]>
Commit | Line | Data |
---|---|---|
1db5cd70 PS |
1 | diff -uNr linux-2.6.7-rc1.orig/arch/alpha/kernel/osf_sys.c linux-2.6.7-rc1/arch/alpha/kernel/osf_sys.c |
2 | --- linux-2.6.7-rc1.orig/arch/alpha/kernel/osf_sys.c 2004-05-23 07:53:28.000000000 +0200 | |
3 | +++ linux-2.6.7-rc1/arch/alpha/kernel/osf_sys.c 2004-05-25 14:33:57.642597320 +0200 | |
4 | @@ -37,6 +37,7 @@ | |
5 | #include <linux/namei.h> | |
6 | #include <linux/uio.h> | |
7 | #include <linux/vfs.h> | |
8 | +#include <linux/grsecurity.h> | |
9 | ||
10 | #include <asm/fpu.h> | |
11 | #include <asm/io.h> | |
12 | @@ -189,6 +190,13 @@ | |
13 | if (!file) | |
14 | goto out; | |
15 | } | |
16 | + | |
17 | + if (gr_handle_mmap(file, prot)) { | |
18 | + fput(file); | |
19 | + ret = -EACCES; | |
20 | + goto out; | |
21 | + } | |
22 | + | |
23 | flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); | |
24 | down_write(¤t->mm->mmap_sem); | |
25 | ret = do_mmap(file, addr, len, prot, flags, off); | |
26 | diff -uNr linux-2.6.7-rc1.orig/arch/alpha/kernel/ptrace.c linux-2.6.7-rc1/arch/alpha/kernel/ptrace.c | |
27 | --- linux-2.6.7-rc1.orig/arch/alpha/kernel/ptrace.c 2004-05-23 07:54:43.000000000 +0200 | |
28 | +++ linux-2.6.7-rc1/arch/alpha/kernel/ptrace.c 2004-05-25 14:33:57.658594888 +0200 | |
29 | @@ -14,6 +14,7 @@ | |
30 | #include <linux/user.h> | |
31 | #include <linux/slab.h> | |
32 | #include <linux/security.h> | |
33 | +#include <linux/grsecurity.h> | |
34 | ||
35 | #include <asm/uaccess.h> | |
36 | #include <asm/pgtable.h> | |
37 | @@ -288,6 +289,9 @@ | |
38 | if (!child) | |
39 | goto out_notsk; | |
40 | ||
41 | + if (gr_handle_ptrace(child, request)) | |
42 | + goto out; | |
43 | + | |
44 | if (request == PTRACE_ATTACH) { | |
45 | ret = ptrace_attach(child); | |
46 | goto out; | |
47 | diff -uNr linux-2.6.7-rc1.orig/arch/i386/Kconfig linux-2.6.7-rc1/arch/i386/Kconfig | |
48 | --- linux-2.6.7-rc1.orig/arch/i386/Kconfig 2004-05-25 14:25:41.000000000 +0200 | |
49 | +++ linux-2.6.7-rc1/arch/i386/Kconfig 2004-05-25 14:33:57.669593216 +0200 | |
50 | @@ -394,7 +394,7 @@ | |
51 | ||
52 | config X86_ALIGNMENT_16 | |
53 | bool | |
54 | - depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 | |
55 | + depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 | |
56 | default y | |
57 | ||
58 | config X86_GOOD_APIC | |
1db5cd70 PS |
59 | diff -uNr linux-2.6.7-rc1.orig/arch/i386/kernel/ioport.c linux-2.6.7-rc1/arch/i386/kernel/ioport.c |
60 | --- linux-2.6.7-rc1.orig/arch/i386/kernel/ioport.c 2004-05-23 07:54:16.000000000 +0200 | |
61 | +++ linux-2.6.7-rc1/arch/i386/kernel/ioport.c 2004-05-25 14:33:57.726584552 +0200 | |
62 | @@ -15,6 +15,7 @@ | |
63 | #include <linux/stddef.h> | |
64 | #include <linux/slab.h> | |
65 | #include <linux/thread_info.h> | |
66 | +#include <linux/grsecurity.h> | |
67 | ||
68 | /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */ | |
69 | static void set_bitmap(unsigned long *bitmap, unsigned int base, unsigned int extent, int new_value) | |
70 | @@ -62,9 +63,16 @@ | |
71 | ||
72 | if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) | |
73 | return -EINVAL; | |
74 | +#ifdef CONFIG_GRKERNSEC_IO | |
75 | + if (turn_on) { | |
76 | + gr_handle_ioperm(); | |
77 | +#else | |
78 | if (turn_on && !capable(CAP_SYS_RAWIO)) | |
79 | +#endif | |
80 | return -EPERM; | |
81 | - | |
82 | +#ifdef CONFIG_GRKERNSEC_IO | |
83 | + } | |
84 | +#endif | |
85 | /* | |
86 | * If it's the first ioperm() call in this thread's lifetime, set the | |
87 | * IO bitmap up. ioperm() is much less timing critical than clone(), | |
88 | @@ -115,8 +123,13 @@ | |
89 | return -EINVAL; | |
90 | /* Trying to gain more privileges? */ | |
91 | if (level > old) { | |
92 | +#ifdef CONFIG_GRKERNSEC_IO | |
93 | + gr_handle_iopl(); | |
94 | + return -EPERM; | |
95 | +#else | |
96 | if (!capable(CAP_SYS_RAWIO)) | |
97 | return -EPERM; | |
98 | +#endif | |
99 | } | |
100 | regs->eflags = (regs->eflags &~ 0x3000UL) | (level << 12); | |
101 | /* Make sure we return the long way (not sysenter) */ | |
1db5cd70 PS |
102 | diff -uNr linux-2.6.7-rc1.orig/arch/i386/kernel/ptrace.c linux-2.6.7-rc1/arch/i386/kernel/ptrace.c |
103 | --- linux-2.6.7-rc1.orig/arch/i386/kernel/ptrace.c 2004-05-23 07:53:47.000000000 +0200 | |
104 | +++ linux-2.6.7-rc1/arch/i386/kernel/ptrace.c 2004-05-25 14:33:57.759579536 +0200 | |
105 | @@ -15,6 +15,7 @@ | |
106 | #include <linux/user.h> | |
107 | #include <linux/security.h> | |
108 | #include <linux/audit.h> | |
109 | +#include <linux/grsecurity.h> | |
110 | ||
111 | #include <asm/uaccess.h> | |
112 | #include <asm/pgtable.h> | |
113 | @@ -263,6 +264,9 @@ | |
114 | if (pid == 1) /* you may not mess with init */ | |
115 | goto out_tsk; | |
116 | ||
117 | + if (gr_handle_ptrace(child, request)) | |
118 | + goto out_tsk; | |
119 | + | |
120 | if (request == PTRACE_ATTACH) { | |
121 | ret = ptrace_attach(child); | |
122 | goto out_tsk; | |
123 | @@ -341,6 +345,17 @@ | |
124 | if(addr == (long) &dummy->u_debugreg[5]) break; | |
125 | if(addr < (long) &dummy->u_debugreg[4] && | |
126 | ((unsigned long) data) >= TASK_SIZE-3) break; | |
127 | + | |
128 | +#ifdef CONFIG_GRKERNSEC | |
129 | + if(addr >= (long) &dummy->u_debugreg[0] && | |
130 | + addr <= (long) &dummy->u_debugreg[3]){ | |
131 | + long reg = (addr - (long) &dummy->u_debugreg[0]) >> 2; | |
132 | + long type = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 4*reg)) & 3; | |
133 | + long align = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 2 + 4*reg)) & 3; | |
134 | + if((type & 1) && (data & align)) | |
135 | + break; | |
136 | + } | |
137 | +#endif | |
138 | ||
139 | if(addr == (long) &dummy->u_debugreg[7]) { | |
140 | data &= ~DR_CONTROL_RESERVED; | |
1db5cd70 PS |
141 | diff -uNr linux-2.6.7-rc1.orig/arch/i386/kernel/sys_i386.c linux-2.6.7-rc1/arch/i386/kernel/sys_i386.c |
142 | --- linux-2.6.7-rc1.orig/arch/i386/kernel/sys_i386.c 2004-05-23 07:55:01.000000000 +0200 | |
143 | +++ linux-2.6.7-rc1/arch/i386/kernel/sys_i386.c 2004-05-25 14:33:57.766578472 +0200 | |
144 | @@ -19,6 +19,7 @@ | |
145 | #include <linux/mman.h> | |
146 | #include <linux/file.h> | |
147 | #include <linux/utsname.h> | |
148 | +#include <linux/grsecurity.h> | |
149 | ||
150 | #include <asm/uaccess.h> | |
151 | #include <asm/ipc.h> | |
152 | @@ -56,8 +57,14 @@ | |
153 | goto out; | |
154 | } | |
155 | ||
156 | + if (gr_handle_mmap(file, prot)) { | |
157 | + fput(file); | |
158 | + error = -EACCES; | |
159 | + goto out; | |
160 | + } | |
161 | + | |
162 | down_write(¤t->mm->mmap_sem); | |
163 | - error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); | |
164 | + error = do_mmap(file, addr, len, prot, flags, pgoff << PAGE_SHIFT); | |
165 | up_write(¤t->mm->mmap_sem); | |
166 | ||
167 | if (file) | |
1db5cd70 PS |
168 | diff -uNr linux-2.6.7-rc1.orig/arch/i386/kernel/traps.c linux-2.6.7-rc1/arch/i386/kernel/traps.c |
169 | --- linux-2.6.7-rc1.orig/arch/i386/kernel/traps.c 2004-05-23 07:53:46.000000000 +0200 | |
170 | +++ linux-2.6.7-rc1/arch/i386/kernel/traps.c 2004-05-25 14:33:57.779576496 +0200 | |
78638fc5 | 171 | @@ -122,13 +117,15 @@ |
1db5cd70 PS |
172 | unsigned long ebp) |
173 | { | |
174 | unsigned long addr; | |
175 | + int i = kstack_depth_to_print; | |
176 | ||
177 | - while (!kstack_end(stack)) { | |
178 | + while (i && !kstack_end(stack)) { | |
179 | addr = *stack++; | |
78638fc5 AM |
180 | if (__kernel_text_address(addr)) { |
181 | printk(" [<%08lx>]", addr); | |
182 | print_symbol(" %s", addr); | |
183 | printk("\n"); | |
1db5cd70 PS |
184 | + --i; |
185 | } | |
186 | } | |
187 | } | |
1db5cd70 PS |
188 | diff -uNr linux-2.6.7-rc1.orig/arch/ia64/kernel/ptrace.c linux-2.6.7-rc1/arch/ia64/kernel/ptrace.c |
189 | --- linux-2.6.7-rc1.orig/arch/ia64/kernel/ptrace.c 2004-05-23 07:55:02.000000000 +0200 | |
190 | +++ linux-2.6.7-rc1/arch/ia64/kernel/ptrace.c 2004-05-25 14:33:57.842566920 +0200 | |
191 | @@ -17,6 +17,7 @@ | |
192 | #include <linux/smp_lock.h> | |
193 | #include <linux/user.h> | |
194 | #include <linux/security.h> | |
195 | +#include <linux/grsecurity.h> | |
196 | ||
197 | #include <asm/pgtable.h> | |
198 | #include <asm/processor.h> | |
199 | @@ -1314,6 +1315,9 @@ | |
200 | if (pid == 1) /* no messing around with init! */ | |
201 | goto out_tsk; | |
202 | ||
203 | + if (gr_handle_ptrace(child, request)) | |
204 | + goto out_tsk; | |
205 | + | |
206 | if (request == PTRACE_ATTACH) { | |
207 | ret = ptrace_attach(child); | |
208 | goto out_tsk; | |
209 | diff -uNr linux-2.6.7-rc1.orig/arch/ia64/kernel/sys_ia64.c linux-2.6.7-rc1/arch/ia64/kernel/sys_ia64.c | |
210 | --- linux-2.6.7-rc1.orig/arch/ia64/kernel/sys_ia64.c 2004-05-23 07:54:21.000000000 +0200 | |
211 | +++ linux-2.6.7-rc1/arch/ia64/kernel/sys_ia64.c 2004-05-25 14:33:57.858564488 +0200 | |
212 | @@ -18,6 +18,7 @@ | |
213 | #include <linux/syscalls.h> | |
214 | #include <linux/highuid.h> | |
215 | #include <linux/hugetlb.h> | |
216 | +#include <linux/grsecurity.h> | |
217 | ||
218 | #include <asm/shmparam.h> | |
219 | #include <asm/uaccess.h> | |
220 | @@ -222,6 +223,11 @@ | |
221 | goto out; | |
222 | } | |
223 | ||
224 | + if (gr_handle_mmap(file, prot)) { | |
225 | + addr = -EACCES; | |
226 | + goto out; | |
227 | + } | |
228 | + | |
229 | down_write(¤t->mm->mmap_sem); | |
230 | addr = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); | |
231 | up_write(¤t->mm->mmap_sem); | |
232 | diff -uNr linux-2.6.7-rc1.orig/arch/ppc/kernel/ptrace.c linux-2.6.7-rc1/arch/ppc/kernel/ptrace.c | |
233 | --- linux-2.6.7-rc1.orig/arch/ppc/kernel/ptrace.c 2004-05-23 07:53:47.000000000 +0200 | |
234 | +++ linux-2.6.7-rc1/arch/ppc/kernel/ptrace.c 2004-05-25 14:33:57.867563120 +0200 | |
235 | @@ -26,6 +26,7 @@ | |
236 | #include <linux/ptrace.h> | |
237 | #include <linux/user.h> | |
238 | #include <linux/security.h> | |
239 | +#include <linux/grsecurity.h> | |
240 | ||
241 | #include <asm/uaccess.h> | |
242 | #include <asm/page.h> | |
243 | @@ -202,6 +203,9 @@ | |
244 | if (pid == 1) /* you may not mess with init */ | |
245 | goto out_tsk; | |
246 | ||
247 | + if (gr_handle_ptrace(child, request)) | |
248 | + goto out_tsk; | |
249 | + | |
250 | if (request == PTRACE_ATTACH) { | |
251 | ret = ptrace_attach(child); | |
252 | goto out_tsk; | |
253 | diff -uNr linux-2.6.7-rc1.orig/arch/ppc/kernel/syscalls.c linux-2.6.7-rc1/arch/ppc/kernel/syscalls.c | |
254 | --- linux-2.6.7-rc1.orig/arch/ppc/kernel/syscalls.c 2004-05-23 07:54:44.000000000 +0200 | |
255 | +++ linux-2.6.7-rc1/arch/ppc/kernel/syscalls.c 2004-05-25 14:33:57.884560536 +0200 | |
256 | @@ -36,6 +36,7 @@ | |
257 | #include <linux/utsname.h> | |
258 | #include <linux/file.h> | |
259 | #include <linux/unistd.h> | |
260 | +#include <linux/grsecurity.h> | |
261 | ||
262 | #include <asm/uaccess.h> | |
263 | #include <asm/ipc.h> | |
d7e01d2a | 264 | @@ -171,8 +172,14 @@ |
1db5cd70 PS |
265 | goto out; |
266 | } | |
267 | ||
268 | + if (gr_handle_mmap(file, prot)) { | |
269 | + fput(file); | |
270 | + ret = -EACCES; | |
271 | + goto out; | |
272 | + } | |
273 | + | |
274 | down_write(¤t->mm->mmap_sem); | |
275 | - ret = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); | |
276 | + ret = do_mmap(file, addr, len, prot, flags, pgoff << PAGE_SHIFT); | |
277 | up_write(¤t->mm->mmap_sem); | |
278 | if (file) | |
279 | fput(file); | |
1db5cd70 PS |
280 | diff -uNr linux-2.6.7-rc1.orig/arch/sparc/kernel/ptrace.c linux-2.6.7-rc1/arch/sparc/kernel/ptrace.c |
281 | --- linux-2.6.7-rc1.orig/arch/sparc/kernel/ptrace.c 2004-05-23 07:55:02.000000000 +0200 | |
282 | +++ linux-2.6.7-rc1/arch/sparc/kernel/ptrace.c 2004-05-25 14:33:57.923554608 +0200 | |
283 | @@ -18,6 +18,7 @@ | |
284 | #include <linux/smp.h> | |
285 | #include <linux/smp_lock.h> | |
286 | #include <linux/security.h> | |
287 | +#include <linux/grsecurity.h> | |
288 | ||
289 | #include <asm/pgtable.h> | |
290 | #include <asm/system.h> | |
291 | @@ -320,6 +321,11 @@ | |
292 | goto out; | |
293 | } | |
294 | ||
295 | + if (gr_handle_ptrace(child, request)) { | |
296 | + pt_error_return(regs, EPERM); | |
297 | + goto out_tsk; | |
298 | + } | |
299 | + | |
300 | if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH) | |
301 | || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) { | |
302 | if (ptrace_attach(child)) { | |
303 | diff -uNr linux-2.6.7-rc1.orig/arch/sparc/kernel/sys_sparc.c linux-2.6.7-rc1/arch/sparc/kernel/sys_sparc.c | |
304 | --- linux-2.6.7-rc1.orig/arch/sparc/kernel/sys_sparc.c 2004-05-23 07:53:57.000000000 +0200 | |
305 | +++ linux-2.6.7-rc1/arch/sparc/kernel/sys_sparc.c 2004-05-25 14:33:57.932553240 +0200 | |
306 | @@ -21,6 +21,7 @@ | |
307 | #include <linux/utsname.h> | |
308 | #include <linux/smp.h> | |
309 | #include <linux/smp_lock.h> | |
310 | +#include <linux/grsecurity.h> | |
311 | ||
312 | #include <asm/uaccess.h> | |
313 | #include <asm/ipc.h> | |
314 | @@ -242,6 +243,12 @@ | |
315 | if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE) | |
316 | goto out_putf; | |
317 | ||
318 | + if (gr_handle_mmap(file, prot)) { | |
319 | + fput(file); | |
320 | + retval = -EACCES; | |
321 | + goto out; | |
322 | + } | |
323 | + | |
324 | flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); | |
325 | ||
326 | down_write(¤t->mm->mmap_sem); | |
1db5cd70 PS |
327 | diff -uNr linux-2.6.7-rc1.orig/arch/sparc64/kernel/ptrace.c linux-2.6.7-rc1/arch/sparc64/kernel/ptrace.c |
328 | --- linux-2.6.7-rc1.orig/arch/sparc64/kernel/ptrace.c 2004-05-23 07:55:02.000000000 +0200 | |
329 | +++ linux-2.6.7-rc1/arch/sparc64/kernel/ptrace.c 2004-05-25 14:33:57.944551416 +0200 | |
330 | @@ -19,6 +19,7 @@ | |
331 | #include <linux/smp.h> | |
332 | #include <linux/smp_lock.h> | |
333 | #include <linux/security.h> | |
334 | +#include <linux/grsecurity.h> | |
335 | ||
336 | #include <asm/asi.h> | |
337 | #include <asm/pgtable.h> | |
338 | @@ -169,6 +170,11 @@ | |
339 | goto out; | |
340 | } | |
341 | ||
342 | + if (gr_handle_ptrace(child, (long)request)) { | |
343 | + pt_error_return(regs, EPERM); | |
344 | + goto out_tsk; | |
345 | + } | |
346 | + | |
347 | if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH) | |
348 | || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) { | |
349 | if (ptrace_attach(child)) { | |
1db5cd70 PS |
350 | diff -uNr linux-2.6.7-rc1.orig/arch/sparc64/kernel/sys_sparc.c linux-2.6.7-rc1/arch/sparc64/kernel/sys_sparc.c |
351 | --- linux-2.6.7-rc1.orig/arch/sparc64/kernel/sys_sparc.c 2004-05-23 07:54:19.000000000 +0200 | |
352 | +++ linux-2.6.7-rc1/arch/sparc64/kernel/sys_sparc.c 2004-05-25 14:33:57.955549744 +0200 | |
353 | @@ -25,6 +25,7 @@ | |
354 | #include <linux/syscalls.h> | |
355 | #include <linux/ipc.h> | |
356 | #include <linux/personality.h> | |
357 | +#include <linux/grsecurity.h> | |
358 | ||
359 | #include <asm/uaccess.h> | |
360 | #include <asm/ipc.h> | |
d7e01d2a | 361 | @@ -316,6 +317,12 @@ |
1db5cd70 PS |
362 | if (!file) |
363 | goto out; | |
364 | } | |
365 | + | |
366 | + if (gr_handle_mmap(file, prot)) { | |
367 | + retval = -EACCES; | |
368 | + goto out_putf; | |
369 | + } | |
370 | + | |
371 | flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); | |
372 | len = PAGE_ALIGN(len); | |
373 | retval = -EINVAL; | |
1db5cd70 PS |
374 | diff -uNr linux-2.6.7-rc1.orig/arch/x86_64/kernel/ptrace.c linux-2.6.7-rc1/arch/x86_64/kernel/ptrace.c |
375 | --- linux-2.6.7-rc1.orig/arch/x86_64/kernel/ptrace.c 2004-05-23 07:53:56.000000000 +0200 | |
376 | +++ linux-2.6.7-rc1/arch/x86_64/kernel/ptrace.c 2004-05-25 14:37:46.397821240 +0200 | |
377 | @@ -17,6 +17,7 @@ | |
378 | #include <linux/user.h> | |
379 | #include <linux/security.h> | |
380 | #include <linux/audit.h> | |
381 | +#include <linux/grsecurity.h> | |
382 | ||
383 | #include <asm/uaccess.h> | |
384 | #include <asm/pgtable.h> | |
385 | @@ -213,6 +214,9 @@ | |
386 | if (pid == 1) /* you may not mess with init */ | |
387 | goto out_tsk; | |
388 | ||
389 | + if (gr_handle_ptrace(child, request)) | |
390 | + goto out_tsk; | |
391 | + | |
392 | if (request == PTRACE_ATTACH) { | |
393 | ret = ptrace_attach(child); | |
394 | goto out_tsk; | |
395 | diff -uNr linux-2.6.7-rc1.orig/drivers/char/keyboard.c linux-2.6.7-rc1/drivers/char/keyboard.c | |
396 | --- linux-2.6.7-rc1.orig/drivers/char/keyboard.c 2004-05-25 14:25:39.000000000 +0200 | |
397 | +++ linux-2.6.7-rc1/drivers/char/keyboard.c 2004-05-25 14:33:58.033537888 +0200 | |
398 | @@ -606,6 +606,16 @@ | |
399 | kbd->kbdmode == VC_MEDIUMRAW) && | |
400 | value != KVAL(K_SAK)) | |
401 | return; /* SAK is allowed even in raw mode */ | |
402 | + | |
403 | +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP) | |
404 | + { | |
405 | + void *func = fn_handler[value]; | |
406 | + if (func == fn_show_state || func == fn_show_ptregs || | |
407 | + func == fn_show_mem) | |
408 | + return; | |
409 | + } | |
410 | +#endif | |
411 | + | |
412 | fn_handler[value](vc, regs); | |
413 | } | |
414 | ||
415 | diff -uNr linux-2.6.7-rc1.orig/drivers/char/mem.c linux-2.6.7-rc1/drivers/char/mem.c | |
416 | --- linux-2.6.7-rc1.orig/drivers/char/mem.c 2004-05-23 07:54:18.000000000 +0200 | |
417 | +++ linux-2.6.7-rc1/drivers/char/mem.c 2004-05-25 14:33:58.061533632 +0200 | |
418 | @@ -23,6 +23,7 @@ | |
419 | #include <linux/devfs_fs_kernel.h> | |
420 | #include <linux/ptrace.h> | |
421 | #include <linux/device.h> | |
422 | +#include <linux/grsecurity.h> | |
423 | ||
424 | #include <asm/uaccess.h> | |
425 | #include <asm/io.h> | |
426 | @@ -39,6 +40,10 @@ | |
427 | extern void tapechar_init(void); | |
428 | #endif | |
429 | ||
430 | +#ifdef CONFIG_GRKERNSEC | |
431 | +extern struct file_operations grsec_fops; | |
432 | +#endif | |
433 | + | |
434 | /* | |
435 | * Architectures vary in how they handle caching for addresses | |
436 | * outside of main memory. | |
437 | @@ -191,6 +196,12 @@ | |
438 | ||
439 | if (!valid_phys_addr_range(p, &count)) | |
440 | return -EFAULT; | |
441 | + | |
442 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
443 | + gr_handle_mem_write(); | |
444 | + return -EPERM; | |
445 | +#endif | |
446 | + | |
447 | return do_write_mem(__va(p), p, buf, count, ppos); | |
448 | } | |
449 | ||
450 | @@ -205,6 +216,11 @@ | |
451 | vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); | |
452 | #endif | |
453 | ||
454 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
455 | + if (gr_handle_mem_mmap(offset, vma)) | |
456 | + return -EPERM; | |
457 | +#endif | |
458 | + | |
459 | /* Don't try to swap out physical pages.. */ | |
460 | vma->vm_flags |= VM_RESERVED; | |
461 | ||
462 | @@ -298,6 +314,11 @@ | |
463 | ssize_t written; | |
464 | char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ | |
465 | ||
466 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
467 | + gr_handle_kmem_write(); | |
468 | + return -EPERM; | |
469 | +#endif | |
470 | + | |
471 | if (p < (unsigned long) high_memory) { | |
472 | ||
473 | wrote = count; | |
474 | @@ -573,6 +594,16 @@ | |
475 | ||
476 | static int open_port(struct inode * inode, struct file * filp) | |
477 | { | |
478 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
479 | + gr_handle_open_port(); | |
480 | + return -EPERM; | |
481 | +#endif | |
482 | + | |
483 | + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
484 | +} | |
485 | + | |
486 | +static int open_mem(struct inode * inode, struct file * filp) | |
487 | +{ | |
488 | return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
489 | } | |
490 | ||
491 | @@ -581,7 +612,6 @@ | |
492 | #define full_lseek null_lseek | |
493 | #define write_zero write_null | |
494 | #define read_full read_zero | |
495 | -#define open_mem open_port | |
496 | #define open_kmem open_mem | |
497 | ||
498 | static struct file_operations mem_fops = { | |
499 | @@ -679,6 +709,11 @@ | |
500 | case 9: | |
501 | filp->f_op = &urandom_fops; | |
502 | break; | |
503 | +#ifdef CONFIG_GRKERNSEC | |
504 | + case 10: | |
505 | + filp->f_op = &grsec_fops; | |
506 | + break; | |
507 | +#endif | |
508 | case 11: | |
509 | filp->f_op = &kmsg_fops; | |
510 | break; | |
511 | @@ -710,6 +745,9 @@ | |
512 | {7, "full", S_IRUGO | S_IWUGO, &full_fops}, | |
513 | {8, "random", S_IRUGO | S_IWUSR, &random_fops}, | |
514 | {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}, | |
515 | +#ifdef CONFIG_GRKERNSEC | |
516 | + {10,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}, | |
517 | +#endif | |
518 | {11,"kmsg", S_IRUGO | S_IWUSR, &kmsg_fops}, | |
519 | }; | |
520 | ||
521 | diff -uNr linux-2.6.7-rc1.orig/drivers/char/random.c linux-2.6.7-rc1/drivers/char/random.c | |
522 | --- linux-2.6.7-rc1.orig/drivers/char/random.c 2004-05-23 07:53:33.000000000 +0200 | |
523 | +++ linux-2.6.7-rc1/drivers/char/random.c 2004-05-25 14:33:58.081530592 +0200 | |
524 | @@ -263,9 +263,15 @@ | |
525 | /* | |
526 | * Configuration information | |
527 | */ | |
528 | +#ifdef CONFIG_GRKERNSEC_RANDNET | |
529 | +#define DEFAULT_POOL_SIZE 1024 | |
530 | +#define SECONDARY_POOL_SIZE 256 | |
531 | +#define BATCH_ENTROPY_SIZE 512 | |
532 | +#else | |
533 | #define DEFAULT_POOL_SIZE 512 | |
534 | #define SECONDARY_POOL_SIZE 128 | |
535 | #define BATCH_ENTROPY_SIZE 256 | |
536 | +#endif | |
537 | #define USE_SHA | |
538 | ||
539 | /* | |
540 | @@ -2380,6 +2386,29 @@ | |
541 | return halfMD4Transform(hash, keyptr->secret); | |
542 | } | |
543 | ||
544 | +#ifdef CONFIG_GRKERNSEC | |
545 | +/* the following function is provided by PaX under the GPL */ | |
546 | +unsigned long get_random_long(void) | |
547 | +{ | |
548 | + static time_t rekey_time; | |
549 | + static __u32 secret[12]; | |
550 | + time_t t; | |
551 | + | |
552 | + /* | |
553 | + * Pick a random secret every REKEY_INTERVAL seconds | |
554 | + */ | |
555 | + t = get_seconds(); | |
556 | + if (!rekey_time || (t - rekey_time) > REKEY_INTERVAL) { | |
557 | + rekey_time = t; | |
558 | + get_random_bytes(secret, sizeof(secret)); | |
559 | + } | |
560 | + | |
561 | + secret[1] = halfMD4Transform(secret+8, secret); | |
562 | + secret[0] = halfMD4Transform(secret+8, secret); | |
563 | + return *(unsigned long *)secret; | |
564 | +} | |
565 | +#endif | |
566 | + | |
567 | #ifdef CONFIG_SYN_COOKIES | |
568 | /* | |
569 | * Secure SYN cookie computation. This is the algorithm worked out by | |
570 | diff -uNr linux-2.6.7-rc1.orig/drivers/char/vt_ioctl.c linux-2.6.7-rc1/drivers/char/vt_ioctl.c | |
571 | --- linux-2.6.7-rc1.orig/drivers/char/vt_ioctl.c 2004-05-23 07:54:28.000000000 +0200 | |
572 | +++ linux-2.6.7-rc1/drivers/char/vt_ioctl.c 2004-05-25 14:33:58.164517976 +0200 | |
573 | @@ -96,6 +96,12 @@ | |
574 | case KDSKBENT: | |
575 | if (!perm) | |
576 | return -EPERM; | |
577 | + | |
578 | +#ifdef CONFIG_GRKERNSEC | |
579 | + if (!capable(CAP_SYS_TTY_CONFIG)) | |
580 | + return -EPERM; | |
581 | +#endif | |
582 | + | |
583 | if (!i && v == K_NOSUCHMAP) { | |
584 | /* disallocate map */ | |
585 | key_map = key_maps[s]; | |
586 | @@ -232,6 +238,13 @@ | |
587 | goto reterr; | |
588 | } | |
589 | ||
590 | +#ifdef CONFIG_GRKERNSEC | |
591 | + if (!capable(CAP_SYS_TTY_CONFIG)) { | |
592 | + return -EPERM; | |
593 | + goto reterr; | |
594 | + } | |
595 | +#endif | |
596 | + | |
597 | q = func_table[i]; | |
598 | first_free = funcbufptr + (funcbufsize - funcbufleft); | |
599 | for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) | |
600 | diff -uNr linux-2.6.7-rc1.orig/drivers/pci/proc.c linux-2.6.7-rc1/drivers/pci/proc.c | |
601 | --- linux-2.6.7-rc1.orig/drivers/pci/proc.c 2004-05-23 07:54:21.000000000 +0200 | |
602 | +++ linux-2.6.7-rc1/drivers/pci/proc.c 2004-05-25 14:33:58.199512656 +0200 | |
603 | @@ -565,7 +565,15 @@ | |
604 | ||
605 | static void legacy_proc_init(void) | |
606 | { | |
607 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
608 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
609 | + struct proc_dir_entry * entry = create_proc_entry("pci", S_IRUSR, NULL); | |
610 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
611 | + struct proc_dir_entry * entry = create_proc_entry("pci", S_IRUSR | S_IRGRP, NULL); | |
612 | +#endif | |
613 | +#else | |
614 | struct proc_dir_entry * entry = create_proc_entry("pci", 0, NULL); | |
615 | +#endif | |
616 | if (entry) | |
617 | entry->proc_fops = &proc_pci_operations; | |
618 | } | |
619 | @@ -594,7 +602,15 @@ | |
620 | { | |
621 | struct proc_dir_entry *entry; | |
622 | struct pci_dev *dev = NULL; | |
623 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
624 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
625 | + proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus); | |
626 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
627 | + proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, proc_bus); | |
628 | +#endif | |
629 | +#else | |
630 | proc_bus_pci_dir = proc_mkdir("pci", proc_bus); | |
631 | +#endif | |
632 | entry = create_proc_entry("devices", 0, proc_bus_pci_dir); | |
633 | if (entry) | |
634 | entry->proc_fops = &proc_bus_pci_dev_operations; | |
1db5cd70 PS |
635 | diff -uNr linux-2.6.7-rc1.orig/fs/binfmt_aout.c linux-2.6.7-rc1/fs/binfmt_aout.c |
636 | --- linux-2.6.7-rc1.orig/fs/binfmt_aout.c 2004-05-23 07:53:46.000000000 +0200 | |
637 | +++ linux-2.6.7-rc1/fs/binfmt_aout.c 2004-05-25 14:33:58.437476480 +0200 | |
638 | @@ -24,6 +24,7 @@ | |
639 | #include <linux/binfmts.h> | |
640 | #include <linux/personality.h> | |
641 | #include <linux/init.h> | |
642 | +#include <linux/grsecurity.h> | |
643 | ||
644 | #include <asm/system.h> | |
645 | #include <asm/uaccess.h> | |
646 | @@ -118,10 +119,12 @@ | |
647 | /* If the size of the dump file exceeds the rlimit, then see what would happen | |
648 | if we wrote the stack, but not the data area. */ | |
649 | #ifdef __sparc__ | |
650 | + gr_learn_resource(current, RLIMIT_CORE, dump.u_dsize+dump.u_ssize, 1); | |
651 | if ((dump.u_dsize+dump.u_ssize) > | |
652 | current->rlim[RLIMIT_CORE].rlim_cur) | |
653 | dump.u_dsize = 0; | |
654 | #else | |
655 | + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE, 1); | |
656 | if ((dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE > | |
657 | current->rlim[RLIMIT_CORE].rlim_cur) | |
658 | dump.u_dsize = 0; | |
659 | @@ -129,10 +132,12 @@ | |
660 | ||
661 | /* Make sure we have enough room to write the stack and data areas. */ | |
662 | #ifdef __sparc__ | |
663 | + gr_learn_resource(current, RLIMIT_CORE, dump.u_ssize, 1); | |
664 | if ((dump.u_ssize) > | |
665 | current->rlim[RLIMIT_CORE].rlim_cur) | |
666 | dump.u_ssize = 0; | |
667 | #else | |
668 | + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize+1) * PAGE_SIZE, 1); | |
669 | if ((dump.u_ssize+1) * PAGE_SIZE > | |
670 | current->rlim[RLIMIT_CORE].rlim_cur) | |
671 | dump.u_ssize = 0; | |
672 | @@ -281,6 +286,8 @@ | |
673 | rlim = current->rlim[RLIMIT_DATA].rlim_cur; | |
674 | if (rlim >= RLIM_INFINITY) | |
675 | rlim = ~0; | |
676 | + | |
677 | + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1); | |
678 | if (ex.a_data + ex.a_bss > rlim) | |
679 | return -ENOMEM; | |
680 | ||
681 | @@ -399,7 +406,7 @@ | |
682 | ||
683 | down_write(¤t->mm->mmap_sem); | |
684 | error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, | |
685 | - PROT_READ | PROT_WRITE | PROT_EXEC, | |
686 | + PROT_READ | PROT_WRITE, | |
687 | MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, | |
688 | fd_offset + ex.a_text); | |
689 | up_write(¤t->mm->mmap_sem); | |
690 | diff -uNr linux-2.6.7-rc1.orig/fs/binfmt_elf.c linux-2.6.7-rc1/fs/binfmt_elf.c | |
691 | --- linux-2.6.7-rc1.orig/fs/binfmt_elf.c 2004-05-23 07:54:09.000000000 +0200 | |
692 | +++ linux-2.6.7-rc1/fs/binfmt_elf.c 2004-05-25 14:33:58.457473440 +0200 | |
6a84f544 | 693 | @@ -37,6 +37,8 @@ |
1db5cd70 PS |
694 | #include <linux/pagemap.h> |
695 | #include <linux/security.h> | |
696 | #include <linux/syscalls.h> | |
697 | +#include <linux/random.h> | |
698 | +#include <linux/grsecurity.h> | |
699 | ||
700 | #include <asm/uaccess.h> | |
701 | #include <asm/param.h> | |
6a84f544 | 702 | @@ -85,6 +87,7 @@ |
1db5cd70 PS |
703 | |
704 | static int set_brk(unsigned long start, unsigned long end) | |
705 | { | |
706 | + current->mm->start_brk = current->mm->brk = end; | |
707 | start = ELF_PAGEALIGN(start); | |
708 | end = ELF_PAGEALIGN(end); | |
709 | if (end > start) { | |
6a84f544 | 710 | @@ -92,7 +95,6 @@ |
1db5cd70 PS |
711 | if (BAD_ADDR(addr)) |
712 | return addr; | |
1db5cd70 PS |
713 | } |
714 | - current->mm->start_brk = current->mm->brk = end; | |
715 | return 0; | |
716 | } | |
717 | ||
6a84f544 | 718 | @@ -1098,8 +1100,11 @@ |
1db5cd70 PS |
719 | #undef DUMP_SEEK |
720 | ||
721 | #define DUMP_WRITE(addr, nr) \ | |
722 | + do { \ | |
723 | + gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \ | |
724 | if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \ | |
725 | - goto end_coredump; | |
726 | + goto end_coredump; \ | |
727 | + } while (0); | |
728 | #define DUMP_SEEK(off) \ | |
729 | if (!dump_seek(file, (off))) \ | |
730 | goto end_coredump; | |
731 | diff -uNr linux-2.6.7-rc1.orig/fs/binfmt_misc.c linux-2.6.7-rc1/fs/binfmt_misc.c | |
732 | --- linux-2.6.7-rc1.orig/fs/binfmt_misc.c 2004-05-23 07:53:57.000000000 +0200 | |
733 | +++ linux-2.6.7-rc1/fs/binfmt_misc.c 2004-05-25 14:33:58.467471920 +0200 | |
734 | @@ -108,9 +108,11 @@ | |
735 | int retval; | |
736 | ||
737 | retval = -ENOEXEC; | |
738 | - if (!enabled) | |
739 | + if (!enabled || bprm->misc) | |
740 | goto _ret; | |
741 | ||
742 | + bprm->misc++; | |
743 | + | |
744 | /* to keep locking time low, we copy the interpreter string */ | |
745 | read_lock(&entries_lock); | |
746 | fmt = check_file(bprm); | |
747 | diff -uNr linux-2.6.7-rc1.orig/fs/buffer.c linux-2.6.7-rc1/fs/buffer.c | |
748 | --- linux-2.6.7-rc1.orig/fs/buffer.c 2004-05-23 07:54:21.000000000 +0200 | |
749 | +++ linux-2.6.7-rc1/fs/buffer.c 2004-05-25 14:33:58.488468728 +0200 | |
750 | @@ -37,6 +37,7 @@ | |
751 | #include <linux/bio.h> | |
752 | #include <linux/notifier.h> | |
753 | #include <linux/cpu.h> | |
754 | +#include <linux/grsecurity.h> | |
755 | #include <asm/bitops.h> | |
756 | ||
757 | static void invalidate_bh_lrus(void); | |
758 | @@ -2231,6 +2232,9 @@ | |
759 | int err; | |
760 | ||
761 | err = -EFBIG; | |
762 | + | |
763 | + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size, 1); | |
764 | + | |
765 | limit = current->rlim[RLIMIT_FSIZE].rlim_cur; | |
766 | if (limit != RLIM_INFINITY && size > (loff_t)limit) { | |
767 | send_sig(SIGXFSZ, current, 0); | |
1db5cd70 PS |
768 | diff -uNr linux-2.6.7-rc1.orig/fs/exec.c linux-2.6.7-rc1/fs/exec.c |
769 | --- linux-2.6.7-rc1.orig/fs/exec.c 2004-05-23 07:53:57.000000000 +0200 | |
770 | +++ linux-2.6.7-rc1/fs/exec.c 2004-05-25 14:33:58.597452160 +0200 | |
771 | @@ -46,6 +46,8 @@ | |
772 | #include <linux/security.h> | |
773 | #include <linux/syscalls.h> | |
774 | #include <linux/rmap.h> | |
775 | +#include <linux/random.h> | |
776 | +#include <linux/grsecurity.h> | |
777 | ||
778 | #include <asm/uaccess.h> | |
779 | #include <asm/pgalloc.h> | |
780 | @@ -904,6 +906,9 @@ | |
781 | if (retval) | |
782 | return retval; | |
783 | ||
784 | + if (gr_handle_ptrace_exec(bprm->file->f_dentry, bprm->file->f_vfsmnt)) | |
785 | + return -EACCES; | |
786 | + | |
787 | memset(bprm->buf,0,BINPRM_BUF_SIZE); | |
788 | return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE); | |
789 | } | |
790 | @@ -933,6 +938,7 @@ | |
791 | task_lock(current); | |
792 | unsafe = unsafe_exec(current); | |
793 | security_bprm_apply_creds(bprm, unsafe); | |
794 | + gr_handle_chroot_caps(current); | |
795 | task_unlock(current); | |
796 | } | |
797 | ||
ee78bb96 PS |
798 | @@ -1073,6 +1079,11 @@ |
799 | struct file *file; | |
800 | int retval; | |
801 | int i; | |
802 | +#ifdef CONFIG_GRKERNSEC | |
803 | + struct file *old_exec_file; | |
804 | + struct acl_subject_label *old_acl; | |
805 | + struct rlimit old_rlim[RLIM_NLIMITS]; | |
806 | +#endif | |
807 | ||
808 | sched_balance_exec(); | |
809 | ||
810 | @@ -1082,6 +1093,20 @@ | |
1db5cd70 PS |
811 | if (IS_ERR(file)) |
812 | return retval; | |
813 | ||
814 | + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes), 1); | |
815 | + | |
816 | + if (gr_handle_nproc()) { | |
817 | + allow_write_access(file); | |
818 | + fput(file); | |
819 | + return -EAGAIN; | |
820 | + } | |
821 | + | |
822 | + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) { | |
823 | + allow_write_access(file); | |
824 | + fput(file); | |
825 | + return -EACCES; | |
826 | + } | |
827 | + | |
828 | bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); | |
829 | memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0])); | |
830 | ||
ee78bb96 | 831 | @@ -1089,6 +1114,7 @@ |
1db5cd70 PS |
832 | bprm.filename = filename; |
833 | bprm.interp = filename; | |
834 | bprm.sh_bang = 0; | |
835 | + bprm.misc = 0; | |
836 | bprm.loader = 0; | |
837 | bprm.exec = 0; | |
838 | bprm.security = NULL; | |
ee78bb96 | 839 | @@ -1117,11 +1143,26 @@ |
1db5cd70 PS |
840 | if (retval < 0) |
841 | goto out; | |
842 | ||
843 | + if (!gr_tpe_allow(file)) { | |
844 | + retval = -EACCES; | |
845 | + goto out; | |
846 | + } | |
847 | + | |
848 | + if (gr_check_crash_exec(file)) { | |
849 | + retval = -EACCES; | |
850 | + goto out; | |
851 | + } | |
852 | + | |
853 | retval = copy_strings_kernel(1, &bprm.filename, &bprm); | |
854 | if (retval < 0) | |
855 | goto out; | |
856 | ||
857 | bprm.exec = bprm.p; | |
858 | + | |
859 | + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); | |
860 | + | |
861 | + gr_handle_exec_args(&bprm, argv); | |
862 | + | |
863 | retval = copy_strings(bprm.envc, envp, &bprm); | |
864 | if (retval < 0) | |
865 | goto out; | |
ee78bb96 | 866 | @@ -1130,8 +1171,22 @@ |
1db5cd70 PS |
867 | if (retval < 0) |
868 | goto out; | |
869 | ||
870 | +#ifdef CONFIG_GRKERNSEC | |
871 | + old_acl = current->acl; | |
872 | + memcpy(old_rlim, current->rlim, sizeof(old_rlim)); | |
873 | + old_exec_file = current->exec_file; | |
874 | + get_file(file); | |
875 | + current->exec_file = file; | |
876 | +#endif | |
877 | + | |
878 | + gr_set_proc_label(file->f_dentry, file->f_vfsmnt); | |
879 | + | |
880 | retval = search_binary_handler(&bprm,regs); | |
881 | if (retval >= 0) { | |
882 | +#ifdef CONFIG_GRKERNSEC | |
883 | + if (old_exec_file) | |
884 | + fput(old_exec_file); | |
885 | +#endif | |
886 | free_arg_pages(&bprm); | |
887 | ||
888 | /* execve success */ | |
ee78bb96 | 889 | @@ -1139,6 +1194,13 @@ |
1db5cd70 PS |
890 | return retval; |
891 | } | |
892 | ||
893 | +#ifdef CONFIG_GRKERNSEC | |
894 | + current->acl = old_acl; | |
895 | + memcpy(current->rlim, old_rlim, sizeof(old_rlim)); | |
896 | + fput(current->exec_file); | |
897 | + current->exec_file = old_exec_file; | |
898 | +#endif | |
899 | + | |
900 | out: | |
901 | /* Something went wrong, return the inode and free the argument pages*/ | |
902 | for (i = 0 ; i < MAX_ARG_PAGES ; i++) { | |
ee78bb96 | 903 | @@ -1365,6 +1427,7 @@ |
1db5cd70 PS |
904 | current->signal->group_exit_code = exit_code; |
905 | coredump_wait(mm); | |
906 | ||
907 | + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1); | |
908 | if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump) | |
909 | goto fail_unlock; | |
910 | ||
ee78bb96 | 911 | @@ -1384,7 +1447,7 @@ |
1db5cd70 PS |
912 | goto close_fail; |
913 | if (!file->f_op->write) | |
914 | goto close_fail; | |
915 | - if (do_truncate(file->f_dentry, 0) != 0) | |
916 | + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0) | |
917 | goto close_fail; | |
918 | ||
919 | retval = binfmt->core_dump(signr, regs, file); | |
920 | diff -uNr linux-2.6.7-rc1.orig/fs/fcntl.c linux-2.6.7-rc1/fs/fcntl.c | |
921 | --- linux-2.6.7-rc1.orig/fs/fcntl.c 2004-05-23 07:54:22.000000000 +0200 | |
922 | +++ linux-2.6.7-rc1/fs/fcntl.c 2004-05-25 14:33:58.632446840 +0200 | |
923 | @@ -14,6 +14,7 @@ | |
924 | #include <linux/module.h> | |
925 | #include <linux/security.h> | |
926 | #include <linux/ptrace.h> | |
927 | +#include <linux/grsecurity.h> | |
928 | ||
929 | #include <asm/poll.h> | |
930 | #include <asm/siginfo.h> | |
931 | @@ -86,6 +87,9 @@ | |
932 | int error; | |
933 | ||
934 | error = -EINVAL; | |
935 | + | |
936 | + gr_learn_resource(current, RLIMIT_NOFILE, orig_start, 0); | |
937 | + | |
938 | if (orig_start >= current->rlim[RLIMIT_NOFILE].rlim_cur) | |
939 | goto out; | |
940 | ||
941 | @@ -105,6 +109,9 @@ | |
942 | } | |
943 | ||
944 | error = -EMFILE; | |
945 | + | |
946 | + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0); | |
947 | + | |
948 | if (newfd >= current->rlim[RLIMIT_NOFILE].rlim_cur) | |
949 | goto out; | |
950 | ||
951 | @@ -154,6 +161,8 @@ | |
952 | struct file * file, *tofree; | |
953 | struct files_struct * files = current->files; | |
954 | ||
955 | + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0); | |
956 | + | |
957 | spin_lock(&files->file_lock); | |
958 | if (!(file = fcheck(oldfd))) | |
959 | goto out_unlock; | |
960 | @@ -493,13 +502,15 @@ | |
961 | if (pid > 0) { | |
962 | p = find_task_by_pid(pid); | |
963 | if (p) { | |
964 | - send_sigio_to_task(p, fown, fd, band); | |
965 | + if (!gr_check_protected_task(p)) | |
966 | + send_sigio_to_task(p, fown, fd, band); | |
967 | } | |
968 | } else { | |
969 | struct list_head *l; | |
970 | struct pid *pidptr; | |
971 | for_each_task_pid(-pid, PIDTYPE_PGID, p, l, pidptr) { | |
972 | - send_sigio_to_task(p, fown, fd, band); | |
973 | + if (!gr_check_protected_task(p) && !gr_pid_is_chrooted(p)) | |
974 | + send_sigio_to_task(p, fown, fd, band); | |
975 | } | |
976 | } | |
977 | read_unlock(&tasklist_lock); | |
978 | diff -uNr linux-2.6.7-rc1.orig/fs/Kconfig linux-2.6.7-rc1/fs/Kconfig | |
979 | --- linux-2.6.7-rc1.orig/fs/Kconfig 2004-05-25 14:25:42.000000000 +0200 | |
980 | +++ linux-2.6.7-rc1/fs/Kconfig 2004-05-25 14:33:58.318494568 +0200 | |
981 | @@ -816,6 +816,7 @@ | |
982 | ||
983 | config PROC_KCORE | |
984 | bool | |
985 | + depends on !GRKERNSEC_PROC_ADD | |
986 | default y if !ARM | |
987 | ||
988 | config SYSFS | |
66e3021a PS |
