r
7419 return error;\r
7420@@ -663,6 +716,9 @@\r
7421 \r
7422 read_lock(&tasklist_lock);\r
7423 for_each_task(p) {\r
7424+#ifdef CONFIG_OBV_PROC\r
7425+ if(!(obv_check_protected(p) || current->pid == 1))\r
7426+#endif\r
7427 if (p->pid > 1 && p != current) {\r
7428 int err = send_sig_info(sig, info, p);\r
7429 ++count;\r
7430diff -urN linux/kernel/sys.c linux/kernel/sys.c\r
7431--- linux/kernel/sys.c Tue Sep 18 17:10:43 2001\r
7432+++ linux/kernel/sys.c Mon Nov 26 10:38:11 2001\r
7433@@ -4,6 +4,7 @@\r
7434 * Copyright (C) 1991, 1992 Linus Torvalds\r
7435 */\r
7436 \r
7437+#include <linux/config.h>\r
7438 #include <linux/module.h>\r
7439 #include <linux/mm.h>\r
7440 #include <linux/utsname.h>\r
7441@@ -18,6 +19,10 @@\r
7442 #include <asm/uaccess.h>\r
7443 #include <asm/io.h>\r
7444 \r
7445+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7446+#include <linux/grsecurity.h>\r
7447+#endif\r
7448+\r
7449 /*\r
7450 * this is where the system-wide overflow UID and GID are defined, for\r
7451 * architectures that now have 32-bit UID/GID but didn't in the past\r
7452@@ -379,6 +384,15 @@\r
7453 int old_egid = current->egid;\r
7454 int new_rgid = old_rgid;\r
7455 int new_egid = old_egid;\r
7456+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7457+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7458+ if(grsec_enable_suid_root && current->uid && (!rgid || !egid))\r
7459+#else\r
7460+ if(grsec_enable_suid)\r
7461+#endif\r
7462+ printk(KERN_INFO "grsec: setregid(rgid=%d/egid=%d) by " DEFAULTSECMSG\r
7463+ "\n",rgid,egid, DEFAULTSECARGS);\r
7464+#endif \r
7465 \r
7466 if (rgid != (gid_t) -1) {\r
7467 if ((old_rgid == rgid) ||\r
7468@@ -420,6 +434,15 @@\r
7469 asmlinkage long sys_setgid(gid_t gid)\r
7470 {\r
7471 int old_egid = current->egid;\r
7472+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7473+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7474+ if(grsec_enable_suid_root && current->uid && !gid)\r
7475+#else\r
7476+ if(grsec_enable_suid)\r
7477+#endif\r
7478+ printk(KERN_INFO "grsec: setgid(%d) by " DEFAULTSECMSG "\n",gid, \r
7479+ DEFAULTSECARGS);\r
7480+#endif \r
7481 \r
7482 if (capable(CAP_SETGID))\r
7483 {\r
7484@@ -539,6 +562,15 @@\r
7485 new_ruid = old_ruid = current->uid;\r
7486 new_euid = old_euid = current->euid;\r
7487 old_suid = current->suid;\r
7488+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7489+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7490+ if(grsec_enable_suid_root && current->uid && (!ruid || !euid))\r
7491+#else\r
7492+ if(grsec_enable_suid)\r
7493+#endif\r
7494+ printk(KERN_INFO "grsec: setreuid(ruid=%d/euid=%d) by " DEFAULTSECMSG\r
7495+ "\n",ruid,euid, DEFAULTSECARGS);\r
7496+#endif \r
7497 \r
7498 if (ruid != (uid_t) -1) {\r
7499 new_ruid = ruid;\r
7500@@ -599,7 +631,16 @@\r
7501 old_ruid = new_ruid = current->uid;\r
7502 old_suid = current->suid;\r
7503 new_suid = old_suid;\r
7504- \r
7505+\r
7506+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7507+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7508+ if(grsec_enable_suid_root && current->uid && !uid)\r
7509+#else\r
7510+ if(grsec_enable_suid)\r
7511+#endif\r
7512+ printk(KERN_INFO "grsec: setuid(%d) by " DEFAULTSECMSG "\n", uid,\r
7513+ DEFAULTSECARGS);\r
7514+#endif \r
7515 if (capable(CAP_SETUID)) {\r
7516 if (uid != old_ruid && set_user(uid, old_euid != uid) < 0)\r
7517 return -EAGAIN;\r
7518@@ -632,6 +673,15 @@\r
7519 int old_ruid = current->uid;\r
7520 int old_euid = current->euid;\r
7521 int old_suid = current->suid;\r
7522+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7523+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7524+ if(grsec_enable_suid_root && current->uid && (!ruid || !euid || !suid))\r
7525+#else\r
7526+ if(grsec_enable_suid)\r
7527+#endif\r
7528+ printk(KERN_INFO "grsec: setresuid(ruid=%d/suid=%d/euid=%d) by "\r
7529+ DEFAULTSECMSG "\n", ruid, suid, euid, DEFAULTSECARGS);\r
7530+#endif \r
7531 \r
7532 if (!capable(CAP_SETUID)) {\r
7533 if ((ruid != (uid_t) -1) && (ruid != current->uid) &&\r
7534@@ -683,6 +733,16 @@\r
7535 */\r
7536 asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)\r
7537 {\r
7538+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7539+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7540+ if(grsec_enable_suid_root && current->uid && (!rgid || !egid || !sgid))\r
7541+#else\r
7542+ if(grsec_enable_suid)\r
7543+#endif\r
7544+ printk(KERN_INFO "grsec: setresgid(rgid=%d/sgid=%d/egid=%d) by "\r
7545+ DEFAULTSECMSG "\n", rgid, sgid, egid, DEFAULTSECARGS);\r
7546+#endif \r
7547+\r
7548 if (!capable(CAP_SETGID)) {\r
7549 if ((rgid != (gid_t) -1) && (rgid != current->gid) &&\r
7550 (rgid != current->egid) && (rgid != current->sgid))\r
7551@@ -731,6 +791,15 @@\r
7552 asmlinkage long sys_setfsuid(uid_t uid)\r
7553 {\r
7554 int old_fsuid;\r
7555+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7556+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7557+ if(grsec_enable_suid_root && current->uid && !uid)\r
7558+#else\r
7559+ if(grsec_enable_suid)\r
7560+#endif\r
7561+ printk(KERN_INFO "grsec: setfsuid(%d) by " DEFAULTSECMSG "\n", uid,\r
7562+ DEFAULTSECARGS);\r
7563+#endif \r
7564 \r
7565 old_fsuid = current->fsuid;\r
7566 if (uid == current->uid || uid == current->euid ||\r
7567@@ -773,6 +842,15 @@\r
7568 asmlinkage long sys_setfsgid(gid_t gid)\r
7569 {\r
7570 int old_fsgid;\r
7571+#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)\r
7572+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7573+ if(grsec_enable_suid_root && current->uid && !gid)\r
7574+#else\r
7575+ if(grsec_enable_suid)\r
7576+#endif\r
7577+ printk(KERN_INFO "grsec: setfsgid(%d) by " DEFAULTSECMSG "\n", gid,\r
7578+ DEFAULTSECARGS);\r
7579+#endif \r
7580 \r
7581 old_fsgid = current->fsgid;\r
7582 if (gid == current->gid || gid == current->egid ||\r
7583diff -urN linux/kernel/sysctl.c linux/kernel/sysctl.c\r