989 | diff -uNr linux-2.6.6/fs/dcache.c linux-2.6.6.grsec/fs/dcache.c |
990 | --- linux-2.6.6/fs/dcache.c 2004-05-13 16:55:46.446490696 +0200 | |
991 | +++ linux-2.6.6.grsec/fs/dcache.c 2004-05-13 16:52:25.000000000 +0200 | |
992 | @@ -1263,7 +1263,7 @@ | |
993 | * | |
994 | * "buflen" should be positive. Caller holds the dcache_lock. | |
995 | */ | |
996 | -static char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt, | |
997 | +char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt, | |
998 | struct dentry *root, struct vfsmount *rootmnt, | |
999 | char *buffer, int buflen) | |
1000 | { | |
1db5cd70 PS |
1001 | diff -uNr linux-2.6.7-rc1.orig/fs/namei.c linux-2.6.7-rc1/fs/namei.c |
1002 | --- linux-2.6.7-rc1.orig/fs/namei.c 2004-05-23 07:53:57.000000000 +0200 | |
1003 | +++ linux-2.6.7-rc1/fs/namei.c 2004-05-25 14:33:58.669441216 +0200 | |
1004 | @@ -27,6 +27,7 @@ | |
1005 | #include <linux/security.h> | |
1006 | #include <linux/mount.h> | |
1007 | #include <linux/audit.h> | |
1008 | +#include <linux/grsecurity.h> | |
1009 | #include <asm/namei.h> | |
1010 | #include <asm/uaccess.h> | |
1011 | ||
1012 | @@ -413,6 +414,13 @@ | |
1013 | err = security_inode_follow_link(dentry, nd); | |
1014 | if (err) | |
1015 | goto loop; | |
1016 | + | |
1017 | + if (gr_handle_follow_link(dentry->d_parent->d_inode, | |
1018 | + dentry->d_inode, dentry, nd->mnt)) { | |
1019 | + err = -EACCES; | |
1020 | + goto loop; | |
1021 | + } | |
1022 | + | |
1023 | current->link_count++; | |
1024 | current->total_link_count++; | |
1025 | touch_atime(nd->mnt, dentry); | |
1026 | @@ -764,6 +772,10 @@ | |
1027 | break; | |
1028 | } | |
1029 | return_base: | |
1030 | + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) { | |
1031 | + path_release(nd); | |
1032 | + return -ENOENT; | |
1033 | + } | |
1034 | return 0; | |
1035 | out_dput: | |
1036 | dput(next.dentry); | |
1037 | @@ -1225,7 +1237,7 @@ | |
1038 | if (!error) { | |
1039 | DQUOT_INIT(inode); | |
1040 | ||
1041 | - error = do_truncate(dentry, 0); | |
1042 | + error = do_truncate(dentry, 0, nd->mnt); | |
1043 | } | |
1044 | put_write_access(inode); | |
1045 | if (error) | |
1046 | @@ -1276,6 +1288,17 @@ | |
1047 | error = path_lookup(pathname, lookup_flags(flag)|LOOKUP_OPEN, nd); | |
1048 | if (error) | |
1049 | return error; | |
1050 | + | |
1051 | + if (gr_handle_rawio(nd->dentry->d_inode)) { | |
1052 | + error = -EPERM; | |
1053 | + goto exit; | |
1054 | + } | |
1055 | + | |
1056 | + if (!gr_acl_handle_open(nd->dentry, nd->mnt, flag)) { | |
1057 | + error = -EACCES; | |
1058 | + goto exit; | |
1059 | + } | |
1060 | + | |
1061 | goto ok; | |
1062 | } | |
1063 | ||
1064 | @@ -1309,9 +1332,19 @@ | |
1065 | ||
1066 | /* Negative dentry, just create the file */ | |
1067 | if (!dentry->d_inode) { | |
1068 | + if (!gr_acl_handle_creat(dentry, nd->dentry, nd->mnt, flag, mode)) { | |
1069 | + error = -EACCES; | |
1070 | + up(&dir->d_inode->i_sem); | |
1071 | + goto exit_dput; | |
1072 | + } | |
1073 | + | |
1074 | if (!IS_POSIXACL(dir->d_inode)) | |
1075 | mode &= ~current->fs->umask; | |
1076 | error = vfs_create(dir->d_inode, dentry, mode, nd); | |
1077 | + | |
1078 | + if (!error) | |
1079 | + gr_handle_create(dentry, nd->mnt); | |
1080 | + | |
1081 | up(&dir->d_inode->i_sem); | |
1082 | dput(nd->dentry); | |
1083 | nd->dentry = dentry; | |
1084 | @@ -1326,6 +1359,25 @@ | |
1085 | /* | |
1086 | * It already exists. | |
1087 | */ | |
1088 | + | |
1089 | + if (gr_handle_rawio(dentry->d_inode)) { | |
1090 | + error = -EPERM; | |
1091 | + up(&dir->d_inode->i_sem); | |
1092 | + goto exit_dput; | |
1093 | + } | |
1094 | + | |
1095 | + if (!gr_acl_handle_open(dentry, nd->mnt, flag)) { | |
1096 | + up(&dir->d_inode->i_sem); | |
1097 | + error = -EACCES; | |
1098 | + goto exit_dput; | |
1099 | + } | |
1100 | + | |
1101 | + if (gr_handle_fifo(dentry, nd->mnt, dir, flag, acc_mode)) { | |
1102 | + up(&dir->d_inode->i_sem); | |
1103 | + error = -EACCES; | |
1104 | + goto exit_dput; | |
1105 | + } | |
1106 | + | |
1107 | up(&dir->d_inode->i_sem); | |
1108 | ||
1109 | error = -EEXIST; | |
1110 | @@ -1379,6 +1431,13 @@ | |
1111 | error = security_inode_follow_link(dentry, nd); | |
1112 | if (error) | |
1113 | goto exit_dput; | |
1114 | + | |
1115 | + if (gr_handle_follow_link(dentry->d_parent->d_inode, dentry->d_inode, | |
1116 | + dentry, nd->mnt)) { | |
1117 | + error = -EACCES; | |
1118 | + goto exit_dput; | |
1119 | + } | |
1120 | + | |
1121 | touch_atime(nd->mnt, dentry); | |
1122 | error = dentry->d_inode->i_op->follow_link(dentry, nd); | |
1123 | dput(dentry); | |
1124 | @@ -1486,6 +1545,22 @@ | |
1125 | if (!IS_POSIXACL(nd.dentry->d_inode)) | |
1126 | mode &= ~current->fs->umask; | |
1127 | if (!IS_ERR(dentry)) { | |
1128 | + if (gr_handle_chroot_mknod(dentry, nd.mnt, mode)) { | |
1129 | + error = -EPERM; | |
1130 | + dput(dentry); | |
1131 | + up(&nd.dentry->d_inode->i_sem); | |
1132 | + path_release(&nd); | |
1133 | + goto out; | |
1134 | + } | |
1135 | + | |
1136 | + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) { | |
1137 | + error = -EACCES; | |
1138 | + dput(dentry); | |
1139 | + up(&nd.dentry->d_inode->i_sem); | |
1140 | + path_release(&nd); | |
1141 | + goto out; | |
1142 | + } | |
1143 | + | |
1144 | switch (mode & S_IFMT) { | |
1145 | case 0: case S_IFREG: | |
1146 | error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); | |
1147 | @@ -1503,6 +1578,10 @@ | |
1148 | default: | |
1149 | error = -EINVAL; | |
1150 | } | |
1151 | + | |
1152 | + if (!error) | |
1153 | + gr_handle_create(dentry, nd.mnt); | |
1154 | + | |
1155 | dput(dentry); | |
1156 | } | |
1157 | up(&nd.dentry->d_inode->i_sem); | |
1158 | @@ -1554,9 +1633,19 @@ | |
1159 | dentry = lookup_create(&nd, 1); | |
1160 | error = PTR_ERR(dentry); | |
1161 | if (!IS_ERR(dentry)) { | |
1162 | + error = 0; | |
1163 | if (!IS_POSIXACL(nd.dentry->d_inode)) | |
1164 | mode &= ~current->fs->umask; | |
1165 | - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); | |
1166 | + | |
1167 | + if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt)) | |
1168 | + error = -EACCES; | |
1169 | + | |
1170 | + if (!error) | |
1171 | + error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); | |
1172 | + | |
1173 | + if (!error) | |
1174 | + gr_handle_create(dentry, nd.mnt); | |
1175 | + | |
1176 | dput(dentry); | |
1177 | } | |
1178 | up(&nd.dentry->d_inode->i_sem); | |
1179 | @@ -1640,6 +1729,8 @@ | |
1180 | char * name; | |
1181 | struct dentry *dentry; | |
1182 | struct nameidata nd; | |
1183 | + ino_t saved_ino = 0; | |
1184 | + dev_t saved_dev = 0; | |
1185 | ||
1186 | name = getname(pathname); | |
1187 | if(IS_ERR(name)) | |
1188 | @@ -1664,7 +1755,21 @@ | |
1189 | dentry = lookup_hash(&nd.last, nd.dentry); | |
1190 | error = PTR_ERR(dentry); | |
1191 | if (!IS_ERR(dentry)) { | |
1192 | - error = vfs_rmdir(nd.dentry->d_inode, dentry); | |
1193 | + error = 0; | |
1194 | + if (dentry->d_inode) { | |
1195 | + if (dentry->d_inode->i_nlink <= 1) { | |
1196 | + saved_ino = dentry->d_inode->i_ino; | |
1197 | + saved_dev = dentry->d_inode->i_sb->s_dev; | |
1198 | + } | |
1199 | + | |
1200 | + if (!gr_acl_handle_rmdir(dentry, nd.mnt)) | |
1201 | + error = -EACCES; | |
1202 | + } | |
1203 | + | |
1204 | + if (!error) | |
1205 | + error = vfs_rmdir(nd.dentry->d_inode, dentry); | |
1206 | + if (!error && (saved_dev || saved_ino)) | |
1207 | + gr_handle_delete(saved_ino, saved_dev); | |
1208 | dput(dentry); | |
1209 | } | |
1210 | up(&nd.dentry->d_inode->i_sem); | |
1211 | @@ -1718,6 +1823,8 @@ | |
1212 | struct dentry *dentry; | |
1213 | struct nameidata nd; | |
1214 | struct inode *inode = NULL; | |
1215 | + ino_t saved_ino = 0; | |
1216 | + dev_t saved_dev = 0; | |
1217 | ||
1218 | name = getname(pathname); | |
1219 | if(IS_ERR(name)) | |
1220 | @@ -1733,13 +1840,26 @@ | |
1221 | dentry = lookup_hash(&nd.last, nd.dentry); | |
1222 | error = PTR_ERR(dentry); | |
1223 | if (!IS_ERR(dentry)) { | |
1224 | + error = 0; | |
1225 | /* Why not before? Because we want correct error value */ | |
1226 | if (nd.last.name[nd.last.len]) | |
1227 | goto slashes; | |
1228 | inode = dentry->d_inode; | |
1229 | - if (inode) | |
1230 | + if (inode) { | |
1231 | + if (inode->i_nlink <= 1) { | |
1232 | + saved_ino = inode->i_ino; | |
1233 | + saved_dev = inode->i_sb->s_dev; | |
1234 | + } | |
1235 | + | |
1236 | + if (!gr_acl_handle_unlink(dentry, nd.mnt)) | |
1237 | + error = -EACCES; | |
1238 | + | |
1239 | atomic_inc(&inode->i_count); | |
1240 | - error = vfs_unlink(nd.dentry->d_inode, dentry); | |
1241 | + } | |
1242 | + if (!error) | |
1243 | + error = vfs_unlink(nd.dentry->d_inode, dentry); | |
1244 | + if (!error && (saved_ino || saved_dev)) | |
1245 | + gr_handle_delete(saved_ino, saved_dev); | |
1246 | exit2: | |
1247 | dput(dentry); | |
1248 | } | |
1249 | @@ -1803,7 +1923,15 @@ | |
1250 | dentry = lookup_create(&nd, 0); | |
1251 | error = PTR_ERR(dentry); | |
1252 | if (!IS_ERR(dentry)) { | |
1253 | - error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); | |
1254 | + error = 0; | |
1255 | + if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from)) | |
1256 | + error = -EACCES; | |
1257 | + | |
1258 | + if (!error) | |
1259 | + error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); | |
1260 | + | |
1261 | + if (!error) | |
1262 | + gr_handle_create(dentry, nd.mnt); | |
1263 | dput(dentry); | |
1264 | } | |
1265 | up(&nd.dentry->d_inode->i_sem); | |
1266 | @@ -1887,7 +2015,20 @@ | |
1267 | new_dentry = lookup_create(&nd, 0); | |
1268 | error = PTR_ERR(new_dentry); | |
1269 | if (!IS_ERR(new_dentry)) { | |
1270 | - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); | |
1271 | + error = 0; | |
1272 | + if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt, | |
1273 | + old_nd.dentry->d_inode, | |
1274 | + old_nd.dentry->d_inode->i_mode, to)) | |
1275 | + error = -EPERM; | |
1276 | + if (!gr_acl_handle_link(new_dentry, nd.dentry, nd.mnt, | |
1277 | + old_nd.dentry, old_nd.mnt, to)) | |
1278 | + error = -EACCES; | |
1279 | + if (!error) | |
1280 | + error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); | |
1281 | + | |
1282 | + if (!error) | |
1283 | + gr_handle_create(new_dentry, nd.mnt); | |
1284 | + | |
1285 | dput(new_dentry); | |
1286 | } | |
1287 | up(&nd.dentry->d_inode->i_sem); | |
1288 | @@ -2109,8 +2250,16 @@ | |
1289 | if (new_dentry == trap) | |
1290 | goto exit5; | |
1291 | ||
1292 | - error = vfs_rename(old_dir->d_inode, old_dentry, | |
1293 | + error = gr_acl_handle_rename(new_dentry, newnd.dentry, newnd.mnt, | |
1294 | + old_dentry, old_dir->d_inode, oldnd.mnt, | |
1295 | + newname); | |
1296 | + | |
1297 | + if (!error) | |
1298 | + error = vfs_rename(old_dir->d_inode, old_dentry, | |
1299 | new_dir->d_inode, new_dentry); | |
1300 | + if (!error) | |
1301 | + gr_handle_rename(old_dir->d_inode, newnd.dentry->d_inode, old_dentry, | |
1302 | + new_dentry, oldnd.mnt, new_dentry->d_inode ? 1 : 0); | |
1303 | exit5: | |
1304 | dput(new_dentry); | |
1305 | exit4: | |
1306 | diff -uNr linux-2.6.7-rc1.orig/fs/namespace.c linux-2.6.7-rc1/fs/namespace.c | |
1307 | --- linux-2.6.7-rc1.orig/fs/namespace.c 2004-05-23 07:54:22.000000000 +0200 | |
1308 | +++ linux-2.6.7-rc1/fs/namespace.c 2004-05-25 14:33:58.726432552 +0200 | |
1309 | @@ -21,6 +21,8 @@ | |
1310 | #include <linux/namei.h> | |
1311 | #include <linux/security.h> | |
1312 | #include <linux/mount.h> | |
1313 | +#include <linux/sched.h> | |
1314 | +#include <linux/grsecurity.h> | |
1315 | #include <asm/uaccess.h> | |
1316 | #include <asm/unistd.h> | |
1317 | ||
1318 | @@ -402,6 +404,8 @@ | |
1319 | lock_kernel(); | |
1320 | retval = do_remount_sb(sb, MS_RDONLY, 0, 0); | |
1321 | unlock_kernel(); | |
1322 | + | |
1323 | + gr_log_remount(mnt->mnt_devname, retval); | |
1324 | } | |
1325 | up_write(&sb->s_umount); | |
1326 | return retval; | |
1327 | @@ -430,6 +434,9 @@ | |
1328 | if (retval) | |
1329 | security_sb_umount_busy(mnt); | |
1330 | up_write(¤t->namespace->sem); | |
1331 | + | |
1332 | + gr_log_unmount(mnt->mnt_devname, retval); | |
1333 | + | |
1334 | return retval; | |
1335 | } | |
1336 | ||
1337 | @@ -852,6 +859,11 @@ | |
1338 | if (retval) | |
1339 | goto dput_out; | |
1340 | ||
1341 | + if (gr_handle_chroot_mount(nd.dentry, nd.mnt, dev_name)) { | |
1342 | + retval = -EPERM; | |
1343 | + goto dput_out; | |
1344 | + } | |
1345 | + | |
1346 | if (flags & MS_REMOUNT) | |
1347 | retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags, | |
1348 | data_page); | |
1349 | @@ -864,6 +876,9 @@ | |
1350 | dev_name, data_page); | |
1351 | dput_out: | |
1352 | path_release(&nd); | |
1353 | + | |
1354 | + gr_log_mount(dev_name, dir_name, retval); | |
1355 | + | |
1356 | return retval; | |
1357 | } | |
1358 | ||
1359 | @@ -1086,6 +1101,9 @@ | |
1360 | if (!capable(CAP_SYS_ADMIN)) | |
1361 | return -EPERM; | |
1362 | ||
1363 | + if (gr_handle_chroot_pivot()) | |
1364 | + return -EPERM; | |
1365 | + | |
1366 | lock_kernel(); | |
1367 | ||
1368 | error = __user_walk(new_root, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd); | |
1369 | diff -uNr linux-2.6.7-rc1.orig/fs/open.c linux-2.6.7-rc1/fs/open.c | |
1370 | --- linux-2.6.7-rc1.orig/fs/open.c 2004-05-23 07:53:32.000000000 +0200 | |
1371 | +++ linux-2.6.7-rc1/fs/open.c 2004-05-25 14:33:58.770425864 +0200 | |
1372 | @@ -22,6 +22,7 @@ | |
1373 | #include <asm/uaccess.h> | |
1374 | #include <linux/fs.h> | |
1375 | #include <linux/pagemap.h> | |
1376 | +#include <linux/grsecurity.h> | |
1377 | ||
1378 | #include <asm/unistd.h> | |
1379 | ||
1380 | @@ -191,7 +192,7 @@ | |
1381 | return error; | |
1382 | } | |
1383 | ||
1384 | -int do_truncate(struct dentry *dentry, loff_t length) | |
1385 | +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt) | |
1386 | { | |
1387 | int err; | |
1388 | struct iattr newattrs; | |
1389 | @@ -200,6 +201,9 @@ | |
1390 | if (length < 0) | |
1391 | return -EINVAL; | |
1392 | ||
1393 | + if (!gr_acl_handle_truncate(dentry, mnt)) | |
1394 | + return -EACCES; | |
1395 | + | |
1396 | newattrs.ia_size = length; | |
1397 | newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; | |
1398 | down(&dentry->d_inode->i_sem); | |
1399 | @@ -260,7 +264,7 @@ | |
1400 | error = locks_verify_truncate(inode, NULL, length); | |
1401 | if (!error) { | |
1402 | DQUOT_INIT(inode); | |
1403 | - error = do_truncate(nd.dentry, length); | |
1404 | + error = do_truncate(nd.dentry, length, nd.mnt); | |
1405 | } | |
1406 | put_write_access(inode); | |
1407 | ||
1408 | @@ -312,7 +316,7 @@ | |
1409 | ||
1410 | error = locks_verify_truncate(inode, file, length); | |
1411 | if (!error) | |
1412 | - error = do_truncate(dentry, length); | |
1413 | + error = do_truncate(dentry, length, file->f_vfsmnt); | |
1414 | out_putf: | |
1415 | fput(file); | |
1416 | out: | |
1417 | @@ -391,6 +395,11 @@ | |
1418 | (error = permission(inode,MAY_WRITE,&nd)) != 0) | |
1419 | goto dput_and_out; | |
1420 | } | |
1421 | + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) { | |
1422 | + error = -EACCES; | |
1423 | + goto dput_and_out; | |
1424 | + } | |
1425 | + | |
1426 | down(&inode->i_sem); | |
1427 | error = notify_change(nd.dentry, &newattrs); | |
1428 | up(&inode->i_sem); | |
1429 | @@ -444,6 +453,12 @@ | |
1430 | (error = permission(inode,MAY_WRITE,&nd)) != 0) | |
1431 | goto dput_and_out; | |
1432 | } | |
1433 | + | |
1434 | + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) { | |
1435 | + error = -EACCES; | |
1436 | + goto dput_and_out; | |
1437 | + } | |
1438 | + | |
1439 | down(&inode->i_sem); | |
1440 | error = notify_change(nd.dentry, &newattrs); | |
1441 | up(&inode->i_sem); | |
1442 | @@ -505,6 +520,10 @@ | |
1443 | if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode) | |
1444 | && !special_file(nd.dentry->d_inode->i_mode)) | |
1445 | res = -EROFS; | |
1446 | + | |
1447 | + if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode)) | |
1448 | + res = -EACCES; | |
1449 | + | |
1450 | path_release(&nd); | |
1451 | } | |
1452 | ||
1453 | @@ -528,6 +547,8 @@ | |
1454 | if (error) | |
1455 | goto dput_and_out; | |
1456 | ||
1457 | + gr_log_chdir(nd.dentry, nd.mnt); | |
1458 | + | |
1459 | set_fs_pwd(current->fs, nd.mnt, nd.dentry); | |
1460 | ||
1461 | dput_and_out: | |
1462 | @@ -558,6 +579,13 @@ | |
1463 | goto out_putf; | |
1464 | ||
1465 | error = permission(inode, MAY_EXEC, NULL); | |
1466 | + | |
1467 | + if (!error && !gr_chroot_fchdir(dentry, mnt)) | |
1468 | + error = -EPERM; | |
1469 | + | |
1470 | + if (!error) | |
1471 | + gr_log_chdir(dentry, mnt); | |
1472 | + | |
1473 | if (!error) | |
1474 | set_fs_pwd(current->fs, mnt, dentry); | |
1475 | out_putf: | |
1476 | @@ -583,8 +611,16 @@ | |
1477 | if (!capable(CAP_SYS_CHROOT)) | |
1478 | goto dput_and_out; | |
1479 | ||
1480 | + if (gr_handle_chroot_chroot(nd.dentry, nd.mnt)) | |
1481 | + goto dput_and_out; | |
1482 | + | |
1483 | set_fs_root(current->fs, nd.mnt, nd.dentry); | |
1484 | set_fs_altroot(); | |
1485 | + | |
1486 | + gr_handle_chroot_caps(current); | |
1487 | + | |
1488 | + gr_handle_chroot_chdir(nd.dentry, nd.mnt); | |
1489 | + | |
1490 | error = 0; | |
1491 | dput_and_out: | |
1492 | path_release(&nd); | |
1493 | @@ -613,9 +649,22 @@ | |
1494 | err = -EPERM; | |
1495 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
1496 | goto out_putf; | |
1497 | + | |
1498 | + if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) { | |
1499 | + err = -EACCES; | |
1500 | + goto out_putf; | |
1501 | + } | |
1502 | + | |
1503 | down(&inode->i_sem); | |
1504 | if (mode == (mode_t) -1) | |
1505 | mode = inode->i_mode; | |
1506 | + | |
1507 | + if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) { | |
1508 | + err = -EPERM; | |
1509 | + up(&inode->i_sem); | |
1510 | + goto out_putf; | |
1511 | + } | |
1512 | + | |
1513 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); | |
1514 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; | |
1515 | err = notify_change(dentry, &newattrs); | |
1516 | @@ -647,9 +696,21 @@ | |
1517 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
1518 | goto dput_and_out; | |
1519 | ||
1520 | + if (!gr_acl_handle_chmod(nd.dentry, nd.mnt, mode)) { | |
1521 | + error = -EACCES; | |
1522 | + goto dput_and_out; | |
1523 | + } | |
1524 | + | |
1525 | down(&inode->i_sem); | |
1526 | if (mode == (mode_t) -1) | |
1527 | mode = inode->i_mode; | |
1528 | + | |
1529 | + if (gr_handle_chroot_chmod(nd.dentry, nd.mnt, mode)) { | |
1530 | + error = -EACCES; | |
1531 | + up(&inode->i_sem); | |
1532 | + goto dput_and_out; | |
1533 | + } | |
1534 | + | |
1535 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); | |
1536 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; | |
1537 | error = notify_change(nd.dentry, &newattrs); | |
1538 | @@ -661,7 +722,7 @@ | |
1539 | return error; | |
1540 | } | |
1541 | ||
1542 | -static int chown_common(struct dentry * dentry, uid_t user, gid_t group) | |
1543 | +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt) | |
1544 | { | |
1545 | struct inode * inode; | |
1546 | int error; | |
1547 | @@ -678,6 +739,12 @@ | |
1548 | error = -EPERM; | |
1549 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
1550 | goto out; | |
1551 | + | |
1552 | + if (!gr_acl_handle_chown(dentry, mnt)) { | |
1553 | + error = -EACCES; | |
1554 | + goto out; | |
1555 | + } | |
1556 | + | |
1557 | newattrs.ia_valid = ATTR_CTIME; | |
1558 | if (user != (uid_t) -1) { | |
1559 | newattrs.ia_valid |= ATTR_UID; | |
1560 | @@ -703,7 +770,7 @@ | |
1561 | ||
1562 | error = user_path_walk(filename, &nd); | |
1563 | if (!error) { | |
1564 | - error = chown_common(nd.dentry, user, group); | |
1565 | + error = chown_common(nd.dentry, user, group, nd.mnt); | |
1566 | path_release(&nd); | |
1567 | } | |
1568 | return error; | |
1569 | @@ -716,7 +783,7 @@ | |
1570 | ||
1571 | error = user_path_walk_link(filename, &nd); | |
1572 | if (!error) { | |
1573 | - error = chown_common(nd.dentry, user, group); | |
1574 | + error = chown_common(nd.dentry, user, group, nd.mnt); | |
1575 | path_release(&nd); | |
1576 | } | |
1577 | return error; | |
1578 | @@ -730,7 +797,8 @@ | |
1579 | ||
1580 | file = fget(fd); | |
1581 | if (file) { | |
1582 | - error = chown_common(file->f_dentry, user, group); | |
1583 | + error = chown_common(file->f_dentry, user, | |
1584 | + group, file->f_vfsmnt); | |
1585 | fput(file); | |
1586 | } | |
1587 | return error; | |
1588 | @@ -852,6 +920,7 @@ | |
1589 | * N.B. For clone tasks sharing a files structure, this test | |
1590 | * will limit the total number of files that can be opened. | |
1591 | */ | |
1592 | + gr_learn_resource(current, RLIMIT_NOFILE, fd, 0); | |
1593 | if (fd >= current->rlim[RLIMIT_NOFILE].rlim_cur) | |
1594 | goto out; | |
1595 | ||
1596 | diff -uNr linux-2.6.7-rc1.orig/fs/proc/array.c linux-2.6.7-rc1/fs/proc/array.c | |
1597 | --- linux-2.6.7-rc1.orig/fs/proc/array.c 2004-05-23 07:54:21.000000000 +0200 | |
1598 | +++ linux-2.6.7-rc1/fs/proc/array.c 2004-05-25 14:33:58.797421760 +0200 | |
dbb7f4ea | 1599 | @@ -323,6 +323,12 @@ |
1db5cd70 PS |
1600 | |
1601 | wchan = get_wchan(task); | |
1602 | ||
dbb7f4ea | 1603 | +#if defined(CONFIG_GRKERNSEC_PROC_MEMMAP) || defined(CONFIG_GRKERNSEC_HIDESYM) |
1db5cd70 PS |
1604 | + wchan = 0; |
1605 | + eip =0; | |
1606 | + esp =0; | |
1607 | +#endif | |
1608 | + | |
1609 | sigemptyset(&sigign); | |
1610 | sigemptyset(&sigcatch); | |
1611 | read_lock(&tasklist_lock); | |
dbb7f4ea | 1612 | @@ -424,3 +430,14 @@ |
1db5cd70 PS |
1613 | return sprintf(buffer,"%d %d %d %d %d %d %d\n", |
1614 | size, resident, shared, text, lib, data, 0); | |
1615 | } | |
1616 | + | |
1617 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
1618 | +int proc_pid_ipaddr(struct task_struct *task, char * buffer) | |
1619 | +{ | |
1620 | + int len; | |
1621 | + | |
1622 | + len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->curr_ip)); | |
1623 | + return len; | |
1624 | +} | |
1625 | +#endif | |
1626 | + | |
1627 | diff -uNr linux-2.6.7-rc1.orig/fs/proc/base.c linux-2.6.7-rc1/fs/proc/base.c | |
1628 | --- linux-2.6.7-rc1.orig/fs/proc/base.c 2004-05-23 07:54:21.000000000 +0200 | |
1629 | +++ linux-2.6.7-rc1/fs/proc/base.c 2004-05-25 14:33:58.811419632 +0200 | |
1630 | @@ -32,6 +32,7 @@ | |
1631 | #include <linux/mount.h> | |
1632 | #include <linux/security.h> | |
1633 | #include <linux/ptrace.h> | |
1634 | +#include <linux/grsecurity.h> | |
1635 | ||
1636 | /* | |
1637 | * For hysterical raisins we keep the same inumbers as in the old procfs. | |
1638 | @@ -67,6 +68,9 @@ | |
1639 | PROC_TGID_ATTR_EXEC, | |
1640 | PROC_TGID_ATTR_FSCREATE, | |
1641 | #endif | |
1642 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
1643 | + PROC_TGID_IPADDR, | |
1644 | +#endif | |
1645 | PROC_TGID_FD_DIR, | |
1646 | PROC_TID_INO, | |
1647 | PROC_TID_STATUS, | |
1648 | @@ -117,6 +121,9 @@ | |
1649 | E(PROC_TGID_ROOT, "root", S_IFLNK|S_IRWXUGO), | |
1650 | E(PROC_TGID_EXE, "exe", S_IFLNK|S_IRWXUGO), | |
1651 | E(PROC_TGID_MOUNTS, "mounts", S_IFREG|S_IRUGO), | |
1652 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
1653 | + E(PROC_TGID_IPADDR, "ipaddr", S_IFREG|S_IRUSR), | |
1654 | +#endif | |
1655 | #ifdef CONFIG_SECURITY | |
1656 | E(PROC_TGID_ATTR, "attr", S_IFDIR|S_IRUGO|S_IXUGO), | |
1657 | #endif | |
1658 | @@ -181,6 +188,9 @@ | |
1659 | int proc_pid_status(struct task_struct*,char*); | |
1660 | int proc_pid_statm(struct task_struct*,char*); | |
1661 | int proc_pid_cpu(struct task_struct*,char*); | |
1662 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
1663 | +int proc_pid_ipaddr(struct task_struct*,char*); | |
1664 | +#endif | |
1665 | ||
1666 | static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt) | |
1667 | { | |
1668 | @@ -277,7 +287,7 @@ | |
1669 | (task == current || \ | |
1670 | (task->parent == current && \ | |
1671 | (task->ptrace & PT_PTRACED) && task->state == TASK_STOPPED && \ | |
1672 | - security_ptrace(current,task) == 0)) | |
1673 | + security_ptrace(current,task) == 0 && !gr_handle_proc_ptrace(task))) | |
1674 | ||
1675 | static int may_ptrace_attach(struct task_struct *task) | |
1676 | { | |
1677 | @@ -292,13 +302,15 @@ | |
1678 | (current->uid != task->uid) || | |
1679 | (current->gid != task->egid) || | |
1680 | (current->gid != task->sgid) || | |
1681 | - (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) | |
1682 | + (current->gid != task->gid)) && !capable_nolog(CAP_SYS_PTRACE)) | |
1683 | goto out; | |
1684 | rmb(); | |
1685 | - if (!task->mm->dumpable && !capable(CAP_SYS_PTRACE)) | |
1686 | + if (!task->mm->dumpable && !capable_nolog(CAP_SYS_PTRACE)) | |
1687 | goto out; | |
1688 | if (security_ptrace(current, task)) | |
1689 | goto out; | |
1690 | + if (gr_handle_proc_ptrace(task)) | |
1691 | + goto out; | |
1692 | ||
1693 | retval = 1; | |
1694 | out: | |
1695 | @@ -445,9 +457,22 @@ | |
1696 | ||
1697 | static int proc_permission(struct inode *inode, int mask, struct nameidata *nd) | |
1698 | { | |
1699 | + int ret; | |
1700 | + struct task_struct *task; | |
1701 | + | |
1702 | if (vfs_permission(inode, mask) != 0) | |
1703 | return -EACCES; | |
1704 | - return proc_check_root(inode); | |
1705 | + ret = proc_check_root(inode); | |
1706 | + | |
1707 | + if (ret) | |
1708 | + return ret; | |
1709 | + | |
1710 | + task = proc_task(inode); | |
1711 | + | |
1712 | + if (!task) | |
1713 | + return 0; | |
1714 | + | |
1715 | + return gr_acl_handle_procpidmem(task); | |
1716 | } | |
1717 | ||
1718 | extern struct seq_operations proc_pid_maps_op; | |
1719 | @@ -954,6 +979,9 @@ | |
1720 | inode->i_uid = task->euid; | |
1721 | inode->i_gid = task->egid; | |
1722 | } | |
1723 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
1724 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
1725 | +#endif | |
1726 | security_task_to_inode(task, inode); | |
1727 | ||
1728 | out: | |
1729 | @@ -982,7 +1010,9 @@ | |
1730 | if (pid_alive(task)) { | |
1731 | if (proc_type(inode) == PROC_TGID_INO || proc_type(inode) == PROC_TID_INO || task_dumpable(task)) { | |
1732 | inode->i_uid = task->euid; | |
1733 | +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP | |
1734 | inode->i_gid = task->egid; | |
1735 | +#endif | |
1736 | } else { | |
1737 | inode->i_uid = 0; | |
1738 | inode->i_gid = 0; | |
1739 | @@ -1318,6 +1348,12 @@ | |
1740 | inode->i_fop = &proc_info_file_operations; | |
1741 | ei->op.proc_read = proc_pid_status; | |
1742 | break; | |
1743 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
1744 | + case PROC_TGID_IPADDR: | |
1745 | + inode->i_fop = &proc_info_file_operations; | |
1746 | + ei->op.proc_read = proc_pid_ipaddr; | |
1747 | + break; | |
1748 | +#endif | |
1749 | case PROC_TID_STAT: | |
1750 | case PROC_TGID_STAT: | |
1751 | inode->i_fop = &proc_info_file_operations; | |
1752 | @@ -1567,6 +1603,22 @@ | |
1753 | if (!task) | |
1754 | goto out; | |
1755 | ||
1756 | + if (gr_check_hidden_task(task)) { | |
1757 | + put_task_struct(task); | |
1758 | + goto out; | |
1759 | + } | |
1760 | + | |
1761 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
1762 | + if (current->uid && (task->uid != current->uid) | |
1763 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
1764 | + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID) | |
1765 | +#endif | |
1766 | + ) { | |
1767 | + put_task_struct(task); | |
1768 | + goto out; | |
1769 | + } | |
1770 | +#endif | |
1771 | + | |
1772 | inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO); | |
1773 | ||
1774 | ||
1775 | @@ -1574,7 +1626,15 @@ | |
1776 | put_task_struct(task); | |
1777 | goto out; | |
1778 | } | |
1779 | + | |
1780 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
1781 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; | |
1782 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
1783 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP; | |
1784 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
1785 | +#else | |
1786 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | |
1787 | +#endif | |
1788 | inode->i_op = &proc_tgid_base_inode_operations; | |
1789 | inode->i_fop = &proc_tgid_base_operations; | |
1790 | inode->i_nlink = 3; | |
1791 | @@ -1658,6 +1718,9 @@ | |
1792 | static int get_tgid_list(int index, unsigned long version, unsigned int *tgids) | |
1793 | { | |
1794 | struct task_struct *p; | |
1795 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
1796 | + struct task_struct *tmp = current; | |
1797 | +#endif | |
1798 | int nr_tgids = 0; | |
1799 | ||
1800 | index--; | |
1801 | @@ -1678,6 +1741,18 @@ | |
1802 | int tgid = p->pid; | |
1803 | if (!pid_alive(p)) | |
1804 | continue; | |
1805 | + if (gr_pid_is_chrooted(p)) | |
1806 | + continue; | |
1807 | + if (gr_check_hidden_task(p)) | |
1808 | + continue; | |
1809 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
1810 | + if (tmp->uid && (p->uid != tmp->uid) | |
1811 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
1812 | + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID) | |
1813 | +#endif | |
1814 | + ) | |
1815 | + continue; | |
1816 | +#endif | |
1817 | if (--index >= 0) | |
1818 | continue; | |
1819 | tgids[nr_tgids] = tgid; | |
1820 | diff -uNr linux-2.6.7-rc1.orig/fs/proc/inode.c linux-2.6.7-rc1/fs/proc/inode.c | |
1821 | --- linux-2.6.7-rc1.orig/fs/proc/inode.c 2004-05-23 07:54:43.000000000 +0200 | |
1822 | +++ linux-2.6.7-rc1/fs/proc/inode.c 2004-05-25 14:33:58.814419176 +0200 | |
1823 | @@ -209,7 +209,11 @@ | |
1824 | if (de->mode) { | |
1825 | inode->i_mode = de->mode; | |
1826 | inode->i_uid = de->uid; | |
1827 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
1828 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
1829 | +#else | |
1830 | inode->i_gid = de->gid; | |
1831 | +#endif | |
1832 | } | |
1833 | if (de->size) | |
1834 | inode->i_size = de->size; | |
1835 | diff -uNr linux-2.6.7-rc1.orig/fs/proc/proc_misc.c linux-2.6.7-rc1/fs/proc/proc_misc.c | |
1836 | --- linux-2.6.7-rc1.orig/fs/proc/proc_misc.c 2004-05-23 07:53:35.000000000 +0200 | |
1837 | +++ linux-2.6.7-rc1/fs/proc/proc_misc.c 2004-05-25 14:33:58.817418720 +0200 | |
1838 | @@ -654,6 +654,8 @@ | |
1839 | void __init proc_misc_init(void) | |
1840 | { | |
1841 | struct proc_dir_entry *entry; | |
1842 | + int gr_mode = 0; | |
1843 | + | |
1844 | static struct { | |
1845 | char *name; | |
1846 | int (*read_proc)(char*,char**,off_t,int,int*,void*); | |
1847 | @@ -668,9 +670,13 @@ | |
1848 | #ifdef CONFIG_STRAM_PROC | |
1849 | {"stram", stram_read_proc}, | |
1850 | #endif | |
1851 | +#ifndef CONFIG_GRKERNSEC_PROC_ADD | |
1852 | {"devices", devices_read_proc}, | |
1853 | +#endif | |
1854 | {"filesystems", filesystems_read_proc}, | |
1855 | +#ifndef CONFIG_GRKERNSEC_PROC_ADD | |
1856 | {"cmdline", cmdline_read_proc}, | |
1857 | +#endif | |
962c3f72 | 1858 | {"locks", locks_read_proc}, |
1859 | {"execdomains", execdomains_read_proc}, | |
1860 | {NULL,} | |
1db5cd70 PS |
1861 | @@ -681,24 +687,39 @@ |
1862 | for (p = simple_ones; p->name; p++) | |
1863 | create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL); | |
1864 | ||
1865 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
1866 | + gr_mode = S_IRUSR; | |
1867 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
1868 | + gr_mode = S_IRUSR | S_IRGRP; | |
1869 | +#endif | |
1870 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
1871 | + create_proc_read_entry("devices", gr_mode, NULL, &devices_read_proc, NULL); | |
1872 | + create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL); | |
1873 | +#endif | |
1874 | + | |
1875 | proc_symlink("mounts", NULL, "self/mounts"); | |
1876 | ||
1877 | /* And now for trickier ones */ | |
1878 | entry = create_proc_entry("kmsg", S_IRUSR, &proc_root); | |
1879 | if (entry) | |
1880 | entry->proc_fops = &proc_kmsg_operations; | |
1881 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
1882 | + create_seq_entry("cpuinfo", gr_mode, &proc_cpuinfo_operations); | |
1883 | + create_seq_entry("slabinfo",gr_mode,&proc_slabinfo_operations); | |
1884 | +#else | |
1885 | create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations); | |
1886 | + create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations); | |
1887 | +#endif | |
1888 | create_seq_entry("partitions", 0, &proc_partitions_operations); | |
1889 | create_seq_entry("stat", 0, &proc_stat_operations); | |
1890 | create_seq_entry("interrupts", 0, &proc_interrupts_operations); | |
1891 | - create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations); | |
1892 | create_seq_entry("buddyinfo",S_IRUGO, &fragmentation_file_operations); | |
1893 | create_seq_entry("vmstat",S_IRUGO, &proc_vmstat_file_operations); | |
1894 | create_seq_entry("diskstats", 0, &proc_diskstats_operations); | |
1895 | #ifdef CONFIG_MODULES | |
1896 | - create_seq_entry("modules", 0, &proc_modules_operations); | |
1897 | + create_seq_entry("modules", gr_mode, &proc_modules_operations); | |
1898 | #endif | |
1899 | -#ifdef CONFIG_PROC_KCORE | |
1900 | +#if defined(CONFIG_PROC_KCORE) | |
1901 | proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL); | |
1902 | if (proc_root_kcore) { | |
1903 | proc_root_kcore->proc_fops = &proc_kcore_operations; | |
1904 | diff -uNr linux-2.6.7-rc1.orig/fs/proc/root.c linux-2.6.7-rc1/fs/proc/root.c | |
1905 | --- linux-2.6.7-rc1.orig/fs/proc/root.c 2004-05-23 07:54:29.000000000 +0200 | |
1906 | +++ linux-2.6.7-rc1/fs/proc/root.c 2004-05-25 14:33:58.819418416 +0200 | |
1907 | @@ -52,13 +52,26 @@ | |
1908 | return; | |
1909 | } | |
1910 | proc_misc_init(); | |
1911 | + | |
1912 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
7d1735ed | 1913 | + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR, NULL); |
1db5cd70 | 1914 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP |
7d1735ed | 1915 | + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); |
1db5cd70 | 1916 | +#else |
7d1735ed | 1917 | proc_net = proc_mkdir("net", NULL); |
1db5cd70 PS |
1918 | +#endif |
1919 | #ifdef CONFIG_SYSVIPC | |
7d1735ed | 1920 | proc_mkdir("sysvipc", NULL); |
1db5cd70 PS |
1921 | #endif |
1922 | #ifdef CONFIG_SYSCTL | |
1923 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
7d1735ed | 1924 | + proc_sys_root = proc_mkdir_mode("sys", S_IRUSR | S_IXUSR, NULL); |
1db5cd70 | 1925 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP |
7d1735ed | 1926 | + proc_sys_root = proc_mkdir_mode("sys", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); |
1db5cd70 | 1927 | +#else |
7d1735ed | 1928 | proc_sys_root = proc_mkdir("sys", NULL); |
1db5cd70 PS |
1929 | #endif |
1930 | +#endif | |
1931 | #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE) | |
7d1735ed | 1932 | proc_mkdir("sys/fs", NULL); |
1933 | proc_mkdir("sys/fs/binfmt_misc", NULL); | |
1db5cd70 PS |
1934 | @@ -74,7 +87,15 @@ |
1935 | #ifdef CONFIG_PROC_DEVICETREE | |
1936 | proc_device_tree_init(); | |
1937 | #endif | |
1938 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
1939 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
7d1735ed | 1940 | + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL); |
1db5cd70 | 1941 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP |
7d1735ed | 1942 | + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); |
1db5cd70 PS |
1943 | +#endif |
1944 | +#else | |
7d1735ed | 1945 | proc_bus = proc_mkdir("bus", NULL); |
1db5cd70 PS |
1946 | +#endif |
1947 | } | |
1948 | ||
1949 | static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd) | |
1db5cd70 PS |
1950 | diff -uNr linux-2.6.7-rc1.orig/fs/readdir.c linux-2.6.7-rc1/fs/readdir.c |
1951 | --- linux-2.6.7-rc1.orig/fs/readdir.c 2004-05-23 07:54:17.000000000 +0200 | |
1952 | +++ linux-2.6.7-rc1/fs/readdir.c 2004-05-25 14:33:58.841415072 +0200 | |
1953 | @@ -15,6 +15,8 @@ | |
1954 | #include <linux/dirent.h> | |
1955 | #include <linux/security.h> | |
1956 | #include <linux/unistd.h> | |
1957 | +#include <linux/namei.h> | |
1958 | +#include <linux/grsecurity.h> | |
1959 | ||
1960 | #include <asm/uaccess.h> | |
1961 | ||
1962 | @@ -65,6 +67,7 @@ | |
1963 | struct readdir_callback { | |
1964 | struct old_linux_dirent __user * dirent; | |
1965 | int result; | |
1966 | + struct nameidata nd; | |
1967 | }; | |
1968 | ||
1969 | static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset, | |
1970 | @@ -75,6 +78,10 @@ | |
1971 | ||
1972 | if (buf->result) | |
1973 | return -EINVAL; | |
1974 | + | |
1975 | + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino)) | |
1976 | + return 0; | |
1977 | + | |
1978 | buf->result++; | |
1979 | dirent = buf->dirent; | |
1980 | if (!access_ok(VERIFY_WRITE, (unsigned long)dirent, | |
1981 | @@ -107,6 +114,9 @@ | |
1982 | buf.result = 0; | |
1983 | buf.dirent = dirent; | |
1984 | ||
1985 | + buf.nd.dentry = file->f_dentry; | |
1986 | + buf.nd.mnt = file->f_vfsmnt; | |
1987 | + | |
1988 | error = vfs_readdir(file, fillonedir, &buf); | |
1989 | if (error >= 0) | |
1990 | error = buf.result; | |
1991 | @@ -134,6 +144,7 @@ | |
1992 | struct linux_dirent __user * previous; | |
1993 | int count; | |
1994 | int error; | |
1995 | + struct nameidata nd; | |
1996 | }; | |
1997 | ||
1998 | static int filldir(void * __buf, const char * name, int namlen, loff_t offset, | |
1999 | @@ -146,6 +157,10 @@ | |
2000 | buf->error = -EINVAL; /* only used if we fail.. */ | |
2001 | if (reclen > buf->count) | |
2002 | return -EINVAL; | |
2003 | + | |
2004 | + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino)) | |
2005 | + return 0; | |
2006 | + | |
2007 | dirent = buf->previous; | |
2008 | if (dirent) { | |
2009 | if (__put_user(offset, &dirent->d_off)) | |
2010 | @@ -193,6 +208,9 @@ | |
2011 | buf.count = count; | |
2012 | buf.error = 0; | |
2013 | ||
2014 | + buf.nd.dentry = file->f_dentry; | |
2015 | + buf.nd.mnt = file->f_vfsmnt; | |
2016 | + | |
2017 | error = vfs_readdir(file, filldir, &buf); | |
2018 | if (error < 0) | |
2019 | goto out_putf; | |
2020 | @@ -218,6 +236,7 @@ | |
2021 | struct linux_dirent64 __user * previous; | |
2022 | int count; | |