7584--- linux/kernel/sysctl.c Mon Nov 26 08:29:17 2001\r
7585+++ linux/kernel/sysctl.c Mon Nov 26 10:38:11 2001\r
7586@@ -37,7 +37,12 @@\r
7587 #include <linux/nfs_fs.h>\r
7588 #endif\r
7589 \r
7590+#ifdef CONFIG_OBV_PROC\r
7591+#include <linux/obvext.h>\r
7592+#endif\r
7593+\r
7594 #if defined(CONFIG_SYSCTL)\r
7595+#include <linux/grsecurity.h>\r
7596 \r
7597 /* External variables not in a header file. */\r
7598 extern int panic_timeout;\r
7599@@ -116,6 +121,9 @@\r
7600 static ctl_table debug_table[];\r
7601 static ctl_table dev_table[];\r
7602 extern ctl_table random_table[];\r
7603+#ifdef CONFIG_GRKERNSEC_SYSCTL\r
7604+static ctl_table grsecurity_table[];\r
7605+#endif\r
7606 \r
7607 /* /proc declarations: */\r
7608 \r
7609@@ -255,9 +263,228 @@\r
842916cd
JR		 7610 {KERN_KDB, "kdb", &kdb_on, sizeof(int),\r
7611 0644, NULL, &proc_dointvec},\r
7612 #endif /* CONFIG_KDB */\r
cab4bb15 7613+#ifdef CONFIG_GRKERNSEC_SYSCTL\r
7614+ {KERN_GRSECURITY, "grsecurity", NULL, 0, 0550, grsecurity_table},\r
7615+#endif\r
7616+#ifdef CONFIG_OBV_PROC\r
7617+ {KERN_OBV,"oblivion",NULL,sizeof(int),0600,NULL,&obv_proc_handler},\r
7618+#endif\r
7619+\r
7620 {0}\r
7621 };\r
7622 \r
7623+#ifdef CONFIG_GRKERNSEC_SYSCTL\r
7624+enum {GS_LINK=1,GS_FIFO, GS_FD, GS_EXECVE, GS_FORK,\r
7625+GS_FORK_GID, GS_FORK_SEC, GS_FORK_MAX, GS_EXECLOG, GS_EXECLOG_GID, \r
7626+GS_EXECLOG_GRP, GS_SUID, GS_SUID_ROOT, GS_SIGNAL, GS_COREDUMP, GS_FORKFAIL, \r
7627+GS_TIME, GS_KBMAP, GS_RANDNET, GS_CHROOT, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS, \r
7628+GS_TPE, GS_TPE_GID, GS_TPE_GLIBC, GS_TPE_ALL, GS_PTRACE, GS_PTRACE_GRP, \r
7629+GS_PTRACE_GID, GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, \r
7630+GS_RANDTTL, GS_RANDTTL_THRESH, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, \r
7631+GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, \r
7632+GS_STEALTH_RST, GS_STEALTH_RST_LOG, GS_STEALTH_UDP, GS_STEALTH_UDP_LOG, \r
7633+GS_STEALTH_ICMP, GS_STEALTH_ICMP_LOG, GS_STEALTH_IGMP, GS_STEALTH_FLAGS, \r
7634+GS_STEALTH_FLAGS_LOG, GS_LOCK};\r
7635+\r
7636+static ctl_table grsecurity_table[] = {\r
7637+#ifdef CONFIG_GRKERNSEC_LINK\r
7638+ {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),\r
7639+ 0640, NULL, &proc_dointvec}, \r
7640+#endif\r
7641+#ifdef CONFIG_GRKERNSEC_FIFO\r
7642+ {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),\r
7643+ 0640, NULL, &proc_dointvec},\r
7644+#endif\r
7645+#ifdef CONFIG_GRKERNSEC_FD\r
7646+ {GS_FD, "secure_fds", &grsec_enable_fd, sizeof (int),\r
7647+ 0640, NULL, &proc_dointvec},\r
7648+#endif\r
7649+#ifdef CONFIG_GRKERNSEC_EXECVE\r
7650+ {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),\r
7651+ 0640, NULL, &proc_dointvec},\r
7652+#endif\r
7653+#ifdef CONFIG_GRKERNSEC_FORKBOMB\r
7654+ {GS_FORK, "fork_bomb_prot", &grsec_enable_forkbomb, sizeof (int),\r
7655+ 0640, NULL, &proc_dointvec},\r
7656+ {GS_FORK_GID, "fork_bomb_gid", &grsec_forkbomb_gid, sizeof (int),\r
7657+ 0640, NULL, &proc_dointvec},\r
7658+ {GS_FORK_SEC, "fork_bomb_sec", &grsec_forkbomb_sec, sizeof (int),\r
7659+ 0640, NULL, &proc_dointvec},\r
7660+ {GS_FORK_MAX, "fork_bomb_max", &grsec_forkbomb_max, sizeof (int),\r
7661+ 0640, NULL, &proc_dointvec},\r
7662+#endif\r
7663+#ifdef CONFIG_GRKERNSEC_EXECLOG\r
7664+ {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),\r
7665+ 0640, NULL, &proc_dointvec},\r
7666+#endif\r
7667+#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP\r
7668+ {GS_EXECLOG_GRP, "exec_group_logging", &grsec_enable_execlog_group, \r
7669+ sizeof (int), 0640, NULL, &proc_dointvec},\r
7670+ {GS_EXECLOG_GID, "exec_logging_gid", &grsec_execlog_gid, sizeof (int),\r
7671+ 0640, NULL, &proc_dointvec},\r
7672+#endif\r
7673+#ifdef CONFIG_GRKERNSEC_SUID\r
7674+ {GS_SUID, "suid_logging", &grsec_enable_suid, sizeof (int),\r
7675+ 0640, NULL, &proc_dointvec},\r
7676+#endif\r
7677+#ifdef CONFIG_GRKERNSEC_SUID_ROOT\r
7678+ {GS_SUID_ROOT, "suid_root_logging", &grsec_enable_suid_root, sizeof (int),\r
7679+ 0640, NULL, &proc_dointvec},\r
7680+#endif\r
7681+#ifdef CONFIG_GRKERNSEC_SIGNAL\r
7682+ {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),\r
7683+ 0640, NULL, &proc_dointvec},\r
7684+#endif\r
7685+#ifdef CONFIG_GRKERNSEC_COREDUMP\r
7686+ {GS_COREDUMP, "coredump", &grsec_enable_coredump, sizeof (int),\r
7687+ 0640, NULL, &proc_dointvec},\r
7688+#endif\r
7689+#ifdef CONFIG_GRKERNSEC_FORKFAIL\r
7690+ {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),\r
7691+ 0640, NULL, &proc_dointvec},\r
7692+#endif\r
7693+#ifdef CONFIG_GRKERNSEC_TIME\r
7694+ {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),\r
7695+ 0640, NULL, &proc_dointvec},\r
7696+#endif\r
7697+#ifdef CONFIG_GRKERNSEC_KBMAP\r
7698+ {GS_KBMAP, "secure_kbmap", &grsec_enable_kbmap, sizeof (int),\r
7699+ 0640, NULL, &proc_dointvec},\r
7700+#endif\r
7701+#ifdef CONFIG_GRKERNSEC_RANDNET\r
7702+ {GS_RANDNET, "rand_net", &grsec_enable_randnet, sizeof (int),\r
7703+ 0640, NULL, &proc_dointvec},\r
7704+#endif\r
7705+#ifdef CONFIG_GRKERNSEC_CHROOT\r
7706+ {GS_CHROOT, "chroot_restrictions", &grsec_enable_chroot, sizeof (int),\r
7707+ 0640, NULL, &proc_dointvec},\r
7708+#endif\r
7709+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG\r
7710+ {GS_CHROOT_EXECLOG, "chroot_execlog",\r
7711+ &grsec_enable_chroot_execlog, sizeof (int),\r
7712+ 0640, NULL, &proc_dointvec},\r
7713+#endif\r
7714+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS\r
7715+ {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),\r
7716+ 0640, NULL, &proc_dointvec},\r
7717+#endif\r
7718+#ifdef CONFIG_GRKERNSEC_TPE\r
7719+ {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),\r
7720+ 0640, NULL, &proc_dointvec},\r
7721+ {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),\r
7722+ 0640, NULL, &proc_dointvec},\r
7723+#endif\r
7724+#ifdef CONFIG_GRKERNSEC_TPE_GLIBC\r
7725+ {GS_TPE_GLIBC, "tpe_glibc", &grsec_enable_tpe_glibc, sizeof (int),\r
7726+ 0640, NULL, &proc_dointvec},\r
7727+#endif\r
7728+#ifdef CONFIG_GRKERNSEC_TPE_ALL\r
7729+ {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),\r
7730+ 0640, NULL, &proc_dointvec},\r
7731+#endif\r
7732+#ifdef CONFIG_GRKERNSEC_PTRACE\r
7733+ {GS_PTRACE, "restrict_ptrace", &grsec_enable_ptrace, sizeof (int),\r
7734+ 0640, NULL, &proc_dointvec},\r
7735+#endif\r
7736+#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP\r
7737+ {GS_PTRACE_GRP, "allow_ptrace_group", &grsec_enable_ptrace_group, sizeof (int),\r
7738+ 0640, NULL, &proc_dointvec},\r
7739+ {GS_PTRACE_GID, "ptrace_gid", &grsec_ptrace_gid, sizeof (int),\r
7740+ 0640, NULL, &proc_dointvec},\r
7741+#endif\r
7742+#ifdef CONFIG_GRKERNSEC_RANDPID\r
7743+ {GS_RANDPID, "rand_pids", &grsec_enable_randpid, sizeof (int),\r
7744+ 0640, NULL, &proc_dointvec},\r
7745+#endif\r
7746+#ifdef CONFIG_GRKERNSEC_RANDID\r
7747+ {GS_RANDID, "rand_ip_ids", &grsec_enable_randid, sizeof (int),\r
7748+ 0640, NULL, &proc_dointvec},\r
7749+#endif\r
7750+#ifdef CONFIG_GRKERNSEC_RANDSRC\r
7751+ {GS_RANDSRC, "rand_tcp_src_ports", &grsec_enable_randsrc, sizeof (int),\r
7752+ 0640, NULL, &proc_dointvec},\r
7753+#endif\r
7754+#ifdef CONFIG_GRKERNSEC_RANDPING\r
7755+ {GS_RANDPING, "altered_pings", &grsec_enable_randping, sizeof (int),\r
7756+ 0640, NULL, &proc_dointvec},\r
7757+#endif\r
7758+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
7759+ {GS_RANDTTL, "rand_ttl", &grsec_enable_randttl, sizeof (int),\r
7760+ 0640, NULL, &proc_dointvec},\r
7761+ {GS_RANDTTL_THRESH, "rand_ttl_thresh", \r
7762+ &grsec_randttl_thresh, sizeof (int),\r
7763+ 0640, NULL, &proc_dointvec},\r
7764+#endif\r
7765+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r
7766+ {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),\r
7767+ 0640, NULL, &proc_dointvec},\r
7768+ {GS_SOCKET_ALL_GID, "socket_all_gid",\r
7769+ &grsec_socket_all_gid, sizeof (int),\r
7770+ 0640, NULL, &proc_dointvec},\r
7771+#endif\r
7772+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r
7773+ {GS_SOCKET_CLIENT, "socket_client", \r
7774+ &grsec_enable_socket_client, sizeof (int),\r
7775+ 0640, NULL, &proc_dointvec},\r
7776+ {GS_SOCKET_CLIENT_GID, "socket_client_gid", \r
7777+ &grsec_socket_client_gid, sizeof (int),\r
7778+ 0640, NULL, &proc_dointvec},\r
7779+#endif\r
7780+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r
7781+ {GS_SOCKET_SERVER, "socket_server", \r
7782+ &grsec_enable_socket_server, sizeof (int),\r
7783+ 0640, NULL, &proc_dointvec},\r
7784+ {GS_SOCKET_SERVER_GID, "socket_server_gid",\r
7785+ &grsec_socket_server_gid, sizeof (int),\r
7786+ 0640, NULL, &proc_dointvec},\r
7787+#endif\r
7788+#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r
7789+ {GS_STEALTH_RST, "stealth_rst", &grsec_enable_stealth_rst, sizeof (int),\r
7790+ 0640, NULL, &proc_dointvec},\r
7791+#endif\r
7792+#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
7793+ {GS_STEALTH_RST_LOG, "stealth_rst_log", &grsec_enable_stealth_rst_log, sizeof (int),\r
7794+ 0640, NULL, &proc_dointvec},\r
7795+#endif\r
7796+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r
7797+ {GS_STEALTH_UDP, "stealth_udp", &grsec_enable_stealth_udp, sizeof (int),\r
7798+ 0640, NULL, &proc_dointvec},\r
7799+#endif\r
7800+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r
7801+ {GS_STEALTH_UDP_LOG, "stealth_udp_log", &grsec_enable_stealth_udp_log, sizeof (int),\r
7802+ 0640, NULL, &proc_dointvec},\r
7803+#endif\r
7804+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r
7805+ {GS_STEALTH_ICMP, "stealth_icmp", \r
7806+ &grsec_enable_stealth_icmp, sizeof (int),\r
7807+ 0640, NULL, &proc_dointvec},\r
7808+#endif\r
7809+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r
7810+ {GS_STEALTH_ICMP_LOG, "stealth_icmp_log", \r
7811+ &grsec_enable_stealth_icmp_log, sizeof (int),\r
7812+ 0640, NULL, &proc_dointvec},\r
7813+#endif\r
7814+#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r
7815+ {GS_STEALTH_IGMP, "stealth_igmp", \r
7816+ &grsec_enable_stealth_igmp, sizeof (int),\r
7817+ 0640, NULL, &proc_dointvec},\r
7818+#endif\r
7819+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r
7820+ {GS_STEALTH_FLAGS, "stealth_flags", \r
7821+ &grsec_enable_stealth_flags, sizeof (int),\r
7822+ 0640, NULL, &proc_dointvec},\r
7823+#endif\r
7824+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r
7825+ {GS_STEALTH_FLAGS_LOG, "stealth_flags_log", \r
7826+ &grsec_enable_stealth_flags_log, sizeof (int),\r
7827+ 0640, NULL, &proc_dointvec},\r
7828+#endif\r
7829+ {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0640, NULL,\r
7830+ &proc_dointvec},\r
7831+ {0}\r
7832+};\r
7833+#endif\r
7834+\r
7835 static ctl_table vm_table[] = {\r
7836 {VM_BDFLUSH, "bdflush", &bdf_prm, 9*sizeof(int), 0644, NULL,\r
7837 &proc_dointvec_minmax, &sysctl_intvec, NULL,\r
7838@@ -827,6 +1054,15 @@\r
7839 }\r
7840 \r
7841 i = (int *) table->data;\r
7842+#ifdef CONFIG_GRKERNSEC_SYSCTL\r
7843+ if(grsec_lock && write) { \r
7844+ security_alert("attempt to modify grsecurity "\r
7845+ "sysctl value: %.32s by " DEFAULTSECMSG,\r
7846+ "attempted sysctl changes", table->de->name,\r
7847+ DEFAULTSECARGS);\r
7848+ return -EACCES;\r
7849+ }\r
7850+#endif\r
7851 vleft = table->maxlen / sizeof(int);\r
7852 left = *lenp;\r
7853 \r
7854diff -urN linux/kernel/time.c linux/kernel/time.c\r
7855--- linux/kernel/time.c Mon Oct 16 15:58:51 2000\r
7856+++ linux/kernel/time.c Mon Nov 26 10:38:11 2001\r
7857@@ -29,6 +29,9 @@\r
7858 #include <linux/smp_lock.h>\r
7859 \r
7860 #include <asm/uaccess.h>\r
7861+#ifdef CONFIG_GRKERNSEC_TIME\r
7862+#include <linux/grsecurity.h>\r
7863+#endif\r
7864 \r
7865 /* \r
7866 * The timezone where the local system is located. Used as a default by some\r
7867@@ -105,6 +108,11 @@\r
7868 time_maxerror = NTP_PHASE_LIMIT;\r
7869 time_esterror = NTP_PHASE_LIMIT;\r
7870 write_unlock_irq(&xtime_lock);\r
7871+#ifdef CONFIG_GRKERNSEC_TIME\r