2023 | int error; | |
2024 | + struct nameidata nd; | |
2025 | }; | |
2026 | ||
2027 | static int filldir64(void * __buf, const char * name, int namlen, loff_t offset, | |
2028 | @@ -230,6 +249,10 @@ | |
2029 | buf->error = -EINVAL; /* only used if we fail.. */ | |
2030 | if (reclen > buf->count) | |
2031 | return -EINVAL; | |
2032 | + | |
2033 | + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino)) | |
2034 | + return 0; | |
2035 | + | |
2036 | dirent = buf->previous; | |
2037 | if (dirent) { | |
2038 | if (__put_user(offset, &dirent->d_off)) | |
2039 | @@ -279,6 +302,9 @@ | |
2040 | buf.count = count; | |
2041 | buf.error = 0; | |
2042 | ||
2043 | + buf.nd.mnt = file->f_vfsmnt; | |
2044 | + buf.nd.dentry = file->f_dentry; | |
2045 | + | |
2046 | error = vfs_readdir(file, filldir64, &buf); | |
2047 | if (error < 0) | |
2048 | goto out_putf; | |
2049 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_alloc.c linux-2.6.7-rc1/grsecurity/gracl_alloc.c | |
2050 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_alloc.c 1970-01-01 01:00:00.000000000 +0100 | |
2051 | +++ linux-2.6.7-rc1/grsecurity/gracl_alloc.c 2004-05-25 14:33:58.907405040 +0200 | |
2052 | @@ -0,0 +1,93 @@ | |
2053 | +/* stack-based acl allocation tracking (c) Brad Spengler 2002,2003 */ | |
2054 | + | |
2055 | +#include <linux/kernel.h> | |
2056 | +#include <linux/mm.h> | |
2057 | +#include <linux/slab.h> | |
2058 | +#include <linux/vmalloc.h> | |
2059 | +#include <linux/gracl.h> | |
2060 | +#include <linux/grsecurity.h> | |
2061 | + | |
2062 | +static unsigned long alloc_stack_next = 1; | |
2063 | +static unsigned long alloc_stack_size = 1; | |
2064 | +static void **alloc_stack; | |
2065 | + | |
2066 | +static __inline__ int | |
2067 | +alloc_pop(void) | |
2068 | +{ | |
2069 | + if (alloc_stack_next == 1) | |
2070 | + return 0; | |
2071 | + | |
2072 | + kfree(alloc_stack[alloc_stack_next - 2]); | |
2073 | + | |
2074 | + alloc_stack_next--; | |
2075 | + | |
2076 | + return 1; | |
2077 | +} | |
2078 | + | |
2079 | +static __inline__ void | |
2080 | +alloc_push(void *buf) | |
2081 | +{ | |
2082 | + if (alloc_stack_next >= alloc_stack_size) | |
2083 | + BUG(); | |
2084 | + | |
2085 | + alloc_stack[alloc_stack_next - 1] = buf; | |
2086 | + | |
2087 | + alloc_stack_next++; | |
2088 | + | |
2089 | + return; | |
2090 | +} | |
2091 | + | |
2092 | +void * | |
2093 | +acl_alloc(unsigned long len) | |
2094 | +{ | |
2095 | + void *ret; | |
2096 | + | |
2097 | + if (len > PAGE_SIZE) | |
2098 | + BUG(); | |
2099 | + | |
2100 | + ret = kmalloc(len, GFP_KERNEL); | |
2101 | + | |
2102 | + if (ret) | |
2103 | + alloc_push(ret); | |
2104 | + | |
2105 | + return ret; | |
2106 | +} | |
2107 | + | |
2108 | +void | |
2109 | +acl_free_all(void) | |
2110 | +{ | |
2111 | + if (gr_acl_is_enabled() || !alloc_stack) | |
2112 | + return; | |
2113 | + | |
2114 | + while (alloc_pop()) ; | |
2115 | + | |
2116 | + if (alloc_stack) { | |
2117 | + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE) | |
2118 | + kfree(alloc_stack); | |
2119 | + else | |
2120 | + vfree(alloc_stack); | |
2121 | + } | |
2122 | + | |
2123 | + alloc_stack = NULL; | |
2124 | + alloc_stack_size = 1; | |
2125 | + alloc_stack_next = 1; | |
2126 | + | |
2127 | + return; | |
2128 | +} | |
2129 | + | |
2130 | +int | |
2131 | +acl_alloc_stack_init(unsigned long size) | |
2132 | +{ | |
2133 | + if ((size * sizeof (void *)) <= PAGE_SIZE) | |
2134 | + alloc_stack = | |
2135 | + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL); | |
2136 | + else | |
2137 | + alloc_stack = (void **) vmalloc(size * sizeof (void *)); | |
2138 | + | |
2139 | + alloc_stack_size = size; | |
2140 | + | |
2141 | + if (!alloc_stack) | |
2142 | + return 0; | |
2143 | + else | |
2144 | + return 1; | |
2145 | +} | |
2146 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl.c linux-2.6.7-rc1/grsecurity/gracl.c | |
2147 | --- linux-2.6.7-rc1.orig/grsecurity/gracl.c 1970-01-01 01:00:00.000000000 +0100 | |
2148 | +++ linux-2.6.7-rc1/grsecurity/gracl.c 2004-05-25 14:33:58.905405344 +0200 | |
6a84f544 | 2149 | @@ -0,0 +1,3311 @@ |
1db5cd70 PS |
2150 | +/* |
2151 | + * grsecurity/gracl.c | |
2152 | + * Copyright Brad Spengler 2001, 2002, 2003 | |
2153 | + * | |
2154 | + */ | |
2155 | + | |
2156 | +#include <linux/kernel.h> | |
2157 | +#include <linux/module.h> | |
2158 | +#include <linux/sched.h> | |
2159 | +#include <linux/mm.h> | |
2160 | +#include <linux/file.h> | |
2161 | +#include <linux/fs.h> | |
2162 | +#include <linux/namei.h> | |
2163 | +#include <linux/mount.h> | |
2164 | +#include <linux/tty.h> | |
2165 | +#include <linux/proc_fs.h> | |
2166 | +#include <linux/smp_lock.h> | |
2167 | +#include <linux/slab.h> | |
2168 | +#include <linux/vmalloc.h> | |
2169 | +#include <linux/types.h> | |
2170 | +#include <linux/capability.h> | |
2171 | +#include <linux/sysctl.h> | |
2172 | +#include <linux/ptrace.h> | |
2173 | +#include <linux/gracl.h> | |
2174 | +#include <linux/gralloc.h> | |
2175 | +#include <linux/grsecurity.h> | |
2176 | +#include <linux/grinternal.h> | |
2177 | +#include <linux/percpu.h> | |
2178 | + | |
2179 | +#include <asm/uaccess.h> | |
2180 | +#include <asm/errno.h> | |
2181 | +#include <asm/mman.h> | |
2182 | + | |
2183 | +static struct acl_role_db acl_role_set; | |
2184 | +static struct acl_role_label *role_list_head; | |
2185 | +static struct name_db name_set; | |
2186 | +static struct name_db inodev_set; | |
2187 | + | |
2188 | +/* for keeping track of userspace pointers used for subjects, so we | |
2189 | + can share references in the kernel as well | |
2190 | +*/ | |
2191 | +static struct acl_subj_map_db subj_map_set; | |
2192 | + | |
2193 | +static struct acl_role_label *default_role; | |
2194 | + | |
2195 | +static u16 acl_sp_role_value; | |
2196 | + | |
2197 | +extern char *gr_shared_page[4]; | |
2198 | +static DECLARE_MUTEX(gr_dev_sem); | |
2199 | +rwlock_t gr_inode_lock = RW_LOCK_UNLOCKED; | |
2200 | + | |
2201 | +struct gr_arg *gr_usermode; | |
2202 | + | |
2203 | +static unsigned long gr_status = GR_STATUS_INIT; | |
2204 | + | |
2205 | +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum); | |
2206 | +extern void gr_clear_learn_entries(void); | |
2207 | + | |
2208 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
2209 | +extern void gr_log_resource(const struct task_struct *task, | |
2210 | + const int res, const unsigned long wanted, const int gt); | |
2211 | +#endif | |
2212 | + | |
2213 | +extern char * __d_path(struct dentry *dentry, struct vfsmount *vfsmnt, | |
2214 | + struct dentry *root, struct vfsmount *rootmnt, | |
2215 | + char *buffer, int buflen); | |
2216 | + | |
2217 | +unsigned char *gr_system_salt; | |
2218 | +unsigned char *gr_system_sum; | |
2219 | + | |
2220 | +static struct sprole_pw **acl_special_roles = NULL; | |
2221 | +static __u16 num_sprole_pws = 0; | |
2222 | + | |
2223 | +static struct acl_role_label *kernel_role = NULL; | |
2224 | + | |
2225 | +/* The following are used to keep a place held in the hash table when we move | |
2226 | + entries around. They can be replaced during insert. */ | |
2227 | + | |
2228 | +static struct acl_subject_label *deleted_subject; | |
2229 | +static struct acl_object_label *deleted_object; | |
2230 | +static struct name_entry *deleted_inodev; | |
2231 | + | |
2232 | +/* for keeping track of the last and final allocated subjects, since | |
2233 | + nested subject parsing is tricky | |
2234 | +*/ | |
2235 | +static struct acl_subject_label *s_last = NULL; | |
2236 | +static struct acl_subject_label *s_final = NULL; | |
2237 | + | |
2238 | +static unsigned int gr_auth_attempts = 0; | |
2239 | +static unsigned long gr_auth_expires = 0UL; | |
2240 | + | |
2241 | +extern int gr_init_uidset(void); | |
2242 | +extern void gr_free_uidset(void); | |
2243 | +extern void gr_remove_uid(uid_t uid); | |
2244 | +extern int gr_find_uid(uid_t uid); | |
2245 | + | |
2246 | +__inline__ int | |
2247 | +gr_acl_is_enabled(void) | |
2248 | +{ | |
2249 | + return (gr_status & GR_READY); | |
2250 | +} | |
2251 | + | |
2252 | +__inline__ int | |
2253 | +gr_acl_tpe_check(void) | |
2254 | +{ | |
2255 | + if (unlikely(!(gr_status & GR_READY))) | |
2256 | + return 0; | |
2257 | + if (current->role->roletype & GR_ROLE_TPE) | |
2258 | + return 1; | |
2259 | + else | |
2260 | + return 0; | |
2261 | +} | |
2262 | + | |
2263 | +int | |
2264 | +gr_handle_rawio(const struct inode *inode) | |
2265 | +{ | |
2266 | + if (inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO) && | |
2267 | + ((gr_status & GR_READY) | |
2268 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
2269 | + || (grsec_enable_chroot_caps && proc_is_chrooted(current)) | |
2270 | +#endif | |
2271 | + )) | |
2272 | + return 1; | |
2273 | + return 0; | |
2274 | +} | |
2275 | + | |
2276 | + | |
2277 | +static __inline__ int | |
2278 | +gr_streq(const char *a, const char *b, const __u16 lena, const __u16 lenb) | |
2279 | +{ | |
2280 | + int i; | |
2281 | + unsigned long *l1; | |
2282 | + unsigned long *l2; | |
2283 | + unsigned char *c1; | |
2284 | + unsigned char *c2; | |
2285 | + int num_longs; | |
2286 | + | |
2287 | + if (likely(lena != lenb)) | |
2288 | + return 0; | |
2289 | + | |
2290 | + l1 = (unsigned long *)a; | |
2291 | + l2 = (unsigned long *)b; | |
2292 | + | |
2293 | + num_longs = lena / sizeof(unsigned long); | |
2294 | + | |
2295 | + for (i = num_longs; i--; l1++, l2++) { | |
2296 | + if (unlikely(*l1 != *l2)) | |
2297 | + return 0; | |
2298 | + } | |
2299 | + | |
2300 | + c1 = (unsigned char *) l1; | |
2301 | + c2 = (unsigned char *) l2; | |
2302 | + | |
2303 | + i = lena - (num_longs * sizeof(unsigned long)); | |
2304 | + | |
2305 | + for (; i--; c1++, c2++) { | |
2306 | + if (unlikely(*c1 != *c2)) | |
2307 | + return 0; | |
2308 | + } | |
2309 | + | |
2310 | + return 1; | |
2311 | +} | |
2312 | + | |
2313 | +static __inline__ char * | |
2314 | +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt, | |
2315 | + char *buf, int buflen) | |
2316 | +{ | |
2317 | + char *res; | |
2318 | + struct dentry *our_dentry; | |
2319 | + struct vfsmount *our_mount; | |
2320 | + struct vfsmount *rootmnt; | |
2321 | + struct dentry *root; | |
2322 | + | |
2323 | + our_dentry = (struct dentry *) dentry; | |
2324 | + our_mount = (struct vfsmount *) vfsmnt; | |
2325 | + | |
2326 | + read_lock(&child_reaper->fs->lock); | |
2327 | + rootmnt = mntget(child_reaper->fs->rootmnt); | |
2328 | + root = dget(child_reaper->fs->root); | |
2329 | + read_unlock(&child_reaper->fs->lock); | |
2330 | + | |
2331 | + res = __d_path(our_dentry, our_mount, root, rootmnt, buf, buflen); | |
2332 | + if (unlikely(IS_ERR(res))) | |
2333 | + res = strcpy(buf, "<path too long>"); | |
2334 | + dput(root); | |
2335 | + mntput(rootmnt); | |
2336 | + return res; | |
2337 | +} | |
2338 | + | |
2339 | +char * | |
2340 | +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt) | |
2341 | +{ | |
2342 | + return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()), | |
2343 | + PAGE_SIZE); | |
2344 | +} | |
2345 | + | |
2346 | +static __inline__ char * | |
2347 | +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt, | |
2348 | + char *buf, int buflen) | |
2349 | +{ | |
2350 | + char *res; | |
2351 | + struct dentry *our_dentry; | |
2352 | + struct vfsmount *our_mount; | |
2353 | + struct vfsmount *rootmnt; | |
2354 | + struct dentry *root; | |
2355 | + | |
2356 | + our_dentry = (struct dentry *) dentry; | |
2357 | + our_mount = (struct vfsmount *) vfsmnt; | |
2358 | + | |
2359 | + read_lock(&child_reaper->fs->lock); | |
2360 | + rootmnt = mntget(child_reaper->fs->rootmnt); | |
2361 | + root = dget(child_reaper->fs->root); | |
2362 | + read_unlock(&child_reaper->fs->lock); | |
2363 | + | |
2364 | + spin_lock(&dcache_lock); | |
2365 | + res = __d_path(our_dentry, our_mount, root, rootmnt, buf, buflen); | |
2366 | + spin_unlock(&dcache_lock); | |
2367 | + if (unlikely(IS_ERR(res))) | |
2368 | + res = strcpy(buf, "<path too long>"); | |
2369 | + dput(root); | |
2370 | + mntput(rootmnt); | |
2371 | + return res; | |
2372 | +} | |
2373 | + | |
2374 | +char * | |
2375 | +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt) | |
2376 | +{ | |
2377 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()), | |
2378 | + PAGE_SIZE); | |
2379 | +} | |
2380 | + | |
2381 | +char * | |
2382 | +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt) | |
2383 | +{ | |
2384 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()), | |
2385 | + PAGE_SIZE); | |
2386 | +} | |
2387 | + | |
2388 | +char * | |
2389 | +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt) | |
2390 | +{ | |
2391 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()), | |
2392 | + PAGE_SIZE); | |
2393 | +} | |
2394 | + | |
2395 | +char * | |
2396 | +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt) | |
2397 | +{ | |
2398 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()), | |
2399 | + PAGE_SIZE); | |
2400 | +} | |
2401 | + | |
2402 | +__inline__ __u32 | |
2403 | +to_gr_audit(const __u32 reqmode) | |
2404 | +{ | |
2405 | + __u32 retmode = 0; | |
2406 | + | |
2407 | + retmode |= (reqmode & GR_READ) ? GR_AUDIT_READ : 0; | |
2408 | + retmode |= (reqmode & GR_WRITE) ? GR_AUDIT_WRITE | GR_AUDIT_APPEND : 0; | |
2409 | + retmode |= (reqmode & GR_APPEND) ? GR_AUDIT_APPEND : 0; | |
2410 | + retmode |= (reqmode & GR_EXEC) ? GR_AUDIT_EXEC : 0; | |
2411 | + retmode |= (reqmode & GR_INHERIT) ? GR_AUDIT_INHERIT : 0; | |
2412 | + retmode |= (reqmode & GR_FIND) ? GR_AUDIT_FIND : 0; | |
2413 | + retmode |= (reqmode & GR_SETID) ? GR_AUDIT_SETID : 0; | |
2414 | + retmode |= (reqmode & GR_CREATE) ? GR_AUDIT_CREATE : 0; | |
2415 | + retmode |= (reqmode & GR_DELETE) ? GR_AUDIT_DELETE : 0; | |
2416 | + | |
2417 | + return retmode; | |
2418 | +} | |
2419 | + | |
2420 | +__inline__ struct acl_subject_label * | |
2421 | +lookup_subject_map(const struct acl_subject_label *userp) | |
2422 | +{ | |
2423 | + unsigned long index = shash(userp, subj_map_set.s_size); | |
2424 | + struct subject_map *match; | |
2425 | + __u8 i = 0; | |
2426 | + | |
2427 | + match = subj_map_set.s_hash[index]; | |
2428 | + | |
2429 | + while (match && match->user != userp) { | |
2430 | + index = (index + (1 << i)) % subj_map_set.s_size; | |
2431 | + match = subj_map_set.s_hash[index]; | |
2432 | + i = (i + 1) % 32; | |
2433 | + } | |
2434 | + | |
2435 | + if (match) | |
2436 | + return match->kernel; | |
2437 | + else | |
2438 | + return NULL; | |
2439 | +} | |
2440 | + | |
2441 | +static void | |
2442 | +insert_subj_map_entry(struct subject_map *subjmap) | |
2443 | +{ | |
2444 | + unsigned long index = shash(subjmap->user, subj_map_set.s_size); | |
2445 | + struct subject_map **curr; | |
2446 | + __u8 i = 0; | |
2447 | + | |
2448 | + curr = &subj_map_set.s_hash[index]; | |
2449 | + | |
2450 | + while (*curr) { | |
2451 | + index = (index + (1 << i)) % subj_map_set.s_size; | |
2452 | + curr = &subj_map_set.s_hash[index]; | |
2453 | + i = (i + 1) % 32; | |
2454 | + } | |
2455 | + | |
2456 | + *curr = subjmap; | |
2457 | + | |
2458 | + return; | |
2459 | +} | |
2460 | + | |
2461 | +__inline__ struct acl_role_label * | |
2462 | +lookup_acl_role_label(const struct task_struct *task, const uid_t uid, | |
2463 | + const gid_t gid) | |
2464 | +{ | |
2465 | + unsigned long index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size); | |
2466 | + struct acl_role_label *match; | |
2467 | + struct role_allowed_ip *ipp; | |
2468 | + __u8 i = 0; | |
2469 | + | |
2470 | + match = acl_role_set.r_hash[index]; | |
2471 | + | |
2472 | + while (match | |
2473 | + && (match->uidgid != uid || !(match->roletype & GR_ROLE_USER))) { | |
2474 | + index = (index + (1 << i)) % acl_role_set.r_size; | |
2475 | + match = acl_role_set.r_hash[index]; | |
2476 | + i = (i + 1) % 32; | |
2477 | + } | |
2478 | + | |
2479 | + if (match == NULL) { | |
2480 | + try_group: | |
2481 | + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size); | |
2482 | + match = acl_role_set.r_hash[index]; | |
2483 | + i = 0; | |
2484 | + | |
2485 | + while (match && (match->uidgid != gid | |
2486 | + || !(match->roletype & GR_ROLE_GROUP))) { | |
2487 | + index = (index + (1 << i)) % acl_role_set.r_size; | |
2488 | + match = acl_role_set.r_hash[index]; | |
2489 | + i = (i + 1) % 32; | |
2490 | + } | |
2491 | + | |
2492 | + if (match == NULL) | |
2493 | + match = default_role; | |
2494 | + if (match->allowed_ips == NULL) | |
2495 | + return match; | |
2496 | + else { | |
2497 | + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) { | |
2498 | + if (likely | |
2499 | + ((task->curr_ip & ipp->netmask) == | |
2500 | + (ipp->addr & ipp->netmask))) | |
2501 | + return match; | |
2502 | + } | |
2503 | + match = default_role; | |
2504 | + } | |
2505 | + } else if (match->allowed_ips == NULL) { | |
2506 | + return match; | |
2507 | + } else { | |
2508 | + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) { | |
2509 | + if (likely | |
2510 | + ((task->curr_ip & ipp->netmask) == | |
2511 | + (ipp->addr & ipp->netmask))) | |
2512 | + return match; | |
2513 | + } | |
2514 | + goto try_group; | |
2515 | + } | |
2516 | + | |
2517 | + return match; | |
2518 | +} | |
2519 | + | |
2520 | +__inline__ struct acl_subject_label * | |
2521 | +lookup_acl_subj_label(const ino_t ino, const dev_t dev, | |
2522 | + const struct acl_role_label *role) | |
2523 | +{ | |
2524 | + unsigned long subj_size = role->subj_hash_size; | |
2525 | + struct acl_subject_label **s_hash = role->subj_hash; | |
2526 | + unsigned long index = fhash(ino, dev, subj_size); | |
2527 | + struct acl_subject_label *match; | |
2528 | + __u8 i = 0; | |
2529 | + | |
2530 | + match = s_hash[index]; | |
2531 | + | |
2532 | + while (match && (match->inode != ino || match->device != dev || | |
2533 | + (match->mode & GR_DELETED))) { | |
2534 | + index = (index + (1 << i)) % subj_size; | |
2535 | + match = s_hash[index]; | |
2536 | + i = (i + 1) % 32; | |
2537 | + } | |
2538 | + | |
2539 | + if (match && (match != deleted_subject) && !(match->mode & GR_DELETED)) | |
2540 | + return match; | |
2541 | + else | |
2542 | + return NULL; | |
2543 | +} | |
2544 | + | |
2545 | +static __inline__ struct acl_object_label * | |
2546 | +lookup_acl_obj_label(const ino_t ino, const dev_t dev, | |
2547 | + const struct acl_subject_label *subj) | |
2548 | +{ | |
2549 | + unsigned long obj_size = subj->obj_hash_size; | |
2550 | + struct acl_object_label **o_hash = subj->obj_hash; | |
2551 | + unsigned long index = fhash(ino, dev, obj_size); | |
2552 | + struct acl_object_label *match; | |
2553 | + __u8 i = 0; | |
2554 | + | |
2555 | + match = o_hash[index]; | |
2556 | + | |
2557 | + while (match && (match->inode != ino || match->device != dev || | |
2558 | + (match->mode & GR_DELETED))) { | |
2559 | + index = (index + (1 << i)) % obj_size; | |
2560 | + match = o_hash[index]; | |
2561 | + i = (i + 1) % 32; | |
2562 | + } | |
2563 | + | |
2564 | + if (match && (match != deleted_object) && !(match->mode & GR_DELETED)) | |
2565 | + return match; | |
2566 | + else | |
2567 | + return NULL; | |
2568 | +} | |
2569 | + | |
2570 | +static __inline__ struct acl_object_label * | |
2571 | +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev, | |
2572 | + const struct acl_subject_label *subj) | |
2573 | +{ | |
2574 | + unsigned long obj_size = subj->obj_hash_size; | |
2575 | + struct acl_object_label **o_hash = subj->obj_hash; | |
2576 | + unsigned long index = fhash(ino, dev, obj_size); | |
2577 | + struct acl_object_label *match; | |
2578 | + __u8 i = 0; | |
2579 | + | |
2580 | + match = o_hash[index]; | |
2581 | + | |
2582 | + while (match && (match->inode != ino || match->device != dev || | |
2583 | + !(match->mode & GR_DELETED))) { | |
2584 | + index = (index + (1 << i)) % obj_size; | |
2585 | + match = o_hash[index]; | |
2586 | + i = (i + 1) % 32; | |
2587 | + } | |
2588 | + | |
2589 | + if (match && (match != deleted_object) && (match->mode & GR_DELETED)) | |
2590 | + return match; | |
2591 | + | |
2592 | + i = 0; | |
2593 | + index = fhash(ino, dev, obj_size); | |
2594 | + match = o_hash[index]; | |
2595 | + | |
2596 | + while (match && (match->inode != ino || match->device != dev || | |
2597 | + (match->mode & GR_DELETED))) { | |
2598 | + index = (index + (1 << i)) % obj_size; | |
2599 | + match = o_hash[index]; | |
2600 | + i = (i + 1) % 32; | |
2601 | + } | |
2602 | + | |
2603 | + if (match && (match != deleted_object) && !(match->mode & GR_DELETED)) | |
2604 | + return match; | |
2605 | + else | |
2606 | + return NULL; | |
2607 | +} | |
2608 | + | |
2609 | +static __inline__ struct name_entry * | |
2610 | +lookup_name_entry(const char *name) | |
2611 | +{ | |
2612 | + __u16 len = strlen(name); | |
2613 | + unsigned long index = nhash(name, len, name_set.n_size); | |
2614 | + struct name_entry *match; | |
2615 | + __u8 i = 0; | |
2616 | + | |
2617 | + match = name_set.n_hash[index]; | |
2618 | + | |
2619 | + while (match && !gr_streq(match->name, name, match->len, len)) { | |
2620 | + index = (index + (1 << i)) % name_set.n_size; | |
2621 | + match = name_set.n_hash[index]; | |
2622 | + i = (i + 1) % 32; | |
2623 | + } | |
2624 | + | |
2625 | + return match; | |
2626 | +} | |
2627 | + | |
2628 | +static __inline__ struct name_entry * | |
2629 | +lookup_inodev_entry(const ino_t ino, const dev_t dev) | |
2630 | +{ | |
2631 | + unsigned long index = fhash(ino, dev, inodev_set.n_size); | |
2632 | + struct name_entry *match; | |
2633 | + __u8 i = 0; | |
2634 | + | |
2635 | + match = inodev_set.n_hash[index]; | |
2636 | + | |
2637 | + while (match && (match->inode != ino || match->device != dev)) { | |
2638 | + index = (index + (1 << i)) % inodev_set.n_size; | |
2639 | + match = inodev_set.n_hash[index]; | |
2640 | + i = (i + 1) % 32; | |
2641 | + } | |
2642 | + | |
2643 | + if (match && (match != deleted_inodev)) | |
2644 | + return match; | |
2645 | + else | |
2646 | + return NULL; | |
2647 | +} | |
2648 | + | |
2649 | +static void | |
2650 | +insert_inodev_entry(struct name_entry *nentry) | |
2651 | +{ | |
2652 | + unsigned long index = fhash(nentry->inode, nentry->device, | |
2653 | + inodev_set.n_size); | |
2654 | + struct name_entry **curr; | |
2655 | + __u8 i = 0; | |
2656 | + | |
2657 | + curr = &inodev_set.n_hash[index]; | |
2658 | + | |
2659 | + while (*curr && *curr != deleted_inodev) { | |
2660 | + index = (index + (1 << i)) % inodev_set.n_size; | |
2661 | + curr = &inodev_set.n_hash[index]; | |
2662 | + i = (i + 1) % 32; | |
2663 | + } | |
2664 | + | |
2665 | + *curr = nentry; | |
2666 | + | |
2667 | + return; | |
2668 | +} | |
2669 | + | |
2670 | +static void | |
2671 | +insert_acl_role_label(struct acl_role_label *role) | |
2672 | +{ | |
2673 | + unsigned long index = | |
2674 | + rhash(role->uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size); | |
2675 | + struct acl_role_label **curr; | |
2676 | + __u8 i = 0; | |
2677 | + | |
2678 | + curr = &acl_role_set.r_hash[index]; | |
2679 | + | |
2680 | + while (*curr) { | |
2681 | + index = (index + (1 << i)) % acl_role_set.r_size; | |
2682 | + curr = &acl_role_set.r_hash[index]; | |
2683 | + i = (i + 1) % 32; | |
2684 | + } | |
2685 | + | |
2686 | + *curr = role; | |
2687 | + | |
2688 | + return; | |
2689 | +} | |
2690 | + | |
2691 | +static int | |
2692 | +insert_name_entry(char *name, const ino_t inode, const dev_t device) | |
2693 | +{ | |
2694 | + struct name_entry **curr; | |
2695 | + __u8 i = 0; | |
2696 | + __u16 len = strlen(name); | |
2697 | + unsigned long index = nhash(name, len, name_set.n_size); | |
2698 | + | |
2699 | + curr = &name_set.n_hash[index]; | |
2700 | + | |
2701 | + while (*curr && !gr_streq((*curr)->name, name, (*curr)->len, len)) { | |
2702 | + index = (index + (1 << i)) % name_set.n_size; | |
2703 | + curr = &name_set.n_hash[index]; | |
2704 | + i = (i + 1) % 32; | |
2705 | + } | |
2706 | + | |
2707 | + if (!(*curr)) { | |
2708 | + struct name_entry *nentry = | |
2709 | + acl_alloc(sizeof (struct name_entry)); | |
2710 | + if (!nentry) | |
2711 | + return 0; | |
2712 | + nentry->name = name; | |
2713 | + nentry->inode = inode; | |
2714 | + nentry->device = device; | |
2715 | + nentry->len = len; | |
2716 | + *curr = nentry; | |
2717 | + /* insert us into the table searchable by inode/dev */ | |
2718 | + insert_inodev_entry(nentry); | |
2719 | + } | |
2720 | + | |
2721 | + return 1; | |
2722 | +} | |
2723 | + | |
2724 | +static void | |
2725 | +insert_acl_obj_label(struct acl_object_label *obj, | |
2726 | + struct acl_subject_label *subj) | |
2727 | +{ | |
2728 | + unsigned long index = | |
2729 | + fhash(obj->inode, obj->device, subj->obj_hash_size); | |
2730 | + struct acl_object_label **curr; | |
2731 | + __u8 i = 0; | |
2732 | + | |
2733 | + curr = &subj->obj_hash[index]; | |
2734 | + | |
2735 | + while (*curr && *curr != deleted_object) { | |
2736 | + index = (index + (1 << i)) % subj->obj_hash_size; | |
2737 | + curr = &subj->obj_hash[index]; | |
2738 | + i = (i + 1) % 32; | |
2739 | + } | |
2740 | + | |
2741 | + *curr = obj; | |
2742 | + | |
2743 | + return; | |
2744 | +} | |
2745 | + | |
2746 | +static void | |
2747 | +insert_acl_subj_label(struct acl_subject_label *obj, | |
2748 | + struct acl_role_label *role) | |
2749 | +{ | |
2750 | + unsigned long subj_size = role->subj_hash_size; | |
2751 | + struct acl_subject_label **s_hash = role->subj_hash; | |
2752 | + unsigned long index = fhash(obj->inode, obj->device, subj_size); | |
2753 | + struct acl_subject_label **curr; | |
2754 | + __u8 i = 0; | |
2755 | + | |
2756 | + curr = &s_hash[index]; | |
2757 | + | |
2758 | + while (*curr && *curr != deleted_subject) { | |
2759 | + index = (index + (1 << i)) % subj_size; | |
2760 | + curr = &s_hash[index]; | |
2761 | + i = (i + 1) % 32; | |
2762 | + } | |
2763 | + | |
2764 | + *curr = obj; | |
2765 | + | |
2766 | + return; | |
2767 | +} | |
2768 | + | |
2769 | +static void ** | |
2770 | +create_table(__u32 * len) | |
2771 | +{ | |
2772 | + unsigned long table_sizes[] = { | |
2773 | + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381, | |
2774 | + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143, | |
2775 | + 4194301, 8388593, 16777213, 33554393, 67108859, 134217689, | |
2776 | + 268435399, 536870909, 1073741789, 2147483647 | |
2777 | + }; | |
2778 | + void *newtable = NULL; | |
2779 | + unsigned int pwr = 0; | |
2780 | + | |
2781 | + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) && | |
2782 | + table_sizes[pwr] <= (2 * (*len))) | |
2783 | + pwr++; | |
2784 | + | |
2785 | + if (table_sizes[pwr] <= (2 * (*len))) | |
2786 | + return newtable; | |
2787 | + | |
2788 | + if ((table_sizes[pwr] * sizeof (void *)) <= PAGE_SIZE) | |
2789 | + newtable = | |
2790 | + kmalloc(table_sizes[pwr] * sizeof (void *), GFP_KERNEL); | |
2791 | + else | |
2792 | + newtable = vmalloc(table_sizes[pwr] * sizeof (void *)); | |
2793 | + | |
2794 | + *len = table_sizes[pwr]; | |
2795 | + | |
2796 | + return newtable; | |
2797 | +} | |
2798 | + | |
2799 | +static int | |
2800 | +init_variables(const unsigned long acl_obj_size, | |
2801 | + const unsigned long acl_glob_size, | |
2802 | + const unsigned long acl_subj_size, | |
2803 | + const unsigned long acl_ip_size, | |
2804 | + const unsigned long acl_role_size, | |
2805 | + const unsigned long allowed_ip_size, | |
2806 | + const unsigned long acl_trans_size, | |
2807 | + const __u16 num_sprole_pws) | |
2808 | +{ | |
2809 | + unsigned long stacksize; | |
2810 | + | |
2811 | + subj_map_set.s_size = acl_subj_size; | |
2812 | + acl_role_set.r_size = acl_role_size; | |
2813 | + name_set.n_size = (acl_obj_size + acl_subj_size); | |
2814 | + inodev_set.n_size = (acl_obj_size + acl_subj_size); | |
2815 | + | |
2816 | + if (!gr_init_uidset()) | |
2817 | + return 1; | |
2818 | + | |
2819 | + /* set up the stack that holds allocation info */ | |
2820 | + | |
2821 | + stacksize = (3 * acl_obj_size) + (3 * acl_role_size) + | |
2822 | + (6 * acl_subj_size) + acl_ip_size + (2 * acl_trans_size) + | |
2823 | + allowed_ip_size + (2 * num_sprole_pws) + (2 * acl_glob_size) + 5; | |
2824 | + | |
2825 | + if (!acl_alloc_stack_init(stacksize)) | |
2826 | + return 1; | |
2827 | + | |
2828 | + /* create our empty, fake deleted acls */ | |
2829 | + deleted_subject = | |
2830 | + (struct acl_subject_label *) | |
2831 | + acl_alloc(sizeof (struct acl_subject_label)); | |
2832 | + deleted_object = | |
2833 | + (struct acl_object_label *) | |
2834 | + acl_alloc(sizeof (struct acl_object_label)); | |
2835 | + deleted_inodev = | |
2836 | + (struct name_entry *) acl_alloc(sizeof (struct name_entry)); | |
2837 | + | |
2838 | + if (!deleted_subject || !deleted_object || !deleted_inodev) | |
2839 | + return 1; | |
2840 | + | |
2841 | + memset(deleted_subject, 0, sizeof (struct acl_subject_label)); | |
2842 | + memset(deleted_object, 0, sizeof (struct acl_object_label)); | |
2843 | + memset(deleted_inodev, 0, sizeof (struct name_entry)); | |
2844 | + | |
2845 | + /* We only want 50% full tables for now */ | |
2846 | + | |
2847 | + subj_map_set.s_hash = | |
2848 | + (struct subject_map **) create_table(&subj_map_set.s_size); | |
2849 | + acl_role_set.r_hash = | |
2850 | + (struct acl_role_label **) create_table(&acl_role_set.r_size); | |
2851 | + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size); | |
2852 | + inodev_set.n_hash = | |
2853 | + (struct name_entry **) create_table(&inodev_set.n_size); | |
2854 | + | |
2855 | + if (!subj_map_set.s_hash || !acl_role_set.r_hash || | |
2856 | + !name_set.n_hash || !inodev_set.n_hash) | |
2857 | + return 1; | |
2858 | + | |
2859 | + memset(subj_map_set.s_hash, 0, | |
2860 | + sizeof(struct subject_map *) * subj_map_set.s_size); | |
2861 | + memset(acl_role_set.r_hash, 0, | |
2862 | + sizeof (struct acl_role_label *) * acl_role_set.r_size); | |
2863 | + memset(name_set.n_hash, 0, | |
2864 | + sizeof (struct name_entry *) * name_set.n_size); | |
2865 | + memset(inodev_set.n_hash, 0, | |
2866 | + sizeof (struct name_entry *) * inodev_set.n_size); | |
2867 | + | |
2868 | + return 0; | |
2869 | +} | |
2870 | + | |
2871 | +/* free information not needed after startup | |
2872 | + currently contains user->kernel pointer mappings for subjects | |
2873 | +*/ | |
2874 | + | |
2875 | +static void | |
2876 | +free_init_variables(void) | |
2877 | +{ | |
2878 | + __u32 i; | |
2879 | + | |
2880 | + if (subj_map_set.s_hash) { | |
2881 | + for (i = 0; i < subj_map_set.s_size; i++) { | |
2882 | + if (subj_map_set.s_hash[i]) { | |
2883 | + kfree(subj_map_set.s_hash[i]); | |
2884 | + subj_map_set.s_hash[i] = NULL; | |
2885 | + } | |
2886 | + } | |
2887 | + | |
2888 | + if ((subj_map_set.s_size * sizeof (struct subject_map *)) <= | |
2889 | + PAGE_SIZE) | |
2890 | + kfree(subj_map_set.s_hash); | |
2891 | + else | |
2892 | + vfree(subj_map_set.s_hash); | |
2893 | + } | |
2894 | + | |
2895 | + return; | |
2896 | +} | |
2897 | + | |
2898 | +static void | |
2899 | +free_variables(void) | |
2900 | +{ | |
2901 | + struct acl_subject_label *s; | |
2902 | + struct acl_role_label *r; | |
2903 | + struct task_struct *task, *task2; | |
2904 | + | |
2905 | + gr_clear_learn_entries(); | |
2906 | + | |
2907 | + read_lock(&tasklist_lock); | |
2908 | + for_each_process(task) { | |
2909 | + task2 = task; | |
2910 | + do { | |
2911 | + task2->acl_sp_role = 0; | |
2912 | + task2->acl_role_id = 0; | |
2913 | + task2->acl = NULL; | |
2914 | + task2->role = NULL; | |
2915 | + } while ((task2 = next_thread(task2)) != task); | |
2916 | + } | |
2917 | + read_unlock(&tasklist_lock); | |
2918 | + | |
2919 | + /* free all object hash tables */ | |
2920 | + | |
2921 | + if (role_list_head) { | |
2922 | + for (r = role_list_head; r; r = r->next) { | |
2923 | + if (!r->subj_hash) | |
2924 | + break; | |
2925 | + for (s = r->hash->first; s; s = s->next) { | |
2926 | + if (!s->obj_hash) | |
2927 | + break; | |
2928 | + if ((s->obj_hash_size * | |
2929 | + sizeof (struct acl_object_label *)) <= | |
2930 | + PAGE_SIZE) | |
2931 | + kfree(s->obj_hash); | |
2932 | + else | |
2933 | + vfree(s->obj_hash); | |
2934 | + } | |
2935 | + if ((r->subj_hash_size * | |
2936 | + sizeof (struct acl_subject_label *)) <= PAGE_SIZE) | |
2937 | + kfree(r->subj_hash); | |
2938 | + else | |
2939 | + vfree(r->subj_hash); | |
2940 | + } | |
2941 | + } | |
2942 | + | |
2943 | + acl_free_all(); | |
2944 | + | |
2945 | + if (acl_role_set.r_hash) { | |
2946 | + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <= | |
2947 | + PAGE_SIZE) | |
2948 | + kfree(acl_role_set.r_hash); | |
2949 | + else | |
2950 | + vfree(acl_role_set.r_hash); | |
2951 | + } | |
2952 | + if (name_set.n_hash) { | |
2953 | + if ((name_set.n_size * sizeof (struct name_entry *)) <= | |
2954 | + PAGE_SIZE) | |
2955 | + kfree(name_set.n_hash); | |
2956 | + else | |
2957 | + vfree(name_set.n_hash); | |
2958 | + } | |
2959 | + | |
2960 | + if (inodev_set.n_hash) { | |
2961 | + if ((inodev_set.n_size * sizeof (struct name_entry *)) <= | |
2962 | + PAGE_SIZE) | |
2963 | + kfree(inodev_set.n_hash); | |
2964 | + else | |
2965 | + vfree(inodev_set.n_hash); | |
2966 | + } | |
2967 | + | |
2968 | + gr_free_uidset(); | |
2969 | + | |
2970 | + memset(&name_set, 0, sizeof (struct name_db)); | |
2971 | + memset(&inodev_set, 0, sizeof (struct name_db)); | |
2972 | + memset(&acl_role_set, 0, sizeof (struct acl_role_db)); | |
2973 | + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db)); | |
2974 | + | |
2975 | + role_list_head = NULL; | |
2976 | + default_role = NULL; | |
2977 | + | |
2978 | + return; | |
2979 | +} | |
2980 | + | |
2981 | +static __u32 | |
2982 | +count_user_objs(struct acl_object_label *userp) | |
2983 | +{ | |
2984 | + struct acl_object_label o_tmp; | |
2985 | + __u32 num = 0; | |
2986 | + | |
2987 | + while (userp) { | |
2988 | + if (copy_from_user(&o_tmp, userp, | |
2989 | + sizeof (struct acl_object_label))) | |
2990 | + break; | |
2991 | + | |
2992 | + userp = o_tmp.prev; | |
2993 | + num++; | |
2994 | + } | |
2995 | + | |
2996 | + return num; | |
2997 | +} | |
2998 | + | |
2999 | +static struct acl_subject_label * | |
3000 | +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role); | |
3001 | + | |
3002 | +static int | |
3003 | +copy_user_glob(struct acl_object_label *obj) | |
3004 | +{ | |
3005 | + struct acl_object_label *g_tmp, **guser, *glast = NULL; | |
3006 | + unsigned int len; | |
3007 | + char *tmp; | |
3008 | + | |
3009 | + if (obj->globbed == NULL) | |
3010 | + return 0; | |
3011 | + | |
3012 | + guser = &obj->globbed; | |
3013 | + while (*guser) { | |
3014 | + g_tmp = (struct acl_object_label *) | |
3015 | + acl_alloc(sizeof (struct acl_object_label)); | |
3016 | + if (g_tmp == NULL) | |
3017 | + return -ENOMEM; | |
3018 | + | |
3019 | + if (copy_from_user(g_tmp, *guser, | |
3020 | + sizeof (struct acl_object_label))) | |
3021 | + return -EFAULT; | |
3022 | + | |
3023 | + len = strnlen_user(g_tmp->filename, PATH_MAX); | |
3024 | + | |
3025 | + if (!len || len >= PATH_MAX) | |
3026 | + return -EINVAL; | |
3027 | + | |
3028 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
3029 | + return -ENOMEM; | |
3030 | + | |
3031 | + if (copy_from_user(tmp, g_tmp->filename, len)) | |
3032 | + return -EFAULT; | |
3033 | + | |
3034 | + g_tmp->filename = tmp; | |
3035 | + | |
3036 | + if (glast) | |
3037 | + glast->next = g_tmp; | |
3038 | + g_tmp->prev = glast; | |
3039 | + *guser = g_tmp; | |
3040 | + glast = g_tmp; | |
3041 | + guser = &((*guser)->next); | |
3042 | + } | |
3043 | + | |
3044 | + return 0; | |
3045 | +} | |
3046 | + | |
3047 | +static int | |
3048 | +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj, | |
3049 | + struct acl_role_label *role) | |
3050 | +{ | |
3051 | + struct acl_object_label *o_tmp; | |
3052 | + unsigned int len; | |
3053 | + int ret; | |
3054 | + char *tmp; | |
3055 | + | |
3056 | + while (userp) { | |
3057 | + if ((o_tmp = (struct acl_object_label *) | |
3058 | + acl_alloc(sizeof (struct acl_object_label))) == NULL) | |
3059 | + return -ENOMEM; | |
3060 | + | |
3061 | + if (copy_from_user(o_tmp, userp, | |
3062 | + sizeof (struct acl_object_label))) | |
3063 | + return -EFAULT; | |
3064 | + | |
3065 | + userp = o_tmp->prev; | |
3066 | + | |
3067 | + len = strnlen_user(o_tmp->filename, PATH_MAX); | |
3068 | + | |
3069 | + if (!len || len >= PATH_MAX) | |
3070 | + return -EINVAL; | |
3071 | + | |
3072 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
3073 | + return -ENOMEM; | |
3074 | + | |
3075 | + if (copy_from_user(tmp, o_tmp->filename, len)) | |
3076 | + return -EFAULT; | |
3077 | + | |
3078 | + o_tmp->filename = tmp; | |
3079 | + | |
3080 | + insert_acl_obj_label(o_tmp, subj); | |
3081 | + if (!insert_name_entry(o_tmp->filename, o_tmp->inode, | |
3082 | + o_tmp->device)) | |
3083 | + return -ENOMEM; | |
3084 | + | |
3085 | + ret = copy_user_glob(o_tmp); | |
3086 | + if (ret) | |
3087 | + return ret; | |
3088 | + | |
3089 | + if (o_tmp->nested) { | |
3090 | + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role); | |
3091 | + if (IS_ERR(o_tmp->nested)) | |
3092 | + return PTR_ERR(o_tmp->nested); | |
3093 | + | |
3094 | + s_final = o_tmp->nested; | |
3095 | + } | |
3096 | + } | |
3097 | + | |
3098 | + return 0; | |
3099 | +} | |
3100 | + | |
3101 | +static __u32 | |
3102 | +count_user_subjs(struct acl_subject_label *userp) | |
3103 | +{ | |
3104 | + struct acl_subject_label s_tmp; | |
3105 | + __u32 num = 0; | |
3106 | + | |
3107 | + while (userp) { | |
3108 | + if (copy_from_user(&s_tmp, userp, | |
3109 | + sizeof (struct acl_subject_label))) | |
3110 | + break; | |
3111 | + | |
3112 | + userp = s_tmp.prev; | |
3113 | + /* do not count nested subjects against this count, since | |
3114 | + they are not included in the hash table, but are | |
3115 | + attached to objects. We have already counted | |
3116 | + the subjects in userspace for the allocation | |
3117 | + stack | |
3118 | + */ | |
3119 | + if (!(s_tmp.mode & GR_NESTED)) | |