7872+ if(grsec_enable_time)\r
7873+ security_alert("time set by " DEFAULTSECMSG, "time sets",\r
7874+ DEFAULTSECARGS);\r
7875+#endif\r
7876 return 0;\r
7877 }\r
7878 \r
7879@@ -181,6 +189,11 @@\r
7880 * globally block out interrupts when it runs.\r
7881 */\r
7882 do_settimeofday(tv);\r
7883+#ifdef CONFIG_GRKERNSEC_TIME\r
7884+ if(grsec_enable_time)\r
7885+ security_alert("time set by " DEFAULTSECMSG, "time sets", \r
7886+ DEFAULTSECARGS);\r
7887+#endif\r
7888 }\r
7889 return 0;\r
7890 }\r
7891diff -urN linux/mm/mmap.c linux/mm/mmap.c\r
7892--- linux/mm/mmap.c Sun Nov 4 13:17:20 2001\r
7893+++ linux/mm/mmap.c Mon Nov 26 10:38:11 2001\r
7894@@ -14,6 +14,7 @@\r
7895 #include <linux/file.h>\r
7896 #include <linux/fs.h>\r
7897 #include <linux/personality.h>\r
7898+#include <linux/random.h>\r
7899 \r
7900 #include <asm/uaccess.h>\r
7901 #include <asm/pgalloc.h>\r
7902@@ -429,6 +430,24 @@\r
7903 */\r
7904 vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;\r
7905 \r
7906+#ifdef CONFIG_GRKERNSEC_PAX\r
7907+ if (current->flags & PF_PAX_PAGEEXEC) {\r
7908+ if (flags & MAP_GROWSDOWN)\r
7909+ vm_flags &= ~VM_EXEC;\r
7910+\r
7911+#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r
7912+ if ((current->flags & PF_PAX_MPROTECT) && !(prot & PROT_EXEC))\r
7913+ vm_flags &= ~VM_MAYEXEC;\r
7914+ if ((current->flags & PF_PAX_MPROTECT) && (flags & MAP_GROWSDOWN))\r
7915+ vm_flags &= ~VM_MAYEXEC;\r
7916+#endif\r
7917+\r
7918+ } else {\r
7919+ if (prot & (PROT_READ | PROT_WRITE)) /* they imply PROT_EXEC on IA-32 */\r
7920+ vm_flags |= VM_EXEC;\r
7921+ }\r
7922+#endif\r
7923+\r
7924 /* mlock MCL_FUTURE? */\r
7925 if (vm_flags & VM_LOCKED) {\r
7926 unsigned long locked = mm->locked_vm << PAGE_SHIFT;\r
7927@@ -601,7 +620,20 @@\r
7928 (!vma || addr + len <= vma->vm_start))\r
7929 return addr;\r
7930 }\r
7931+#if defined(CONFIG_GRKERNSEC_STACK)\r
7932+ addr = TASK_UNMAPPED_BASE(len);\r
7933+ addr = PAGE_ALIGN(TASK_UNMAPPED_BASE(len));\r
7934+#else\r
7935+ addr = TASK_UNMAPPED_BASE;\r
7936 addr = PAGE_ALIGN(TASK_UNMAPPED_BASE);\r
7937+#endif\r
7938+\r
7939+\r
7940+#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP\r
7941+ /* PaX: randomize base address if requested */\r
7942+ if (current->flags & PF_PAX_RANDMMAP)\r
7943+ addr += current->mm->delta_mmap;\r
7944+#endif\r
7945 \r
7946 for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {\r
7947 /* At this point: (!vma || addr < vma->vm_end). */\r
7948@@ -1050,6 +1082,18 @@\r
7949 MAP_FIXED|MAP_PRIVATE) | mm->def_flags;\r
7950 \r
7951 flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;\r
7952+\r
7953+#ifdef CONFIG_GRKERNSEC_PAX\r
7954+ if (current->flags & PF_PAX_PAGEEXEC) {\r
7955+ flags &= ~VM_EXEC;\r
7956+\r
7957+#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r
7958+ if (current->flags & PF_PAX_MPROTECT)\r
7959+ flags &= ~VM_MAYEXEC;\r
7960+#endif\r
7961+ }\r
7962+#endif\r
7963+\r
7964 \r
7965 /* Can we just expand an old anonymous mapping? */\r
7966 if (rb_parent && vma_merge(mm, prev, rb_parent, addr, addr + len, flags))\r
7967diff -urN linux/mm/mprotect.c linux/mm/mprotect.c\r
7968--- linux/mm/mprotect.c Mon Sep 17 18:30:23 2001\r
7969+++ linux/mm/mprotect.c Mon Nov 26 10:38:11 2001\r
7970@@ -300,6 +300,12 @@\r
cab4bb15 7971 }\r
7972 \r
842916cd 7973 #endif /* CONFIG_XFS_DMAPI */\r
cab4bb15 7974+#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT\r
7975+ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */\r
7976+ if ((current->flags & PF_PAX_MPROTECT) && (prot & PROT_WRITE) && (vma->vm_flags & VM_MAYEXEC)) {\r
7977+ newflags &= ~VM_MAYWRITE;\r
7978+ }\r
7979+#endif\r
7980 if (vma->vm_end > end) {\r
7981 error = mprotect_fixup(vma, &prev, nstart, end, newflags);\r
7982 goto out;\r
7983diff -urN linux/net/core/utils.c linux/net/core/utils.c\r
7984--- linux/net/core/utils.c Mon Aug 23 13:01:02 1999\r
7985+++ linux/net/core/utils.c Mon Nov 26 10:38:11 2001\r
7986@@ -23,16 +23,50 @@\r
7987 \r
7988 static unsigned long net_rand_seed = 152L;\r
7989 \r
7990+#ifdef CONFIG_GRKERNSEC_RANDNET\r
7991+#include <linux/random.h>\r
7992+#include <linux/grsecurity.h>\r
7993+\r
7994+#define RNG_N_STORED_WORDS 256\r
7995+unsigned long rng_storage[RNG_N_STORED_WORDS];\r
7996+int nleft=0;\r
7997+#endif\r
7998+\r
7999 unsigned long net_random(void)\r
8000 {\r
8001+#ifdef CONFIG_GRKERNSEC_RANDNET\r
8002+ if (grsec_enable_randnet) {\r
8003+ if (!nleft)\r
8004+ {\r
8005+ get_random_bytes(rng_storage,sizeof(rng_storage));\r
8006+ nleft=RNG_N_STORED_WORDS;\r
8007+ }\r
8008+ \r
8009+ nleft--;\r
8010+ return rng_storage[nleft];\r
8011+ } else {\r
8012+ net_rand_seed=net_rand_seed*69069L+1;\r
8013+ return net_rand_seed^jiffies;\r
8014+ }\r
8015+#else\r
8016 net_rand_seed=net_rand_seed*69069L+1;\r
8017 return net_rand_seed^jiffies;\r
8018+#endif\r
8019 }\r
8020 \r
8021 void net_srandom(unsigned long entropy)\r
8022 {\r
8023+#ifdef CONFIG_GRKERNSEC_RANDNET\r
8024+ if(grsec_enable_randnet)\r
8025+ add_mouse_randomness((__u32)entropy);\r
8026+ else {\r
8027 net_rand_seed ^= entropy;\r
8028 net_random();\r
8029+ }\r
8030+#else\r
8031+ net_rand_seed ^= entropy;\r
8032+ net_random();\r
8033+#endif\r
8034 }\r
8035 \r
8036 int net_msg_cost = 5*HZ;\r
8037@@ -71,3 +105,4 @@\r
8038 spin_unlock_irqrestore(&ratelimit_lock, flags);\r
8039 return 0;\r
8040 }\r
8041+\r
8042diff -urN linux/net/ipv4/Makefile linux/net/ipv4/Makefile\r
8043--- linux/net/ipv4/Makefile Tue Oct 30 18:08:12 2001\r
8044+++ linux/net/ipv4/Makefile Mon Nov 26 10:38:11 2001\r
8045@@ -13,7 +13,7 @@\r
8046 \r
8047 obj-y := utils.o route.o inetpeer.o proc.o protocol.o \\r
8048 ip_input.o ip_fragment.o ip_forward.o ip_options.o \\r
8049- ip_output.o ip_sockglue.o \\r
8050+ ip_id.o ip_output.o ip_sockglue.o \\r
8051 tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o tcp_minisocks.o \\r
8052 raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \\r