3120 | + num++; | |
3121 | + } | |
3122 | + | |
3123 | + return num; | |
3124 | +} | |
3125 | + | |
3126 | +static int | |
3127 | +copy_user_allowedips(struct acl_role_label *rolep) | |
3128 | +{ | |
3129 | + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast; | |
3130 | + | |
3131 | + ruserip = rolep->allowed_ips; | |
3132 | + | |
3133 | + while (ruserip) { | |
3134 | + rlast = rtmp; | |
3135 | + | |
3136 | + if ((rtmp = (struct role_allowed_ip *) | |
3137 | + acl_alloc(sizeof (struct role_allowed_ip))) == NULL) | |
3138 | + return -ENOMEM; | |
3139 | + | |
3140 | + if (copy_from_user(rtmp, ruserip, | |
3141 | + sizeof (struct role_allowed_ip))) | |
3142 | + return -EFAULT; | |
3143 | + | |
3144 | + ruserip = rtmp->prev; | |
3145 | + | |
3146 | + if (!rlast) { | |
3147 | + rtmp->prev = NULL; | |
3148 | + rolep->allowed_ips = rtmp; | |
3149 | + } else { | |
3150 | + rlast->next = rtmp; | |
3151 | + rtmp->prev = rlast; | |
3152 | + } | |
3153 | + | |
3154 | + if (!ruserip) | |
3155 | + rtmp->next = NULL; | |
3156 | + } | |
3157 | + | |
3158 | + return 0; | |
3159 | +} | |
3160 | + | |
3161 | +static int | |
3162 | +copy_user_transitions(struct acl_role_label *rolep) | |
3163 | +{ | |
3164 | + struct role_transition *rusertp, *rtmp = NULL, *rlast; | |
3165 | + unsigned int len; | |
3166 | + char *tmp; | |
3167 | + | |
3168 | + rusertp = rolep->transitions; | |
3169 | + | |
3170 | + while (rusertp) { | |
3171 | + rlast = rtmp; | |
3172 | + | |
3173 | + if ((rtmp = (struct role_transition *) | |
3174 | + acl_alloc(sizeof (struct role_transition))) == NULL) | |
3175 | + return -ENOMEM; | |
3176 | + | |
3177 | + if (copy_from_user(rtmp, rusertp, | |
3178 | + sizeof (struct role_transition))) | |
3179 | + return -EFAULT; | |
3180 | + | |
3181 | + rusertp = rtmp->prev; | |
3182 | + | |
3183 | + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN); | |
3184 | + | |
3185 | + if (!len || len >= GR_SPROLE_LEN) | |
3186 | + return -EINVAL; | |
3187 | + | |
3188 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
3189 | + return -ENOMEM; | |
3190 | + | |
3191 | + if (copy_from_user(tmp, rtmp->rolename, len)) | |
3192 | + return -EFAULT; | |
3193 | + | |
3194 | + rtmp->rolename = tmp; | |
3195 | + | |
3196 | + if (!rlast) { | |
3197 | + rtmp->prev = NULL; | |
3198 | + rolep->transitions = rtmp; | |
3199 | + } else { | |
3200 | + rlast->next = rtmp; | |
3201 | + rtmp->prev = rlast; | |
3202 | + } | |
3203 | + | |
3204 | + if (!rusertp) | |
3205 | + rtmp->next = NULL; | |
3206 | + } | |
3207 | + | |
3208 | + return 0; | |
3209 | +} | |
3210 | + | |
3211 | +static struct acl_subject_label * | |
3212 | +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role) | |
3213 | +{ | |
3214 | + struct acl_subject_label *s_tmp = NULL, *s_tmp2; | |
3215 | + unsigned int len; | |
3216 | + char *tmp; | |
3217 | + __u32 num_objs; | |
3218 | + struct acl_ip_label **i_tmp, *i_utmp2; | |
3219 | + struct gr_hash_struct ghash; | |
3220 | + struct subject_map *subjmap; | |
3221 | + unsigned long i_num; | |
3222 | + int err; | |
3223 | + | |
3224 | + s_tmp = lookup_subject_map(userp); | |
3225 | + | |
3226 | + /* we've already copied this subject into the kernel, just return | |
3227 | + the reference to it, and don't copy it over again | |
3228 | + */ | |
3229 | + if (s_tmp) | |
3230 | + return(s_tmp); | |
3231 | + | |
3232 | + | |
3233 | + if ((s_tmp = (struct acl_subject_label *) | |
3234 | + acl_alloc(sizeof (struct acl_subject_label))) == NULL) | |
3235 | + return ERR_PTR(-ENOMEM); | |
3236 | + | |
3237 | + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL); | |
3238 | + if (subjmap == NULL) | |
3239 | + return ERR_PTR(-ENOMEM); | |
3240 | + | |
3241 | + subjmap->user = userp; | |
3242 | + subjmap->kernel = s_tmp; | |
3243 | + insert_subj_map_entry(subjmap); | |
3244 | + | |
3245 | + if (copy_from_user(s_tmp, userp, | |
3246 | + sizeof (struct acl_subject_label))) | |
3247 | + return ERR_PTR(-EFAULT); | |
3248 | + | |
3249 | + if (!s_last) { | |
3250 | + s_tmp->prev = NULL; | |
3251 | + role->hash->first = s_tmp; | |
3252 | + } else { | |
3253 | + s_last->next = s_tmp; | |
3254 | + s_tmp->prev = s_last; | |
3255 | + } | |
3256 | + | |
3257 | + s_last = s_tmp; | |
3258 | + | |
3259 | + len = strnlen_user(s_tmp->filename, PATH_MAX); | |
3260 | + | |
3261 | + if (!len || len >= PATH_MAX) | |
3262 | + return ERR_PTR(-EINVAL); | |
3263 | + | |
3264 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
3265 | + return ERR_PTR(-ENOMEM); | |
3266 | + | |
3267 | + if (copy_from_user(tmp, s_tmp->filename, len)) | |
3268 | + return ERR_PTR(-EFAULT); | |
3269 | + | |
3270 | + s_tmp->filename = tmp; | |
3271 | + | |
3272 | + if (!strcmp(s_tmp->filename, "/")) | |
3273 | + role->root_label = s_tmp; | |
3274 | + | |
3275 | + if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct))) | |
3276 | + return ERR_PTR(-EFAULT); | |
3277 | + | |
3278 | + /* copy user and group transition tables */ | |
3279 | + | |
3280 | + if (s_tmp->user_trans_num) { | |
3281 | + uid_t *uidlist; | |
3282 | + | |
3283 | + uidlist = (uid_t *)acl_alloc(s_tmp->user_trans_num * sizeof(uid_t)); | |
3284 | + if (uidlist == NULL) | |
3285 | + return ERR_PTR(-ENOMEM); | |
3286 | + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t))) | |
3287 | + return ERR_PTR(-EFAULT); | |
3288 | + | |
3289 | + s_tmp->user_transitions = uidlist; | |
3290 | + } | |
3291 | + | |
3292 | + if (s_tmp->group_trans_num) { | |
3293 | + gid_t *gidlist; | |
3294 | + | |
3295 | + gidlist = (gid_t *)acl_alloc(s_tmp->group_trans_num * sizeof(gid_t)); | |
3296 | + if (gidlist == NULL) | |
3297 | + return ERR_PTR(-ENOMEM); | |
3298 | + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t))) | |
3299 | + return ERR_PTR(-EFAULT); | |
3300 | + | |
3301 | + s_tmp->group_transitions = gidlist; | |
3302 | + } | |
3303 | + | |
3304 | + /* set up object hash table */ | |
3305 | + num_objs = count_user_objs(ghash.first); | |
3306 | + | |
3307 | + s_tmp->obj_hash_size = num_objs; | |
3308 | + s_tmp->obj_hash = | |
3309 | + (struct acl_object_label **) | |
3310 | + create_table(&(s_tmp->obj_hash_size)); | |
3311 | + | |
3312 | + if (!s_tmp->obj_hash) | |
3313 | + return ERR_PTR(-ENOMEM); | |
3314 | + | |
3315 | + memset(s_tmp->obj_hash, 0, | |
3316 | + s_tmp->obj_hash_size * | |
3317 | + sizeof (struct acl_object_label *)); | |
3318 | + | |
3319 | + /* copy before adding in objects, since a nested | |
3320 | + acl could be found and be the final subject | |
3321 | + copied | |
3322 | + */ | |
3323 | + | |
3324 | + s_final = s_tmp; | |
3325 | + | |
3326 | + /* add in objects */ | |
3327 | + err = copy_user_objs(ghash.first, s_tmp, role); | |
3328 | + | |
3329 | + if (err) | |
3330 | + return ERR_PTR(err); | |
3331 | + | |
3332 | + /* set pointer for parent subject */ | |
3333 | + if (s_tmp->parent_subject) { | |
3334 | + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role); | |
3335 | + | |
3336 | + if (IS_ERR(s_tmp2)) | |
3337 | + return s_tmp2; | |
3338 | + | |
3339 | + s_tmp->parent_subject = s_tmp2; | |
3340 | + } | |
3341 | + | |
3342 | + /* add in ip acls */ | |
3343 | + | |
3344 | + if (!s_tmp->ip_num) { | |
3345 | + s_tmp->ips = NULL; | |
3346 | + goto insert; | |
3347 | + } | |
3348 | + | |
3349 | + i_tmp = | |
3350 | + (struct acl_ip_label **) acl_alloc(s_tmp->ip_num * | |
3351 | + sizeof (struct | |
3352 | + acl_ip_label *)); | |
3353 | + | |
3354 | + if (!i_tmp) | |
3355 | + return ERR_PTR(-ENOMEM); | |
3356 | + | |
3357 | + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) { | |
3358 | + *(i_tmp + i_num) = | |
3359 | + (struct acl_ip_label *) | |
3360 | + acl_alloc(sizeof (struct acl_ip_label)); | |
3361 | + if (!*(i_tmp + i_num)) | |
3362 | + return ERR_PTR(-ENOMEM); | |
3363 | + | |
3364 | + if (copy_from_user | |
3365 | + (&i_utmp2, s_tmp->ips + i_num, | |
3366 | + sizeof (struct acl_ip_label *))) | |
3367 | + return ERR_PTR(-EFAULT); | |
3368 | + | |
3369 | + if (copy_from_user | |
3370 | + (*(i_tmp + i_num), i_utmp2, | |
3371 | + sizeof (struct acl_ip_label))) | |
3372 | + return ERR_PTR(-EFAULT); | |
3373 | + } | |
3374 | + | |
3375 | + s_tmp->ips = i_tmp; | |
3376 | + | |
3377 | +insert: | |
3378 | + if (!insert_name_entry(s_tmp->filename, s_tmp->inode, | |
3379 | + s_tmp->device)) | |
3380 | + return ERR_PTR(-ENOMEM); | |
3381 | + | |
3382 | + return s_tmp; | |
3383 | +} | |
3384 | + | |
3385 | +static int | |
3386 | +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role) | |
3387 | +{ | |
3388 | + struct acl_subject_label s_pre; | |
3389 | + struct acl_subject_label * ret; | |
3390 | + int err; | |
3391 | + | |
3392 | + while (userp) { | |
3393 | + if (copy_from_user(&s_pre, userp, | |
3394 | + sizeof (struct acl_subject_label))) | |
3395 | + return -EFAULT; | |
3396 | + | |
3397 | + /* do not add nested subjects here, add | |
3398 | + while parsing objects | |
3399 | + */ | |
3400 | + | |
3401 | + if (s_pre.mode & GR_NESTED) { | |
3402 | + userp = s_pre.prev; | |
3403 | + continue; | |
3404 | + } | |
3405 | + | |
3406 | + ret = do_copy_user_subj(userp, role); | |
3407 | + | |
3408 | + err = PTR_ERR(ret); | |
3409 | + if (IS_ERR(ret)) | |
3410 | + return err; | |
3411 | + | |
3412 | + insert_acl_subj_label(ret, role); | |
3413 | + | |
3414 | + userp = s_pre.prev; | |
3415 | + } | |
3416 | + | |
3417 | + s_final->next = NULL; | |
3418 | + | |
3419 | + return 0; | |
3420 | +} | |
3421 | + | |
3422 | +static int | |
3423 | +copy_user_acl(struct gr_arg *arg) | |
3424 | +{ | |
3425 | + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2, *r_last; | |
3426 | + struct sprole_pw *sptmp; | |
3427 | + struct gr_hash_struct *ghash; | |
3428 | + unsigned long r_num; | |
3429 | + unsigned int len; | |
3430 | + char *tmp; | |
3431 | + int err = 0; | |
3432 | + __u16 i; | |
3433 | + __u32 num_subjs; | |
3434 | + | |
3435 | + /* we need a default and kernel role */ | |
3436 | + if (arg->role_db.r_entries < 2) | |
3437 | + return -EINVAL; | |
3438 | + | |
3439 | + /* copy special role authentication info from userspace */ | |
3440 | + | |
3441 | + num_sprole_pws = arg->num_sprole_pws; | |
3442 | + acl_special_roles = (struct sprole_pw **) acl_alloc(num_sprole_pws * sizeof(struct sprole_pw *)); | |
3443 | + | |
3444 | + if (!acl_special_roles) { | |
3445 | + err = -ENOMEM; | |
3446 | + goto cleanup; | |
3447 | + } | |
3448 | + | |
3449 | + for (i = 0; i < num_sprole_pws; i++) { | |
3450 | + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); | |
3451 | + if (!sptmp) { | |
3452 | + err = -ENOMEM; | |
3453 | + goto cleanup; | |
3454 | + } | |
3455 | + if (copy_from_user(sptmp, arg->sprole_pws + i, | |
3456 | + sizeof (struct sprole_pw))) { | |
3457 | + err = -EFAULT; | |
3458 | + goto cleanup; | |
3459 | + } | |
3460 | + | |
3461 | + len = | |
3462 | + strnlen_user(sptmp->rolename, GR_SPROLE_LEN); | |
3463 | + | |
3464 | + if (!len || len >= GR_SPROLE_LEN) { | |
3465 | + err = -EINVAL; | |
3466 | + goto cleanup; | |
3467 | + } | |
3468 | + | |
3469 | + if ((tmp = (char *) acl_alloc(len)) == NULL) { | |
3470 | + err = -ENOMEM; | |
3471 | + goto cleanup; | |
3472 | + } | |
3473 | + | |
3474 | + if (copy_from_user(tmp, sptmp->rolename, len)) { | |
3475 | + err = -EFAULT; | |
3476 | + goto cleanup; | |
3477 | + } | |
3478 | + | |
3479 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
3480 | + printk(KERN_ALERT "Copying special role %s\n", tmp); | |
3481 | +#endif | |
3482 | + sptmp->rolename = tmp; | |
3483 | + acl_special_roles[i] = sptmp; | |
3484 | + } | |
3485 | + | |
3486 | + r_utmp = (struct acl_role_label **) arg->role_db.r_table; | |
3487 | + | |
3488 | + for (r_num = 0; r_num < arg->role_db.r_entries; r_num++) { | |
3489 | + r_last = r_tmp; | |
3490 | + | |
3491 | + r_tmp = acl_alloc(sizeof (struct acl_role_label)); | |
3492 | + | |
3493 | + if (!r_tmp) { | |
3494 | + err = -ENOMEM; | |
3495 | + goto cleanup; | |
3496 | + } | |
3497 | + | |
3498 | + if (copy_from_user(&r_utmp2, r_utmp + r_num, | |
3499 | + sizeof (struct acl_role_label *))) { | |
3500 | + err = -EFAULT; | |
3501 | + goto cleanup; | |
3502 | + } | |
3503 | + | |
3504 | + if (copy_from_user(r_tmp, r_utmp2, | |
3505 | + sizeof (struct acl_role_label))) { | |
3506 | + err = -EFAULT; | |
3507 | + goto cleanup; | |
3508 | + } | |
3509 | + | |
3510 | + if (!r_last) { | |
3511 | + r_tmp->prev = NULL; | |
3512 | + role_list_head = r_tmp; | |
3513 | + } else { | |
3514 | + r_last->next = r_tmp; | |
3515 | + r_tmp->prev = r_last; | |
3516 | + } | |
3517 | + | |
3518 | + if (r_num == (arg->role_db.r_entries - 1)) | |
3519 | + r_tmp->next = NULL; | |
3520 | + | |
3521 | + len = strnlen_user(r_tmp->rolename, PATH_MAX); | |
3522 | + | |
3523 | + if (!len || len >= PATH_MAX) { | |
3524 | + err = -EINVAL; | |
3525 | + goto cleanup; | |
3526 | + } | |
3527 | + | |
3528 | + if ((tmp = (char *) acl_alloc(len)) == NULL) { | |
3529 | + err = -ENOMEM; | |
3530 | + goto cleanup; | |
3531 | + } | |
3532 | + if (copy_from_user(tmp, r_tmp->rolename, len)) { | |
3533 | + err = -EFAULT; | |
3534 | + goto cleanup; | |
3535 | + } | |
3536 | + r_tmp->rolename = tmp; | |
3537 | + | |
3538 | + if (!strcmp(r_tmp->rolename, "default") | |
3539 | + && (r_tmp->roletype & GR_ROLE_DEFAULT)) { | |
3540 | + default_role = r_tmp; | |
3541 | + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) { | |
3542 | + kernel_role = r_tmp; | |
3543 | + } | |
3544 | + | |
3545 | + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) { | |
3546 | + err = -ENOMEM; | |
3547 | + goto cleanup; | |
3548 | + } | |
3549 | + if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) { | |
3550 | + err = -EFAULT; | |
3551 | + goto cleanup; | |
3552 | + } | |
3553 | + | |
3554 | + r_tmp->hash = ghash; | |
3555 | + | |
3556 | + num_subjs = count_user_subjs(r_tmp->hash->first); | |
3557 | + | |
3558 | + r_tmp->subj_hash_size = num_subjs; | |
3559 | + r_tmp->subj_hash = | |
3560 | + (struct acl_subject_label **) | |
3561 | + create_table(&(r_tmp->subj_hash_size)); | |
3562 | + | |
3563 | + if (!r_tmp->subj_hash) { | |
3564 | + err = -ENOMEM; | |
3565 | + goto cleanup; | |
3566 | + } | |
3567 | + | |
3568 | + err = copy_user_allowedips(r_tmp); | |
3569 | + if (err) | |
3570 | + goto cleanup; | |
3571 | + | |
3572 | + err = copy_user_transitions(r_tmp); | |
3573 | + if (err) | |
3574 | + goto cleanup; | |
3575 | + | |
3576 | + memset(r_tmp->subj_hash, 0, | |
3577 | + r_tmp->subj_hash_size * | |
3578 | + sizeof (struct acl_subject_label *)); | |
3579 | + | |
3580 | + s_last = NULL; | |
3581 | + | |
3582 | + err = copy_user_subjs(r_tmp->hash->first, r_tmp); | |
3583 | + | |
3584 | + if (err) | |
3585 | + goto cleanup; | |
3586 | + | |
3587 | + insert_acl_role_label(r_tmp); | |
3588 | + } | |
3589 | + | |
3590 | + goto return_err; | |
3591 | + cleanup: | |
3592 | + free_variables(); | |
3593 | + return_err: | |
3594 | + return err; | |
3595 | + | |
3596 | +} | |
3597 | + | |
3598 | +static int | |
3599 | +gracl_init(struct gr_arg *args) | |
3600 | +{ | |
3601 | + int error = 0; | |
3602 | + | |
3603 | + memcpy(gr_system_salt, args->salt, GR_SALT_LEN); | |
3604 | + memcpy(gr_system_sum, args->sum, GR_SHA_LEN); | |
3605 | + | |
3606 | + if (init_variables(args->role_db.o_entries, args->role_db.g_entries, | |
3607 | + args->role_db.s_entries, args->role_db.i_entries, | |
3608 | + args->role_db.r_entries, args->role_db.a_entries, | |
3609 | + args->role_db.t_entries, args->num_sprole_pws)) { | |
3610 | + security_alert_good(GR_INITF_ACL_MSG, GR_VERSION); | |
3611 | + error = -ENOMEM; | |
3612 | + free_variables(); | |
3613 | + goto out; | |
3614 | + } | |
3615 | + | |
3616 | + error = copy_user_acl(args); | |
3617 | + free_init_variables(); | |
3618 | + if (error) { | |
3619 | + free_variables(); | |
3620 | + goto out; | |
3621 | + } | |
3622 | + | |
3623 | + if ((error = gr_set_acls(0))) { | |
3624 | + free_variables(); | |
3625 | + goto out; | |
3626 | + } | |
3627 | + | |
3628 | + gr_status |= GR_READY; | |
3629 | + out: | |
3630 | + return error; | |
3631 | +} | |
3632 | + | |
3633 | +static int | |
3634 | +glob_match(char *pattern, char *string) | |
3635 | +{ | |
3636 | + char *p1, *p2; | |
3637 | + | |
3638 | + p1 = pattern; | |
3639 | + p2 = string; | |
3640 | + | |
3641 | + while (*p1 != '\0' && *p2 != '\0' && *p1 != '*') { | |
3642 | + if (*p1 == *p2 || *p1 == '?') { | |
3643 | + p1++; | |
3644 | + p2++; | |
3645 | + } else | |
3646 | + break; | |
3647 | + } | |
3648 | + if (*p1 == '*') { | |
3649 | + p1++; | |
3650 | + while (*p2 != '\0') { | |
3651 | + if (!glob_match(p1, p2)) | |
3652 | + return 0; | |
3653 | + else | |
3654 | + p2++; | |
3655 | + } | |
3656 | + } | |
3657 | + | |
3658 | + if (*p2 == '\0' && *p1 == '*') | |
3659 | + while (*p1 == '*') | |
3660 | + p1++; | |
3661 | + | |
3662 | + if (*p1 == '\0' && *p2 == '\0') | |
3663 | + return 0; | |
3664 | + else | |
3665 | + return 1; | |
3666 | +} | |
3667 | + | |
3668 | +static struct acl_object_label * | |
3669 | +chk_glob_label(struct acl_object_label *globbed, | |
3670 | + struct dentry *dentry, struct vfsmount *mnt, char **path) | |
3671 | +{ | |
3672 | + struct acl_object_label *tmp; | |
3673 | + | |
3674 | + if (*path == NULL) | |
3675 | + *path = gr_to_filename_nolock(dentry, mnt); | |
3676 | + | |
3677 | + tmp = globbed; | |
3678 | + | |
3679 | + while (tmp) { | |
3680 | + if (!glob_match(tmp->filename, *path)) | |
3681 | + return tmp; | |
3682 | + tmp = tmp->next; | |
3683 | + } | |
3684 | + | |
3685 | + return NULL; | |
3686 | +} | |
3687 | + | |
3688 | +static __inline__ struct acl_object_label * | |
3689 | +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, | |
3690 | + struct dentry *curr_dentry, | |
3691 | + const struct acl_subject_label *subj, char **path) | |
3692 | +{ | |
3693 | + struct acl_subject_label *tmpsubj; | |
3694 | + struct acl_object_label *retval; | |
3695 | + struct acl_object_label *retval2; | |
3696 | + | |
3697 | + tmpsubj = (struct acl_subject_label *) subj; | |
3698 | + read_lock(&gr_inode_lock); | |
3699 | + do { | |
3700 | + retval = lookup_acl_obj_label(curr_dentry->d_inode->i_ino, | |
3701 | + curr_dentry->d_inode->i_sb->s_dev, tmpsubj); | |
3702 | + if (retval) { | |
3703 | + if (retval->globbed) { | |
3704 | + retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry, | |
3705 | + (struct vfsmount *)orig_mnt, path); | |
3706 | + if (retval2) | |
3707 | + retval = retval2; | |
3708 | + } | |
3709 | + break; | |
3710 | + } | |
3711 | + } while ((tmpsubj = tmpsubj->parent_subject)); | |
3712 | + read_unlock(&gr_inode_lock); | |
3713 | + | |
3714 | + return retval; | |
3715 | +} | |
3716 | + | |
3717 | +static struct acl_object_label * | |
3718 | +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
3719 | + const struct acl_subject_label *subj) | |
3720 | +{ | |
3721 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
3722 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
3723 | + struct dentry *root; | |
3724 | + struct vfsmount *rootmnt; | |
3725 | + struct acl_object_label *retval; | |
3726 | + char *path = NULL; | |
3727 | + | |
3728 | + read_lock(&child_reaper->fs->lock); | |
3729 | + rootmnt = mntget(child_reaper->fs->rootmnt); | |
3730 | + root = dget(child_reaper->fs->root); | |
3731 | + read_unlock(&child_reaper->fs->lock); | |
3732 | + spin_lock(&dcache_lock); | |
3733 | + | |
3734 | + for (;;) { | |
3735 | + if (dentry == root && mnt == rootmnt) | |
3736 | + break; | |
3737 | + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { | |
3738 | + if (mnt->mnt_parent == mnt) | |
3739 | + break; | |
3740 | + | |
3741 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
3742 | + if (retval != NULL) | |
3743 | + goto out; | |
3744 | + | |
3745 | + dentry = mnt->mnt_mountpoint; | |
3746 | + mnt = mnt->mnt_parent; | |
3747 | + continue; | |
3748 | + } | |
3749 | + | |
3750 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
3751 | + if (retval != NULL) | |
3752 | + goto out; | |
3753 | + | |
3754 | + dentry = dentry->d_parent; | |
3755 | + } | |
3756 | + | |
3757 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
3758 | + | |
3759 | + if (retval == NULL) | |
3760 | + retval = full_lookup(l_dentry, l_mnt, root, subj, &path); | |
3761 | +out: | |
3762 | + spin_unlock(&dcache_lock); | |
3763 | + dput(root); | |
3764 | + mntput(rootmnt); | |
3765 | + | |
3766 | + return retval; | |
3767 | +} | |
3768 | + | |
3769 | +static struct acl_object_label * | |
3770 | +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
3771 | + const struct acl_subject_label *subj, char *path) | |
3772 | +{ | |
3773 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
3774 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
3775 | + struct dentry *root; | |
3776 | + struct vfsmount *rootmnt; | |
3777 | + struct acl_object_label *retval; | |
3778 | + | |
3779 | + read_lock(&child_reaper->fs->lock); | |
3780 | + rootmnt = mntget(child_reaper->fs->rootmnt); | |
3781 | + root = dget(child_reaper->fs->root); | |
3782 | + read_unlock(&child_reaper->fs->lock); | |
3783 | + spin_lock(&dcache_lock); | |
3784 | + | |
3785 | + for (;;) { | |
3786 | + if (dentry == root && mnt == rootmnt) | |
3787 | + break; | |
3788 | + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { | |
3789 | + if (mnt->mnt_parent == mnt) | |
3790 | + break; | |
3791 | + | |
3792 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
3793 | + if (retval != NULL) | |
3794 | + goto out; | |
3795 | + | |
3796 | + dentry = mnt->mnt_mountpoint; | |
3797 | + mnt = mnt->mnt_parent; | |
3798 | + continue; | |
3799 | + } | |
3800 | + | |
3801 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
3802 | + if (retval != NULL) | |
3803 | + goto out; | |
3804 | + | |
3805 | + dentry = dentry->d_parent; | |
3806 | + } | |
3807 | + | |
3808 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
3809 | + | |
3810 | + if (retval == NULL) | |
3811 | + retval = full_lookup(l_dentry, l_mnt, root, subj, &path); | |
3812 | +out: | |
3813 | + spin_unlock(&dcache_lock); | |
3814 | + dput(root); | |
3815 | + mntput(rootmnt); | |
3816 | + | |
3817 | + return retval; | |
3818 | +} | |
3819 | + | |
3820 | +static struct acl_subject_label * | |
3821 | +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
3822 | + const struct acl_role_label *role) | |
3823 | +{ | |
3824 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
3825 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
3826 | + struct dentry *root; | |
3827 | + struct vfsmount *rootmnt; | |
3828 | + struct acl_subject_label *retval; | |
3829 | + | |
3830 | + read_lock(&child_reaper->fs->lock); | |
3831 | + rootmnt = mntget(child_reaper->fs->rootmnt); | |
3832 | + root = dget(child_reaper->fs->root); | |
3833 | + read_unlock(&child_reaper->fs->lock); | |
3834 | + spin_lock(&dcache_lock); | |
3835 | + | |
3836 | + for (;;) { | |
3837 | + if (unlikely(dentry == root && mnt == rootmnt)) | |
3838 | + break; | |
3839 | + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) { | |
3840 | + if (mnt->mnt_parent == mnt) | |
3841 | + break; | |
3842 | + | |
3843 | + read_lock(&gr_inode_lock); | |
3844 | + retval = | |
3845 | + lookup_acl_subj_label(dentry->d_inode->i_ino, | |
3846 | + dentry->d_inode->i_sb->s_dev, role); | |
3847 | + read_unlock(&gr_inode_lock); | |
3848 | + if (unlikely(retval != NULL)) | |
3849 | + goto out; | |
3850 | + | |
3851 | + dentry = mnt->mnt_mountpoint; | |
3852 | + mnt = mnt->mnt_parent; | |
3853 | + continue; | |
3854 | + } | |
3855 | + | |
3856 | + read_lock(&gr_inode_lock); | |
3857 | + retval = | |
3858 | + lookup_acl_subj_label(dentry->d_inode->i_ino, | |
3859 | + dentry->d_inode->i_sb->s_dev, role); | |
3860 | + read_unlock(&gr_inode_lock); | |
3861 | + if (unlikely(retval != NULL)) | |
3862 | + goto out; | |
3863 | + | |
3864 | + dentry = dentry->d_parent; | |
3865 | + } | |
3866 | + | |
3867 | + read_lock(&gr_inode_lock); | |
3868 | + retval = | |
3869 | + lookup_acl_subj_label(dentry->d_inode->i_ino, | |
3870 | + dentry->d_inode->i_sb->s_dev, role); | |
3871 | + read_unlock(&gr_inode_lock); | |
3872 | + | |
3873 | + if (unlikely(retval == NULL)) { | |
3874 | + read_lock(&gr_inode_lock); | |
3875 | + retval = | |
3876 | + lookup_acl_subj_label(root->d_inode->i_ino, | |
3877 | + root->d_inode->i_sb->s_dev, role); | |
3878 | + read_unlock(&gr_inode_lock); | |
3879 | + } | |
3880 | + out: | |
3881 | + spin_unlock(&dcache_lock); | |
3882 | + dput(root); | |
3883 | + mntput(rootmnt); | |
3884 | + | |
3885 | + return retval; | |
3886 | +} | |
3887 | + | |
3888 | +static __inline__ void | |
3889 | +gr_log_learn(const struct acl_role_label *role, const uid_t uid, const gid_t gid, | |
3890 | + const struct task_struct *task, const char *pathname, | |
3891 | + const __u32 mode) | |
3892 | +{ | |
3893 | + security_learn(GR_LEARN_AUDIT_MSG, role->rolename, role->roletype, | |
3894 | + uid, gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry, | |
3895 | + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename, | |
3896 | + 1, 1, pathname, (unsigned long) mode, NIPQUAD(task->curr_ip)); | |
3897 | + | |
3898 | + return; | |
3899 | +} | |
3900 | + | |
3901 | +__u32 | |
3902 | +gr_check_link(const struct dentry * new_dentry, | |
3903 | + const struct dentry * parent_dentry, | |
3904 | + const struct vfsmount * parent_mnt, | |
3905 | + const struct dentry * old_dentry, const struct vfsmount * old_mnt) | |
3906 | +{ | |
3907 | + struct acl_object_label *obj; | |
3908 | + __u32 oldmode, newmode; | |
3909 | + | |
3910 | + if (unlikely(!(gr_status & GR_READY))) | |
3911 | + return (GR_WRITE | GR_CREATE); | |
3912 | + | |
3913 | + obj = chk_obj_label(old_dentry, old_mnt, current->acl); | |
3914 | + oldmode = obj->mode; | |
3915 | + | |
3916 | + if (current->acl->mode & GR_LEARN) | |
3917 | + oldmode |= (GR_WRITE | GR_CREATE); | |
3918 | + newmode = | |
3919 | + gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
3920 | + oldmode | GR_CREATE | GR_AUDIT_CREATE | | |
3921 | + GR_AUDIT_WRITE | GR_SUPPRESS); | |
3922 | + | |
3923 | + if ((newmode & oldmode) == oldmode) | |
3924 | + return newmode; | |
3925 | + else if (current->acl->mode & GR_LEARN) { | |
3926 | + gr_log_learn(current->role, current->uid, current->gid, | |
3927 | + current, gr_to_filename(old_dentry, old_mnt), oldmode); | |
3928 | + return (GR_WRITE | GR_CREATE); | |
3929 | + } else if (newmode & GR_SUPPRESS) | |
3930 | + return GR_SUPPRESS; | |
3931 | + else | |
3932 | + return 0; | |
3933 | +} | |
3934 | + | |
3935 | +__u32 | |
3936 | +gr_search_file(const struct dentry * dentry, const __u32 mode, | |
3937 | + const struct vfsmount * mnt) | |
3938 | +{ | |
3939 | + __u32 retval = mode; | |
3940 | + struct acl_subject_label *curracl; | |
3941 | + struct acl_object_label *currobj; | |
3942 | + | |
3943 | + if (unlikely(!(gr_status & GR_READY))) | |
3944 | + return (mode & ~GR_AUDITS); | |
3945 | + | |
3946 | + curracl = current->acl; | |
3947 | + | |
3948 | + currobj = chk_obj_label(dentry, mnt, curracl); | |
3949 | + retval = currobj->mode & mode; | |
3950 | + | |
3951 | + if (unlikely | |
3952 | + ((curracl->mode & GR_LEARN) && !(mode & GR_NOPTRACE) | |
3953 | + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) { | |
3954 | + __u32 new_mode = mode; | |
3955 | + | |
3956 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
3957 | + | |
3958 | + retval = new_mode; | |
3959 | + | |
3960 | + if (!(mode & GR_NOLEARN)) | |
3961 | + gr_log_learn(current->role, current->uid, current->gid, | |
3962 | + current, gr_to_filename(dentry, mnt), new_mode); | |
3963 | + } | |
3964 | + | |
3965 | + return retval; | |
3966 | +} | |
3967 | + | |
3968 | +__u32 | |
3969 | +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent, | |
3970 | + const struct vfsmount * mnt, const __u32 mode) | |
3971 | +{ | |
3972 | + struct name_entry *match; | |
3973 | + struct acl_object_label *matchpo; | |
3974 | + struct acl_subject_label *curracl; | |
3975 | + char *path; | |
3976 | + __u32 retval; | |
3977 | + | |
3978 | + if (unlikely(!(gr_status & GR_READY))) | |
3979 | + return (mode & ~GR_AUDITS); | |
3980 | + | |
3981 | + preempt_disable(); | |
3982 | + path = gr_to_filename(new_dentry, mnt); | |
3983 | + match = lookup_name_entry(path); | |
3984 | + | |
3985 | + if (!match) | |
3986 | + goto check_parent; | |
3987 | + | |
3988 | + curracl = current->acl; | |
3989 | + | |
3990 | + read_lock(&gr_inode_lock); | |
3991 | + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl); | |
3992 | + read_unlock(&gr_inode_lock); | |
3993 | + | |
3994 | + if (matchpo) { | |
3995 | + if ((matchpo->mode & mode) != | |
3996 | + (mode & ~(GR_AUDITS | GR_SUPPRESS)) | |
3997 | + && curracl->mode & GR_LEARN) { | |
3998 | + __u32 new_mode = mode; | |
3999 | + | |
4000 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
4001 | + | |
4002 | + gr_log_learn(current->role, current->uid, current->gid, | |
4003 | + current, gr_to_filename(new_dentry, mnt), new_mode); | |
4004 | + | |
4005 | + preempt_enable(); | |
4006 | + return new_mode; | |
4007 | + } | |
4008 | + preempt_enable(); | |
4009 | + return (matchpo->mode & mode); | |
4010 | + } | |
4011 | + | |
4012 | + check_parent: | |
4013 | + curracl = current->acl; | |
4014 | + | |
4015 | + matchpo = chk_obj_create_label(parent, mnt, curracl, path); | |
4016 | + retval = matchpo->mode & mode; | |
4017 | + | |
4018 | + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))) | |
4019 | + && (curracl->mode & GR_LEARN)) { | |
4020 | + __u32 new_mode = mode; | |
4021 | + | |
4022 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
4023 | + | |
4024 | + gr_log_learn(current->role, current->uid, current->gid, | |
4025 | + current, gr_to_filename(new_dentry, mnt), new_mode); | |
4026 | + preempt_enable(); | |
4027 | + return new_mode; | |
4028 | + } | |
4029 | + | |
4030 | + preempt_enable(); | |
4031 | + return retval; | |
4032 | +} | |
4033 | + | |
4034 | +int | |
4035 | +gr_check_hidden_task(const struct task_struct *task) | |
4036 | +{ | |
4037 | + if (unlikely(!(gr_status & GR_READY))) | |
4038 | + return 0; | |
4039 | + | |
4040 | + if (!(task->acl->mode & GR_FIND) && !(current->acl->mode & GR_VIEW)) | |
4041 | + return 1; | |
4042 | + | |
4043 | + return 0; | |
4044 | +} | |
4045 | + | |
4046 | +int | |
4047 | +gr_check_protected_task(const struct task_struct *task) | |
4048 | +{ | |
4049 | + if (unlikely(!(gr_status & GR_READY) || !task)) | |
4050 | + return 0; | |
4051 | + | |
4052 | + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL)) | |
4053 | + return 1; | |
4054 | + | |
4055 | + return 0; | |
4056 | +} | |
4057 | + | |
4058 | +__inline__ void | |
4059 | +gr_copy_label(struct task_struct *tsk) | |
4060 | +{ | |
4061 | + tsk->used_accept = 0; | |
4062 | + tsk->acl_sp_role = 0; | |
4063 | + tsk->acl_role_id = current->acl_role_id; | |
4064 | + tsk->acl = current->acl; | |
4065 | + tsk->role = current->role; | |
4066 | + tsk->curr_ip = current->curr_ip; | |
4067 | + if (current->exec_file) | |
4068 | + get_file(current->exec_file); | |
4069 | + tsk->exec_file = current->exec_file; | |
4070 | + tsk->is_writable = current->is_writable; | |
4071 | + if (unlikely(current->used_accept)) | |
4072 | + current->curr_ip = 0; | |
4073 | + | |
4074 | + return; | |
4075 | +} | |
4076 | + | |
4077 | +static __inline__ void | |
4078 | +gr_set_proc_res(void) | |
4079 | +{ | |
4080 | + struct acl_subject_label *proc; | |
4081 | + unsigned short i; | |
4082 | + | |
4083 | + proc = current->acl; | |
4084 | + | |
4085 | + if (proc->mode & GR_LEARN) | |
4086 | + return; | |
4087 | + | |
4088 | + for (i = 0; i < RLIM_NLIMITS; i++) { | |
4089 | + if (!(proc->resmask & (1 << i))) | |
4090 | + continue; | |
4091 | + | |
4092 | + current->rlim[i].rlim_cur = proc->res[i].rlim_cur; | |
4093 | + current->rlim[i].rlim_max = proc->res[i].rlim_max; | |
4094 | + } | |
4095 | + | |
4096 | + return; | |
4097 | +} | |
4098 | + | |
4099 | +static __inline__ void | |
4100 | +do_set_role_label(struct task_struct *task, const uid_t uid, const gid_t gid) | |
4101 | +{ | |
4102 | + task->role = lookup_acl_role_label(task, uid, gid); | |
4103 | + | |
4104 | + return; | |
4105 | +} | |
4106 | + | |
4107 | +int | |
4108 | +gr_check_user_change(int real, int effective, int fs) | |
4109 | +{ | |
4110 | + unsigned int i; | |
4111 | + __u16 num; | |
4112 | + uid_t *uidlist; | |
4113 | + int curuid; | |
4114 | + int realok = 0; | |
4115 | + int effectiveok = 0; | |
4116 | + int fsok = 0; | |
4117 | + | |
4118 | + if (unlikely(!(gr_status & GR_READY))) | |
4119 | + return 0; | |
4120 | + | |
4121 | + num = current->acl->user_trans_num; | |
4122 | + uidlist = current->acl->user_transitions; | |
4123 | + | |
4124 | + if (uidlist == NULL) | |
4125 | + return 0; | |
4126 | + | |
4127 | + if (real == -1) | |
4128 | + realok = 1; | |
4129 | + if (effective == -1) | |
4130 | + effectiveok = 1; | |
4131 | + if (fs == -1) | |
4132 | + fsok = 1; | |
4133 | + | |
4134 | + if (current->acl->user_trans_type & GR_ID_ALLOW) { | |
4135 | + for (i = 0; i < num; i++) { | |
4136 | + curuid = (int)uidlist[i]; | |
4137 | + if (real == curuid) | |
4138 | + realok = 1; | |
4139 | + if (effective == curuid) | |
4140 | + effectiveok = 1; | |
4141 | + if (fs == curuid) | |
4142 | + fsok = 1; | |
4143 | + } | |
4144 | + } else if (current->acl->user_trans_type & GR_ID_DENY) { | |
4145 | + for (i = 0; i < num; i++) { | |
4146 | + curuid = (int)uidlist[i]; | |
4147 | + if (real == curuid) | |
4148 | + break; | |
4149 | + if (effective == curuid) | |
4150 | + break; | |
4151 | + if (fs == curuid) | |
4152 | + break; | |
4153 | + } | |
4154 | + /* not in deny list */ | |
4155 | + if (i == num) { | |
4156 | + realok = 1; | |
4157 | + effectiveok = 1; | |
4158 | + fsok = 1; | |
4159 | + } | |
4160 | + } | |
4161 | + | |
4162 | + if (realok && effectiveok && fsok) | |
4163 | + return 0; | |
4164 | + else { | |
4165 | + security_alert(GR_USRCHANGE_ACL_MSG, | |
4166 | + realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real, DEFAULTSECARGS); | |
4167 | + return 1; | |
4168 | + } | |
4169 | +} | |
4170 | + | |
4171 | +int | |
4172 | +gr_check_group_change(int real, int effective, int fs) | |
4173 | +{ | |
4174 | + unsigned int i; | |
4175 | + __u16 num; | |
4176 | + gid_t *gidlist; | |
4177 | + int curgid; | |
4178 | + int realok = 0; | |
4179 | + int effectiveok = 0; | |
4180 | + int fsok = 0; | |
4181 | + | |
4182 | + if (unlikely(!(gr_status & GR_READY))) | |
4183 | + return 0; | |
4184 | + | |
4185 | + num = current->acl->group_trans_num; | |
4186 | + gidlist = current->acl->group_transitions; | |
4187 | + | |
4188 | + if (gidlist == NULL) | |
4189 | + return 0; | |
4190 | + | |
4191 | + if (real == -1) | |
4192 | + realok = 1; | |
4193 | + if (effective == -1) | |
4194 | + effectiveok = 1; | |
4195 | + if (fs == -1) | |
4196 | + fsok = 1; | |
4197 | + | |
4198 | + if (current->acl->group_trans_type & GR_ID_ALLOW) { | |
4199 | + for (i = 0; i < num; i++) { | |
4200 | + curgid = (int)gidlist[i]; | |
4201 | + if (real == curgid) | |
4202 | + realok = 1; | |
4203 | + if (effective == curgid) | |
4204 | + effectiveok = 1; | |
4205 | + if (fs == curgid) | |
4206 | + fsok = 1; | |
4207 | + } | |
4208 | + } else if (current->acl->group_trans_type & GR_ID_DENY) { | |
4209 | + for (i = 0; i < num; i++) { | |
4210 | + curgid = (int)gidlist[i]; | |
4211 | + if (real == curgid) | |
4212 | + break; | |
4213 | + if (effective == curgid) | |
4214 | + break; | |
4215 | + if (fs == curgid) | |
4216 | + break; | |
4217 | + } | |
4218 | + /* not in deny list */ | |
4219 | + if (i == num) { | |
4220 | + realok = 1; | |
4221 | + effectiveok = 1; | |
4222 | + fsok = 1; | |
4223 | + } | |
4224 | + } | |
4225 | + | |
4226 | + if (realok && effectiveok && fsok) | |
4227 | + return 0; | |
4228 | + else { | |
4229 | + security_alert(GR_GRPCHANGE_ACL_MSG, | |
4230 | + realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real, DEFAULTSECARGS); | |
4231 | + return 1; | |
4232 | + } | |
4233 | +} | |
4234 | + | |
4235 | +void | |
4236 | +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid) | |
4237 | +{ | |
4238 | + struct acl_object_label *obj; | |
4239 | + struct file *filp; | |
4240 | + | |
4241 | + if (unlikely(!(gr_status & GR_READY))) | |
4242 | + return; | |
4243 | + | |
4244 | + filp = task->exec_file; | |
4245 | + | |
4246 | + /* kernel process, we'll give them the kernel role */ | |
4247 | + if (unlikely(!filp)) { | |
4248 | + task->role = kernel_role; | |
4249 | + task->acl = kernel_role->root_label; | |
4250 | + return; | |
4251 | + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL)) | |
4252 | + do_set_role_label(task, uid, gid); | |
4253 | + | |
4254 | + task->acl = | |
4255 | + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, task->role); | |
4256 | + | |
4257 | + task->is_writable = 0; | |
4258 | + | |
4259 | + /* ignore additional mmap checks for processes that are writable | |
4260 | + by the default ACL */ | |
4261 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
4262 | + if (unlikely(obj->mode & GR_WRITE)) | |
4263 | + task->is_writable = 1; | |
4264 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label); | |
4265 | + if (unlikely(obj->mode & GR_WRITE)) | |
4266 | + task->is_writable = 1; | |
4267 | + | |
4268 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
4269 | + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
4270 | +#endif | |
4271 | + | |
4272 | + gr_set_proc_res(); | |
4273 | + | |
4274 | + return; | |
4275 | +} | |
4276 | + | |
4277 | +void | |
4278 | +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt) | |
4279 | +{ | |
4280 | + struct acl_subject_label *newacl; | |
4281 | + struct acl_object_label *obj; | |
4282 | + __u32 retmode; | |
4283 | + | |
4284 | + if (unlikely(!(gr_status & GR_READY))) | |
4285 | + return; | |
4286 | + | |
4287 | + newacl = chk_subj_label(dentry, mnt, current->role); | |
4288 | + | |