8053 sysctl_net_ipv4.o fib_frontend.o fib_semantics.o fib_hash.o\r
8054diff -urN linux/net/ipv4/af_inet.c linux/net/ipv4/af_inet.c\r
8055--- linux/net/ipv4/af_inet.c Mon Nov 5 12:46:12 2001\r
8056+++ linux/net/ipv4/af_inet.c Mon Nov 26 10:38:11 2001\r
8057@@ -83,6 +83,10 @@\r
8058 #include <linux/init.h>\r
8059 #include <linux/poll.h>\r
8060 #include <linux/netfilter_ipv4.h>\r
8061+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8062+#include <linux/random.h>\r
8063+#include <linux/grsecurity.h>\r
8064+#endif\r
8065 \r
8066 #include <asm/uaccess.h>\r
8067 #include <asm/system.h>\r
8068@@ -322,6 +326,10 @@\r
8069 struct list_head *p;\r
8070 struct inet_protosw *answer;\r
8071 \r
8072+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8073+ unsigned long randttl;\r
8074+#endif\r
8075+\r
8076 sock->state = SS_UNCONNECTED;\r
8077 sk = sk_alloc(PF_INET, GFP_KERNEL, 1);\r
8078 if (sk == NULL) \r
8079@@ -374,7 +382,14 @@\r
8080 else\r
8081 sk->protinfo.af_inet.pmtudisc = IP_PMTUDISC_WANT;\r
8082 \r
8083+#ifdef CONFIG_GRKERNSEC_RANDID\r
8084+ if(grsec_enable_randid)\r
8085+ sk->protinfo.af_inet.id = htons(ip_randomid());\r
8086+ else\r
8087+ sk->protinfo.af_inet.id = 0;\r
8088+#else\r
8089 sk->protinfo.af_inet.id = 0;\r
8090+#endif\r
8091 \r
8092 sock_init_data(sock,sk);\r
8093 \r
8094@@ -386,7 +401,16 @@\r
8095 \r
8096 sk->backlog_rcv = sk->prot->backlog_rcv;\r
8097 \r
8098+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8099+if(grsec_enable_randttl){\r
8100+ get_random_bytes(&randttl,sizeof(randttl));\r
8101+ sk->protinfo.af_inet.ttl = grsec_randttl_thresh +\r
8102+ (randttl % (256 - grsec_randttl_thresh));\r
8103+} else\r
8104+ sk->protinfo.af_inet.ttl = sysctl_ip_default_ttl;\r
8105+#else \r
8106 sk->protinfo.af_inet.ttl = sysctl_ip_default_ttl;\r
8107+#endif\r
8108 \r
8109 sk->protinfo.af_inet.mc_loop = 1;\r
8110 sk->protinfo.af_inet.mc_ttl = 1;\r
8111diff -urN linux/net/ipv4/icmp.c linux/net/ipv4/icmp.c\r
8112--- linux/net/ipv4/icmp.c Wed Nov 7 17:39:36 2001\r
8113+++ linux/net/ipv4/icmp.c Mon Nov 26 10:38:11 2001\r
8114@@ -90,6 +90,15 @@\r
8115 #include <asm/system.h>\r
8116 #include <asm/uaccess.h>\r
8117 #include <net/checksum.h>\r
8118+#ifdef CONFIG_GRKERNSEC_RANDPING\r
8119+#include <linux/random.h>\r
8120+#endif\r
8121+\r
8122+#if defined(CONFIG_GRKERNSEC_RANDPING)||\\r
8123+ defined(CONFIG_GRKERNSEC_STEALTH_ICMP) ||\\r
8124+ defined(CONFIG_GRKERNSEC_STEALTH_ICMP_LOG)\r
8125+#include <linux/grsecurity.h>\r
8126+#endif\r
8127 \r
8128 /*\r
8129 * Build xmit assembly blocks\r
8130@@ -738,6 +747,11 @@\r
8131 \r
8132 icmp_param.data.icmph=*skb->h.icmph;\r
8133 icmp_param.data.icmph.type=ICMP_ECHOREPLY;\r
8134+#ifdef CONFIG_GRKERNSEC_RANDPING\r
8135+ if(grsec_enable_randping)\r
8136+ icmp_param.data.icmph.un.echo.id =\r
8137+ skb->h.icmph->un.echo.id;\r
8138+#endif\r
8139 icmp_param.skb=skb;\r
8140 icmp_param.offset=0;\r
8141 icmp_param.data_len=skb->len;\r
8142@@ -907,6 +921,19 @@\r
8143 /*\r
8144 * Parse the ICMP message \r
8145 */\r
8146+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG\r
8147+ if(grsec_enable_stealth_icmp_log && net_ratelimit() && (icmph->type != ICMP_ECHOREPLY)\r
8148+ && strncmp(skb->dev->name, "lo", 2))\r
8149+ printk(KERN_INFO "grsec: icmp type=%d code=%d on %.8s src=%u.%u.%u.%u "\r
8150+ "dst=%u.%u.%u.%u\n", icmph->type, icmph->code, \r
8151+ (skb->dev->name ? skb->dev->name : "unknown"),\r
8152+ NIPQUAD(skb->nh.iph->saddr), NIPQUAD(skb->nh.iph->daddr));\r
8153+#endif\r
8154+#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP\r
8155+ if(grsec_enable_stealth_icmp && (icmph->type != ICMP_ECHOREPLY) &&\r
8156+ strncmp(skb->dev->name, "lo", 2))\r
8157+ goto error;\r
8158+#endif\r
8159 \r
8160 if (rt->rt_flags&(RTCF_BROADCAST|RTCF_MULTICAST)) {\r
8161 /*\r
8162diff -urN linux/net/ipv4/igmp.c linux/net/ipv4/igmp.c\r
8163--- linux/net/ipv4/igmp.c Sat Jul 28 15:12:38 2001\r
8164+++ linux/net/ipv4/igmp.c Mon Nov 26 10:38:11 2001\r
8165@@ -98,6 +98,9 @@\r
8166 #include <linux/mroute.h>\r
8167 #endif\r
8168 \r
8169+#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r
8170+#include <linux/grsecurity.h>\r
8171+#endif\r
8172 \r
8173 #define IP_MAX_MEMBERSHIPS 20\r
8174 \r
8175@@ -200,6 +203,10 @@\r
8176 struct rtable *rt;\r
8177 u32 dst;\r
8178 \r
8179+#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP\r
8180+ if(grsec_enable_stealth_igmp)\r
8181+ return(-1);\r
8182+#endif\r
8183 /* According to IGMPv2 specs, LEAVE messages are\r
8184 * sent to all-routers group.\r
8185 */\r
8186diff -urN linux/net/ipv4/ip_gre.c linux/net/ipv4/ip_gre.c\r
8187--- linux/net/ipv4/ip_gre.c Tue Oct 30 18:08:12 2001\r
8188+++ linux/net/ipv4/ip_gre.c Mon Nov 26 10:38:11 2001\r
8189@@ -28,6 +28,10 @@\r
8190 #include <linux/inetdevice.h>\r
8191 #include <linux/igmp.h>\r
8192 #include <linux/netfilter_ipv4.h>\r
8193+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8194+#include <linux/random.h>\r
8195+#include <linux/grsecurity.h>\r
8196+#endif\r
8197 \r
8198 #include <net/sock.h>\r
8199 #include <net/ip.h>\r
8200@@ -842,6 +846,9 @@\r
8201 iph->saddr = rt->rt_src;\r
8202 \r
8203 if ((iph->ttl = tiph->ttl) == 0) {\r
8204+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8205+ unsigned long randttl;\r
8206+#endif\r
8207 if (skb->protocol == __constant_htons(ETH_P_IP))\r
8208 iph->ttl = old_iph->ttl;\r
8209 #ifdef CONFIG_IPV6\r
8210@@ -849,6 +856,13 @@\r
8211 iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit;\r
8212 #endif\r
8213 else\r
8214+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8215+ if(grsec_enable_randttl){\r
8216+ get_random_bytes(&randttl,sizeof(randttl));\r
8217+ iph->ttl = grsec_randttl_thresh +\r
8218+ (randttl % (256 - grsec_randttl_thresh)); \r
8219+ } else\r
8220+#endif\r
8221 iph->ttl = sysctl_ip_default_ttl;\r
8222 }\r
8223 \r
8224diff -urN linux/net/ipv4/ip_id.c linux/net/ipv4/ip_id.c\r
8225--- linux/net/ipv4/ip_id.c Wed Dec 31 19:00:00 1969\r
8226+++ linux/net/ipv4/ip_id.c Mon Nov 26 10:38:11 2001\r
8227@@ -0,0 +1,146 @@\r
8228+/*\r
8229+ * This code is based on OpenBSD's ip_id.c, by Niels Provos.\r
8230+ * Ported to Linux 2.2 by Salvatore Sanfilippo.\r
8231+ * Ported to Linux 2.4 by Brad Spengler.\r
8232+ *\r
8233+ * 26-10-1999: Ported from OpenBSD's ip_id.c version 1.2\r
8234+ * (previous versions seems to be predictable\r
8235+ * after David Wagner's auditing)\r
8236+ * Salvatore Sanfilippo <antirez@invece.org>\r
8237+ *\r
8238+ * TODO:\r
8239+ * - Make this code SMP safe\r
8240+ */\r
8241+\r
8242+/*\r
8243+ * Copyright 1998 Niels Provos <provos@citi.umich.edu>\r
8244+ * All rights reserved.\r
8245+ * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using\r
8246+ * such a mathematical system to generate more random (yet non-repeating)\r
8247+ * ids to solve the resolver/named problem. But Niels designed the\r
8248+ * actual system based on the constraints.\r
8249+ *\r
8250+ * Redistribution and use in source and binary forms, with or without\r
8251+ * modification, are permitted provided that the following conditions\r
8252+ * are met:\r
8253+ * 1. Redistributions of source code must retain the above copyright\r
8254+ * notice, this list of conditions and the following disclaimer,\r
8255+ * 2. Redistributions in binary form must reproduce the above copyright\r
8256+ * notice, this list of conditions and the following disclaimer in the\r
8257+ * documentation and/or other materials provided with the distribution.\r
8258+ * 3. All advertising materials mentioning features or use of this software\r
8259+ * must display the following acknowledgement:\r
8260+ * This product includes software developed by Niels Provos.\r
8261+ * 4. The name of the author may not be used to endorse or promote products\r
8262+ * derived from this software without specific prior written permission.\r
8263+ *\r
8264+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\r
8265+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\r
8266+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\r
8267+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\r
8268+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\r
8269+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\r
8270+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\r
8271+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\r
8272+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\r
8273+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
8274+ */\r
8275+#include <linux/types.h>\r
8276+#include <linux/sched.h>\r
8277+#include <linux/random.h>\r
8278+#include <linux/grsecurity.h>\r
8279+\r
8280+#define RU_OUT 180\r
8281+#define RU_MAX 30000\r
8282+#define RU_GEN 2\r
8283+#define RU_N 32749\r
8284+#define RU_AGEN 7\r
8285+#define RU_M 31104\r
8286+#define PFAC_N 3\r
8287+const static __u16 pfacts[PFAC_N] = { 2,3,2729 };\r
8288+\r
8289+static __u16 ru_x;\r
8290+static __u16 ru_seed, ru_seed2;\r
8291+static __u16 ru_a, ru_b;\r
8292+static __u16 ru_g;\r
8293+static __u16 ru_counter = 0;\r
8294+static __u16 ru_msb = 0;\r
8295+static __u32 ru_reseed;\r
8296+static __u32 tmp;\r
8297+\r
8298+static __u16 pmod(u_int16_t, u_int16_t, u_int16_t);\r
8299+static void ip_initid (void);\r
8300+__u16 ip_randomip (void);\r
8301+\r
8302+static __u16 pmod(__u16 gen, __u16 exp, __u16 mod) {\r
8303+ __u16 s, t, u;\r
8304+\r
8305+ s = 1;\r
8306+ t = gen;\r
8307+ u = exp;\r
8308+\r
8309+ while(u) {\r
8310+ if (u & 1)\r
8311+ s = (s*t) % mod;\r
8312+ u >>=1;\r
8313+ t = (t*t) % mod;\r
8314+ }\r
8315+ return(s);\r
8316+}\r
8317+\r
8318+static void ip_initid (void) { \r
8319+ __u16 j, i;\r
8320+ int noprime = 1;\r
8321+\r
8322+ get_random_bytes((void *) &tmp, sizeof(tmp));\r
8323+ ru_x = (tmp & 0xFFFF) % RU_M;\r
8324+ ru_seed = (tmp >> 16) & 0x7FFF;\r
8325+ get_random_bytes((void *) &tmp, sizeof(tmp));\r
8326+ ru_seed2 = tmp & 0x7FFF;\r
8327+ \r
8328+ get_random_bytes((void *) &tmp, sizeof(tmp));\r
8329+ \r
8330+ ru_b = (tmp & 0xfffe) | 1;\r
8331+ ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);\r
8332+ while (ru_b % 3 == 0)\r
8333+ ru_b += 2;\r
8334+\r
8335+ get_random_bytes((void *) &tmp, sizeof(tmp));\r
8336+ j = tmp % RU_N;\r
8337+ tmp = tmp >> 16;\r
8338+ \r
8339+ while(noprime) {\r
8340+ for (i=0; i<PFAC_N; i++)\r
8341+ if(j%pfacts[i] == 0)\r
8342+ break;\r
8343+ \r
8344+ if (i>=PFAC_N)\r
8345+ noprime = 0;\r
8346+ else\r
8347+ j = (j+1) % RU_N;\r
8348+ }\r
8349+\r
8350+ ru_g = pmod(RU_GEN,j,RU_N);\r
8351+ ru_counter = 0;\r
8352+ ru_reseed = jiffies + (RU_OUT * HZ);\r
8353+ ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;\r
8354+}\r
8355+\r
8356+__u16 ip_randomid (void) {\r
8357+ int i, n;\r
8358+ \r
8359+ if (ru_counter >= RU_MAX || jiffies > ru_reseed)\r
8360+ ip_initid();\r
8361+\r
8362+ if (!tmp)\r
8363+ get_random_bytes((void *) &tmp, sizeof(tmp));\r
8364+\r
8365+ n = tmp & 0x3; tmp = tmp >> 2;\r
8366+ if (ru_counter + n >= RU_MAX)\r
8367+ ip_initid();\r
8368+ for (i=0; i <= n; i++)\r
8369+ ru_x = (ru_a*ru_x + ru_b) % RU_M;\r
8370+ ru_counter += i;\r
8371+ \r
8372+ return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x, RU_N)) | ru_msb;\r
8373+}\r
8374diff -urN linux/net/ipv4/ip_output.c linux/net/ipv4/ip_output.c\r
8375--- linux/net/ipv4/ip_output.c Wed Oct 17 17:16:39 2001\r
8376+++ linux/net/ipv4/ip_output.c Mon Nov 26 10:38:12 2001\r
8377@@ -77,6 +77,10 @@\r
8378 #include <linux/netfilter_ipv4.h>\r
8379 #include <linux/mroute.h>\r
8380 #include <linux/netlink.h>\r
8381+#ifdef CONFIG_GRKERNSEC_RANDID\r
8382+#include <linux/random.h>\r
8383+#include <linux/grsecurity.h>\r
8384+#endif\r
8385 \r
8386 /*\r
8387 * Shall we try to damage output packets if routing dev changes?\r
8388@@ -510,6 +514,12 @@\r
8389 * Begin outputting the bytes.\r
8390 */\r
8391 \r
8392+#ifdef CONFIG_GRKERNSEC_RANDID\r
8393+ if(grsec_enable_randid){ \r
8394+ get_random_bytes(&id,(sizeof(id) / 2));\r