4289 | + obj = chk_obj_label(dentry, mnt, current->acl); | |
4290 | + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT); | |
4291 | + | |
4292 | + if ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT)) { | |
4293 | + if (obj->nested) | |
4294 | + current->acl = obj->nested; | |
4295 | + else | |
4296 | + current->acl = newacl; | |
4297 | + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT) | |
4298 | + security_audit(GR_INHERIT_ACL_MSG, current->acl->filename, | |
4299 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
4300 | + | |
4301 | + current->is_writable = 0; | |
4302 | + | |
4303 | + /* ignore additional mmap checks for processes that are writable | |
4304 | + by the default ACL */ | |
4305 | + obj = chk_obj_label(dentry, mnt, default_role->root_label); | |
4306 | + if (unlikely(obj->mode & GR_WRITE)) | |
4307 | + current->is_writable = 1; | |
4308 | + obj = chk_obj_label(dentry, mnt, current->role->root_label); | |
4309 | + if (unlikely(obj->mode & GR_WRITE)) | |
4310 | + current->is_writable = 1; | |
4311 | + | |
4312 | + gr_set_proc_res(); | |
4313 | + | |
4314 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
4315 | + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", current->comm, current->pid, current->role->rolename, current->acl->filename); | |
4316 | +#endif | |
4317 | + return; | |
4318 | +} | |
4319 | + | |
4320 | +static __inline__ void | |
4321 | +do_handle_delete(const ino_t ino, const dev_t dev) | |
4322 | +{ | |
4323 | + struct acl_object_label *matchpo; | |
4324 | + struct acl_subject_label *matchps; | |
4325 | + struct acl_subject_label *i; | |
4326 | + struct acl_role_label *role; | |
4327 | + | |
4328 | + for (role = role_list_head; role; role = role->next) { | |
4329 | + for (i = role->hash->first; i; i = i->next) { | |
4330 | + if (unlikely((i->mode & GR_NESTED) && | |
4331 | + (i->inode == ino) && | |
4332 | + (i->device == dev))) | |
4333 | + i->mode |= GR_DELETED; | |
4334 | + if (unlikely((matchpo = | |
4335 | + lookup_acl_obj_label(ino, dev, i)) != NULL)) | |
4336 | + matchpo->mode |= GR_DELETED; | |
4337 | + } | |
4338 | + | |
4339 | + if (unlikely((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)) | |
4340 | + matchps->mode |= GR_DELETED; | |
4341 | + } | |
4342 | + | |
4343 | + return; | |
4344 | +} | |
4345 | + | |
4346 | +void | |
4347 | +gr_handle_delete(const ino_t ino, const dev_t dev) | |
4348 | +{ | |
4349 | + if (unlikely(!(gr_status & GR_READY))) | |
4350 | + return; | |
4351 | + | |
4352 | + write_lock(&gr_inode_lock); | |
4353 | + if (unlikely((unsigned long)lookup_inodev_entry(ino, dev))) | |
4354 | + do_handle_delete(ino, dev); | |
4355 | + write_unlock(&gr_inode_lock); | |
4356 | + | |
4357 | + return; | |
4358 | +} | |
4359 | + | |
4360 | +static __inline__ void | |
4361 | +update_acl_obj_label(const ino_t oldinode, const dev_t olddevice, | |
4362 | + const ino_t newinode, const dev_t newdevice, | |
4363 | + struct acl_subject_label *subj) | |
4364 | +{ | |
4365 | + unsigned long index = fhash(oldinode, olddevice, subj->obj_hash_size); | |
4366 | + struct acl_object_label **match; | |
4367 | + struct acl_object_label *tmp; | |
4368 | + __u8 i = 0; | |
4369 | + | |
4370 | + match = &subj->obj_hash[index]; | |
4371 | + | |
4372 | + while (*match && ((*match)->inode != oldinode || | |
4373 | + (*match)->device != olddevice || | |
4374 | + !((*match)->mode & GR_DELETED))) { | |
4375 | + index = (index + (1 << i)) % subj->obj_hash_size; | |
4376 | + match = &subj->obj_hash[index]; | |
4377 | + i = (i + 1) % 32; | |
4378 | + } | |
4379 | + | |
4380 | + if (*match && ((*match) != deleted_object) | |
4381 | + && ((*match)->inode == oldinode) | |
4382 | + && ((*match)->device == olddevice) | |
4383 | + && ((*match)->mode & GR_DELETED)) { | |
4384 | + tmp = *match; | |
4385 | + tmp->inode = newinode; | |
4386 | + tmp->device = newdevice; | |
4387 | + tmp->mode &= ~GR_DELETED; | |
4388 | + | |
4389 | + *match = deleted_object; | |
4390 | + | |
4391 | + insert_acl_obj_label(tmp, subj); | |
4392 | + } | |
4393 | + | |
4394 | + return; | |
4395 | +} | |
4396 | + | |
4397 | +static __inline__ void | |
4398 | +update_acl_subj_label(const ino_t oldinode, const dev_t olddevice, | |
4399 | + const ino_t newinode, const dev_t newdevice, | |
4400 | + struct acl_role_label *role) | |
4401 | +{ | |
4402 | + struct acl_subject_label **s_hash = role->subj_hash; | |
4403 | + unsigned long subj_size = role->subj_hash_size; | |
4404 | + unsigned long index = fhash(oldinode, olddevice, subj_size); | |
4405 | + struct acl_subject_label **match; | |
4406 | + struct acl_subject_label *tmp; | |
4407 | + __u8 i = 0; | |
4408 | + | |
4409 | + match = &s_hash[index]; | |
4410 | + | |
4411 | + while (*match && ((*match)->inode != oldinode || | |
4412 | + (*match)->device != olddevice || | |
4413 | + !((*match)->mode & GR_DELETED))) { | |
4414 | + index = (index + (1 << i)) % subj_size; | |
4415 | + i = (i + 1) % 32; | |
4416 | + match = &s_hash[index]; | |
4417 | + } | |
4418 | + | |
4419 | + if (*match && (*match != deleted_subject) | |
4420 | + && ((*match)->inode == oldinode) | |
4421 | + && ((*match)->device == olddevice) | |
4422 | + && ((*match)->mode & GR_DELETED)) { | |
4423 | + tmp = *match; | |
4424 | + | |
4425 | + tmp->inode = newinode; | |
4426 | + tmp->device = newdevice; | |
4427 | + tmp->mode &= ~GR_DELETED; | |
4428 | + | |
4429 | + *match = deleted_subject; | |
4430 | + | |
4431 | + insert_acl_subj_label(tmp, role); | |
4432 | + } | |
4433 | + | |
4434 | + return; | |
4435 | +} | |
4436 | + | |
4437 | +static __inline__ void | |
4438 | +update_inodev_entry(const ino_t oldinode, const dev_t olddevice, | |
4439 | + const ino_t newinode, const dev_t newdevice) | |
4440 | +{ | |
4441 | + unsigned long index = fhash(oldinode, olddevice, inodev_set.n_size); | |
4442 | + struct name_entry **match; | |
4443 | + struct name_entry *tmp; | |
4444 | + __u8 i = 0; | |
4445 | + | |
4446 | + match = &inodev_set.n_hash[index]; | |
4447 | + | |
4448 | + while (*match | |
4449 | + && ((*match)->inode != oldinode | |
4450 | + || (*match)->device != olddevice)) { | |
4451 | + index = (index + (1 << i)) % inodev_set.n_size; | |
4452 | + i = (i + 1) % 32; | |
4453 | + match = &inodev_set.n_hash[index]; | |
4454 | + } | |
4455 | + | |
4456 | + if (*match && (*match != deleted_inodev) | |
4457 | + && ((*match)->inode == oldinode) | |
4458 | + && ((*match)->device == olddevice)) { | |
4459 | + tmp = *match; | |
4460 | + | |
4461 | + tmp->inode = newinode; | |
4462 | + tmp->device = newdevice; | |
4463 | + | |
4464 | + *match = deleted_inodev; | |
4465 | + | |
4466 | + insert_inodev_entry(tmp); | |
4467 | + } | |
4468 | + | |
4469 | + return; | |
4470 | +} | |
4471 | + | |
4472 | +static __inline__ void | |
4473 | +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry, | |
4474 | + const struct vfsmount *mnt) | |
4475 | +{ | |
4476 | + struct acl_subject_label *i; | |
4477 | + struct acl_role_label *role; | |
4478 | + | |
4479 | + for (role = role_list_head; role; role = role->next) { | |
4480 | + update_acl_subj_label(matchn->inode, matchn->device, | |
4481 | + dentry->d_inode->i_ino, | |
4482 | + dentry->d_inode->i_sb->s_dev, role); | |
4483 | + | |
4484 | + for (i = role->hash->first; i; i = i->next) { | |
4485 | + if (unlikely((i->mode & GR_NESTED) && | |
4486 | + (i->inode == dentry->d_inode->i_ino) && | |
4487 | + (i->device == dentry->d_inode->i_sb->s_dev))) { | |
4488 | + i->inode = dentry->d_inode->i_ino; | |
4489 | + i->device = dentry->d_inode->i_sb->s_dev; | |
4490 | + } | |
4491 | + update_acl_obj_label(matchn->inode, matchn->device, | |
4492 | + dentry->d_inode->i_ino, | |
4493 | + dentry->d_inode->i_sb->s_dev, i); | |
4494 | + } | |
4495 | + } | |
4496 | + | |
4497 | + update_inodev_entry(matchn->inode, matchn->device, | |
4498 | + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev); | |
4499 | + | |
4500 | + return; | |
4501 | +} | |
4502 | + | |
4503 | +void | |
4504 | +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt) | |
4505 | +{ | |
4506 | + struct name_entry *matchn; | |
4507 | + | |
4508 | + if (unlikely(!(gr_status & GR_READY))) | |
4509 | + return; | |
4510 | + | |
4511 | + preempt_disable(); | |
4512 | + matchn = lookup_name_entry(gr_to_filename(dentry, mnt)); | |
4513 | + preempt_enable(); | |
4514 | + | |
4515 | + if (unlikely((unsigned long)matchn)) { | |
4516 | + write_lock(&gr_inode_lock); | |
4517 | + do_handle_create(matchn, dentry, mnt); | |
4518 | + write_unlock(&gr_inode_lock); | |
4519 | + } | |
4520 | + | |
4521 | + return; | |
4522 | +} | |
4523 | + | |
4524 | +void | |
4525 | +gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
4526 | + struct dentry *old_dentry, | |
4527 | + struct dentry *new_dentry, | |
4528 | + struct vfsmount *mnt, const __u8 replace) | |
4529 | +{ | |
4530 | + struct name_entry *matchn; | |
4531 | + | |
4532 | + if (unlikely(!(gr_status & GR_READY))) | |
4533 | + return; | |
4534 | + | |
4535 | + preempt_disable(); | |
4536 | + matchn = lookup_name_entry(gr_to_filename(new_dentry, mnt)); | |
4537 | + preempt_enable(); | |
4538 | + | |
4539 | + /* we wouldn't have to check d_inode if it weren't for | |
4540 | + NFS silly-renaming | |
4541 | + */ | |
4542 | + | |
4543 | + write_lock(&gr_inode_lock); | |
4544 | + if (unlikely(replace && new_dentry->d_inode)) { | |
4545 | + if (unlikely(lookup_inodev_entry(new_dentry->d_inode->i_ino, | |
4546 | + new_dentry->d_inode->i_sb->s_dev) && | |
4547 | + (old_dentry->d_inode->i_nlink <= 1))) | |
4548 | + do_handle_delete(new_dentry->d_inode->i_ino, | |
4549 | + new_dentry->d_inode->i_sb->s_dev); | |
4550 | + } | |
4551 | + | |
4552 | + if (unlikely(lookup_inodev_entry(old_dentry->d_inode->i_ino, | |
4553 | + old_dentry->d_inode->i_sb->s_dev) && | |
4554 | + (old_dentry->d_inode->i_nlink <= 1))) | |
4555 | + do_handle_delete(old_dentry->d_inode->i_ino, | |
4556 | + old_dentry->d_inode->i_sb->s_dev); | |
4557 | + | |
4558 | + if (unlikely((unsigned long)matchn)) | |
4559 | + do_handle_create(matchn, old_dentry, mnt); | |
4560 | + write_unlock(&gr_inode_lock); | |
4561 | + | |
4562 | + return; | |
4563 | +} | |
4564 | + | |
4565 | +static int | |
4566 | +lookup_special_role_auth(const char *rolename, unsigned char **salt, | |
4567 | + unsigned char **sum) | |
4568 | +{ | |
4569 | + struct acl_role_label *r; | |
4570 | + struct role_transition *trans; | |
4571 | + __u16 i; | |
4572 | + int found = 0; | |
4573 | + | |
4574 | + /* check transition table */ | |
4575 | + | |
4576 | + for (trans = current->role->transitions; trans; trans = trans->next) { | |
4577 | + if (!strcmp(rolename, trans->rolename)) { | |
4578 | + found = 1; | |
4579 | + break; | |
4580 | + } | |
4581 | + } | |
4582 | + | |
4583 | + if (!found) | |
4584 | + return 0; | |
4585 | + | |
4586 | + /* handle special roles that do not require authentication */ | |
4587 | + | |
4588 | + for (r = role_list_head; r; r = r->next) { | |
4589 | + if (!strcmp(rolename, r->rolename) | |
4590 | + && (r->roletype & GR_ROLE_NOPW)) { | |
4591 | + *salt = NULL; | |
4592 | + *sum = NULL; | |
4593 | + return 1; | |
4594 | + } | |
4595 | + } | |
4596 | + | |
4597 | + for (i = 0; i < num_sprole_pws; i++) { | |
4598 | + if (!strcmp(rolename, acl_special_roles[i]->rolename)) { | |
4599 | + *salt = acl_special_roles[i]->salt; | |
4600 | + *sum = acl_special_roles[i]->sum; | |
4601 | + return 1; | |
4602 | + } | |
4603 | + } | |
4604 | + | |
4605 | + return 0; | |
4606 | +} | |
4607 | + | |
4608 | +static void | |
4609 | +assign_special_role(char *rolename) | |
4610 | +{ | |
4611 | + struct acl_object_label *obj; | |
4612 | + struct acl_role_label *r; | |
4613 | + struct acl_role_label *assigned = NULL; | |
4614 | + struct task_struct *tsk; | |
4615 | + struct file *filp; | |
4616 | + | |
4617 | + for (r = role_list_head; r; r = r->next) | |
4618 | + if (!strcmp(rolename, r->rolename) && | |
4619 | + (r->roletype & GR_ROLE_SPECIAL)) | |
4620 | + assigned = r; | |
4621 | + | |
4622 | + if (!assigned) | |
4623 | + return; | |
4624 | + | |
4625 | + tsk = current->parent; | |
4626 | + filp = tsk->exec_file; | |
4627 | + | |
4628 | + if (tsk && filp) { | |
4629 | + tsk->is_writable = 0; | |
4630 | + | |
4631 | + acl_sp_role_value = (acl_sp_role_value % 65535) + 1; | |
4632 | + tsk->acl_sp_role = 1; | |
4633 | + tsk->acl_role_id = acl_sp_role_value; | |
4634 | + tsk->role = assigned; | |
4635 | + tsk->acl = | |
4636 | + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role); | |
4637 | + | |
4638 | + /* ignore additional mmap checks for processes that are writable | |
4639 | + by the default ACL */ | |
4640 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
4641 | + if (unlikely(obj->mode & GR_WRITE)) | |
4642 | + tsk->is_writable = 1; | |
4643 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role->root_label); | |
4644 | + if (unlikely(obj->mode & GR_WRITE)) | |
4645 | + tsk->is_writable = 1; | |
4646 | + | |
4647 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
4648 | + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid); | |
4649 | +#endif | |
4650 | + } | |
4651 | + | |
4652 | + return; | |
4653 | +} | |
4654 | + | |
4655 | +ssize_t | |
4656 | +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos) | |
4657 | +{ | |
4658 | + struct gr_arg *arg; | |
4659 | + unsigned char *sprole_salt; | |
4660 | + unsigned char *sprole_sum; | |
4661 | + int error = sizeof (struct gr_arg); | |
4662 | + int error2 = 0; | |
4663 | + | |
4664 | + down(&gr_dev_sem); | |
4665 | + | |
4666 | + arg = (struct gr_arg *) buf; | |
4667 | + | |
4668 | + if (count != sizeof (struct gr_arg)) { | |
4669 | + security_alert_good(GR_DEV_ACL_MSG, count, | |
4670 | + (int) sizeof (struct gr_arg)); | |
4671 | + error = -EINVAL; | |
4672 | + goto out; | |
4673 | + } | |
4674 | + | |
4675 | + if ((gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) | |
4676 | + && time_before_eq(gr_auth_expires, get_seconds())) { | |
4677 | + gr_auth_expires = 0; | |
4678 | + gr_auth_attempts = 0; | |
4679 | + } | |
4680 | + | |
4681 | + if (copy_from_user(gr_usermode, arg, sizeof (struct gr_arg))) { | |
4682 | + error = -EFAULT; | |
4683 | + goto out; | |
4684 | + } | |
4685 | + | |
4686 | + if (gr_usermode->mode != SPROLE && time_after(gr_auth_expires, get_seconds())) { | |
4687 | + error = -EBUSY; | |
4688 | + goto out; | |
4689 | + } | |
4690 | + | |
4691 | + /* if non-root trying to do anything other than use a special role, | |
4692 | + do not attempt authentication, do not count towards authentication | |
4693 | + locking | |
4694 | + */ | |
4695 | + | |
4696 | + if (gr_usermode->mode != SPROLE && current->uid) { | |
4697 | + error = -EPERM; | |
4698 | + goto out; | |
4699 | + } | |
4700 | + | |
4701 | + /* ensure pw and special role name are null terminated */ | |
4702 | + | |
4703 | + gr_usermode->pw[GR_PW_LEN - 1] = '\0'; | |
4704 | + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0'; | |
4705 | + | |
4706 | + /* Okay. | |
4707 | + * We have our enough of the argument structure..(we have yet | |
4708 | + * to copy_from_user the tables themselves) . Copy the tables | |
4709 | + * only if we need them, i.e. for loading operations. */ | |
4710 | + | |
4711 | + switch (gr_usermode->mode) { | |
4712 | + case STATUS: | |
4713 | + if (gr_status & GR_READY) | |
4714 | + error = 1; | |
4715 | + else | |
4716 | + error = 2; | |
4717 | + goto out; | |
4718 | + case SHUTDOWN: | |
4719 | + if ((gr_status & GR_READY) | |
4720 | + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
4721 | + gr_status &= ~GR_READY; | |
4722 | + security_alert_good(GR_SHUTS_ACL_MSG, DEFAULTSECARGS); | |
4723 | + free_variables(); | |
4724 | + memset(gr_usermode, 0, sizeof (struct gr_arg)); | |
4725 | + memset(gr_system_salt, 0, GR_SALT_LEN); | |
4726 | + memset(gr_system_sum, 0, GR_SHA_LEN); | |
4727 | + } else if (gr_status & GR_READY) { | |
4728 | + security_alert(GR_SHUTF_ACL_MSG, DEFAULTSECARGS); | |
4729 | + error = -EPERM; | |
4730 | + } else { | |
4731 | + security_alert_good(GR_SHUTI_ACL_MSG, DEFAULTSECARGS); | |
4732 | + error = -EAGAIN; | |
4733 | + } | |
4734 | + break; | |
4735 | + case ENABLE: | |
4736 | + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode))) | |
4737 | + security_alert_good(GR_ENABLE_ACL_MSG, GR_VERSION); | |
4738 | + else { | |
4739 | + if (gr_status & GR_READY) | |
4740 | + error = -EAGAIN; | |
4741 | + else | |
4742 | + error = error2; | |
4743 | + security_alert(GR_ENABLEF_ACL_MSG, GR_VERSION, | |
4744 | + DEFAULTSECARGS); | |
4745 | + } | |
4746 | + break; | |
4747 | + case RELOAD: | |
4748 | + if (!(gr_status & GR_READY)) { | |
4749 | + security_alert_good(GR_RELOADI_ACL_MSG); | |
4750 | + error = -EAGAIN; | |
4751 | + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
4752 | + lock_kernel(); | |
4753 | + gr_status &= ~GR_READY; | |
4754 | + free_variables(); | |
4755 | + if (!(error2 = gracl_init(gr_usermode))) { | |
4756 | + unlock_kernel(); | |
4757 | + security_alert_good(GR_RELOAD_ACL_MSG, | |
4758 | + GR_VERSION); | |
4759 | + } else { | |
4760 | + unlock_kernel(); | |
4761 | + error = error2; | |
4762 | + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION, | |
4763 | + DEFAULTSECARGS); | |
4764 | + } | |
4765 | + } else { | |
4766 | + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION, | |
4767 | + DEFAULTSECARGS); | |
4768 | + error = -EPERM; | |
4769 | + } | |
4770 | + break; | |
4771 | + case SEGVMOD: | |
4772 | + if (unlikely(!(gr_status & GR_READY))) { | |
4773 | + security_alert_good(GR_SEGVMODI_ACL_MSG, | |
4774 | + DEFAULTSECARGS); | |
4775 | + error = -EAGAIN; | |
4776 | + break; | |
4777 | + } | |
4778 | + | |
4779 | + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
4780 | + security_alert_good(GR_SEGVMODS_ACL_MSG, | |
4781 | + DEFAULTSECARGS); | |
4782 | + if (gr_usermode->segv_device && gr_usermode->segv_inode) { | |
4783 | + struct acl_subject_label *segvacl; | |
4784 | + segvacl = | |
4785 | + lookup_acl_subj_label(gr_usermode->segv_inode, | |
4786 | + gr_usermode->segv_device, | |
4787 | + current->role); | |
4788 | + if (segvacl) { | |
4789 | + segvacl->crashes = 0; | |
4790 | + segvacl->expires = 0; | |
4791 | + } | |
4792 | + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) { | |
4793 | + gr_remove_uid(gr_usermode->segv_uid); | |
4794 | + } | |
4795 | + } else { | |
4796 | + security_alert(GR_SEGVMODF_ACL_MSG, DEFAULTSECARGS); | |
4797 | + error = -EPERM; | |
4798 | + } | |
4799 | + break; | |
4800 | + case SPROLE: | |
4801 | + if (unlikely(!(gr_status & GR_READY))) { | |
4802 | + security_alert_good(GR_SPROLEI_ACL_MSG, DEFAULTSECARGS); | |
4803 | + error = -EAGAIN; | |
4804 | + break; | |
4805 | + } | |
4806 | + | |
4807 | + if ((current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) | |
4808 | + && time_before_eq(current->role->expires, get_seconds())) { | |
4809 | + current->role->expires = 0; | |
4810 | + current->role->auth_attempts = 0; | |
4811 | + } | |
4812 | + | |
4813 | + if (time_after(current->role->expires, get_seconds())) { | |
4814 | + error = -EBUSY; | |
4815 | + goto out; | |
4816 | + } | |
4817 | + | |
4818 | + if (lookup_special_role_auth | |
4819 | + (gr_usermode->sp_role, &sprole_salt, &sprole_sum) | |
4820 | + && ((!sprole_salt && !sprole_sum) | |
4821 | + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) { | |
4822 | + assign_special_role(gr_usermode->sp_role); | |
4823 | + security_alert_good(GR_SPROLES_ACL_MSG, | |
4824 | + (current->parent) ? current-> | |
4825 | + parent->role->rolename : "", | |
4826 | + acl_sp_role_value, DEFAULTSECARGS); | |
4827 | + } else { | |
4828 | + security_alert(GR_SPROLEF_ACL_MSG, gr_usermode->sp_role, | |
4829 | + DEFAULTSECARGS); | |
4830 | + error = -EPERM; | |
4831 | + current->role->auth_attempts++; | |
4832 | + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) { | |
4833 | + current->role->expires = | |
4834 | + get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
4835 | + security_alert(GR_MAXROLEPW_ACL_MSG, | |
4836 | + CONFIG_GRKERNSEC_ACL_MAXTRIES, | |
4837 | + gr_usermode->sp_role, DEFAULTSECARGS); | |
4838 | + } | |
4839 | + | |
4840 | + goto out; | |
4841 | + } | |
4842 | + break; | |
4843 | + case UNSPROLE: | |
4844 | + if (unlikely(!(gr_status & GR_READY))) { | |
4845 | + security_alert_good(GR_UNSPROLEI_ACL_MSG, DEFAULTSECARGS); | |
4846 | + error = -EAGAIN; | |
4847 | + break; | |
4848 | + } | |
4849 | + | |
4850 | + if ((current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) | |
4851 | + && time_before_eq(current->role->expires, get_seconds())) { | |
4852 | + current->role->expires = 0; | |
4853 | + current->role->auth_attempts = 0; | |
4854 | + } | |
4855 | + | |
4856 | + if (time_after(current->role->expires, get_seconds())) { | |
4857 | + error = -EBUSY; | |
4858 | + goto out; | |
4859 | + } | |
4860 | + | |
4861 | + if ((current->role->roletype & GR_ROLE_SPECIAL) && | |
4862 | + lookup_special_role_auth | |
4863 | + (current->role->rolename, &sprole_salt, &sprole_sum) | |
4864 | + && ((!sprole_salt && !sprole_sum) | |
4865 | + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) { | |
4866 | + security_alert_good(GR_UNSPROLES_ACL_MSG, | |
4867 | + (current->parent) ? current-> | |
4868 | + parent->role->rolename : "", | |
4869 | + (current->parent) ? current-> | |
4870 | + parent->acl_role_id : 0, DEFAULTSECARGS); | |
4871 | + gr_set_acls(1); | |
4872 | + if (current->parent) | |
4873 | + current->parent->acl_sp_role = 0; | |
4874 | + } else { | |
4875 | + security_alert(GR_UNSPROLEF_ACL_MSG, current->role->rolename, | |
4876 | + DEFAULTSECARGS); | |
4877 | + error = -EPERM; | |
4878 | + current->role->auth_attempts++; | |
4879 | + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) { | |
4880 | + current->role->expires = | |
4881 | + get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
4882 | + security_alert(GR_MAXROLEPW_ACL_MSG, | |
4883 | + CONFIG_GRKERNSEC_ACL_MAXTRIES, | |
4884 | + current->role->rolename, DEFAULTSECARGS); | |
4885 | + } | |
4886 | + | |
4887 | + goto out; | |
4888 | + } | |
4889 | + break; | |
4890 | + default: | |
4891 | + security_alert(GR_INVMODE_ACL_MSG, gr_usermode->mode, | |
4892 | + DEFAULTSECARGS); | |
4893 | + error = -EINVAL; | |
4894 | + break; | |
4895 | + } | |
4896 | + | |
4897 | + if (error != -EPERM) | |
4898 | + goto out; | |
4899 | + | |
4900 | + gr_auth_attempts++; | |
4901 | + | |
4902 | + if (gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) { | |
4903 | + security_alert(GR_MAXPW_ACL_MSG, CONFIG_GRKERNSEC_ACL_MAXTRIES); | |
4904 | + gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
4905 | + } | |
4906 | + | |
4907 | + out: | |
4908 | + up(&gr_dev_sem); | |
4909 | + return error; | |
4910 | +} | |
4911 | + | |
4912 | +int | |
4913 | +gr_set_acls(const int type) | |
4914 | +{ | |
4915 | + struct acl_object_label *obj; | |
4916 | + struct task_struct *task, *task2; | |
4917 | + struct file *filp; | |
4918 | + unsigned short i; | |
4919 | + | |
4920 | + read_lock(&tasklist_lock); | |
4921 | + for_each_process(task2) { | |
4922 | + task = task2; | |
4923 | + do { | |
4924 | + /* check to see if we're called from the exit handler, | |
4925 | + if so, only replace ACLs that have inherited the admin | |
4926 | + ACL */ | |
4927 | + | |
4928 | + if (type && (task->role != current->role || | |
4929 | + task->acl_role_id != current->acl_role_id)) | |
4930 | + continue; | |
4931 | + | |
4932 | + task->acl_role_id = 0; | |
4933 | + | |
4934 | + if ((filp = task->exec_file)) { | |
4935 | + do_set_role_label(task, task->uid, task->gid); | |
4936 | + | |
4937 | + task->acl = | |
4938 | + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, | |
4939 | + task->role); | |
4940 | + if (task->acl) { | |
4941 | + struct acl_subject_label *curr; | |
4942 | + curr = task->acl; | |
4943 | + | |
4944 | + task->is_writable = 0; | |
4945 | + /* ignore additional mmap checks for processes that are writable | |
4946 | + by the default ACL */ | |
4947 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
4948 | + if (unlikely(obj->mode & GR_WRITE)) | |
4949 | + task->is_writable = 1; | |
4950 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label); | |
4951 | + if (unlikely(obj->mode & GR_WRITE)) | |
4952 | + task->is_writable = 1; | |
4953 | + | |
4954 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
4955 | + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
4956 | +#endif | |
4957 | + if (!(curr->mode & GR_LEARN)) | |
4958 | + for (i = 0; i < RLIM_NLIMITS; i++) { | |
4959 | + if (!(curr->resmask & (1 << i))) | |
4960 | + continue; | |
4961 | + | |
4962 | + task->rlim[i].rlim_cur = | |
4963 | + curr->res[i].rlim_cur; | |
4964 | + task->rlim[i].rlim_max = | |
4965 | + curr->res[i].rlim_max; | |
4966 | + } | |
4967 | + } else { | |
4968 | + read_unlock(&tasklist_lock); | |
4969 | + security_alert_good(GR_DEFACL_MSG, task->comm, | |
4970 | + task->pid); | |
4971 | + return 1; | |
4972 | + } | |
4973 | + } else { | |
4974 | + // it's a kernel process | |
4975 | + task->role = kernel_role; | |
4976 | + task->acl = kernel_role->root_label; | |
4977 | +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN | |
4978 | + task->acl->mode &= ~GR_FIND; | |
4979 | +#endif | |
4980 | + } | |
4981 | + } while ((task = next_thread(task)) != task2); | |
4982 | + } | |
4983 | + read_unlock(&tasklist_lock); | |
4984 | + return 0; | |
4985 | +} | |
4986 | + | |
4987 | +EXPORT_SYMBOL(gr_learn_resource); | |
4988 | + | |
4989 | +void | |
4990 | +gr_learn_resource(const struct task_struct *task, | |
4991 | + const int res, const unsigned long wanted, const int gt) | |
4992 | +{ | |
4993 | + struct acl_subject_label *acl; | |
4994 | + | |
4995 | + if (unlikely((gr_status & GR_READY) && | |
4996 | + task->acl && (task->acl->mode & GR_LEARN))) | |
4997 | + goto skip_reslog; | |
4998 | + | |
4999 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
5000 | + gr_log_resource(task, res, wanted, gt); | |
5001 | +#endif | |
5002 | + skip_reslog: | |
5003 | + | |
5004 | + if (unlikely(!(gr_status & GR_READY) || !wanted)) | |
5005 | + return; | |
5006 | + | |
5007 | + acl = task->acl; | |
5008 | + | |
5009 | + if (likely(!acl || !(acl->mode & GR_LEARN) || | |
5010 | + !(acl->resmask & (1 << (unsigned short) res)))) | |
5011 | + return; | |
5012 | + | |
5013 | + if (wanted >= acl->res[res].rlim_cur) { | |
5014 | + unsigned long res_add; | |
5015 | + | |
5016 | + res_add = wanted; | |
5017 | + switch (res) { | |
5018 | + case RLIMIT_CPU: | |
5019 | + res_add += GR_RLIM_CPU_BUMP; | |
5020 | + break; | |
5021 | + case RLIMIT_FSIZE: | |
5022 | + res_add += GR_RLIM_FSIZE_BUMP; | |
5023 | + break; | |
5024 | + case RLIMIT_DATA: | |
5025 | + res_add += GR_RLIM_DATA_BUMP; | |
5026 | + break; | |
5027 | + case RLIMIT_STACK: | |
5028 | + res_add += GR_RLIM_STACK_BUMP; | |
5029 | + break; | |
5030 | + case RLIMIT_CORE: | |
5031 | + res_add += GR_RLIM_CORE_BUMP; | |
5032 | + break; | |
5033 | + case RLIMIT_RSS: | |
5034 | + res_add += GR_RLIM_RSS_BUMP; | |
5035 | + break; | |
5036 | + case RLIMIT_NPROC: | |
5037 | + res_add += GR_RLIM_NPROC_BUMP; | |
5038 | + break; | |
5039 | + case RLIMIT_NOFILE: | |
5040 | + res_add += GR_RLIM_NOFILE_BUMP; | |
5041 | + break; | |
5042 | + case RLIMIT_MEMLOCK: | |
5043 | + res_add += GR_RLIM_MEMLOCK_BUMP; | |
5044 | + break; | |
5045 | + case RLIMIT_AS: | |
5046 | + res_add += GR_RLIM_AS_BUMP; | |
5047 | + break; | |
5048 | + case RLIMIT_LOCKS: | |
5049 | + res_add += GR_RLIM_LOCKS_BUMP; | |
5050 | + break; | |
5051 | + } | |
5052 | + | |
5053 | + acl->res[res].rlim_cur = res_add; | |
5054 | + | |
5055 | + if (wanted > acl->res[res].rlim_max) | |
5056 | + acl->res[res].rlim_max = res_add; | |
5057 | + | |
5058 | + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename, | |
5059 | + current->role->roletype, acl->filename, | |
5060 | + acl->res[res].rlim_cur, acl->res[res].rlim_max, | |
5061 | + "", (unsigned long) res); | |
5062 | + } | |
5063 | + | |
5064 | + return; | |
5065 | +} | |
5066 | + | |
1db5cd70 PS |
5067 | +#ifdef CONFIG_SYSCTL |
5068 | +extern struct proc_dir_entry *proc_sys_root; | |
5069 | + | |
5070 | + | |
5071 | +/* the following function is called under the BKL */ | |
5072 | + | |
5073 | +__u32 | |
5074 | +gr_handle_sysctl(const struct ctl_table *table, const void *oldval, | |
5075 | + const void *newval) | |
5076 | +{ | |
5077 | + struct proc_dir_entry *tmp; | |
5078 | + struct nameidata nd; | |
5079 | + const char *proc_sys = "/proc/sys"; | |
5080 | + char *path; | |
5081 | + struct acl_object_label *obj; | |
5082 | + unsigned short len = 0, pos = 0, depth = 0, i; | |
5083 | + __u32 err = 0; | |
5084 | + __u32 mode = 0; | |
5085 | + | |
5086 | + if (unlikely(!(gr_status & GR_READY))) | |
5087 | + return 1; | |
5088 | + | |
5089 | + path = per_cpu_ptr(gr_shared_page[0], smp_processor_id()); | |
5090 | + | |
5091 | + if (oldval) | |
5092 | + mode |= GR_READ; | |
5093 | + if (newval) | |
5094 | + mode |= GR_WRITE; | |
5095 | + | |
5096 | + /* convert the requested sysctl entry into a pathname */ | |
5097 | + | |
5098 | + for (tmp = table->de; tmp != proc_sys_root; tmp = tmp->parent) { | |
5099 | + len += strlen(tmp->name); | |
5100 | + len++; | |
5101 | + depth++; | |
5102 | + } | |
5103 | + | |
5104 | + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) | |
5105 | + return 0; /* deny */ | |
5106 | + | |
5107 | + memset(path, 0, PAGE_SIZE); | |
5108 | + | |
5109 | + memcpy(path, proc_sys, strlen(proc_sys)); | |
5110 | + | |
5111 | + pos += strlen(proc_sys); | |
5112 | + | |
5113 | + for (; depth > 0; depth--) { | |
5114 | + path[pos] = '/'; | |
5115 | + pos++; | |
5116 | + for (i = 1, tmp = table->de; tmp != proc_sys_root; | |
5117 | + tmp = tmp->parent) { | |
5118 | + if (depth == i) { | |
5119 | + memcpy(path + pos, tmp->name, | |
5120 | + strlen(tmp->name)); | |
5121 | + pos += strlen(tmp->name); | |
5122 | + } | |
5123 | + i++; | |
5124 | + } | |
5125 | + } | |
5126 | + | |
5127 | + err = path_lookup(path, LOOKUP_FOLLOW, &nd); | |
5128 | + | |
5129 | + if (err) | |
5130 | + goto out; | |
5131 | + | |
5132 | + obj = chk_obj_label(nd.dentry, nd.mnt, current->acl); | |
5133 | + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS); | |
5134 | + | |
5135 | + if (unlikely((current->acl->mode & GR_LEARN) && ((err & mode) != mode))) { | |
5136 | + __u32 new_mode = mode; | |
5137 | + | |
5138 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
5139 | + | |
5140 | + err = new_mode; | |
5141 | + gr_log_learn(current->role, current->uid, current->gid, | |
5142 | + current, path, new_mode); | |
5143 | + } else if ((err & mode) != mode && !(err & GR_SUPPRESS)) { | |
5144 | + security_alert(GR_SYSCTL_ACL_MSG, "denied", path, | |
5145 | + (mode & GR_READ) ? " reading" : "", | |
5146 | + (mode & GR_WRITE) ? " writing" : "", | |
5147 | + DEFAULTSECARGS); | |
5148 | + err = 0; | |
5149 | + } else if ((err & mode) != mode) { | |
5150 | + err = 0; | |
5151 | + } else if (((err & mode) == mode) && (err & GR_AUDITS)) { | |
5152 | + security_audit(GR_SYSCTL_ACL_MSG, "successful", | |
5153 | + path, (mode & GR_READ) ? " reading" : "", | |
5154 | + (mode & GR_WRITE) ? " writing" : "", | |
5155 | + DEFAULTSECARGS); | |
5156 | + } | |
5157 | + | |
5158 | + path_release(&nd); | |
5159 | + | |
5160 | + out: | |
5161 | + return err; | |
5162 | +} | |
5163 | +#endif | |
5164 | + | |
5165 | +int | |
5166 | +gr_handle_proc_ptrace(struct task_struct *task) | |
5167 | +{ | |
5168 | + struct file *filp; | |
5169 | + struct task_struct *tmp = task; | |
5170 | + struct task_struct *curtemp = current; | |
5171 | + __u32 retmode; | |
5172 | + | |
5173 | + if (unlikely(!(gr_status & GR_READY))) | |
5174 | + return 0; | |
5175 | + | |
5176 | + filp = task->exec_file; | |
5177 | + | |
5178 | + read_lock(&tasklist_lock); | |
5179 | + while (tmp->pid > 0) { | |
5180 | + if (tmp == curtemp) | |
5181 | + break; | |
5182 | + tmp = tmp->parent; | |
5183 | + } | |
5184 | + read_unlock(&tasklist_lock); | |
5185 | + | |
5186 | + if (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE)) | |
5187 | + return 1; | |
5188 | + | |
5189 | + retmode = gr_search_file(filp->f_dentry, GR_NOPTRACE, filp->f_vfsmnt); | |
5190 | + | |
5191 | + if (retmode & GR_NOPTRACE) | |
5192 | + return 1; | |
5193 | + | |
5194 | + if (!(current->acl->mode & GR_OVERRIDE) && !(current->role->roletype & GR_ROLE_GOD) | |
5195 | + && (current->acl != task->acl || (current->acl != current->role->root_label | |
5196 | + && current->pid != task->pid))) | |
5197 | + return 1; | |
5198 | + | |
5199 | + return 0; | |
5200 | +} | |
5201 | + | |
5202 | +int | |
5203 | +gr_handle_ptrace(struct task_struct *task, const long request) | |
5204 | +{ | |
5205 | + struct file *filp; | |
5206 | + struct task_struct *tmp = task; | |
5207 | + struct task_struct *curtemp = current; | |
5208 | + __u32 retmode; | |
5209 | + | |
5210 | + if (unlikely(!(gr_status & GR_READY))) | |
5211 | + return 0; | |
5212 | + | |
5213 | + filp = task->exec_file; | |
5214 | + | |
5215 | + if (task->acl->mode & GR_NOPTRACE) { | |
5216 | + security_alert(GR_PTRACE_ACL_MSG, filp ? | |
5217 | + gr_to_filename(filp->f_dentry, filp->f_vfsmnt) | |
5218 | + : "(none)", task->comm, task->pid, | |
5219 | + DEFAULTSECARGS); | |
5220 | + return 1; | |
5221 | + } | |
5222 | + | |
5223 | + read_lock(&tasklist_lock); | |
5224 | + while (tmp->pid > 0) { | |
5225 | + if (tmp == curtemp) | |
5226 | + break; | |
5227 | + tmp = tmp->parent; | |
5228 | + } | |
5229 | + read_unlock(&tasklist_lock); | |
5230 | + | |
5231 | + if (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE)) { | |
5232 | + security_alert(GR_PTRACE_ACL_MSG, filp ? | |
5233 | + gr_to_filename(filp->f_dentry, filp->f_vfsmnt) | |
5234 | + : "(none)", task->comm, task->pid, | |
5235 | + DEFAULTSECARGS); | |
5236 | + return 1; | |
5237 | + } | |
5238 | + | |
5239 | + if (unlikely(!filp)) | |
5240 | + return 0; | |
5241 | + | |
5242 | + retmode = gr_search_file(filp->f_dentry, GR_PTRACERD | GR_NOPTRACE, filp->f_vfsmnt); | |
5243 | + | |
5244 | + if (retmode & GR_NOPTRACE) { | |
5245 | + security_alert(GR_PTRACE_ACL_MSG, gr_to_filename(filp->f_dentry, filp->f_vfsmnt), | |
5246 | + task->comm, task->pid, DEFAULTSECARGS); | |
5247 | + return 1; | |
5248 | + } | |
5249 | + | |
5250 | + if (retmode & GR_PTRACERD) { | |
5251 | + switch (request) { | |
5252 | + case PTRACE_POKETEXT: | |
5253 | + case PTRACE_POKEDATA: | |
5254 | + case PTRACE_POKEUSR: | |
5255 | +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) | |
5256 | + case PTRACE_SETREGS: | |
5257 | + case PTRACE_SETFPREGS: | |
5258 | +#endif | |
5259 | +#ifdef CONFIG_X86 | |
5260 | + case PTRACE_SETFPXREGS: | |
5261 | +#endif | |
5262 | +#ifdef CONFIG_ALTIVEC | |
5263 | + case PTRACE_SETVRREGS: | |
5264 | +#endif | |
5265 | + return 1; | |
5266 | + default: | |
5267 | + return 0; | |
5268 | + } | |
5269 | + } else if (!(current->acl->mode & GR_OVERRIDE) && | |
5270 | + !(current->role->roletype & GR_ROLE_GOD) | |
5271 | + && (current->acl != task->acl | |
5272 | + || (current->acl != current->role->root_label | |
5273 | + && current->pid != task->pid))) { | |
5274 | + security_alert(GR_PTRACE_ACL_MSG, | |
5275 | + gr_to_filename(filp->f_dentry, filp->f_vfsmnt), | |
5276 | + task->comm, task->pid, DEFAULTSECARGS); | |
5277 | + return 1; | |
5278 | + } | |
5279 | + | |
5280 | + return 0; | |
5281 | +} | |
5282 | + | |
5283 | +int | |
5284 | +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt) | |
5285 | +{ | |
5286 | + __u32 retmode; | |
5287 | + struct acl_subject_label *subj; | |
5288 | + | |
5289 | + if (unlikely(!(gr_status & GR_READY))) | |
5290 | + return 0; | |
5291 | + | |
5292 | + if (unlikely | |
5293 | + ((current->ptrace & PT_PTRACED) | |
5294 | + && !(current->acl->mode & GR_OVERRIDE))) | |
5295 | + retmode = gr_search_file(dentry, GR_PTRACERD, mnt); | |
5296 | + else | |
5297 | + return 0; | |
5298 | + | |
5299 | + subj = chk_subj_label(dentry, mnt, current->role); | |
5300 | + | |
5301 | + if (!(retmode & GR_PTRACERD) && | |
5302 | + !(current->role->roletype & GR_ROLE_GOD) && | |
5303 | + (current->acl != subj)) { | |
5304 | + security_alert(GR_PTRACE_EXEC_ACL_MSG, | |
5305 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
5306 | + return 1; | |
5307 | + } | |
5308 | + | |
5309 | + return 0; | |
5310 | +} | |
5311 | + | |
5312 | +int | |
5313 | +gr_handle_mmap(const struct file *filp, const unsigned long prot) | |
5314 | +{ | |
5315 | + struct acl_object_label *obj, *obj2; | |
5316 | + | |
5317 | + if (unlikely(!(gr_status & GR_READY) || | |
5318 | + (current->acl->mode & GR_OVERRIDE) || !filp || | |
5319 | + !(prot & PROT_EXEC))) | |
5320 | + return 0; | |
5321 | + | |
5322 | + if (unlikely(current->is_writable)) | |
5323 | + return 0; | |
5324 | + | |
5325 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
5326 | + obj2 = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, | |
5327 | + current->role->root_label); | |
5328 | + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) { | |
5329 | + security_alert(GR_WRITLIB_ACL_MSG, | |
5330 | + gr_to_filename(filp->f_dentry, filp->f_vfsmnt), | |
5331 | + DEFAULTSECARGS); | |
5332 | + return 1; | |
5333 | + } | |
5334 | + | |
5335 | + return 0; | |
5336 | +} | |
5337 | + | |
5338 | +int | |
5339 | +gr_acl_handle_mmap(const struct file *file, const unsigned long prot) | |
5340 | +{ | |
5341 | + __u32 mode; | |
5342 | + | |
5343 | + if (unlikely(!file || !(prot & PROT_EXEC))) | |
5344 | + return 1; | |
5345 | + | |
5346 | + mode = | |
5347 | + gr_search_file(file->f_dentry, | |
5348 | + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS, | |
5349 | + file->f_vfsmnt); | |
5350 | + | |
5351 | + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) { | |
5352 | + security_alert(GR_MMAP_ACL_MSG, "denied", | |
5353 | + gr_to_filename(file->f_dentry, file->f_vfsmnt), | |
5354 | + DEFAULTSECARGS); | |
5355 | + return 0; | |
5356 | + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) { | |
5357 | + return 0; | |
5358 | + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) { | |
5359 | + security_audit(GR_MMAP_ACL_MSG, "successful", | |
5360 | + gr_to_filename(file->f_dentry, file->f_vfsmnt), | |
5361 | + DEFAULTSECARGS); | |
5362 | + return 1; | |
5363 | + } | |
5364 | + | |
5365 | + return 1; | |
5366 | +} | |
5367 | + | |
5368 | +int | |
5369 | +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot) | |
5370 | +{ | |
5371 | + __u32 mode; | |
5372 | + | |
5373 | + if (unlikely(!file || !(prot & PROT_EXEC))) | |
5374 | + return 1; | |
5375 | + | |
5376 | + mode = | |
5377 | + gr_search_file(file->f_dentry, | |
5378 | + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS, | |
5379 | + file->f_vfsmnt); | |
5380 | + | |
5381 | + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) { | |
5382 | + security_alert(GR_MPROTECT_ACL_MSG, "denied", | |
5383 | + gr_to_filename(file->f_dentry, file->f_vfsmnt), | |
5384 | + DEFAULTSECARGS); | |
5385 | + return 0; | |
5386 | + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) { | |
5387 | + return 0; | |
5388 | + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) { | |
5389 | + security_audit(GR_MPROTECT_ACL_MSG, "successful", | |
5390 | + gr_to_filename(file->f_dentry, file->f_vfsmnt), | |
5391 | + DEFAULTSECARGS); | |
5392 | + return 1; | |
5393 | + } | |
5394 | + | |
5395 | + return 1; | |
5396 | +} | |
5397 | + | |
5398 | +void | |
5399 | +gr_acl_handle_psacct(struct task_struct *task, const long code) | |
5400 | +{ | |
5401 | + u64 runtime64; | |
5402 | + unsigned long runtime; | |
5403 | + unsigned long cputime; | |
5404 | + unsigned int wday, cday; | |
5405 | + __u8 whr, chr; | |
5406 | + __u8 wmin, cmin; | |
5407 | + __u8 wsec, csec; | |
5408 | + char cur_tty[64] = { 0 }; | |
5409 | + char parent_tty[64] = { 0 }; | |
5410 | + | |
5411 | + if (unlikely(!(gr_status & GR_READY) || !task->acl || | |
5412 | + !(task->acl->mode & GR_PROCACCT))) | |
5413 | + return; | |
5414 | + | |
5415 | + runtime64 = get_jiffies_64() - task->start_time; | |
5416 | + do_div(runtime64, HZ); | |
5417 | + runtime = (unsigned long)runtime64; | |
5418 | + wday = runtime / (3600 * 24); | |
5419 | + runtime -= wday * (3600 * 24); | |
5420 | + whr = runtime / 3600; | |
5421 | + runtime -= whr * 3600; | |
5422 | + wmin = runtime / 60; | |
5423 | + runtime -= wmin * 60; | |
5424 | + wsec = runtime; | |
5425 | + | |
5426 | + cputime = (task->utime + task->stime) / HZ; | |
5427 | + cday = cputime / (3600 * 24); | |
5428 | + cputime -= cday * (3600 * 24); | |
5429 | + chr = cputime / 3600; | |
5430 | + cputime -= chr * 3600; | |
5431 | + cmin = cputime / 60; | |
5432 | + cputime -= cmin * 60; | |
5433 | + csec = cputime; | |
5434 | + | |
5435 | + security_audit(GR_ACL_PROCACCT_MSG, gr_task_fullpath(task), task->comm, | |
b9213dc3 | 5436 | + task->pid, NIPQUAD(task->curr_ip), tty_name(task->signal->tty, |
1db5cd70 PS |
5437 | + cur_tty), |
5438 | + task->uid, task->euid, task->gid, task->egid, wday, whr, | |
5439 | + wmin, wsec, cday, chr, cmin, csec, | |
5440 | + (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", | |
5441 | + code, gr_parent_task_fullpath(task), | |
5442 | + task->parent->comm, task->parent->pid, | |
5443 | + NIPQUAD(task->parent->curr_ip), | |
b9213dc3 | 5444 | + tty_name(task->parent->signal->tty, parent_tty), |
1db5cd70 PS |
5445 | + task->parent->uid, task->parent->euid, task->parent->gid, |
5446 | + task->parent->egid); | |
5447 | + | |
5448 | + return; | |
5449 | +} | |
5450 | + | |
5451 | +EXPORT_SYMBOL(gr_set_kernel_label); | |
5452 | + | |
5453 | +void gr_set_kernel_label(struct task_struct *task) | |
5454 | +{ | |
5455 | + if (gr_status & GR_READY) { | |
5456 | + task->role = kernel_role; | |
5457 | + task->acl = kernel_role->root_label; | |
5458 | + } | |
5459 | + return; | |
5460 | +} | |
5461 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_cap.c linux-2.6.7-rc1/grsecurity/gracl_cap.c | |
5462 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_cap.c 1970-01-01 01:00:00.000000000 +0100 | |
5463 | +++ linux-2.6.7-rc1/grsecurity/gracl_cap.c 2004-05-25 14:33:58.909404736 +0200 | |
5464 | @@ -0,0 +1,115 @@ | |
5465 | +/* capability handling routines, (c) Brad Spengler 2002,2003 */ | |
5466 | + | |
5467 | +#include <linux/kernel.h> | |
5468 | +#include <linux/module.h> | |
5469 | +#include <linux/sched.h> | |
5470 | +#include <linux/capability.h> | |
5471 | +#include <linux/gracl.h> | |
5472 | +#include <linux/grsecurity.h> | |
5473 | +#include <linux/grinternal.h> | |
5474 | + | |
5475 | +static const char *captab_log[29] = { | |
5476 | + "CAP_CHOWN", | |
5477 | + "CAP_DAC_OVERRIDE", | |
5478 | + "CAP_DAC_READ_SEARCH", | |
5479 | + "CAP_FOWNER", | |
5480 | + "CAP_FSETID", | |
5481 | + "CAP_KILL", | |
5482 | + "CAP_SETGID", | |
5483 | + "CAP_SETUID", | |
5484 | + "CAP_SETPCAP", | |
5485 | + "CAP_LINUX_IMMUTABLE", | |
5486 | + "CAP_NET_BIND_SERVICE", | |
5487 | + "CAP_NET_BROADCAST", | |
5488 | + "CAP_NET_ADMIN", | |
5489 | + "CAP_NET_RAW", | |
5490 | + "CAP_IPC_LOCK", | |
5491 | + "CAP_IPC_OWNER", | |
5492 | + "CAP_SYS_MODULE", | |
5493 | + "CAP_SYS_RAWIO", | |
5494 | + "CAP_SYS_CHROOT", | |
5495 | + "CAP_SYS_PTRACE", | |
5496 | + "CAP_SYS_PACCT", | |
5497 | + "CAP_SYS_ADMIN", | |
5498 | + "CAP_SYS_BOOT", | |
5499 | + "CAP_SYS_NICE", | |
5500 | + "CAP_SYS_RESOURCE", | |
5501 | + "CAP_SYS_TIME", | |
5502 | + "CAP_SYS_TTY_CONFIG", | |
5503 | + "CAP_MKNOD", | |
5504 | + "CAP_LEASE" | |
5505 | +}; | |
5506 | + | |
5507 | +EXPORT_SYMBOL(gr_task_is_capable); | |
5508 | + | |
5509 | +int | |
5510 | +gr_task_is_capable(struct task_struct *task, const int cap) | |
5511 | +{ | |
5512 | + struct acl_subject_label *curracl; | |
5513 | + __u32 cap_drop = 0, cap_mask = 0; | |
5514 | + | |
5515 | + if (!gr_acl_is_enabled()) | |
5516 | + return 1; | |
5517 | + | |
5518 | + curracl = task->acl; | |
5519 | + | |
5520 | + cap_drop = curracl->cap_lower; | |
5521 | + cap_mask = curracl->cap_mask; | |
5522 | + | |
5523 | + while ((curracl = curracl->parent_subject)) { | |
5524 | + cap_drop |= curracl->cap_lower & (cap_mask & ~curracl->cap_mask); | |
5525 | + cap_mask |= curracl->cap_mask; | |
5526 | + } | |
5527 | + | |
5528 | + if (!cap_raised(cap_drop, cap)) | |
5529 | + return 1; | |
5530 | + | |
5531 | + curracl = task->acl; | |
5532 | + | |
5533 | + if ((curracl->mode & GR_LEARN) | |
5534 | + && cap_raised(task->cap_effective, cap)) { | |
5535 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, | |
5536 | + task->role->roletype, task->uid, | |
5537 | + task->gid, task->exec_file ? | |
5538 | + gr_to_filename(task->exec_file->f_dentry, | |
5539 | + task->exec_file->f_vfsmnt) : curracl->filename, | |
5540 | + curracl->filename, 0UL, | |
5541 | + 0UL, "", (unsigned long) cap, NIPQUAD(task->curr_ip)); | |
5542 | + return 1; | |
5543 | + } | |
5544 | + | |
5545 | + if ((cap >= 0) && (cap < 29) && cap_raised(task->cap_effective, cap)) | |
5546 | + security_alert(GR_CAP_ACL_MSG, captab_log[cap], | |
5547 | + gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, | |
5548 | + task->gid, task->egid, gr_parent_task_fullpath(task), | |
5549 | + task->parent->comm, task->parent->pid, task->parent->uid, | |
5550 | + task->parent->euid, task->parent->gid, task->parent->egid); | |
5551 | + | |
5552 | + return 0; | |
5553 | +} | |
5554 | + | |
5555 | +int | |
5556 | +gr_is_capable_nolog(const int cap) | |
5557 | +{ | |
5558 | + struct acl_subject_label *curracl; | |
5559 | + __u32 cap_drop = 0, cap_mask = 0; | |
5560 | + | |
5561 | + if (!gr_acl_is_enabled()) | |
5562 | + return 1; | |
5563 | + | |
5564 | + curracl = current->acl; | |
5565 | + | |
5566 | + cap_drop = curracl->cap_lower; | |
5567 | + cap_mask = curracl->cap_mask; | |
5568 | + | |
5569 | + while ((curracl = curracl->parent_subject)) { | |
5570 | + cap_drop |= curracl->cap_lower & (cap_mask & ~curracl->cap_mask); | |
5571 | + cap_mask |= curracl->cap_mask; | |
5572 | + } | |
5573 | + | |
5574 | + if (!cap_raised(cap_drop, cap)) | |
5575 | + return 1; | |
5576 | + | |
5577 | + return 0; | |
5578 | +} | |
5579 | + | |
5580 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_fs.c linux-2.6.7-rc1/grsecurity/gracl_fs.c | |
5581 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_fs.c 1970-01-01 01:00:00.000000000 +0100 | |
5582 | +++ linux-2.6.7-rc1/grsecurity/gracl_fs.c 2004-05-25 14:33:58.913404128 +0200 | |
5583 | @@ -0,0 +1,460 @@ | |
5584 | +#include <linux/kernel.h> | |
5585 | +#include <linux/sched.h> | |
5586 | +#include <linux/types.h> | |
5587 | +#include <linux/fs.h> | |
5588 | +#include <linux/file.h> | |
5589 | +#include <linux/grsecurity.h> | |
5590 | +#include <linux/grinternal.h> | |
5591 | +#include <linux/gracl.h> | |
5592 | + | |
5593 | +__u32 | |
5594 | +gr_acl_handle_hidden_file(const struct dentry * dentry, | |
5595 | + const struct vfsmount * mnt) | |
5596 | +{ | |
5597 | + __u32 mode; | |
5598 | + | |
5599 | + if (unlikely(!dentry->d_inode)) | |
5600 | + return GR_FIND; | |
5601 | + | |
5602 | + mode = | |
5603 | + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt); | |
5604 | + | |
5605 | + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) { | |
5606 | + security_audit(GR_HIDDEN_ACL_MSG, "successful", | |
5607 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
5608 | + return mode; | |
5609 | + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) { | |
5610 | + security_alert(GR_HIDDEN_ACL_MSG, "denied", | |
5611 | + gr_to_filename(dentry, mnt), | |
5612 | + DEFAULTSECARGS); | |
5613 | + return 0; | |
5614 | + } else if (unlikely(!(mode & GR_FIND))) | |
5615 | + return 0; | |
5616 | + | |
5617 | + return GR_FIND; | |
5618 | +} | |
5619 | + | |
5620 | +__u32 | |
5621 | +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, | |
5622 | + const int fmode) | |
5623 | +{ | |
5624 | + __u32 reqmode = GR_FIND; | |
5625 | + __u32 mode; | |
5626 | + | |
5627 | + if (unlikely(!dentry->d_inode)) | |
5628 | + return reqmode; | |
5629 | + | |
5630 | + if (unlikely(fmode & O_APPEND)) | |
5631 | + reqmode |= GR_APPEND; | |
5632 | + else if (unlikely(fmode & FMODE_WRITE)) | |
5633 | + reqmode |= GR_WRITE; | |
5634 | + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) | |
5635 | + reqmode |= GR_READ; | |
5636 | + | |
5637 | + mode = | |
5638 | + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, | |
5639 | + mnt); | |
5640 | + | |
5641 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
5642 | + security_audit(GR_OPEN_ACL_MSG, "successful", | |
5643 | + gr_to_filename(dentry, mnt), | |
5644 | + reqmode & GR_READ ? " reading" : "", | |
5645 | + reqmode & GR_WRITE ? " writing" : | |
5646 | + reqmode & GR_APPEND ? " appending" : "", | |
5647 | + DEFAULTSECARGS); | |
5648 | + return reqmode; | |
5649 | + } else | |
5650 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
5651 | + { | |
5652 | + security_alert(GR_OPEN_ACL_MSG, "denied", | |
5653 | + gr_to_filename(dentry, mnt), | |
5654 | + reqmode & GR_READ ? " reading" : "", | |
5655 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
5656 | + GR_APPEND ? " appending" : "", DEFAULTSECARGS); | |
5657 | + return 0; | |
5658 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
5659 | + return 0; | |
5660 | + | |
5661 | + return reqmode; | |
5662 | +} | |
5663 | + | |
5664 | +__u32 | |
5665 | +gr_acl_handle_creat(const struct dentry * dentry, | |
5666 | + const struct dentry * p_dentry, | |
5667 | + const struct vfsmount * p_mnt, const int fmode, | |
5668 | + const int imode) | |
5669 | +{ | |
5670 | + __u32 reqmode = GR_WRITE | GR_CREATE; | |
5671 | + __u32 mode; | |
5672 | + | |
5673 | + if (unlikely(fmode & O_APPEND)) | |
5674 | + reqmode |= GR_APPEND; | |
5675 | + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) | |
5676 | + reqmode |= GR_READ; | |
5677 | + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID)))) | |
5678 | + reqmode |= GR_SETID; | |
5679 | + | |
5680 | + mode = | |
5681 | + gr_check_create(dentry, p_dentry, p_mnt, | |
5682 | + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); | |
5683 | + | |
5684 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
5685 | + security_audit(GR_CREATE_ACL_MSG, "successful", | |
5686 | + gr_to_filename(dentry, p_mnt), | |
5687 | + reqmode & GR_READ ? " reading" : "", | |
5688 | + reqmode & GR_WRITE ? " writing" : | |
5689 | + reqmode & GR_APPEND ? " appending" : "", | |
5690 | + DEFAULTSECARGS); | |
5691 | + return reqmode; | |
5692 | + } else | |
5693 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
5694 | + { | |
5695 | + security_alert(GR_CREATE_ACL_MSG, "denied", | |
5696 | + gr_to_filename(dentry, p_mnt), | |
5697 | + reqmode & GR_READ ? " reading" : "", | |
5698 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
5699 | + GR_APPEND ? " appending" : "", DEFAULTSECARGS); | |
5700 | + return 0; | |
5701 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
5702 | + return 0; | |
5703 | + | |
5704 | + return reqmode; | |
5705 | +} | |
5706 | + | |
5707 | +__u32 | |
5708 | +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt, | |
5709 | + const int fmode) | |
5710 | +{ | |
5711 | + __u32 mode, reqmode = GR_FIND; | |
5712 | + | |
5713 | + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode)) | |
5714 | + reqmode |= GR_EXEC; | |
5715 | + if (fmode & S_IWOTH) | |
5716 | + reqmode |= GR_WRITE; | |
5717 | + if (fmode & S_IROTH) | |
5718 | + reqmode |= GR_READ; | |
5719 | + | |
5720 | + mode = | |
5721 | + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, | |
5722 | + mnt); | |
5723 | + | |
5724 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
5725 | + security_audit(GR_ACCESS_ACL_MSG, "successful", | |
5726 | + gr_to_filename(dentry, mnt), | |
5727 | + reqmode & GR_READ ? " reading" : "", | |
5728 | + reqmode & GR_WRITE ? " writing" : "", | |
5729 | + reqmode & GR_EXEC ? " executing" : "", | |
5730 | + DEFAULTSECARGS); | |
5731 | + return reqmode; | |
5732 | + } else | |
5733 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
5734 | + { | |
5735 | + security_alert(GR_ACCESS_ACL_MSG, "denied", | |
5736 | + gr_to_filename(dentry, mnt), | |
5737 | + reqmode & GR_READ ? " reading" : "", | |
5738 | + reqmode & GR_WRITE ? " writing" : "", | |
5739 | + reqmode & GR_EXEC ? " executing" : "", | |
5740 | + DEFAULTSECARGS); | |
5741 | + return 0; | |
5742 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
5743 | + return 0; | |
5744 | + | |
5745 | + return reqmode; | |
5746 | +} | |
5747 | + | |
5748 | +#define generic_fs_handler(dentry, mnt, reqmode, fmt) \ | |
5749 | +{ \ | |
5750 | + __u32 mode; \ | |
5751 | + \ | |
5752 | + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); \ | |
5753 | + \ | |
5754 | + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \ | |
5755 | + security_audit(fmt, "successful", \ | |
5756 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); \ | |
5757 | + return mode; \ | |
5758 | + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \ | |
5759 | + security_alert(fmt, "denied", gr_to_filename(dentry, mnt), \ | |
5760 | + DEFAULTSECARGS); \ | |
5761 | + return 0; \ | |
5762 | + } else if (unlikely((mode & (reqmode)) != (reqmode))) \ | |
5763 | + return 0; \ | |
5764 | + \ | |
5765 | + return (reqmode); \ | |
5766 | +} | |
5767 | + | |
5768 | +__u32 | |
5769 | +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt) | |
5770 | +{ | |
5771 | + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG); | |
5772 | +} | |
5773 | + | |
5774 | +__u32 | |
5775 | +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt) | |
5776 | +{ | |
5777 | + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG); | |
5778 | +} | |
5779 | + | |
5780 | +__u32 | |
5781 | +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt) | |
5782 | +{ | |
5783 | + generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG); | |
5784 | +} | |
5785 | + | |
5786 | +__u32 | |
5787 | +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt) | |
5788 | +{ | |
5789 | + generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG); | |
5790 | +} | |
5791 | + | |
5792 | +__u32 | |
5793 | +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt, | |
5794 | + mode_t mode) | |
5795 | +{ | |
5796 | + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) { | |
5797 | + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID, | |
5798 | + GR_FCHMOD_ACL_MSG); | |
5799 | + } else { | |
5800 | + generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG); | |
5801 | + } | |
5802 | +} | |
5803 | + | |
5804 | +__u32 | |
5805 | +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt, | |
5806 | + mode_t mode) | |
5807 | +{ | |
5808 | + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) { | |
5809 | + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID, | |
5810 | + GR_CHMOD_ACL_MSG); | |
5811 | + } else { | |
5812 | + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG); | |
5813 | + } | |
5814 | +} | |
5815 | + | |
5816 | +__u32 | |
5817 | +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt) | |
5818 | +{ | |
5819 | + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG); | |
5820 | +} | |
5821 | + | |
5822 | +__u32 | |
5823 | +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt) | |
5824 | +{ | |
5825 | + generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG); | |
5826 | +} | |
5827 | + | |
5828 | +__u32 | |
5829 | +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt) | |
5830 | +{ | |
5831 | + generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE, | |
5832 | + GR_UNIXCONNECT_ACL_MSG); | |
5833 | +} | |
5834 | + | |
5835 | +__u32 | |
5836 | +gr_acl_handle_filldir(const struct dentry *dentry, const struct vfsmount *mnt, | |
5837 | + const ino_t ino) | |
5838 | +{ | |
5839 | + if (likely((unsigned long)(dentry->d_inode))) { | |
5840 | + struct dentry d = *dentry; | |
5841 | + struct inode inode = *(dentry->d_inode); | |
5842 | + | |
5843 | + inode.i_ino = ino; | |
5844 | + d.d_inode = &inode; | |
5845 | + | |
5846 | + if (unlikely(!gr_search_file(&d, GR_FIND | GR_NOLEARN, mnt))) | |
5847 | + return 0; | |
5848 | + } | |
5849 | + | |
5850 | + return 1; | |
5851 | +} | |
5852 | + | |
5853 | +__u32 | |
5854 | +gr_acl_handle_link(const struct dentry * new_dentry, | |
5855 | + const struct dentry * parent_dentry, | |
5856 | + const struct vfsmount * parent_mnt, | |
5857 | + const struct dentry * old_dentry, | |
5858 | + const struct vfsmount * old_mnt, const char *to) | |
5859 | +{ | |
5860 | + __u32 needmode = GR_WRITE | GR_CREATE; | |
5861 | + __u32 mode; | |
5862 | + | |
5863 | + mode = | |
5864 | + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry, | |
5865 | + old_mnt); | |
5866 | + | |
5867 | + if (unlikely(((mode & needmode) == needmode) && mode & GR_AUDITS)) { | |
5868 | + security_audit(GR_LINK_ACL_MSG, "successful", | |
5869 | + gr_to_filename(old_dentry, old_mnt), to, | |
5870 | + DEFAULTSECARGS); | |
5871 | + return mode; | |
5872 | + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { | |
5873 | + security_alert(GR_LINK_ACL_MSG, "denied", | |
5874 | + gr_to_filename(old_dentry, old_mnt), to, | |
5875 | + DEFAULTSECARGS); | |
5876 | + return 0; | |
5877 | + } else if (unlikely((mode & needmode) != needmode)) | |
5878 | + return 0; | |
5879 | + | |
5880 | + return (GR_WRITE | GR_CREATE); | |
5881 | +} | |
5882 | + | |
5883 | +__u32 | |
5884 | +gr_acl_handle_symlink(const struct dentry * new_dentry, | |
5885 | + const struct dentry * parent_dentry, | |
5886 | + const struct vfsmount * parent_mnt, const char *from) | |
5887 | +{ | |
5888 | + __u32 needmode = GR_WRITE | GR_CREATE; | |
5889 | + __u32 mode; | |
5890 | + | |
5891 | + mode = | |
5892 | + gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
5893 | + GR_CREATE | GR_AUDIT_CREATE | | |
5894 | + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS); | |
5895 | + | |
5896 | + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) { | |
5897 | + security_audit(GR_SYMLINK_ACL_MSG, "successful", | |
5898 | + from, gr_to_filename(new_dentry, parent_mnt), | |
5899 | + DEFAULTSECARGS); | |
5900 | + return mode; | |
5901 | + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { | |
5902 | + security_alert(GR_SYMLINK_ACL_MSG, "denied", | |
5903 | + from, gr_to_filename(new_dentry, parent_mnt), | |
5904 | + DEFAULTSECARGS); | |
5905 | + return 0; | |
5906 | + } else if (unlikely((mode & needmode) != needmode)) | |
5907 | + return 0; | |
5908 | + | |
5909 | + return (GR_WRITE | GR_CREATE); | |
5910 | +} | |
5911 | + | |
5912 | +#define generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, reqmode, fmt) \ | |
5913 | +{ \ | |
5914 | + __u32 mode; \ | |
5915 | + \ | |
5916 | + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); \ | |
5917 | + \ | |
5918 | + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \ | |
5919 | + security_audit(fmt, "successful", \ | |
5920 | + gr_to_filename(new_dentry, parent_mnt), \ | |
5921 | + DEFAULTSECARGS); \ | |
5922 | + return mode; \ | |
5923 | + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \ | |
5924 | + security_alert(fmt, "denied", \ | |
5925 | + gr_to_filename(new_dentry, parent_mnt), \ | |
5926 | + DEFAULTSECARGS); \ | |
5927 | + return 0; \ | |
5928 | + } else if (unlikely((mode & (reqmode)) != (reqmode))) \ | |
5929 | + return 0; \ | |
5930 | + \ | |
5931 | + return (reqmode); \ | |
5932 | +} | |
5933 | + | |
5934 | +__u32 | |
5935 | +gr_acl_handle_mknod(const struct dentry * new_dentry, | |
5936 | + const struct dentry * parent_dentry, | |
5937 | + const struct vfsmount * parent_mnt, | |
5938 | + const int mode) | |
5939 | +{ | |
5940 | + __u32 reqmode = GR_WRITE | GR_CREATE; | |
5941 | + if (unlikely(mode & (S_ISUID | S_ISGID))) | |
5942 | + reqmode |= GR_SETID; | |
5943 | + | |
5944 | + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, | |
5945 | + reqmode, GR_MKNOD_ACL_MSG); | |
5946 | +} | |
5947 | + | |
5948 | +__u32 | |
5949 | +gr_acl_handle_mkdir(const struct dentry *new_dentry, | |
5950 | + const struct dentry *parent_dentry, | |
5951 | + const struct vfsmount *parent_mnt) | |
5952 | +{ | |
5953 | + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, | |
5954 | + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG); | |
5955 | +} | |
5956 | + | |
5957 | +#define RENAME_CHECK_SUCCESS(old, new) \ | |
5958 | + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \ | |
5959 | + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ))) | |
5960 | + | |
5961 | +int | |
5962 | +gr_acl_handle_rename(struct dentry *new_dentry, | |
5963 | + struct dentry *parent_dentry, | |
5964 | + const struct vfsmount *parent_mnt, | |
5965 | + struct dentry *old_dentry, | |
5966 | + struct inode *old_parent_inode, | |
5967 | + struct vfsmount *old_mnt, const char *newname) | |
5968 | +{ | |
5969 | + __u32 comp1, comp2; | |
5970 | + int error = 0; | |
5971 | + | |
5972 | + if (unlikely(!gr_acl_is_enabled())) | |
5973 | + return 0; | |
5974 | + | |
5975 | + if (!new_dentry->d_inode) { | |
5976 | + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
5977 | + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ | | |
5978 | + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS); | |
5979 | + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE | | |
5980 | + GR_DELETE | GR_AUDIT_DELETE | | |
5981 | + GR_AUDIT_READ | GR_AUDIT_WRITE | | |
5982 | + GR_SUPPRESS, old_mnt); | |
5983 | + } else { | |
5984 | + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE | | |
5985 | + GR_CREATE | GR_DELETE | | |
5986 | + GR_AUDIT_CREATE | GR_AUDIT_DELETE | | |
5987 | + GR_AUDIT_READ | GR_AUDIT_WRITE | | |
5988 | + GR_SUPPRESS, parent_mnt); | |
5989 | + comp2 = | |
5990 | + gr_search_file(old_dentry, | |
5991 | + GR_READ | GR_WRITE | GR_AUDIT_READ | | |
5992 | + GR_DELETE | GR_AUDIT_DELETE | | |
5993 | + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt); | |
5994 | + } | |
5995 | + | |
5996 | + if (RENAME_CHECK_SUCCESS(comp1, comp2) && | |
5997 | + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS))) | |
5998 | + security_audit(GR_RENAME_ACL_MSG, "successful", | |
5999 | + gr_to_filename(old_dentry, old_mnt), | |
6000 | + newname, DEFAULTSECARGS); | |
6001 | + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS) | |
6002 | + && !(comp2 & GR_SUPPRESS)) { | |
6003 | + security_alert(GR_RENAME_ACL_MSG, "denied", | |
6004 | + gr_to_filename(old_dentry, old_mnt), newname, | |
6005 | + DEFAULTSECARGS); | |
6006 | + error = -EACCES; | |
6007 | + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2))) | |
6008 | + error = -EACCES; | |
6009 | + | |
6010 | + return error; | |
6011 | +} | |
6012 | + | |
6013 | +void | |
6014 | +gr_acl_handle_exit(void) | |
6015 | +{ | |
6016 | + u16 id; | |
6017 | + char *rolename; | |
6018 | + | |
6019 | + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) { | |
6020 | + id = current->acl_role_id; | |
6021 | + rolename = current->role->rolename; | |
6022 | + gr_set_acls(1); | |
6023 | + security_alert_good(GR_SPROLEL_ACL_MSG, | |
6024 | + rolename, id, DEFAULTSECARGS); | |
6025 | + } | |
6026 | + | |
6027 | + if (current->exec_file) { | |
6028 | + fput(current->exec_file); | |
6029 | + current->exec_file = NULL; | |
6030 | + } | |
6031 | +} | |
6032 | + | |
6033 | +int | |
6034 | +gr_acl_handle_procpidmem(const struct task_struct *task) | |
6035 | +{ | |
6036 | + if (unlikely(!gr_acl_is_enabled())) | |
6037 | + return 0; | |
6038 | + | |
6039 | + if (task->acl->mode & GR_PROTPROCFD) | |
6040 | + return -EACCES; | |
6041 | + | |
6042 | + return 0; | |
6043 | +} | |
6044 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_ip.c linux-2.6.7-rc1/grsecurity/gracl_ip.c | |
6045 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_ip.c 1970-01-01 01:00:00.000000000 +0100 | |
6046 | +++ linux-2.6.7-rc1/grsecurity/gracl_ip.c 2004-05-25 14:33:58.916403672 +0200 | |
6047 | @@ -0,0 +1,236 @@ | |
6048 | +/* | |
6049 | + * grsecurity/gracl_ip.c | |
6050 | + * Copyright Brad Spengler 2002, 2003 | |
6051 | + * | |
6052 | + */ | |
6053 | + | |
6054 | +#include <linux/kernel.h> | |
6055 | +#include <asm/uaccess.h> | |
6056 | +#include <asm/errno.h> | |
6057 | +#include <net/sock.h> | |
6058 | +#include <linux/file.h> | |
6059 | +#include <linux/fs.h> | |
6060 | +#include <linux/net.h> | |
6061 | +#include <linux/in.h> | |
6062 | +#include <linux/skbuff.h> | |
6063 | +#include <linux/ip.h> | |
6064 | +#include <linux/udp.h> | |
6065 | +#include <linux/smp_lock.h> | |
6066 | +#include <linux/types.h> | |
6067 | +#include <linux/sched.h> | |
6068 | +#include <linux/gracl.h> | |
6069 | +#include <linux/grsecurity.h> | |
6070 | +#include <linux/grinternal.h> | |
6071 | + | |
6072 | +#define GR_BIND 0x01 | |
6073 | +#define GR_CONNECT 0x02 | |
6074 | + | |
6075 | +static const char * gr_protocols[256] = { | |
6076 | + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt", | |
6077 | + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet", | |
6078 | + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1", | |
6079 | + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp", | |
6080 | + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++", | |
6081 | + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre", | |
6082 | + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile", | |
6083 | + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63", | |
6084 | + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv", | |
6085 | + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak", | |
6086 | + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf", | |
6087 | + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp", | |
6088 | + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim", | |
6089 | + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip", | |
6090 | + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp", | |
6091 | + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup", | |
6092 | + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135", | |
6093 | + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143", | |
6094 | + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151", | |
6095 | + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159", | |
6096 | + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167", | |
6097 | + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175", | |
6098 | + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183", | |
6099 | + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191", | |
6100 | + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199", | |
6101 | + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207", | |
6102 | + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215", | |
6103 | + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223", | |
6104 | + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231", | |
6105 | + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239", | |
6106 | + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247", | |
6107 | + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255", | |
6108 | + }; | |
6109 | + | |
6110 | +static const char * gr_socktypes[11] = { | |
6111 | + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6", | |
6112 | + "unknown:7", "unknown:8", "unknown:9", "packet" | |
6113 | + }; | |
6114 | + | |
6115 | +__inline__ const char * | |
6116 | +gr_proto_to_name(unsigned char proto) | |
6117 | +{ | |
6118 | + return gr_protocols[proto]; | |
6119 | +} | |
6120 | + | |
6121 | +__inline__ const char * | |
6122 | +gr_socktype_to_name(unsigned char type) | |
6123 | +{ | |
6124 | + return gr_socktypes[type]; | |
6125 | +} | |
6126 | + | |
6127 | +int | |
6128 | +gr_search_socket(const int domain, const int type, const int protocol) | |
6129 | +{ | |
6130 | + struct acl_subject_label *curr; | |
6131 | + | |
6132 | + if (unlikely(!gr_acl_is_enabled())) | |
6133 | + goto exit; | |
6134 | + | |
6135 | + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET) | |
6136 | + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255)) | |
6137 | + goto exit; // let the kernel handle it | |
6138 | + | |
6139 | + curr = current->acl; | |
6140 | + | |
6141 | + if (!curr->ips) | |
6142 | + goto exit; | |
6143 | + | |
6144 | + if ((curr->ip_type & (1 << type)) && | |
6145 | + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32)))) | |
6146 | + goto exit; | |
6147 | + | |
6148 | + if (curr->mode & GR_LEARN) { | |
6149 | + /* we don't place acls on raw sockets , and sometimes | |
6150 | + dgram/ip sockets are opened for ioctl and not | |
6151 | + bind/connect, so we'll fake a bind learn log */ | |
6152 | + if (type == SOCK_RAW || type == SOCK_PACKET) { | |
6153 | + __u32 fakeip = 0; | |
6154 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
6155 | + current->role->roletype, current->uid, | |
6156 | + current->gid, current->exec_file ? | |
6157 | + gr_to_filename(current->exec_file->f_dentry, | |
6158 | + current->exec_file->f_vfsmnt) : | |
6159 | + curr->filename, curr->filename, | |
6160 | + NIPQUAD(fakeip), 0, type, | |
6161 | + protocol, GR_CONNECT, NIPQUAD(current->curr_ip)); | |
6162 | + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) { | |
6163 | + __u32 fakeip = 0; | |
6164 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
6165 | + current->role->roletype, current->uid, | |
6166 | + current->gid, current->exec_file ? | |
6167 | + gr_to_filename(current->exec_file->f_dentry, | |
6168 | + current->exec_file->f_vfsmnt) : | |
6169 | + curr->filename, curr->filename, | |
6170 | + NIPQUAD(fakeip), 0, type, | |
6171 | + protocol, GR_BIND, NIPQUAD(current->curr_ip)); | |
6172 | + } | |
6173 | + /* we'll log when they use connect or bind */ | |
6174 | + goto exit; | |
6175 | + } | |
6176 | + | |
6177 | + security_alert(GR_SOCK_MSG, "inet", gr_socktype_to_name(type), | |
6178 | + gr_proto_to_name(protocol), DEFAULTSECARGS); | |
6179 | + | |
6180 | + return 0; | |
6181 | + exit: | |
6182 | + return 1; | |
6183 | +} | |
6184 | + | |
6185 | +static __inline__ int | |
6186 | +gr_search_connectbind(const int mode, const struct sock *sk, | |
6187 | + const struct sockaddr_in *addr, const int type) | |
6188 | +{ | |
6189 | + struct acl_subject_label *curr; | |
6190 | + struct acl_ip_label *ip; | |
6191 | + unsigned long i; | |
6192 | + __u32 ip_addr = 0; | |
6193 | + __u16 ip_port = 0; | |
6194 | + | |
6195 | + if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET)) | |
6196 | + return 1; | |
6197 | + | |
6198 | + curr = current->acl; | |
6199 | + | |
6200 | + if (!curr->ips) | |
6201 | + return 1; | |
6202 | + | |
6203 | + ip_addr = addr->sin_addr.s_addr; | |
6204 | + ip_port = ntohs(addr->sin_port); | |
6205 | + | |
6206 | + for (i = 0; i < curr->ip_num; i++) { | |
6207 | + ip = *(curr->ips + i); | |
6208 | + if ((ip->mode & mode) && | |
6209 | + (ip_port >= ip->low) && | |
6210 | + (ip_port <= ip->high) && | |
6211 | + ((ntohl(ip_addr) & ip->netmask) == | |
6212 | + (ntohl(ip->addr) & ip->netmask)) | |
6213 | + && (ip-> | |
6214 | + proto[sk->sk_protocol / 32] & (1 << (sk->sk_protocol % 32))) | |
6215 | + && (ip->type & (1 << type))) | |
6216 | + return 1; | |
6217 | + } | |
6218 | + | |
6219 | + if (curr->mode & GR_LEARN) { | |
6220 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
6221 | + current->role->roletype, current->uid, | |
6222 | + current->gid, current->exec_file ? | |
6223 | + gr_to_filename(current->exec_file->f_dentry, | |
6224 | + current->exec_file->f_vfsmnt) : | |
6225 | + curr->filename, curr->filename, | |
6226 | + NIPQUAD(ip_addr), ip_port, type, | |
6227 | + sk->sk_protocol, mode, NIPQUAD(current->curr_ip)); | |
6228 | + return 1; | |
6229 | + } | |
6230 | + | |
6231 | + if (mode == GR_BIND) | |
6232 | + security_alert(GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port, | |
6233 | + gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol), | |
6234 | + DEFAULTSECARGS); | |
6235 | + else if (mode == GR_CONNECT) | |
6236 | + security_alert(GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port, | |
6237 | + gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol), | |
6238 | + DEFAULTSECARGS); | |
6239 | + | |
6240 | + return 0; | |
6241 | +} | |
6242 | + | |
6243 | +int | |
6244 | +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr) | |
6245 | +{ | |
6246 | + return gr_search_connectbind(GR_CONNECT, sock->sk, addr, sock->type); | |
6247 | +} | |
6248 | + | |
6249 | +int | |
6250 | +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr) | |
6251 | +{ | |
6252 | + return gr_search_connectbind(GR_BIND, sock->sk, addr, sock->type); | |
6253 | +} | |
6254 | + | |
6255 | +int | |
6256 | +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr) | |
6257 | +{ | |
6258 | + if (addr) | |
6259 | + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM); | |
6260 | + else { | |
6261 | + struct sockaddr_in sin; | |
6262 | + const struct inet_opt *inet = inet_sk(sk); | |
6263 | + | |
6264 | + sin.sin_addr.s_addr = inet->daddr; | |
6265 | + sin.sin_port = inet->dport; | |
6266 | + | |
6267 | + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM); | |
6268 | + } | |
6269 | +} | |
6270 | + | |
6271 | +int | |
6272 | +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb) | |
6273 | +{ | |
6274 | + struct sockaddr_in sin; | |
6275 | + | |
6276 | + if (unlikely(skb->len < sizeof (struct udphdr))) | |
6277 | + return 1; // skip this packet | |
6278 | + | |
6279 | + sin.sin_addr.s_addr = skb->nh.iph->saddr; | |
6280 | + sin.sin_port = skb->h.uh->source; | |
6281 | + | |
6282 | + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM); | |
6283 | +} | |
6284 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_learn.c linux-2.6.7-rc1/grsecurity/gracl_learn.c | |
6285 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_learn.c 1970-01-01 01:00:00.000000000 +0100 | |
6286 | +++ linux-2.6.7-rc1/grsecurity/gracl_learn.c 2004-05-25 14:33:58.919403216 +0200 | |
6287 | @@ -0,0 +1,204 @@ | |
6288 | +#include <linux/kernel.h> | |
6289 | +#include <linux/mm.h> | |
6290 | +#include <linux/sched.h> | |
6291 | +#include <linux/poll.h> | |
6292 | +#include <linux/smp_lock.h> | |
6293 | +#include <linux/string.h> | |
6294 | +#include <linux/file.h> | |
6295 | +#include <linux/types.h> | |
6296 | +#include <linux/vmalloc.h> | |
6297 | +#include <linux/grinternal.h> | |
6298 | + | |
6299 | +extern ssize_t write_grsec_handler(struct file * file, const char * buf, | |
6300 | + size_t count, loff_t *ppos); | |
6301 | +extern int gr_acl_is_enabled(void); | |
6302 | + | |
6303 | +static DECLARE_WAIT_QUEUE_HEAD(learn_wait); | |
6304 | +static int gr_learn_attached; | |
6305 | + | |
6306 | +/* use a 512k buffer */ | |
6307 | +#define LEARN_BUFFER_SIZE (512 * 1024) | |
6308 | + | |
6309 | +static spinlock_t gr_learn_lock = SPIN_LOCK_UNLOCKED; | |
6310 | +static DECLARE_MUTEX(gr_learn_user_sem); | |
6311 | + | |
6312 | +/* we need to maintain two buffers, so that the kernel context of grlearn | |
6313 | + uses a semaphore around the userspace copying, and the other kernel contexts | |
6314 | + use a spinlock when copying into the buffer, since they cannot sleep | |
6315 | +*/ | |
6316 | +static char *learn_buffer; | |
6317 | +static char *learn_buffer_user; | |
6318 | +static int learn_buffer_len; | |
6319 | +static int learn_buffer_user_len; | |
6320 | + | |
6321 | +static ssize_t | |
6322 | +read_learn(struct file *file, char * buf, size_t count, loff_t * ppos) | |
6323 | +{ | |
6324 | + DECLARE_WAITQUEUE(wait, current); | |
6325 | + ssize_t retval = 0; | |
6326 | + | |
6327 | + add_wait_queue(&learn_wait, &wait); | |
6328 | + set_current_state(TASK_INTERRUPTIBLE); | |
6329 | + do { | |
6330 | + down(&gr_learn_user_sem); | |
6331 | + spin_lock(&gr_learn_lock); | |
6332 | + if (learn_buffer_len) | |
6333 | + break; | |
6334 | + spin_unlock(&gr_learn_lock); | |
6335 | + up(&gr_learn_user_sem); | |