8395+ sk->protinfo.af_inet.id = id;\r
8396+ } else\r
8397+#endif\r
8398 id = sk->protinfo.af_inet.id++;\r
8399 \r
8400 do {\r
8401diff -urN linux/net/ipv4/ip_sockglue.c linux/net/ipv4/ip_sockglue.c\r
8402--- linux/net/ipv4/ip_sockglue.c Tue Oct 30 18:08:12 2001\r
8403+++ linux/net/ipv4/ip_sockglue.c Mon Nov 26 10:38:12 2001\r
8404@@ -42,6 +42,10 @@\r
8405 \r
8406 #include <linux/errqueue.h>\r
8407 #include <asm/uaccess.h>\r
8408+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8409+#include <linux/random.h>\r
8410+#include <linux/grsecurity.h>\r
8411+#endif\r
8412 \r
8413 #define IP_CMSG_PKTINFO 1\r
8414 #define IP_CMSG_TTL 2\r
8415@@ -382,6 +386,9 @@\r
8416 {\r
8417 int val=0,err;\r
8418 \r
8419+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8420+ unsigned long randttl;\r
8421+#endif\r
8422 if (level != SOL_IP)\r
8423 return -ENOPROTOOPT;\r
8424 \r
8425@@ -492,8 +499,16 @@\r
8426 case IP_TTL:\r
8427 if (optlen<1)\r
8428 goto e_inval;\r
8429- if(val==-1)\r
8430+ if(val==-1) {\r
8431+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8432+ if(grsec_enable_randttl){\r
8433+ get_random_bytes(&randttl,sizeof(randttl));\r
8434+ val = grsec_randttl_thresh +\r
8435+ (randttl % (256 - grsec_randttl_thresh));\r
8436+ } else\r
8437+#endif\r
8438 val = sysctl_ip_default_ttl;\r
8439+ }\r
8440 if(val<1||val>255)\r
8441 goto e_inval;\r
8442 sk->protinfo.af_inet.ttl=val;\r
8443diff -urN linux/net/ipv4/tcp_ipv4.c linux/net/ipv4/tcp_ipv4.c\r
8444--- linux/net/ipv4/tcp_ipv4.c Mon Nov 5 12:46:12 2001\r
8445+++ linux/net/ipv4/tcp_ipv4.c Mon Nov 26 10:38:12 2001\r
8446@@ -63,6 +63,15 @@\r
8447 #include <linux/stddef.h>\r
8448 #include <linux/ipsec.h>\r
8449 \r
8450+#if defined(CONFIG_GRKERNSEC_RANDID)||defined(CONFIG_GRKERNSEC_RANDSRC)||\\r
8451+ defined(CONFIG_GRKERNSEC_STEALTH_RST)||\\r
8452+ defined(CONFIG_GRKERNSEC_STEALTH_FLAGS) ||\\r
8453+ defined(CONFIG_GRKERNSEC_STEALTH_RST_LOG)||\\r
8454+ defined(CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG)\r
8455+#include <linux/grsecurity.h>\r
8456+#endif\r
8457+\r
8458+\r
8459 extern int sysctl_ip_dynaddr;\r
8460 \r
8461 /* Check TCP sequence numbers in ICMP packets. */\r
8462@@ -208,12 +217,37 @@\r
8463 int high = sysctl_local_port_range[1];\r
8464 int remaining = (high - low) + 1;\r
8465 int rover;\r
8466+#ifdef CONFIG_GRKERNSEC_RANDSRC\r
8467+ unsigned long longrover;\r
8468+ int count = 0;\r
8469+#endif\r
8470 \r
8471 spin_lock(&tcp_portalloc_lock);\r
8472 rover = tcp_port_rover;\r
8473+#ifdef CONFIG_GRKERNSEC_RANDSRC\r
8474+ do {\r
8475+ if(grsec_enable_randsrc) {\r
8476+ if(count < 64) {\r
8477+ get_random_bytes(&longrover,sizeof(longrover));\r
8478+ rover=low+(longrover % (high - low));\r
8479+ } else if(count == 64)\r
8480+ rover = tcp_port_rover;\r
8481+ else if(count > 64) {\r
8482+ rover++;\r
8483+ if ((rover < low) || (rover > high))\r
8484+ rover = low;\r
8485+ }\r
8486+ count++;\r
8487+ } else {\r
8488+ rover++;\r
8489+ if ((rover < low) || (rover > high))\r
8490+ rover = low;\r
8491+ }\r
8492+#else\r
8493 do { rover++;\r
8494 if ((rover < low) || (rover > high))\r
8495 rover = low;\r
8496+#endif\r
8497 head = &tcp_bhash[tcp_bhashfn(rover)];\r
8498 spin_lock(&head->lock);\r
8499 for (tb = head->chain; tb; tb = tb->next)\r
8500@@ -725,6 +759,11 @@\r
8501 tp->ext_header_len = 0;\r
8502 if (sk->protinfo.af_inet.opt)\r
8503 tp->ext_header_len = sk->protinfo.af_inet.opt->optlen;\r
8504+#ifdef CONFIG_GRKERNSEC_RANDID\r
8505+ if(grsec_enable_randid)\r
8506+ sk->protinfo.af_inet.id = htons(ip_randomid());\r
8507+ else\r
8508+#endif\r
8509 sk->protinfo.af_inet.id = tp->write_seq^jiffies;\r
8510 \r
8511 tp->mss_clamp = 536;\r
8512@@ -1450,6 +1489,11 @@\r
8513 newtp->ext_header_len = 0;\r
8514 if (newsk->protinfo.af_inet.opt)\r
8515 newtp->ext_header_len = newsk->protinfo.af_inet.opt->optlen;\r
8516+#ifdef CONFIG_GRKERNSEC_RANDID\r
8517+ if(grsec_enable_randid)\r
8518+ newsk->protinfo.af_inet.id = htons(ip_randomid());\r
8519+ else\r
8520+#endif\r
8521 newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;\r
8522 \r
8523 tcp_sync_mss(newsk, dst->pmtu);\r
8524@@ -1563,8 +1607,20 @@\r
8525 goto discard;\r
8526 \r
8527 if (nsk != sk) {\r
8528- if (tcp_child_process(sk, nsk, skb))\r
8529+ if (tcp_child_process(sk, nsk, skb)) {\r
8530+#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
8531+ if(grsec_enable_stealth_rst_log && net_ratelimit())\r
8532+ printk(KERN_INFO "grsec: unserved TCP on %.8s "\r
8533+ "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu\n",\r
8534+ (skb->dev->name ? skb->dev->name : "unknown"), \r
8535+ NIPQUAD(skb->nh.iph->saddr), ntohs(skb->h.th->source), \r
8536+ NIPQUAD(skb->nh.iph->daddr), ntohs(skb->h.th->dest));\r
8537+#endif\r
8538+#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r
8539+ if(grsec_enable_stealth_rst) goto discard;\r
8540+#endif\r
8541 goto reset;\r
8542+ }\r
8543 return 0;\r
8544 }\r
8545 }\r
8546@@ -1614,6 +1670,32 @@\r
8547 \r
8548 if (th->doff < sizeof(struct tcphdr)/4)\r
8549 goto bad_packet;\r
8550+\r
8551+#if defined(CONFIG_GRKERNSEC_STEALTH_FLAGS) || defined(CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG)\r
8552+ if((th->fin && th->syn) || \r
8553+ (!(th->ack || th->syn || th->rst) || th->res1) ||\r
8554+ (th->fin && th->psh && th->urg)) {\r
8555+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG\r
8556+ if(grsec_enable_stealth_flags_log && net_ratelimit())\r
8557+ printk(KERN_INFO "grsec: illegitimate flags on %.8s "\r
8558+ "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu"\r
8559+ "%.4s%.4s%.4s%.4s%.4s%.4s\n",\r
8560+ (skb->dev->name ? skb->dev->name : "unknown"),\r
8561+ NIPQUAD(skb->nh.iph->saddr), ntohs(th->source),\r
8562+ NIPQUAD(skb->nh.iph->daddr), ntohs(th->dest),\r
8563+ th->syn ? " SYN" : "",\r
8564+ th->fin ? " FIN" : "",\r
8565+ th->rst ? " RST" : "",\r
8566+ th->psh ? " PSH" : "",\r
8567+ th->ack ? " ACK" : "",\r