6336 | + if (file->f_flags & O_NONBLOCK) { | |
6337 | + retval = -EAGAIN; | |
6338 | + goto out; | |
6339 | + } | |
6340 | + if (signal_pending(current)) { | |
6341 | + retval = -ERESTARTSYS; | |
6342 | + goto out; | |
6343 | + } | |
6344 | + | |
6345 | + schedule(); | |
6346 | + } while (1); | |
6347 | + | |
6348 | + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len); | |
6349 | + learn_buffer_user_len = learn_buffer_len; | |
6350 | + retval = learn_buffer_len; | |
6351 | + learn_buffer_len = 0; | |
6352 | + | |
6353 | + spin_unlock(&gr_learn_lock); | |
6354 | + | |
6355 | + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len)) | |
6356 | + retval = -EFAULT; | |
6357 | + | |
6358 | + up(&gr_learn_user_sem); | |
6359 | +out: | |
6360 | + set_current_state(TASK_RUNNING); | |
6361 | + remove_wait_queue(&learn_wait, &wait); | |
6362 | + return retval; | |
6363 | +} | |
6364 | + | |
6365 | +static unsigned int | |
6366 | +poll_learn(struct file * file, poll_table * wait) | |
6367 | +{ | |
6368 | + poll_wait(file, &learn_wait, wait); | |
6369 | + | |
6370 | + if (learn_buffer_len) | |
6371 | + return (POLLIN | POLLRDNORM); | |
6372 | + | |
6373 | + return 0; | |
6374 | +} | |
6375 | + | |
6376 | +void | |
6377 | +gr_clear_learn_entries(void) | |
6378 | +{ | |
6379 | + char *tmp; | |
6380 | + | |
6381 | + down(&gr_learn_user_sem); | |
6382 | + if (learn_buffer != NULL) { | |
6383 | + spin_lock(&gr_learn_lock); | |
6384 | + tmp = learn_buffer; | |
6385 | + learn_buffer = NULL; | |
6386 | + spin_unlock(&gr_learn_lock); | |
6387 | + vfree(learn_buffer); | |
6388 | + } | |
6389 | + if (learn_buffer_user != NULL) { | |
6390 | + vfree(learn_buffer_user); | |
6391 | + learn_buffer_user = NULL; | |
6392 | + } | |
6393 | + learn_buffer_len = 0; | |
6394 | + up(&gr_learn_user_sem); | |
6395 | + | |
6396 | + return; | |
6397 | +} | |
6398 | + | |
6399 | +void | |
6400 | +gr_add_learn_entry(const char *fmt, ...) | |
6401 | +{ | |
6402 | + va_list args; | |
6403 | + unsigned int len; | |
6404 | + | |
6405 | + if (!gr_learn_attached) | |
6406 | + return; | |
6407 | + | |
6408 | + spin_lock(&gr_learn_lock); | |
6409 | + | |
6410 | + /* leave a gap at the end so we know when it's "full" but don't have to | |
6411 | + compute the exact length of the string we're trying to append | |
6412 | + */ | |
6413 | + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) { | |
6414 | + spin_unlock(&gr_learn_lock); | |
6415 | + wake_up_interruptible(&learn_wait); | |
6416 | + return; | |
6417 | + } | |
6418 | + if (learn_buffer == NULL) { | |
6419 | + spin_unlock(&gr_learn_lock); | |
6420 | + return; | |
6421 | + } | |
6422 | + | |
6423 | + va_start(args, fmt); | |
6424 | + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args); | |
6425 | + va_end(args); | |
6426 | + | |
6427 | + learn_buffer_len += len + 1; | |
6428 | + | |
6429 | + spin_unlock(&gr_learn_lock); | |
6430 | + wake_up_interruptible(&learn_wait); | |
6431 | + | |
6432 | + return; | |
6433 | +} | |
6434 | + | |
6435 | +static int | |
6436 | +open_learn(struct inode *inode, struct file *file) | |
6437 | +{ | |
6438 | + if (file->f_mode & FMODE_READ && gr_learn_attached) | |
6439 | + return -EBUSY; | |
6440 | + if (file->f_mode & FMODE_READ) { | |
6441 | + down(&gr_learn_user_sem); | |
6442 | + if (learn_buffer == NULL) | |
6443 | + learn_buffer = vmalloc(LEARN_BUFFER_SIZE); | |
6444 | + if (learn_buffer_user == NULL) | |
6445 | + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE); | |
6446 | + if (learn_buffer == NULL) | |
6447 | + return -ENOMEM; | |
6448 | + if (learn_buffer_user == NULL) | |
6449 | + return -ENOMEM; | |
6450 | + learn_buffer_len = 0; | |
6451 | + learn_buffer_user_len = 0; | |
6452 | + gr_learn_attached = 1; | |
6453 | + up(&gr_learn_user_sem); | |
6454 | + } | |
6455 | + return 0; | |
6456 | +} | |
6457 | + | |
6458 | +static int | |
6459 | +close_learn(struct inode *inode, struct file *file) | |
6460 | +{ | |
6461 | + char *tmp; | |
6462 | + | |
6463 | + if (file->f_mode & FMODE_READ) { | |
6464 | + down(&gr_learn_user_sem); | |
6465 | + if (learn_buffer != NULL) { | |
6466 | + spin_lock(&gr_learn_lock); | |
6467 | + tmp = learn_buffer; | |
6468 | + learn_buffer = NULL; | |
6469 | + spin_unlock(&gr_learn_lock); | |
6470 | + vfree(tmp); | |
6471 | + } | |
6472 | + if (learn_buffer_user != NULL) { | |
6473 | + vfree(learn_buffer_user); | |
6474 | + learn_buffer_user = NULL; | |
6475 | + } | |
6476 | + learn_buffer_len = 0; | |
6477 | + learn_buffer_user_len = 0; | |
6478 | + gr_learn_attached = 0; | |
6479 | + up(&gr_learn_user_sem); | |
6480 | + } | |
6481 | + | |
6482 | + return 0; | |
6483 | +} | |
6484 | + | |
6485 | +struct file_operations grsec_fops = { | |
6486 | + read: read_learn, | |
6487 | + write: write_grsec_handler, | |
6488 | + open: open_learn, | |
6489 | + release: close_learn, | |
6490 | + poll: poll_learn, | |
6491 | +}; | |
6492 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_res.c linux-2.6.7-rc1/grsecurity/gracl_res.c | |
6493 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_res.c 1970-01-01 01:00:00.000000000 +0100 | |
6494 | +++ linux-2.6.7-rc1/grsecurity/gracl_res.c 2004-05-25 14:33:58.920403064 +0200 | |
6495 | @@ -0,0 +1,50 @@ | |
6496 | +/* resource handling routines (c) Brad Spengler 2002, 2003 */ | |
6497 | + | |
6498 | +#include <linux/kernel.h> | |
6499 | +#include <linux/sched.h> | |
6500 | +#include <linux/gracl.h> | |
6501 | +#include <linux/grinternal.h> | |
6502 | + | |
6503 | +static const char *restab_log[11] = { | |
6504 | + "RLIMIT_CPU", | |
6505 | + "RLIMIT_FSIZE", | |
6506 | + "RLIMIT_DATA", | |
6507 | + "RLIMIT_STACK", | |
6508 | + "RLIMIT_CORE", | |
6509 | + "RLIMIT_RSS", | |
6510 | + "RLIMIT_NPROC", | |
6511 | + "RLIMIT_NOFILE", | |
6512 | + "RLIMIT_MEMLOCK", | |
6513 | + "RLIMIT_AS", | |
6514 | + "RLIMIT_LOCKS" | |
6515 | +}; | |
6516 | + | |
6517 | +__inline__ void | |
6518 | +gr_log_resource(const struct task_struct *task, | |
6519 | + const int res, const unsigned long wanted, const int gt) | |
6520 | +{ | |
6521 | + if (unlikely(res == RLIMIT_NPROC && | |
6522 | + (cap_raised(task->cap_effective, CAP_SYS_ADMIN) || | |
6523 | + cap_raised(task->cap_effective, CAP_SYS_RESOURCE)))) | |
6524 | + return; | |
6525 | + | |
6526 | + preempt_disable(); | |
6527 | + | |
6528 | + if (unlikely(((gt && wanted > task->rlim[res].rlim_cur) || | |
6529 | + (!gt && wanted >= task->rlim[res].rlim_cur)) && | |
6530 | + task->rlim[res].rlim_cur != RLIM_INFINITY)) | |
6531 | + security_alert(GR_RESOURCE_MSG, wanted, restab_log[res], | |
6532 | + task->rlim[res].rlim_cur, | |
6533 | + gr_task_fullpath(task), task->comm, | |
6534 | + task->pid, task->uid, task->euid, | |
6535 | + task->gid, task->egid, | |
6536 | + gr_parent_task_fullpath(task), | |
6537 | + task->parent->comm, | |
6538 | + task->parent->pid, task->parent->uid, | |
6539 | + task->parent->euid, task->parent->gid, | |
6540 | + task->parent->egid); | |
6541 | + | |
6542 | + preempt_enable_no_resched(); | |
6543 | + | |
6544 | + return; | |
6545 | +} | |
6546 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_segv.c linux-2.6.7-rc1/grsecurity/gracl_segv.c | |
6547 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_segv.c 1970-01-01 01:00:00.000000000 +0100 | |
6548 | +++ linux-2.6.7-rc1/grsecurity/gracl_segv.c 2004-05-25 14:33:58.922402760 +0200 | |
6549 | @@ -0,0 +1,330 @@ | |
6550 | +/* | |
6551 | + * grsecurity/gracl_segv.c | |
6552 | + * Copyright Brad Spengler 2002, 2003 | |
6553 | + * | |
6554 | + */ | |
6555 | + | |
6556 | +#include <linux/kernel.h> | |
6557 | +#include <linux/mm.h> | |
6558 | +#include <asm/uaccess.h> | |
6559 | +#include <asm/errno.h> | |
6560 | +#include <asm/mman.h> | |
6561 | +#include <net/sock.h> | |
6562 | +#include <linux/file.h> | |
6563 | +#include <linux/fs.h> | |
6564 | +#include <linux/net.h> | |
6565 | +#include <linux/in.h> | |
6566 | +#include <linux/smp_lock.h> | |
6567 | +#include <linux/slab.h> | |
6568 | +#include <linux/types.h> | |
6569 | +#include <linux/sched.h> | |
6570 | +#include <linux/timer.h> | |
6571 | +#include <linux/gracl.h> | |
6572 | +#include <linux/grsecurity.h> | |
6573 | +#include <linux/grinternal.h> | |
6574 | + | |
6575 | +static struct crash_uid *uid_set; | |
6576 | +static unsigned short uid_used; | |
6577 | +static rwlock_t gr_uid_lock = RW_LOCK_UNLOCKED; | |
6578 | +extern rwlock_t gr_inode_lock; | |
6579 | +extern struct acl_subject_label * | |
6580 | + lookup_acl_subj_label(const ino_t inode, const dev_t dev, | |
6581 | + struct acl_role_label *role); | |
6582 | +extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t); | |
6583 | + | |
6584 | +int | |
6585 | +gr_init_uidset(void) | |
6586 | +{ | |
6587 | + uid_set = | |
6588 | + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL); | |
6589 | + uid_used = 0; | |
6590 | + | |
6591 | + return uid_set ? 1 : 0; | |
6592 | +} | |
6593 | + | |
6594 | +void | |
6595 | +gr_free_uidset(void) | |
6596 | +{ | |
6597 | + if (uid_set) | |
6598 | + kfree(uid_set); | |
6599 | + | |
6600 | + return; | |
6601 | +} | |
6602 | + | |
6603 | +int | |
6604 | +gr_find_uid(const uid_t uid) | |
6605 | +{ | |
6606 | + struct crash_uid *tmp = uid_set; | |
6607 | + uid_t buid; | |
6608 | + int low = 0, high = uid_used - 1, mid; | |
6609 | + | |
6610 | + while (high >= low) { | |
6611 | + mid = (low + high) >> 1; | |
6612 | + buid = tmp[mid].uid; | |
6613 | + if (buid == uid) | |
6614 | + return mid; | |
6615 | + if (buid > uid) | |
6616 | + high = mid - 1; | |
6617 | + if (buid < uid) | |
6618 | + low = mid + 1; | |
6619 | + } | |
6620 | + | |
6621 | + return -1; | |
6622 | +} | |
6623 | + | |
6624 | +static __inline__ void | |
6625 | +gr_insertsort(void) | |
6626 | +{ | |
6627 | + unsigned short i, j; | |
6628 | + struct crash_uid index; | |
6629 | + | |
6630 | + for (i = 1; i < uid_used; i++) { | |
6631 | + index = uid_set[i]; | |
6632 | + j = i; | |
6633 | + while ((j > 0) && uid_set[j - 1].uid > index.uid) { | |
6634 | + uid_set[j] = uid_set[j - 1]; | |
6635 | + j--; | |
6636 | + } | |
6637 | + uid_set[j] = index; | |
6638 | + } | |
6639 | + | |
6640 | + return; | |
6641 | +} | |
6642 | + | |
6643 | +static __inline__ void | |
6644 | +gr_insert_uid(const uid_t uid, const unsigned long expires) | |
6645 | +{ | |
6646 | + int loc; | |
6647 | + | |
6648 | + if (uid_used == GR_UIDTABLE_MAX) | |
6649 | + return; | |
6650 | + | |
6651 | + loc = gr_find_uid(uid); | |
6652 | + | |
6653 | + if (loc >= 0) { | |
6654 | + uid_set[loc].expires = expires; | |
6655 | + return; | |
6656 | + } | |
6657 | + | |
6658 | + uid_set[uid_used].uid = uid; | |
6659 | + uid_set[uid_used].expires = expires; | |
6660 | + uid_used++; | |
6661 | + | |
6662 | + gr_insertsort(); | |
6663 | + | |
6664 | + return; | |
6665 | +} | |
6666 | + | |
6667 | +void | |
6668 | +gr_remove_uid(const unsigned short loc) | |
6669 | +{ | |
6670 | + unsigned short i; | |
6671 | + | |
6672 | + for (i = loc + 1; i < uid_used; i++) | |
6673 | + uid_set[i - i] = uid_set[i]; | |
6674 | + | |
6675 | + uid_used--; | |
6676 | + | |
6677 | + return; | |
6678 | +} | |
6679 | + | |
6680 | +int | |
6681 | +gr_check_crash_uid(const uid_t uid) | |
6682 | +{ | |
6683 | + int loc; | |
6684 | + | |
6685 | + if (unlikely(!gr_acl_is_enabled())) | |
6686 | + return 0; | |
6687 | + | |
6688 | + read_lock(&gr_uid_lock); | |
6689 | + loc = gr_find_uid(uid); | |
6690 | + read_unlock(&gr_uid_lock); | |
6691 | + | |
6692 | + if (loc < 0) | |
6693 | + return 0; | |
6694 | + | |
6695 | + write_lock(&gr_uid_lock); | |
6696 | + if (time_before_eq(uid_set[loc].expires, get_seconds())) | |
6697 | + gr_remove_uid(loc); | |
6698 | + else { | |
6699 | + write_unlock(&gr_uid_lock); | |
6700 | + return 1; | |
6701 | + } | |
6702 | + | |
6703 | + write_unlock(&gr_uid_lock); | |
6704 | + return 0; | |
6705 | +} | |
6706 | + | |
6707 | +static __inline__ int | |
6708 | +proc_is_setxid(const struct task_struct *task) | |
6709 | +{ | |
6710 | + if (task->uid != task->euid || task->uid != task->suid || | |
6711 | + task->uid != task->fsuid) | |
6712 | + return 1; | |
6713 | + if (task->gid != task->egid || task->gid != task->sgid || | |
6714 | + task->gid != task->fsgid) | |
6715 | + return 1; | |
6716 | + | |
6717 | + return 0; | |
6718 | +} | |
6719 | +static __inline__ int | |
6720 | +gr_fake_force_sig(int sig, struct task_struct *t) | |
6721 | +{ | |
6722 | + unsigned long int flags; | |
6723 | + int ret; | |
6724 | + | |
6725 | + spin_lock_irqsave(&t->sighand->siglock, flags); | |
6726 | + if (sigismember(&t->blocked, sig) || t->sighand->action[sig-1].sa.sa_handler == SIG_IGN) { | |
6727 | + t->sighand->action[sig-1].sa.sa_handler = SIG_DFL; | |
6728 | + sigdelset(&t->blocked, sig); | |
6729 | + recalc_sigpending_tsk(t); | |
6730 | + } | |
6731 | + ret = specific_send_sig_info(sig, (void*)1L, t); | |
6732 | + spin_unlock_irqrestore(&t->sighand->siglock, flags); | |
6733 | + | |
6734 | + return ret; | |
6735 | +} | |
6736 | + | |
6737 | +void | |
6738 | +gr_handle_crash(struct task_struct *task, const int sig) | |
6739 | +{ | |
6740 | + struct acl_subject_label *curr; | |
6741 | + struct acl_subject_label *curr2; | |
6742 | + struct task_struct *tsk, *tsk2; | |
6743 | + | |
6744 | + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL) | |
6745 | + return; | |
6746 | + | |
6747 | + if (unlikely(!gr_acl_is_enabled())) | |
6748 | + return; | |
6749 | + | |
6750 | + curr = task->acl; | |
6751 | + | |
6752 | + if (!(curr->resmask & (1 << GR_CRASH_RES))) | |
6753 | + return; | |
6754 | + | |
6755 | + if (time_before_eq(curr->expires, get_seconds())) { | |
6756 | + curr->expires = 0; | |
6757 | + curr->crashes = 0; | |
6758 | + } | |
6759 | + | |
6760 | + curr->crashes++; | |
6761 | + | |
6762 | + if (!curr->expires) | |
6763 | + curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max; | |
6764 | + | |
6765 | + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) && | |
6766 | + time_after(curr->expires, get_seconds())) { | |
6767 | + if (task->uid && proc_is_setxid(task)) { | |
6768 | + security_alert(GR_SEGVSTART_ACL_MSG, | |
6769 | + gr_task_fullpath(task), task->comm, | |
6770 | + task->pid, task->uid, task->euid, | |
6771 | + task->gid, task->egid, | |
6772 | + gr_parent_task_fullpath(task), | |
6773 | + task->parent->comm, task->parent->pid, | |
6774 | + task->parent->uid, task->parent->euid, | |
6775 | + task->parent->gid, task->parent->egid, | |
6776 | + task->uid, | |
6777 | + curr->res[GR_CRASH_RES].rlim_max); | |
6778 | + write_lock(&gr_uid_lock); | |
6779 | + gr_insert_uid(task->uid, curr->expires); | |
6780 | + write_unlock(&gr_uid_lock); | |
6781 | + curr->expires = 0; | |
6782 | + curr->crashes = 0; | |
6783 | + read_lock(&tasklist_lock); | |
6784 | + for_each_process(tsk) { | |
6785 | + tsk2 = tsk; | |
6786 | + do { | |
6787 | + if (tsk2 != task && tsk2->uid == task->uid) | |
6788 | + gr_fake_force_sig(SIGKILL, tsk2); | |
6789 | + } while ((tsk2 = next_thread(tsk2)) != tsk); | |
6790 | + } | |
6791 | + read_unlock(&tasklist_lock); | |
6792 | + } else { | |
6793 | + security_alert(GR_SEGVNOSUID_ACL_MSG, | |
6794 | + gr_task_fullpath(task), task->comm, | |
6795 | + task->pid, task->uid, task->euid, | |
6796 | + task->gid, task->egid, | |
6797 | + gr_parent_task_fullpath(task), | |
6798 | + task->parent->comm, task->parent->pid, | |
6799 | + task->parent->uid, task->parent->euid, | |
6800 | + task->parent->gid, task->parent->egid, | |
6801 | + curr->res[GR_CRASH_RES].rlim_max); | |
6802 | + read_lock(&tasklist_lock); | |
6803 | + for_each_process(tsk) { | |
6804 | + tsk2 = tsk; | |
6805 | + do { | |
6806 | + if (likely(tsk2 != task)) { | |
6807 | + curr2 = tsk2->acl; | |
6808 | + | |
6809 | + if (curr2->device == curr->device && | |
6810 | + curr2->inode == curr->inode) | |
6811 | + gr_fake_force_sig(SIGKILL, tsk2); | |
6812 | + } | |
6813 | + } while ((tsk2 = next_thread(tsk2)) != tsk); | |
6814 | + } | |
6815 | + read_unlock(&tasklist_lock); | |
6816 | + } | |
6817 | + } | |
6818 | + | |
6819 | + return; | |
6820 | +} | |
6821 | + | |
6822 | +int | |
6823 | +gr_check_crash_exec(const struct file *filp) | |
6824 | +{ | |
6825 | + struct acl_subject_label *curr; | |
6826 | + | |
6827 | + if (unlikely(!gr_acl_is_enabled())) | |
6828 | + return 0; | |
6829 | + | |
6830 | + read_lock(&gr_inode_lock); | |
6831 | + curr = lookup_acl_subj_label(filp->f_dentry->d_inode->i_ino, | |
6832 | + filp->f_dentry->d_inode->i_sb->s_dev, | |
6833 | + current->role); | |
6834 | + read_unlock(&gr_inode_lock); | |
6835 | + | |
6836 | + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) || | |
6837 | + (!curr->crashes && !curr->expires)) | |
6838 | + return 0; | |
6839 | + | |
6840 | + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) && | |
6841 | + time_after(curr->expires, get_seconds())) | |
6842 | + return 1; | |
6843 | + else if (time_before_eq(curr->expires, get_seconds())) { | |
6844 | + curr->crashes = 0; | |
6845 | + curr->expires = 0; | |
6846 | + } | |
6847 | + | |
6848 | + return 0; | |
6849 | +} | |
6850 | + | |
6851 | +void | |
6852 | +gr_handle_alertkill(void) | |
6853 | +{ | |
6854 | + struct acl_subject_label *curracl; | |
6855 | + __u32 curr_ip; | |
6856 | + struct task_struct *task, *task2; | |
6857 | + | |
6858 | + if (unlikely(!gr_acl_is_enabled())) | |
6859 | + return; | |
6860 | + | |
6861 | + curracl = current->acl; | |
6862 | + curr_ip = current->curr_ip; | |
6863 | + | |
6864 | + if ((curracl->mode & GR_KILLIPPROC) && curr_ip && | |
6865 | + (curr_ip != 0xffffffff)) { | |
6866 | + read_lock(&tasklist_lock); | |
6867 | + for_each_process(task) { | |
6868 | + task2 = task; | |
6869 | + do { | |
6870 | + if (task2->curr_ip == curr_ip) | |
6871 | + gr_fake_force_sig(SIGKILL, task2); | |
6872 | + } while ((task2 = next_thread(task2)) != task); | |
6873 | + } | |
6874 | + read_unlock(&tasklist_lock); | |
6875 | + } else if (curracl->mode & GR_KILLPROC) | |
6876 | + gr_fake_force_sig(SIGKILL, current); | |
6877 | + | |
6878 | + return; | |
6879 | +} | |
6880 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/gracl_shm.c linux-2.6.7-rc1/grsecurity/gracl_shm.c | |
6881 | --- linux-2.6.7-rc1.orig/grsecurity/gracl_shm.c 1970-01-01 01:00:00.000000000 +0100 | |
6882 | +++ linux-2.6.7-rc1/grsecurity/gracl_shm.c 2004-05-25 14:33:58.924402456 +0200 | |
6883 | @@ -0,0 +1,36 @@ | |
6884 | +/* shared memory handling routines, (c) Brad Spengler 2002, 2003 */ | |
6885 | + | |
6886 | +#include <linux/kernel.h> | |
6887 | +#include <linux/mm.h> | |
6888 | +#include <linux/sched.h> | |
6889 | +#include <linux/file.h> | |
6890 | +#include <linux/ipc.h> | |
6891 | +#include <linux/gracl.h> | |
6892 | +#include <linux/grsecurity.h> | |
6893 | +#include <linux/grinternal.h> | |
6894 | + | |
6895 | +int | |
6896 | +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
6897 | + const time_t shm_createtime, const uid_t cuid, const int shmid) | |
6898 | +{ | |
6899 | + struct task_struct *task; | |
6900 | + | |
6901 | + if (!gr_acl_is_enabled()) | |
6902 | + return 1; | |
6903 | + | |
6904 | + task = find_task_by_pid(shm_cprid); | |
6905 | + | |
6906 | + if (unlikely(!task)) | |
6907 | + task = find_task_by_pid(shm_lapid); | |
6908 | + | |
6909 | + if (unlikely(task && ((task->start_time < shm_createtime) || | |
6910 | + (task->pid == shm_lapid)) && | |
6911 | + (task->acl->mode & GR_PROTSHM) && | |
6912 | + (task->acl != current->acl))) { | |
6913 | + security_alert(GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid, | |
6914 | + DEFAULTSECARGS); | |
6915 | + return 0; | |
6916 | + } | |
6917 | + | |
6918 | + return 1; | |
6919 | +} | |
6920 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_chdir.c linux-2.6.7-rc1/grsecurity/grsec_chdir.c | |
6921 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_chdir.c 1970-01-01 01:00:00.000000000 +0100 | |
6922 | +++ linux-2.6.7-rc1/grsecurity/grsec_chdir.c 2004-05-25 14:33:58.925402304 +0200 | |
6923 | @@ -0,0 +1,20 @@ | |
6924 | +#include <linux/kernel.h> | |
6925 | +#include <linux/sched.h> | |
6926 | +#include <linux/fs.h> | |
6927 | +#include <linux/file.h> | |
6928 | +#include <linux/grsecurity.h> | |
6929 | +#include <linux/grinternal.h> | |
6930 | + | |
6931 | +void | |
6932 | +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt) | |
6933 | +{ | |
6934 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
6935 | + if ((grsec_enable_chdir && grsec_enable_group && | |
6936 | + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir && | |
6937 | + !grsec_enable_group)) { | |
6938 | + security_audit(GR_CHDIR_AUDIT_MSG, gr_to_filename(dentry, mnt), | |
6939 | + DEFAULTSECARGS); | |
6940 | + } | |
6941 | +#endif | |
6942 | + return; | |
6943 | +} | |
6944 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_chroot.c linux-2.6.7-rc1/grsecurity/grsec_chroot.c | |
6945 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_chroot.c 1970-01-01 01:00:00.000000000 +0100 | |
6946 | +++ linux-2.6.7-rc1/grsecurity/grsec_chroot.c 2004-05-25 14:33:58.928401848 +0200 | |
6947 | @@ -0,0 +1,348 @@ | |
6948 | +#include <linux/kernel.h> | |
6949 | +#include <linux/module.h> | |
6950 | +#include <linux/sched.h> | |
6951 | +#include <linux/file.h> | |
6952 | +#include <linux/fs.h> | |
6953 | +#include <linux/mount.h> | |
6954 | +#include <linux/types.h> | |
6955 | +#include <linux/grinternal.h> | |
6956 | + | |
6957 | +int | |
6958 | +gr_handle_chroot_unix(const pid_t pid) | |
6959 | +{ | |
6960 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
6961 | + struct pid *spid = NULL; | |
6962 | + | |
6963 | + if (unlikely(!grsec_enable_chroot_unix)) | |
6964 | + return 1; | |
6965 | + | |
6966 | + if (likely(!proc_is_chrooted(current))) | |
6967 | + return 1; | |
6968 | + | |
6969 | + read_lock(&tasklist_lock); | |
6970 | + | |
6971 | + spid = find_pid(PIDTYPE_PID, pid); | |
6972 | + if (spid) { | |
6973 | + struct task_struct *p; | |
6974 | + p = pid_task(spid->task_list.next, PIDTYPE_PID); | |
6975 | + if (unlikely(!have_same_root(current, p))) { | |
6976 | + read_unlock(&tasklist_lock); | |
6977 | + security_alert(GR_UNIX_CHROOT_MSG, DEFAULTSECARGS); | |
6978 | + return 0; | |
6979 | + } | |
6980 | + } | |
6981 | + read_unlock(&tasklist_lock); | |
6982 | +#endif | |
6983 | + return 1; | |
6984 | +} | |
6985 | + | |
6986 | +int | |
6987 | +gr_handle_chroot_nice(void) | |
6988 | +{ | |
6989 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
6990 | + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) { | |
6991 | + security_alert(GR_NICE_CHROOT_MSG, DEFAULTSECARGS); | |
6992 | + return -EPERM; | |
6993 | + } | |
6994 | +#endif | |
6995 | + return 0; | |
6996 | +} | |
6997 | + | |
6998 | +int | |
6999 | +gr_handle_chroot_setpriority(struct task_struct *p, const int niceval) | |
7000 | +{ | |
7001 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
7002 | + if (grsec_enable_chroot_nice && (!have_same_root(p, current) | |
7003 | + || (have_same_root(p, current) | |
7004 | + && (niceval < task_nice(p)) | |
7005 | + && proc_is_chrooted(current)))) { | |
7006 | + security_alert(GR_PRIORITY_CHROOT_MSG, p->comm, p->pid, | |
7007 | + DEFAULTSECARGS); | |
7008 | + return -ESRCH; | |
7009 | + } | |
7010 | +#endif | |
7011 | + return 0; | |
7012 | +} | |
7013 | + | |
7014 | +int | |
7015 | +gr_handle_chroot_capset(const struct task_struct *target) | |
7016 | +{ | |
7017 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
7018 | + if (grsec_enable_chroot_caps && proc_is_chrooted(current) && | |
7019 | + !have_same_root(current, target)) { | |
7020 | + security_alert(GR_CAPSET_CHROOT_MSG, target->comm, target->pid, | |
7021 | + DEFAULTSECARGS); | |
7022 | + return 1; | |
7023 | + } | |
7024 | +#endif | |
7025 | + return 0; | |
7026 | +} | |
7027 | + | |
7028 | +int | |
7029 | +gr_handle_chroot_rawio(const struct inode *inode) | |
7030 | +{ | |
7031 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
7032 | + if (grsec_enable_chroot_caps && proc_is_chrooted(current) && | |
7033 | + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO)) | |
7034 | + return 1; | |
7035 | +#endif | |
7036 | + return 0; | |
7037 | +} | |
7038 | + | |
7039 | +int | |
7040 | +gr_pid_is_chrooted(const struct task_struct *p) | |
7041 | +{ | |
7042 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
7043 | + if (!grsec_enable_chroot_findtask || (current->pid <= 1)) | |
7044 | + return 0; | |
7045 | + | |
7046 | + if (p && p->fs && p->fs->root && p->fs->root->d_inode && | |
7047 | + child_reaper && child_reaper->fs && child_reaper->fs->root && | |
7048 | + child_reaper->fs->root->d_inode && current && current->fs && | |
7049 | + current->fs->root && current->fs->root->d_inode) { | |
7050 | + if (proc_is_chrooted(current) && !have_same_root(current, p)) | |
7051 | + return 1; | |
7052 | + } | |
7053 | +#endif | |
7054 | + return 0; | |
7055 | +} | |
7056 | + | |
7057 | +EXPORT_SYMBOL(gr_pid_is_chrooted); | |
7058 | + | |
7059 | +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR) | |
7060 | +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt) | |
7061 | +{ | |
7062 | + struct dentry *dentry = (struct dentry *)u_dentry; | |
7063 | + struct vfsmount *mnt = (struct vfsmount *)u_mnt; | |
7064 | + struct dentry *realroot; | |
7065 | + struct vfsmount *realrootmnt; | |
7066 | + struct dentry *currentroot; | |
7067 | + struct vfsmount *currentmnt; | |
7068 | + | |
7069 | + read_lock(&child_reaper->fs->lock); | |
7070 | + realrootmnt = mntget(child_reaper->fs->rootmnt); | |
7071 | + realroot = dget(child_reaper->fs->root); | |
7072 | + read_unlock(&child_reaper->fs->lock); | |
7073 | + | |
7074 | + read_lock(¤t->fs->lock); | |
7075 | + currentmnt = mntget(current->fs->rootmnt); | |
7076 | + currentroot = dget(current->fs->root); | |
7077 | + read_unlock(¤t->fs->lock); | |
7078 | + | |
7079 | + spin_lock(&dcache_lock); | |
7080 | + for (;;) { | |
7081 | + if (unlikely((dentry == realroot && mnt == realrootmnt) | |
7082 | + || (dentry == currentroot && mnt == currentmnt))) | |
7083 | + break; | |
7084 | + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) { | |
7085 | + if (mnt->mnt_parent == mnt) | |
7086 | + break; | |
7087 | + dentry = mnt->mnt_mountpoint; | |
7088 | + mnt = mnt->mnt_parent; | |
7089 | + continue; | |
7090 | + } | |
7091 | + dentry = dentry->d_parent; | |
7092 | + } | |
7093 | + spin_unlock(&dcache_lock); | |
7094 | + | |
7095 | + dput(currentroot); | |
7096 | + mntput(currentmnt); | |
7097 | + | |
7098 | + if (dentry == realroot && mnt == realrootmnt) { | |
7099 | + /* access is outside of chroot */ | |
7100 | + dput(realroot); | |
7101 | + mntput(realrootmnt); | |
7102 | + return 0; | |
7103 | + } | |
7104 | + | |
7105 | + dput(realroot); | |
7106 | + mntput(realrootmnt); | |
7107 | + return 1; | |
7108 | +} | |
7109 | +#endif | |
7110 | + | |
7111 | +int | |
7112 | +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt) | |
7113 | +{ | |
7114 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
7115 | + if (!grsec_enable_chroot_fchdir) | |
7116 | + return 1; | |
7117 | + | |
7118 | + if (!proc_is_chrooted(current)) | |
7119 | + return 1; | |
7120 | + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) { | |
7121 | + security_alert(GR_CHROOT_FCHDIR_MSG, | |
7122 | + gr_to_filename(u_dentry, u_mnt), | |
7123 | + DEFAULTSECARGS); | |
7124 | + return 0; | |
7125 | + } | |
7126 | +#endif | |
7127 | + return 1; | |
7128 | +} | |
7129 | + | |
7130 | +int | |
7131 | +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
7132 | + const time_t shm_createtime) | |
7133 | +{ | |
7134 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
7135 | + struct pid *pid = NULL; | |
7136 | + u64 starttime64; | |
7137 | + time_t starttime; | |
7138 | + | |
7139 | + if (unlikely(!grsec_enable_chroot_shmat)) | |
7140 | + return 1; | |
7141 | + | |
7142 | + if (likely(!proc_is_chrooted(current))) | |
7143 | + return 1; | |
7144 | + | |
7145 | + read_lock(&tasklist_lock); | |
7146 | + | |
7147 | + pid = find_pid(PIDTYPE_PID, shm_cprid); | |
7148 | + if (pid) { | |
7149 | + struct task_struct *p; | |
7150 | + p = pid_task(pid->task_list.next, PIDTYPE_PID); | |
7151 | + starttime64 = p->start_time; | |
7152 | + do_div(starttime64, HZ); | |
7153 | + starttime = (time_t) starttime64; | |
7154 | + if (unlikely(!have_same_root(current, p) && | |
7155 | + time_before((unsigned long)starttime, (unsigned long)shm_createtime))) { | |
7156 | + read_unlock(&tasklist_lock); | |
7157 | + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS); | |
7158 | + return 0; | |
7159 | + } | |
7160 | + } else { | |
7161 | + pid = find_pid(PIDTYPE_PID, shm_lapid); | |
7162 | + if (pid) { | |
7163 | + struct task_struct *p; | |
7164 | + p = pid_task(pid->task_list.next, PIDTYPE_PID); | |
7165 | + if (unlikely(!have_same_root(current, p))) { | |
7166 | + read_unlock(&tasklist_lock); | |
7167 | + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS); | |
7168 | + return 0; | |
7169 | + } | |
7170 | + } | |
7171 | + } | |
7172 | + | |
7173 | + read_unlock(&tasklist_lock); | |
7174 | +#endif | |
7175 | + return 1; | |
7176 | +} | |
7177 | + | |
7178 | +void | |
7179 | +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt) | |
7180 | +{ | |
7181 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
7182 | + if (grsec_enable_chroot_execlog && proc_is_chrooted(current)) | |
7183 | + security_audit(GR_EXEC_CHROOT_MSG, gr_to_filename(dentry, mnt), | |
7184 | + DEFAULTSECARGS); | |
7185 | +#endif | |
7186 | + return; | |
7187 | +} | |
7188 | + | |
7189 | +int | |
7190 | +gr_handle_chroot_mknod(const struct dentry *dentry, | |
7191 | + const struct vfsmount *mnt, const int mode) | |
7192 | +{ | |
7193 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
7194 | + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) && | |
7195 | + proc_is_chrooted(current)) { | |
7196 | + security_alert(GR_MKNOD_CHROOT_MSG, | |
7197 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
7198 | + return -EPERM; | |
7199 | + } | |
7200 | +#endif | |
7201 | + return 0; | |
7202 | +} | |
7203 | + | |
7204 | +int | |
7205 | +gr_handle_chroot_mount(const struct dentry *dentry, | |
7206 | + const struct vfsmount *mnt, const char *dev_name) | |
7207 | +{ | |
7208 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
7209 | + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) { | |
7210 | + security_alert(GR_MOUNT_CHROOT_MSG, dev_name, | |
7211 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
7212 | + return -EPERM; | |
7213 | + } | |
7214 | +#endif | |
7215 | + return 0; | |
7216 | +} | |
7217 | + | |
7218 | +int | |
7219 | +gr_handle_chroot_pivot(void) | |
7220 | +{ | |
7221 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
7222 | + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) { | |
7223 | + security_alert(GR_PIVOT_CHROOT_MSG, DEFAULTSECARGS); | |
7224 | + return -EPERM; | |
7225 | + } | |
7226 | +#endif | |
7227 | + return 0; | |
7228 | +} | |
7229 | + | |
7230 | +int | |
7231 | +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt) | |
7232 | +{ | |
7233 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
7234 | + if (grsec_enable_chroot_double && proc_is_chrooted(current) && | |
7235 | + !gr_is_outside_chroot(dentry, mnt)) { | |
7236 | + security_alert(GR_CHROOT_CHROOT_MSG, | |
7237 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
7238 | + return -EPERM; | |
7239 | + } | |
7240 | +#endif | |
7241 | + return 0; | |
7242 | +} | |
7243 | + | |
7244 | +void | |
7245 | +gr_handle_chroot_caps(struct task_struct *task) | |
7246 | +{ | |
7247 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
7248 | + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) { | |
7249 | + task->cap_permitted = | |
7250 | + cap_drop(task->cap_permitted, GR_CHROOT_CAPS); | |
7251 | + task->cap_inheritable = | |
7252 | + cap_drop(task->cap_inheritable, GR_CHROOT_CAPS); | |
7253 | + task->cap_effective = | |
7254 | + cap_drop(task->cap_effective, GR_CHROOT_CAPS); | |
7255 | + } | |
7256 | +#endif | |
7257 | + return; | |
7258 | +} | |
7259 | + | |
7260 | +int | |
7261 | +gr_handle_chroot_sysctl(const int op) | |
7262 | +{ | |
7263 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
7264 | + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current) | |
7265 | + && (op & 002)) | |
7266 | + return -EACCES; | |
7267 | +#endif | |
7268 | + return 0; | |
7269 | +} | |
7270 | + | |
7271 | +void | |
7272 | +gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt) | |
7273 | +{ | |
7274 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
7275 | + if (grsec_enable_chroot_chdir) | |
7276 | + set_fs_pwd(current->fs, mnt, dentry); | |
7277 | +#endif | |
7278 | + return; | |
7279 | +} | |
7280 | + | |
7281 | +int | |
7282 | +gr_handle_chroot_chmod(const struct dentry *dentry, | |
7283 | + const struct vfsmount *mnt, const int mode) | |
7284 | +{ | |
7285 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
7286 | + if (grsec_enable_chroot_chmod && | |
7287 | + ((mode & S_ISUID) || (mode & S_ISGID)) && | |
7288 | + proc_is_chrooted(current)) { | |
7289 | + security_alert(GR_CHMOD_CHROOT_MSG, | |
7290 | + gr_to_filename(dentry, mnt), DEFAULTSECARGS); | |
7291 | + return -EPERM; | |
7292 | + } | |
7293 | +#endif | |
7294 | + return 0; | |
7295 | +} | |
7296 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_disabled.c linux-2.6.7-rc1/grsecurity/grsec_disabled.c | |
7297 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_disabled.c 1970-01-01 01:00:00.000000000 +0100 | |
7298 | +++ linux-2.6.7-rc1/grsecurity/grsec_disabled.c 2004-05-25 14:33:58.931401392 +0200 | |
6a84f544 | 7299 | @@ -0,0 +1,392 @@ |
1db5cd70 PS |
7300 | +/* |
7301 | + * when grsecurity is disabled, compile all external functions into nothing | |
7302 | + */ | |
7303 | + | |
7304 | +#include <linux/kernel.h> | |
7305 | +#include <linux/module.h> | |
7306 | +#include <linux/config.h> | |
7307 | +#include <linux/sched.h> | |
7308 | +#include <linux/file.h> | |
7309 | +#include <linux/fs.h> | |
7310 | +#include <linux/kdev_t.h> | |
7311 | +#include <linux/net.h> | |
7312 | +#include <linux/in.h> | |
7313 | +#include <linux/ip.h> | |
7314 | +#include <linux/skbuff.h> | |
7315 | +#include <linux/sysctl.h> | |
7316 | + | |
1db5cd70 PS |
7317 | +#ifdef CONFIG_SYSCTL |
7318 | +__inline__ __u32 | |
7319 | +gr_handle_sysctl(const struct ctl_table * table, __u32 mode) | |
7320 | +{ | |
7321 | + return mode; | |
7322 | +} | |
7323 | +#endif | |
7324 | + | |
7325 | +__inline__ int | |
7326 | +gr_acl_is_enabled(void) | |
7327 | +{ | |
7328 | + return 0; | |
7329 | +} | |
7330 | + | |
7331 | +__inline__ int | |
7332 | +gr_handle_rawio(const struct inode *inode) | |
7333 | +{ | |
7334 | + return 0; | |
7335 | +} | |
7336 | + | |
7337 | +__inline__ void | |
7338 | +gr_acl_handle_psacct(struct task_struct *task, const long code) | |
7339 | +{ | |
7340 | + return; | |
7341 | +} | |
7342 | + | |
7343 | +__inline__ int | |
7344 | +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt) | |
7345 | +{ | |
7346 | + return 0; | |
7347 | +} | |
7348 | + | |
7349 | +__inline__ int | |
7350 | +gr_handle_mmap(const struct file *filp, const unsigned long prot) | |
7351 | +{ | |
7352 | + return 0; | |
7353 | +} | |
7354 | + | |
7355 | +__inline__ int | |
7356 | +gr_handle_ptrace(struct task_struct *task, const long request) | |
7357 | +{ | |
7358 | + return 0; | |
7359 | +} | |
7360 | + | |
7361 | +__inline__ int | |
7362 | +gr_handle_proc_ptrace(struct task_struct *task) | |
7363 | +{ | |
7364 | + return 0; | |
7365 | +} | |
7366 | + | |
7367 | +__inline__ void | |
7368 | +gr_learn_resource(const struct task_struct *task, | |
7369 | + const int res, const unsigned long wanted, const int gt) | |
7370 | +{ | |
7371 | + return; | |
7372 | +} | |
7373 | + | |
7374 | +__inline__ int | |
7375 | +gr_set_acls(const int type) | |
7376 | +{ | |
7377 | + return 0; | |
7378 | +} | |
7379 | + | |
7380 | +__inline__ int | |
7381 | +gr_check_hidden_task(const struct task_struct *tsk) | |
7382 | +{ | |
7383 | + return 0; | |
7384 | +} | |
7385 | + | |
7386 | +__inline__ int | |
7387 | +gr_check_protected_task(const struct task_struct *task) | |
7388 | +{ | |
7389 | + return 0; | |
7390 | +} | |
7391 | + | |
7392 | +__inline__ void | |
7393 | +gr_copy_label(struct task_struct *tsk) | |
7394 | +{ | |
7395 | + return; | |
7396 | +} | |
7397 | + | |
7398 | +__inline__ void | |
1db5cd70 PS |
7399 | +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt) |
7400 | +{ | |
7401 | + return; | |
7402 | +} | |
7403 | + | |
7404 | +__inline__ void | |
7405 | +gr_handle_delete(const ino_t ino, const dev_t dev) | |
7406 | +{ | |
7407 | + return; | |
7408 | +} | |
7409 | + | |
7410 | +__inline__ void | |
7411 | +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt) | |
7412 | +{ | |
7413 | + return; | |
7414 | +} | |
7415 | + | |
7416 | +__inline__ void | |
7417 | +gr_handle_crash(struct task_struct *task, const int sig) | |
7418 | +{ | |
7419 | + return; | |
7420 | +} | |
7421 | + | |
7422 | +__inline__ int | |
7423 | +gr_check_crash_exec(const struct file *filp) | |
7424 | +{ | |
7425 | + return 0; | |
7426 | +} | |
7427 | + | |
7428 | +__inline__ int | |
7429 | +gr_check_crash_uid(const uid_t uid) | |
7430 | +{ | |
7431 | + return 0; | |
7432 | +} | |
7433 | + | |
7434 | +__inline__ void | |
7435 | +gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
7436 | + struct dentry *old_dentry, | |
7437 | + struct dentry *new_dentry, | |
7438 | + struct vfsmount *mnt, const __u8 replace) | |
7439 | +{ | |
7440 | + return; | |
7441 | +} | |
7442 | + | |
7443 | +__inline__ int | |
7444 | +gr_search_socket(const int family, const int type, const int protocol) | |
7445 | +{ | |
7446 | + return 1; | |
7447 | +} | |
7448 | + | |
7449 | +__inline__ int | |
7450 | +gr_search_connectbind(const int mode, const struct socket *sock, | |
7451 | + const struct sockaddr_in *addr) | |