8568+ th->urg ? " URG" : "");\r
8569+#endif\r
8570+#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS\r
8571+ if(grsec_enable_stealth_flags)\r
8572+ goto discard_it;\r
8573+#endif\r
8574+ }\r
8575+#endif\r
8576 if (!pskb_may_pull(skb, th->doff*4))\r
8577 goto discard_it;\r
8578 \r
8579@@ -1667,6 +1749,17 @@\r
8580 bad_packet:\r
8581 TCP_INC_STATS_BH(TcpInErrs);\r
8582 } else {\r
8583+#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG\r
8584+ if(grsec_enable_stealth_rst_log && net_ratelimit())\r
8585+ printk(KERN_INFO "grsec: unserved TCP on %.8s "\r
8586+ "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu\n",\r
8587+ (skb->dev->name ? skb->dev->name : "unknown"), \r
8588+ NIPQUAD(skb->nh.iph->saddr), ntohs(skb->h.th->source), \r
8589+ NIPQUAD(skb->nh.iph->daddr), ntohs(skb->h.th->dest));\r
8590+#endif\r
8591+#ifdef CONFIG_GRKERNSEC_STEALTH_RST\r
8592+ if(grsec_enable_stealth_rst) goto discard_it;\r
8593+#endif\r
8594 tcp_v4_send_reset(skb);\r
8595 }\r
8596 \r
8597diff -urN linux/net/ipv4/udp.c linux/net/ipv4/udp.c\r
8598--- linux/net/ipv4/udp.c Wed Oct 17 17:16:39 2001\r
8599+++ linux/net/ipv4/udp.c Mon Nov 26 10:38:12 2001\r
8600@@ -94,6 +94,11 @@\r
8601 #include <net/inet_common.h>\r
8602 #include <net/checksum.h>\r
8603 \r
8604+#if defined(CONFIG_GRKERNSEC_RANDID) ||\\r
8605+ defined(CONFIG_GRKERNSEC_STEALTH_UDP) ||\\r
8606+ defined(CONFIG_GRKERNSEC_STEALTH_UDP_LOG)\r
8607+#include <linux/grsecurity.h>\r
8608+#endif\r
8609 /*\r
8610 * Snmp MIB for the UDP layer\r
8611 */\r
8612@@ -738,6 +743,12 @@\r
8613 sk->daddr = rt->rt_dst;\r
8614 sk->dport = usin->sin_port;\r
8615 sk->state = TCP_ESTABLISHED;\r
8616+\r
8617+#ifdef CONFIG_GRKERNSEC_RANDID\r
8618+ if(grsec_enable_randid)\r
8619+ sk->protinfo.af_inet.id = htons(ip_randomid());\r
8620+ else\r
8621+#endif\r
8622 sk->protinfo.af_inet.id = jiffies;\r
8623 \r
8624 sk_dst_set(sk, &rt->u.dst);\r
8625@@ -915,6 +926,16 @@\r
8626 goto csum_error;\r
8627 \r
8628 UDP_INC_STATS_BH(UdpNoPorts);\r
8629+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG\r
8630+ if(grsec_enable_stealth_udp_log && net_ratelimit() &&\r
8631+ strncmp(skb->dev->name,"lo",2))\r
8632+ printk(KERN_INFO "grsec: unserved UDP on %.8s src=%u.%u.%u.%u:%hu "\r
8633+ "dst=%u.%u.%u.%u:%hu\n", skb->dev->name, NIPQUAD(saddr),\r
8634+ ntohs(uh->source), NIPQUAD(daddr), ntohs(uh->dest));\r
8635+#endif\r
8636+#ifdef CONFIG_GRKERNSEC_STEALTH_UDP\r
8637+ if(!grsec_enable_stealth_udp || !strncmp(skb->dev->name, "lo", 2))\r
8638+#endif \r
8639 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);\r
8640 \r
8641 /*\r
8642diff -urN linux/net/netsyms.c linux/net/netsyms.c\r
8643--- linux/net/netsyms.c Mon Nov 5 12:46:12 2001\r
8644+++ linux/net/netsyms.c Mon Nov 26 10:38:12 2001\r
8645@@ -583,4 +583,16 @@\r
8646 EXPORT_SYMBOL(net_call_rx_atomic);\r
8647 EXPORT_SYMBOL(softnet_data);\r
8648 \r
8649+#if defined(CONFIG_GRKERNSEC_RANDID) || defined(CONFIG_GRKERNSEC_RANDTTL)\r
8650+#include <linux/grsecurity.h>\r
8651+#endif\r
8652+#ifdef CONFIG_GRKERNSEC_RANDID\r
8653+EXPORT_SYMBOL(grsec_enable_randid);\r
8654+EXPORT_SYMBOL(ip_randomid);\r
8655+#endif\r
8656+#ifdef CONFIG_GRKERNSEC_RANDTTL\r
8657+EXPORT_SYMBOL(grsec_enable_randttl);\r
8658+EXPORT_SYMBOL(grsec_randttl_thresh);\r
8659+#endif\r
8660+\r
8661 #endif /* CONFIG_NET */\r
8662diff -urN linux/net/socket.c linux/net/socket.c\r
8663--- linux/net/socket.c Wed Oct 17 17:38:28 2001\r
8664+++ linux/net/socket.c Mon Nov 26 10:38:12 2001\r
8665@@ -87,6 +87,13 @@\r
8666 #include <net/scm.h>\r
8667 #include <linux/netfilter.h>\r
8668 \r
8669+#if defined(CONFIG_GRKERNSEC_SOCKET_ALL)||\\r
8670+ defined(CONFIG_GRKERNSEC_SOCKET_CLIENT)||\\r
8671+ defined(CONFIG_GRKERNSEC_SOCKET_SERVER)\r
8672+#include <linux/grsecurity.h>\r
8673+#endif\r
8674+\r
8675+\r
8676 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);\r
8677 static loff_t sock_lseek(struct file *file, loff_t offset, int whence);\r
8678 static ssize_t sock_read(struct file *file, char *buf,\r
8679@@ -914,6 +921,16 @@\r
8680 int retval;\r
8681 struct socket *sock;\r
8682 \r
8683+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL\r
8684+ if(grsec_enable_socket_all &&\r
8685+ (in_group_p(grsec_socket_all_gid)) && (family != AF_UNIX) && (family != AF_LOCAL)){\r
8686+ security_alert("attempted socket(%d,%d,%d) by "\r
8687+ DEFAULTSECMSG,"attempted sockets",family,type,protocol,\r
8688+ DEFAULTSECARGS);\r
8689+ retval = -EACCES;\r
8690+ goto out_release;\r
8691+ }\r
8692+#endif\r
8693 retval = sock_create(family, type, protocol, &sock);\r
8694 if (retval < 0)\r
8695 goto out;\r
8696@@ -1011,6 +1028,14 @@\r
8697 char address[MAX_SOCK_ADDR];\r
8698 int err;\r
8699 \r
8700+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER\r
8701+ if(grsec_enable_socket_server &&\r
8702+ (in_group_p(grsec_socket_server_gid)) && (umyaddr->sa_family != AF_UNIX) && (umyaddr->sa_family != AF_LOCAL)){\r
8703+ security_alert("attempted bind() by " DEFAULTSECMSG,\r
8704+ "attempted binds", DEFAULTSECARGS);\r
8705+ return -EACCES;\r
8706+ }\r
8707+#endif\r
8708 if((sock = sockfd_lookup(fd,&err))!=NULL)\r
8709 {\r
8710 if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)\r
8711@@ -1119,6 +1144,16 @@\r
8712 char address[MAX_SOCK_ADDR];\r
8713 int err;\r
8714 \r
8715+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT\r
8716+ if(grsec_enable_socket_client &&\r
8717+ (in_group_p(grsec_socket_client_gid)) && (uservaddr->sa_family != AF_UNIX) && (uservaddr->sa_family != AF_LOCAL)){\r
8718+ security_alert("attempted connect() to fd %d by "\r
8719+ DEFAULTSECMSG, "attempted connects", fd, \r
8720+ DEFAULTSECARGS);\r
8721+ err = -EACCES;\r
8722+ goto out;\r
8723+ }\r
8724+#endif\r
8725 sock = sockfd_lookup(fd, &err);\r
8726 if (!sock)\r
8727 goto out;\r
The Linux kernel (the core of the Linux operating system)
This page took 5.457787 seconds and 4 git commands to generate.