7452 | +{ | |
7453 | + return 1; | |
7454 | +} | |
7455 | + | |
7456 | +__inline__ int | |
7457 | +gr_task_is_capable(struct task_struct *task, const int cap) | |
7458 | +{ | |
7459 | + return 1; | |
7460 | +} | |
7461 | + | |
7462 | +__inline__ int | |
7463 | +gr_is_capable_nolog(const int cap) | |
7464 | +{ | |
7465 | + return 1; | |
7466 | +} | |
7467 | + | |
7468 | +__inline__ void | |
7469 | +gr_handle_alertkill(void) | |
7470 | +{ | |
7471 | + return; | |
7472 | +} | |
7473 | + | |
7474 | +__inline__ __u32 | |
7475 | +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt) | |
7476 | +{ | |
7477 | + return 1; | |
7478 | +} | |
7479 | + | |
7480 | +__inline__ __u32 | |
7481 | +gr_acl_handle_hidden_file(const struct dentry * dentry, | |
7482 | + const struct vfsmount * mnt) | |
7483 | +{ | |
7484 | + return 1; | |
7485 | +} | |
7486 | + | |
7487 | +__inline__ __u32 | |
7488 | +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, | |
7489 | + const int fmode) | |
7490 | +{ | |
7491 | + return 1; | |
7492 | +} | |
7493 | + | |
7494 | +__inline__ __u32 | |
7495 | +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt) | |
7496 | +{ | |
7497 | + return 1; | |
7498 | +} | |
7499 | + | |
7500 | +__inline__ __u32 | |
7501 | +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt) | |
7502 | +{ | |
7503 | + return 1; | |
7504 | +} | |
7505 | + | |
7506 | +__inline__ int | |
7507 | +gr_acl_handle_mmap(const struct file *file, const unsigned long prot, | |
7508 | + unsigned int *vm_flags) | |
7509 | +{ | |
7510 | + return 1; | |
7511 | +} | |
7512 | + | |
7513 | +__inline__ __u32 | |
7514 | +gr_acl_handle_truncate(const struct dentry * dentry, | |
7515 | + const struct vfsmount * mnt) | |
7516 | +{ | |
7517 | + return 1; | |
7518 | +} | |
7519 | + | |
7520 | +__inline__ __u32 | |
7521 | +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt) | |
7522 | +{ | |
7523 | + return 1; | |
7524 | +} | |
7525 | + | |
7526 | +__inline__ __u32 | |
7527 | +gr_acl_handle_access(const struct dentry * dentry, | |
7528 | + const struct vfsmount * mnt, const int fmode) | |
7529 | +{ | |
7530 | + return 1; | |
7531 | +} | |
7532 | + | |
7533 | +__inline__ __u32 | |
7534 | +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt, | |
7535 | + mode_t mode) | |
7536 | +{ | |
7537 | + return 1; | |
7538 | +} | |
7539 | + | |
7540 | +__inline__ __u32 | |
7541 | +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt, | |
7542 | + mode_t mode) | |
7543 | +{ | |
7544 | + return 1; | |
7545 | +} | |
7546 | + | |
7547 | +__inline__ __u32 | |
7548 | +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt) | |
7549 | +{ | |
7550 | + return 1; | |
7551 | +} | |
7552 | + | |
7553 | +__inline__ void | |
7554 | +grsecurity_init(void) | |
7555 | +{ | |
7556 | + return; | |
7557 | +} | |
7558 | + | |
7559 | +__inline__ __u32 | |
7560 | +gr_acl_handle_mknod(const struct dentry * new_dentry, | |
7561 | + const struct dentry * parent_dentry, | |
7562 | + const struct vfsmount * parent_mnt, | |
7563 | + const int mode) | |
7564 | +{ | |
7565 | + return 1; | |
7566 | +} | |
7567 | + | |
7568 | +__inline__ __u32 | |
7569 | +gr_acl_handle_mkdir(const struct dentry * new_dentry, | |
7570 | + const struct dentry * parent_dentry, | |
7571 | + const struct vfsmount * parent_mnt) | |
7572 | +{ | |
7573 | + return 1; | |
7574 | +} | |
7575 | + | |
7576 | +__inline__ __u32 | |
7577 | +gr_acl_handle_symlink(const struct dentry * new_dentry, | |
7578 | + const struct dentry * parent_dentry, | |
7579 | + const struct vfsmount * parent_mnt, const char *from) | |
7580 | +{ | |
7581 | + return 1; | |
7582 | +} | |
7583 | + | |
7584 | +__inline__ __u32 | |
7585 | +gr_acl_handle_link(const struct dentry * new_dentry, | |
7586 | + const struct dentry * parent_dentry, | |
7587 | + const struct vfsmount * parent_mnt, | |
7588 | + const struct dentry * old_dentry, | |
7589 | + const struct vfsmount * old_mnt, const char *to) | |
7590 | +{ | |
7591 | + return 1; | |
7592 | +} | |
7593 | + | |
7594 | +__inline__ int | |
7595 | +gr_acl_handle_rename(const struct dentry *new_dentry, | |
7596 | + const struct dentry *parent_dentry, | |
7597 | + const struct vfsmount *parent_mnt, | |
7598 | + const struct dentry *old_dentry, | |
7599 | + const struct inode *old_parent_inode, | |
7600 | + const struct vfsmount *old_mnt, const char *newname) | |
7601 | +{ | |
7602 | + return 0; | |
7603 | +} | |
7604 | + | |
7605 | +__inline__ __u32 | |
7606 | +gr_acl_handle_filldir(const struct dentry * dentry, | |
7607 | + const struct vfsmount * mnt, const ino_t ino) | |
7608 | +{ | |
7609 | + return 1; | |
7610 | +} | |
7611 | + | |
7612 | +__inline__ int | |
7613 | +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
7614 | + const time_t shm_createtime, const uid_t cuid, const int shmid) | |
7615 | +{ | |
7616 | + return 1; | |
7617 | +} | |
7618 | + | |
7619 | +__inline__ int | |
7620 | +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr) | |
7621 | +{ | |
7622 | + return 1; | |
7623 | +} | |
7624 | + | |
7625 | +__inline__ int | |
7626 | +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr) | |
7627 | +{ | |
7628 | + return 1; | |
7629 | +} | |
7630 | + | |
7631 | +__inline__ __u32 | |
7632 | +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt) | |
7633 | +{ | |
7634 | + return 1; | |
7635 | +} | |
7636 | + | |
7637 | +__inline__ __u32 | |
7638 | +gr_acl_handle_creat(const struct dentry * dentry, | |
7639 | + const struct dentry * p_dentry, | |
7640 | + const struct vfsmount * p_mnt, const int fmode, | |
7641 | + const int imode) | |
7642 | +{ | |
7643 | + return 1; | |
7644 | +} | |
7645 | + | |
7646 | +__inline__ void | |
7647 | +gr_acl_handle_exit(void) | |
7648 | +{ | |
7649 | + return; | |
7650 | +} | |
7651 | + | |
7652 | +__inline__ int | |
7653 | +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot) | |
7654 | +{ | |
7655 | + return 1; | |
7656 | +} | |
7657 | + | |
7658 | +__inline__ void | |
7659 | +gr_set_role_label(const uid_t uid, const gid_t gid) | |
7660 | +{ | |
7661 | + return; | |
7662 | +} | |
7663 | + | |
7664 | +__inline__ int | |
7665 | +gr_acl_handle_procpidmem(const struct task_struct *task) | |
7666 | +{ | |
7667 | + return 0; | |
7668 | +} | |
7669 | + | |
7670 | +__inline__ int | |
7671 | +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb) | |
7672 | +{ | |
7673 | + return 1; | |
7674 | +} | |
7675 | + | |
7676 | +__inline__ int | |
7677 | +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr) | |
7678 | +{ | |
7679 | + return 1; | |
7680 | +} | |
7681 | + | |
7682 | +__inline__ void | |
7683 | +gr_set_kernel_label(struct task_struct *task) | |
7684 | +{ | |
7685 | + return; | |
7686 | +} | |
7687 | + | |
7688 | +EXPORT_SYMBOL(gr_task_is_capable); | |
7689 | +EXPORT_SYMBOL(gr_learn_resource); | |
7690 | +EXPORT_SYMBOL(gr_set_kernel_label); | |
7691 | + | |
7692 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_exec.c linux-2.6.7-rc1/grsecurity/grsec_exec.c | |
7693 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_exec.c 1970-01-01 01:00:00.000000000 +0100 | |
7694 | +++ linux-2.6.7-rc1/grsecurity/grsec_exec.c 2004-05-25 14:33:58.932401240 +0200 | |
7695 | @@ -0,0 +1,71 @@ | |
7696 | +#include <linux/kernel.h> | |
7697 | +#include <linux/sched.h> | |
7698 | +#include <linux/file.h> | |
7699 | +#include <linux/binfmts.h> | |
7700 | +#include <linux/fs.h> | |
7701 | +#include <linux/types.h> | |
7702 | +#include <linux/grdefs.h> | |
7703 | +#include <linux/grinternal.h> | |
7704 | +#include <linux/capability.h> | |
7705 | + | |
7706 | +#include <asm/uaccess.h> | |
7707 | + | |
7708 | +int | |
7709 | +gr_handle_nproc(void) | |
7710 | +{ | |
7711 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
7712 | + if (grsec_enable_execve && current->user && | |
7713 | + (atomic_read(¤t->user->processes) > | |
7714 | + current->rlim[RLIMIT_NPROC].rlim_cur) && | |
7715 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
7716 | + security_alert(GR_NPROC_MSG, DEFAULTSECARGS); | |
7717 | + return -EAGAIN; | |
7718 | + } | |
7719 | +#endif | |
7720 | + return 0; | |
7721 | +} | |
7722 | + | |
7723 | +void | |
7724 | +gr_handle_exec_args(struct linux_binprm *bprm, char **argv) | |
7725 | +{ | |
7726 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
7727 | + char grarg[64] = { 0 }; | |
7728 | + __u8 execlen = 0; | |
7729 | + unsigned int i; | |
7730 | + | |
7731 | + if (!((grsec_enable_execlog && grsec_enable_group && | |
7732 | + in_group_p(grsec_audit_gid)) | |
7733 | + || (grsec_enable_execlog && !grsec_enable_group))) | |
7734 | + return; | |
7735 | + | |
7736 | + if (unlikely(!argv)) | |
7737 | + goto log; | |
7738 | + | |
7739 | + for (i = 0; i < bprm->argc && execlen < 62; i++) { | |
7740 | + char *p; | |
7741 | + __u8 len; | |
7742 | + | |
7743 | + if (get_user(p, argv + i)) | |
7744 | + goto log; | |
7745 | + if (!p) | |
7746 | + goto log; | |
7747 | + len = strnlen_user(p, 62 - execlen); | |
7748 | + if (len > 62 - execlen) | |
7749 | + len = 62 - execlen; | |
7750 | + else if (len > 0) | |
7751 | + len--; | |
7752 | + if (copy_from_user(grarg + execlen, p, len)) | |
7753 | + goto log; | |
7754 | + execlen += len; | |
7755 | + *(grarg + execlen) = ' '; | |
7756 | + *(grarg + execlen + 1) = '\0'; | |
7757 | + execlen++; | |
7758 | + } | |
7759 | + | |
7760 | + log: | |
7761 | + security_audit(GR_EXEC_AUDIT_MSG, gr_to_filename(bprm->file->f_dentry, | |
7762 | + bprm->file->f_vfsmnt), | |
7763 | + grarg, DEFAULTSECARGS); | |
7764 | +#endif | |
7765 | + return; | |
7766 | +} | |
7767 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_fifo.c linux-2.6.7-rc1/grsecurity/grsec_fifo.c | |
7768 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_fifo.c 1970-01-01 01:00:00.000000000 +0100 | |
7769 | +++ linux-2.6.7-rc1/grsecurity/grsec_fifo.c 2004-05-25 14:33:58.934400936 +0200 | |
7770 | @@ -0,0 +1,24 @@ | |
7771 | +#include <linux/kernel.h> | |
7772 | +#include <linux/sched.h> | |
7773 | +#include <linux/fs.h> | |
7774 | +#include <linux/file.h> | |
7775 | +#include <linux/grinternal.h> | |
7776 | + | |
7777 | +int | |
7778 | +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt, | |
7779 | + const struct dentry *dir, const int flag, const int acc_mode) | |
7780 | +{ | |
7781 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
7782 | + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) && | |
7783 | + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) && | |
7784 | + (dentry->d_inode->i_uid != dir->d_inode->i_uid) && | |
7785 | + (current->fsuid != dentry->d_inode->i_uid)) { | |
7786 | + if (!vfs_permission(dentry->d_inode, acc_mode)) | |
7787 | + security_alert(GR_FIFO_MSG, gr_to_filename(dentry, mnt), | |
7788 | + dentry->d_inode->i_uid, | |
7789 | + dentry->d_inode->i_gid, DEFAULTSECARGS); | |
7790 | + return -EACCES; | |
7791 | + } | |
7792 | +#endif | |
7793 | + return 0; | |
7794 | +} | |
7795 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_fork.c linux-2.6.7-rc1/grsecurity/grsec_fork.c | |
7796 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_fork.c 1970-01-01 01:00:00.000000000 +0100 | |
7797 | +++ linux-2.6.7-rc1/grsecurity/grsec_fork.c 2004-05-25 14:33:58.935400784 +0200 | |
7798 | @@ -0,0 +1,14 @@ | |
7799 | +#include <linux/kernel.h> | |
7800 | +#include <linux/sched.h> | |
7801 | +#include <linux/grsecurity.h> | |
7802 | +#include <linux/grinternal.h> | |
7803 | + | |
7804 | +void | |
7805 | +gr_log_forkfail(const int retval) | |
7806 | +{ | |
7807 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
7808 | + if (grsec_enable_forkfail) | |
7809 | + security_alert(GR_FAILFORK_MSG, retval, DEFAULTSECARGS); | |
7810 | +#endif | |
7811 | + return; | |
7812 | +} | |
7813 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_init.c linux-2.6.7-rc1/grsecurity/grsec_init.c | |
7814 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_init.c 1970-01-01 01:00:00.000000000 +0100 | |
7815 | +++ linux-2.6.7-rc1/grsecurity/grsec_init.c 2004-05-25 14:33:58.938400328 +0200 | |
806c2378 | 7816 | @@ -0,0 +1,223 @@ |
1db5cd70 PS |
7817 | +#include <linux/kernel.h> |
7818 | +#include <linux/sched.h> | |
7819 | +#include <linux/mm.h> | |
7820 | +#include <linux/smp_lock.h> | |
7821 | +#include <linux/gracl.h> | |
7822 | +#include <linux/slab.h> | |
7823 | +#include <linux/vmalloc.h> | |
7824 | +#include <linux/percpu.h> | |
7825 | + | |
7826 | +int grsec_enable_link; | |
7827 | +int grsec_enable_dmesg; | |
7828 | +int grsec_enable_fifo; | |
7829 | +int grsec_enable_execve; | |
7830 | +int grsec_enable_execlog; | |
7831 | +int grsec_enable_signal; | |
7832 | +int grsec_enable_forkfail; | |
7833 | +int grsec_enable_time; | |
1db5cd70 PS |
7834 | +int grsec_enable_group; |
7835 | +int grsec_audit_gid; | |
7836 | +int grsec_enable_chdir; | |
7837 | +int grsec_enable_audit_ipc; | |
7838 | +int grsec_enable_mount; | |
7839 | +int grsec_enable_chroot_findtask; | |
7840 | +int grsec_enable_chroot_mount; | |
7841 | +int grsec_enable_chroot_shmat; | |
7842 | +int grsec_enable_chroot_fchdir; | |
7843 | +int grsec_enable_chroot_double; | |
7844 | +int grsec_enable_chroot_pivot; | |
7845 | +int grsec_enable_chroot_chdir; | |
7846 | +int grsec_enable_chroot_chmod; | |
7847 | +int grsec_enable_chroot_mknod; | |
7848 | +int grsec_enable_chroot_nice; | |
7849 | +int grsec_enable_chroot_execlog; | |
7850 | +int grsec_enable_chroot_caps; | |
7851 | +int grsec_enable_chroot_sysctl; | |
7852 | +int grsec_enable_chroot_unix; | |
7853 | +int grsec_enable_tpe; | |
7854 | +int grsec_tpe_gid; | |
7855 | +int grsec_enable_tpe_all; | |
7856 | +int grsec_enable_randpid; | |
7857 | +int grsec_enable_randid; | |
7858 | +int grsec_enable_randisn; | |
7859 | +int grsec_enable_randsrc; | |
7860 | +int grsec_enable_randrpc; | |
7861 | +int grsec_enable_socket_all; | |
7862 | +int grsec_socket_all_gid; | |
7863 | +int grsec_enable_socket_client; | |
7864 | +int grsec_socket_client_gid; | |
7865 | +int grsec_enable_socket_server; | |
7866 | +int grsec_socket_server_gid; | |
7867 | +int grsec_lock; | |
7868 | + | |
7869 | +spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED; | |
7870 | +unsigned long grsec_alert_wtime = 0; | |
7871 | +unsigned long grsec_alert_fyet = 0; | |
7872 | + | |
7873 | +spinlock_t grsec_alertgood_lock = SPIN_LOCK_UNLOCKED; | |
7874 | +unsigned long grsec_alertgood_wtime = 0; | |
7875 | +unsigned long grsec_alertgood_fyet = 0; | |
7876 | + | |
7877 | +spinlock_t grsec_audit_lock = SPIN_LOCK_UNLOCKED; | |
7878 | + | |
7879 | +char *gr_shared_page[4]; | |
7880 | +extern struct gr_arg *gr_usermode; | |
7881 | +extern unsigned char *gr_system_salt; | |
7882 | +extern unsigned char *gr_system_sum; | |
7883 | +extern struct task_struct **gr_conn_table; | |
7884 | +extern const unsigned int gr_conn_table_size; | |
7885 | + | |
7886 | +void | |
7887 | +grsecurity_init(void) | |
7888 | +{ | |
7889 | + int j; | |
7890 | + /* create the per-cpu shared pages */ | |
7891 | + | |
7892 | + preempt_disable(); | |
7893 | + for (j = 0; j < 4; j++) { | |
7894 | + gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(char *)); | |
7895 | + if (gr_shared_page[j] == NULL) { | |
7896 | + panic("Unable to allocate grsecurity shared page"); | |
7897 | + return; | |
7898 | + } | |
7899 | + } | |
7900 | + preempt_enable(); | |
7901 | + | |
7902 | + /* create hash tables for ip tagging */ | |
7903 | + | |
7904 | + gr_conn_table = (struct task_struct **) vmalloc(gr_conn_table_size * sizeof(struct task_struct *)); | |
7905 | + if (gr_conn_table == NULL) { | |
7906 | + panic("Unable to allocate grsecurity IP tagging table"); | |
7907 | + return; | |
7908 | + } | |
7909 | + memset(gr_conn_table, 0, gr_conn_table_size * sizeof(struct task_struct *)); | |
7910 | + | |
7911 | + /* allocate memory for authentication structure */ | |
7912 | + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL); | |
7913 | + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL); | |
7914 | + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL); | |
7915 | + | |
7916 | + if (!gr_usermode || !gr_system_salt || !gr_system_sum) { | |
7917 | + panic("Unable to allocate grsecurity authentication structure"); | |
7918 | + return; | |
7919 | + } | |
7920 | + | |
7921 | +#ifndef CONFIG_GRKERNSEC_SYSCTL | |
7922 | + grsec_lock = 1; | |
1db5cd70 PS |
7923 | +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP |
7924 | + grsec_enable_group = 1; | |
7925 | + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID; | |
7926 | +#endif | |
7927 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
7928 | + grsec_enable_chdir = 1; | |
7929 | +#endif | |
7930 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
7931 | + grsec_enable_audit_ipc = 1; | |
7932 | +#endif | |
7933 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
7934 | + grsec_enable_mount = 1; | |
7935 | +#endif | |
7936 | +#ifdef CONFIG_GRKERNSEC_LINK | |
7937 | + grsec_enable_link = 1; | |
7938 | +#endif | |
7939 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
7940 | + grsec_enable_dmesg = 1; | |
7941 | +#endif | |
7942 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
7943 | + grsec_enable_fifo = 1; | |
7944 | +#endif | |
7945 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
7946 | + grsec_enable_execve = 1; | |
7947 | +#endif | |
7948 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
7949 | + grsec_enable_execlog = 1; | |
7950 | +#endif | |
7951 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
7952 | + grsec_enable_signal = 1; | |
7953 | +#endif | |
7954 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
7955 | + grsec_enable_forkfail = 1; | |
7956 | +#endif | |
7957 | +#ifdef CONFIG_GRKERNSEC_TIME | |
7958 | + grsec_enable_time = 1; | |
7959 | +#endif | |
7960 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
7961 | + grsec_enable_chroot_findtask = 1; | |
7962 | +#endif | |
7963 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
7964 | + grsec_enable_chroot_unix = 1; | |
7965 | +#endif | |
7966 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
7967 | + grsec_enable_chroot_mount = 1; | |
7968 | +#endif | |
7969 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
7970 | + grsec_enable_chroot_fchdir = 1; | |
7971 | +#endif | |
7972 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
7973 | + grsec_enable_chroot_shmat = 1; | |
7974 | +#endif | |
7975 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
7976 | + grsec_enable_chroot_double = 1; | |
7977 | +#endif | |
7978 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
7979 | + grsec_enable_chroot_pivot = 1; | |
7980 | +#endif | |
7981 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
7982 | + grsec_enable_chroot_chdir = 1; | |
7983 | +#endif | |
7984 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
7985 | + grsec_enable_chroot_chmod = 1; | |
7986 | +#endif | |
7987 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
7988 | + grsec_enable_chroot_mknod = 1; | |
7989 | +#endif | |
7990 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
7991 | + grsec_enable_chroot_nice = 1; | |
7992 | +#endif | |
7993 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
7994 | + grsec_enable_chroot_execlog = 1; | |
7995 | +#endif | |
7996 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
7997 | + grsec_enable_chroot_caps = 1; | |
7998 | +#endif | |
7999 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
8000 | + grsec_enable_chroot_sysctl = 1; | |
8001 | +#endif | |
8002 | +#ifdef CONFIG_GRKERNSEC_TPE | |
8003 | + grsec_enable_tpe = 1; | |
8004 | + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; | |
8005 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
8006 | + grsec_enable_tpe_all = 1; | |
8007 | +#endif | |
8008 | +#endif | |
8009 | +#ifdef CONFIG_GRKERNSEC_RANDPID | |
8010 | + grsec_enable_randpid = 1; | |
8011 | +#endif | |
8012 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
8013 | + grsec_enable_randid = 1; | |
8014 | +#endif | |
8015 | +#ifdef CONFIG_GRKERNSEC_RANDISN | |
8016 | + grsec_enable_randisn = 1; | |
8017 | +#endif | |
8018 | +#ifdef CONFIG_GRKERNSEC_RANDSRC | |
8019 | + grsec_enable_randsrc = 1; | |
8020 | +#endif | |
8021 | +#ifdef CONFIG_GRKERNSEC_RANDRPC | |
8022 | + grsec_enable_randrpc = 1; | |
8023 | +#endif | |
8024 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
8025 | + grsec_enable_socket_all = 1; | |
8026 | + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID; | |
8027 | +#endif | |
8028 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
8029 | + grsec_enable_socket_client = 1; | |
8030 | + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID; | |
8031 | +#endif | |
8032 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
8033 | + grsec_enable_socket_server = 1; | |
8034 | + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID; | |
8035 | +#endif | |
8036 | +#endif | |
8037 | + | |
8038 | + return; | |
8039 | +} | |
8040 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_ipc.c linux-2.6.7-rc1/grsecurity/grsec_ipc.c | |
8041 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_ipc.c 1970-01-01 01:00:00.000000000 +0100 | |
8042 | +++ linux-2.6.7-rc1/grsecurity/grsec_ipc.c 2004-05-25 14:33:58.939400176 +0200 | |
8043 | @@ -0,0 +1,81 @@ | |
8044 | +#include <linux/kernel.h> | |
8045 | +#include <linux/sched.h> | |
8046 | +#include <linux/types.h> | |
8047 | +#include <linux/ipc.h> | |
8048 | +#include <linux/grsecurity.h> | |
8049 | +#include <linux/grinternal.h> | |
8050 | + | |
8051 | +void | |
8052 | +gr_log_msgget(const int ret, const int msgflg) | |
8053 | +{ | |
8054 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
8055 | + if (((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
8056 | + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc && | |
8057 | + !grsec_enable_group)) && (ret >= 0) | |
8058 | + && (msgflg & IPC_CREAT)) | |
8059 | + security_audit(GR_MSGQ_AUDIT_MSG, DEFAULTSECARGS); | |
8060 | +#endif | |
8061 | + return; | |
8062 | +} | |
8063 | + | |
8064 | +void | |
8065 | +gr_log_msgrm(const uid_t uid, const uid_t cuid) | |
8066 | +{ | |
8067 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
8068 | + if ((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
8069 | + grsec_enable_audit_ipc) || | |
8070 | + (grsec_enable_audit_ipc && !grsec_enable_group)) | |
8071 | + security_audit(GR_MSGQR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS); | |
8072 | +#endif | |
8073 | + return; | |
8074 | +} | |
8075 | + | |
8076 | +void | |
8077 | +gr_log_semget(const int err, const int semflg) | |
8078 | +{ | |
8079 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
8080 | + if (((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
8081 | + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc && | |
8082 | + !grsec_enable_group)) && (err >= 0) | |
8083 | + && (semflg & IPC_CREAT)) | |
8084 | + security_audit(GR_SEM_AUDIT_MSG, DEFAULTSECARGS); | |
8085 | +#endif | |
8086 | + return; | |
8087 | +} | |
8088 | + | |
8089 | +void | |
8090 | +gr_log_semrm(const uid_t uid, const uid_t cuid) | |
8091 | +{ | |
8092 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
8093 | + if ((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
8094 | + grsec_enable_audit_ipc) || | |
8095 | + (grsec_enable_audit_ipc && !grsec_enable_group)) | |
8096 | + security_audit(GR_SEMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS); | |
8097 | +#endif | |
8098 | + return; | |
8099 | +} | |
8100 | + | |
8101 | +void | |
8102 | +gr_log_shmget(const int err, const int shmflg, const size_t size) | |
8103 | +{ | |
8104 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
8105 | + if (((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
8106 | + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc && | |
8107 | + !grsec_enable_group)) && (err >= 0) | |
8108 | + && (shmflg & IPC_CREAT)) | |
8109 | + security_audit(GR_SHM_AUDIT_MSG, size, DEFAULTSECARGS); | |
8110 | +#endif | |
8111 | + return; | |
8112 | +} | |
8113 | + | |
8114 | +void | |
8115 | +gr_log_shmrm(const uid_t uid, const uid_t cuid) | |
8116 | +{ | |
8117 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
8118 | + if ((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
8119 | + grsec_enable_audit_ipc) || | |
8120 | + (grsec_enable_audit_ipc && !grsec_enable_group)) | |
8121 | + security_audit(GR_SHMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS); | |
8122 | +#endif | |
8123 | + return; | |
8124 | +} | |
8125 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_link.c linux-2.6.7-rc1/grsecurity/grsec_link.c | |
8126 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_link.c 1970-01-01 01:00:00.000000000 +0100 | |
8127 | +++ linux-2.6.7-rc1/grsecurity/grsec_link.c 2004-05-25 14:33:58.941399872 +0200 | |
8128 | @@ -0,0 +1,41 @@ | |
8129 | +#include <linux/kernel.h> | |
8130 | +#include <linux/sched.h> | |
8131 | +#include <linux/fs.h> | |
8132 | +#include <linux/file.h> | |
8133 | +#include <linux/grinternal.h> | |
8134 | + | |
8135 | +int | |
8136 | +gr_handle_follow_link(const struct inode *parent, | |
8137 | + const struct inode *inode, | |
8138 | + const struct dentry *dentry, const struct vfsmount *mnt) | |
8139 | +{ | |
8140 | +#ifdef CONFIG_GRKERNSEC_LINK | |
8141 | + if (grsec_enable_link && S_ISLNK(inode->i_mode) && | |
8142 | + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) && | |
8143 | + (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) { | |
8144 | + security_alert(GR_SYMLINK_MSG, gr_to_filename(dentry, mnt), | |
8145 | + inode->i_uid, inode->i_gid, DEFAULTSECARGS); | |
8146 | + return -EACCES; | |
8147 | + } | |
8148 | +#endif | |
8149 | + return 0; | |
8150 | +} | |
8151 | + | |
8152 | +int | |
8153 | +gr_handle_hardlink(const struct dentry *dentry, | |
8154 | + const struct vfsmount *mnt, | |
8155 | + struct inode *inode, const int mode, const char *to) | |
8156 | +{ | |
8157 | +#ifdef CONFIG_GRKERNSEC_LINK | |
8158 | + if (grsec_enable_link && current->fsuid != inode->i_uid && | |
8159 | + (!S_ISREG(mode) || (mode & S_ISUID) || | |
8160 | + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) || | |
8161 | + (vfs_permission(inode, MAY_READ | MAY_WRITE))) && | |
8162 | + !capable(CAP_FOWNER) && current->uid) { | |
8163 | + security_alert(GR_HARDLINK_MSG, gr_to_filename(dentry, mnt), | |
8164 | + inode->i_uid, inode->i_gid, to, DEFAULTSECARGS); | |
8165 | + return -EPERM; | |
8166 | + } | |
8167 | +#endif | |
8168 | + return 0; | |
8169 | +} | |
8170 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_mem.c linux-2.6.7-rc1/grsecurity/grsec_mem.c | |
8171 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_mem.c 1970-01-01 01:00:00.000000000 +0100 | |
8172 | +++ linux-2.6.7-rc1/grsecurity/grsec_mem.c 2004-05-25 14:33:58.943399568 +0200 | |
8173 | @@ -0,0 +1,54 @@ | |
8174 | +#include <linux/kernel.h> | |
8175 | +#include <linux/sched.h> | |
8176 | +#include <linux/mm.h> | |
8177 | +#include <linux/mman.h> | |
8178 | +#include <linux/grinternal.h> | |
8179 | + | |
8180 | +void | |
8181 | +gr_handle_ioperm(void) | |
8182 | +{ | |
8183 | + security_alert(GR_IOPERM_MSG, DEFAULTSECARGS); | |
8184 | + return; | |
8185 | +} | |
8186 | + | |
8187 | +void | |
8188 | +gr_handle_iopl(void) | |
8189 | +{ | |
8190 | + security_alert(GR_IOPL_MSG, DEFAULTSECARGS); | |
8191 | + return; | |
8192 | +} | |
8193 | + | |
8194 | +void | |
8195 | +gr_handle_mem_write(void) | |
8196 | +{ | |
8197 | + security_alert(GR_MEM_WRITE_MSG, DEFAULTSECARGS); | |
8198 | + return; | |
8199 | +} | |
8200 | + | |
8201 | +void | |
8202 | +gr_handle_kmem_write(void) | |
8203 | +{ | |
8204 | + security_alert(GR_KMEM_MSG, DEFAULTSECARGS); | |
8205 | + return; | |
8206 | +} | |
8207 | + | |
8208 | +void | |
8209 | +gr_handle_open_port(void) | |
8210 | +{ | |
8211 | + security_alert(GR_PORT_OPEN_MSG, DEFAULTSECARGS); | |
8212 | + return; | |
8213 | +} | |
8214 | + | |
8215 | +int | |
8216 | +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma) | |
8217 | +{ | |
8218 | + if (offset < __pa(high_memory) && (vma->vm_flags & VM_WRITE) && | |
8219 | + !(offset == 0xf0000 && ((vma->vm_end - vma->vm_start) <= 0x10000)) && | |
8220 | + !(offset == 0xa0000 && ((vma->vm_end - vma->vm_start) <= 0x20000))) { | |
8221 | + security_alert(GR_MEM_MMAP_MSG, DEFAULTSECARGS); | |
8222 | + return -EPERM; | |
8223 | + } else if (offset < __pa(high_memory)) | |
8224 | + vma->vm_flags &= ~VM_MAYWRITE; | |
8225 | + | |
8226 | + return 0; | |
8227 | +} | |
8228 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_mount.c linux-2.6.7-rc1/grsecurity/grsec_mount.c | |
8229 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_mount.c 1970-01-01 01:00:00.000000000 +0100 | |
8230 | +++ linux-2.6.7-rc1/grsecurity/grsec_mount.c 2004-05-25 14:33:58.944399416 +0200 | |
8231 | @@ -0,0 +1,34 @@ | |
8232 | +#include <linux/kernel.h> | |
8233 | +#include <linux/sched.h> | |
8234 | +#include <linux/grsecurity.h> | |
8235 | +#include <linux/grinternal.h> | |
8236 | + | |
8237 | +void | |
8238 | +gr_log_remount(const char *devname, const int retval) | |
8239 | +{ | |
8240 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
8241 | + if (grsec_enable_mount && (retval >= 0)) | |
8242 | + security_audit(GR_REMOUNT_AUDIT_MSG, devname ? devname : "none", DEFAULTSECARGS); | |
8243 | +#endif | |
8244 | + return; | |
8245 | +} | |
8246 | + | |
8247 | +void | |
8248 | +gr_log_unmount(const char *devname, const int retval) | |
8249 | +{ | |
8250 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
8251 | + if (grsec_enable_mount && (retval >= 0)) | |
8252 | + security_audit(GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none", DEFAULTSECARGS); | |
8253 | +#endif | |
8254 | + return; | |
8255 | +} | |
8256 | + | |
8257 | +void | |
8258 | +gr_log_mount(const char *from, const char *to, const int retval) | |
8259 | +{ | |
8260 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
8261 | + if (grsec_enable_mount && (retval >= 0)) | |
8262 | + security_audit(GR_MOUNT_AUDIT_MSG, from, to, DEFAULTSECARGS); | |
8263 | +#endif | |
8264 | + return; | |
8265 | +} | |
8266 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_rand.c linux-2.6.7-rc1/grsecurity/grsec_rand.c | |
8267 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_rand.c 1970-01-01 01:00:00.000000000 +0100 | |
8268 | +++ linux-2.6.7-rc1/grsecurity/grsec_rand.c 2004-05-25 14:33:58.946399112 +0200 | |
8269 | @@ -0,0 +1,22 @@ | |
8270 | +#include <linux/kernel.h> | |
8271 | +#include <linux/sched.h> | |
8272 | +#include <linux/smp_lock.h> | |
8273 | +#include <linux/grsecurity.h> | |
8274 | +#include <linux/grinternal.h> | |
8275 | + | |
8276 | +extern int pid_max; | |
8277 | + | |
8278 | +int | |
8279 | +gr_random_pid(void) | |
8280 | +{ | |
8281 | +#ifdef CONFIG_GRKERNSEC_RANDPID | |
8282 | + int pid; | |
8283 | + | |
8284 | + if (grsec_enable_randpid && current->fs->root) { | |
8285 | + | |
8286 | + pid = 1 + (get_random_long() % pid_max); | |
8287 | + return pid; | |
8288 | + } | |
8289 | +#endif | |
8290 | + return 0; | |
8291 | +} | |
8292 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_sig.c linux-2.6.7-rc1/grsecurity/grsec_sig.c | |
8293 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_sig.c 1970-01-01 01:00:00.000000000 +0100 | |
8294 | +++ linux-2.6.7-rc1/grsecurity/grsec_sig.c 2004-05-25 14:33:58.951398352 +0200 | |
8295 | @@ -0,0 +1,48 @@ | |
8296 | +#include <linux/kernel.h> | |
8297 | +#include <linux/sched.h> | |
8298 | +#include <linux/grsecurity.h> | |
8299 | +#include <linux/grinternal.h> | |
8300 | + | |
8301 | +void | |
8302 | +gr_log_signal(const int sig, const struct task_struct *t) | |
8303 | +{ | |
8304 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
8305 | + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) || | |
8306 | + (sig == SIGABRT) || (sig == SIGBUS))) { | |
8307 | + if (t->pid == current->pid) { | |
8308 | + security_alert_good(GR_UNISIGLOG_MSG, sig, | |
8309 | + DEFAULTSECARGS); | |
8310 | + } else { | |
8311 | + security_alert_good(GR_DUALSIGLOG_MSG, sig, | |
8312 | + gr_task_fullpath0(t), t->comm, | |
8313 | + t->pid, t->uid, t->euid, t->gid, | |
8314 | + t->egid, gr_parent_task_fullpath0(t), | |
8315 | + t->parent->comm, | |
8316 | + t->parent->pid, t->parent->uid, | |
8317 | + t->parent->euid, t->parent->gid, | |
8318 | + t->parent->egid, DEFAULTSECARGS); | |
8319 | + } | |
8320 | + } | |
8321 | +#endif | |
8322 | + return; | |
8323 | +} | |
8324 | + | |
8325 | +int | |
8326 | +gr_handle_signal(const struct task_struct *p, const int sig) | |
8327 | +{ | |
8328 | +#ifdef CONFIG_GRKERNSEC | |
8329 | + if (current->pid > 1 && gr_check_protected_task(p)) { | |
8330 | + security_alert(GR_SIG_ACL_MSG, sig, gr_task_fullpath0(p), | |
8331 | + p->comm, p->pid, p->uid, | |
8332 | + p->euid, p->gid, p->egid, | |
8333 | + gr_parent_task_fullpath0(p), p->parent->comm, | |
8334 | + p->parent->pid, p->parent->uid, | |
8335 | + p->parent->euid, p->parent->gid, | |
8336 | + p->parent->egid, DEFAULTSECARGS); | |
8337 | + return -EPERM; | |
8338 | + } else if (gr_pid_is_chrooted(p)) { | |
8339 | + return -EPERM; | |
8340 | + } | |
8341 | +#endif | |
8342 | + return 0; | |
8343 | +} | |
8344 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_sock.c linux-2.6.7-rc1/grsecurity/grsec_sock.c | |
8345 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_sock.c 1970-01-01 01:00:00.000000000 +0100 | |
8346 | +++ linux-2.6.7-rc1/grsecurity/grsec_sock.c 2004-05-25 14:33:58.953398048 +0200 | |
8347 | @@ -0,0 +1,256 @@ | |
8348 | +#include <linux/kernel.h> | |
8349 | +#include <linux/module.h> | |
8350 | +#include <linux/sched.h> | |
8351 | +#include <linux/file.h> | |
8352 | +#include <linux/net.h> | |
8353 | +#include <linux/in.h> | |
8354 | +#include <linux/ip.h> | |
8355 | +#include <net/sock.h> | |
8356 | +#include <linux/grsecurity.h> | |
8357 | +#include <linux/grinternal.h> | |
8358 | +#include <linux/gracl.h> | |
8359 | + | |
8360 | +#if defined(CONFIG_IP_NF_MATCH_STEALTH_MODULE) | |
8361 | +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif); | |
8362 | +EXPORT_SYMBOL(udp_v4_lookup); | |
8363 | +#endif | |
8364 | +#if defined(CONFIG_GRKERNSEC_RANDID) | |
8365 | +EXPORT_SYMBOL(ip_randomid); | |
8366 | +#endif | |
8367 | +#if defined(CONFIG_GRKERNSEC_RANDSRC) || defined(CONFIG_GRKERNSEC_RANDRPC) | |
8368 | +EXPORT_SYMBOL(get_random_long); | |
8369 | +#endif | |
8370 | +#ifdef CONFIG_GRKERNSEC_RANDISN | |
8371 | +EXPORT_SYMBOL(ip_randomisn); | |
8372 | +EXPORT_SYMBOL(grsec_enable_randisn); | |
8373 | +#endif | |
8374 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
8375 | +EXPORT_SYMBOL(grsec_enable_randid); | |
8376 | +#endif | |
8377 | +#ifdef CONFIG_GRKERNSEC_RANDSRC | |
8378 | +EXPORT_SYMBOL(grsec_enable_randsrc); | |
8379 | +#endif | |
8380 | +#ifdef CONFIG_GRKERNSEC_RANDRPC | |
8381 | +EXPORT_SYMBOL(grsec_enable_randrpc); | |
8382 | +#endif | |
8383 | + | |
8384 | +EXPORT_SYMBOL(gr_cap_rtnetlink); | |
8385 | + | |
8386 | +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb); | |
8387 | +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr); | |
8388 | + | |
8389 | +EXPORT_SYMBOL(gr_search_udp_recvmsg); | |
8390 | +EXPORT_SYMBOL(gr_search_udp_sendmsg); | |
8391 | + | |
8392 | +#ifdef CONFIG_UNIX_MODULE | |
8393 | +EXPORT_SYMBOL(gr_acl_handle_unix); | |
8394 | +EXPORT_SYMBOL(gr_acl_handle_mknod); | |
8395 | +EXPORT_SYMBOL(gr_handle_chroot_unix); | |
8396 | +EXPORT_SYMBOL(gr_handle_create); | |
8397 | +#endif | |
8398 | + | |
8399 | +#ifdef CONFIG_GRKERNSEC | |
8400 | +struct task_struct **gr_conn_table; | |
8401 | +const unsigned int gr_conn_table_size = 65521; | |
8402 | +struct task_struct *deleted_conn = (struct task_struct *)~0; | |
8403 | +spinlock_t gr_conn_table_lock = SPIN_LOCK_UNLOCKED; | |
8404 | + | |
8405 | +extern __inline__ const char * gr_socktype_to_name(unsigned char type); | |
8406 | +extern __inline__ const char * gr_proto_to_name(unsigned char proto); | |
8407 | + | |
8408 | +static __inline__ int | |
8409 | +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size) | |
8410 | +{ | |
8411 | + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size); | |
8412 | +} | |
8413 | + | |
8414 | +static __inline__ int | |
8415 | +conn_match(const struct task_struct *task, __u32 saddr, __u32 daddr, | |
8416 | + __u16 sport, __u16 dport) | |
8417 | +{ | |
8418 | + if (unlikely(task != deleted_conn && task->gr_saddr == saddr && | |
8419 | + task->gr_daddr == daddr && task->gr_sport == sport && | |
8420 | + task->gr_dport == dport)) | |
8421 | + return 1; | |
8422 | + else | |
8423 | + return 0; | |
8424 | +} | |
8425 | + | |
8426 | +void gr_add_to_task_ip_table(struct task_struct *task) | |
8427 | +{ | |
8428 | + unsigned int index; | |
8429 | + | |
8430 | + if (unlikely(gr_conn_table == NULL)) | |
8431 | + return; | |
8432 | + | |
8433 | + if (!thread_group_leader(task)) | |
8434 | + task = task->group_leader; | |
8435 | + | |
8436 | + index = conn_hash(task->gr_saddr, task->gr_daddr, | |
8437 | + task->gr_sport, task->gr_dport, | |
8438 | + gr_conn_table_size); | |
8439 | + | |
8440 | + spin_lock(&gr_conn_table_lock); | |
8441 | + | |
8442 | + while (gr_conn_table[index] && gr_conn_table[index] != deleted_conn) { | |
8443 | + index = (index + 1) % gr_conn_table_size; | |
8444 | + } | |
8445 | + | |
8446 | + gr_conn_table[index] = task; | |
8447 | + | |
8448 | + spin_unlock(&gr_conn_table_lock); | |
8449 | + | |
8450 | + return; | |
8451 | +} | |
8452 | + | |
8453 | +void gr_del_task_from_ip_table_nolock(struct task_struct *task) | |
8454 | +{ | |
8455 | + unsigned int index; | |
8456 | + | |
8457 | + if (unlikely(gr_conn_table == NULL)) | |
8458 | + return; | |
8459 | + | |
8460 | + if (!thread_group_leader(task)) | |
8461 | + task = task->group_leader; | |
8462 | + | |
8463 | + index = conn_hash(task->gr_saddr, task->gr_daddr, | |
8464 | + task->gr_sport, task->gr_dport, | |
8465 | + gr_conn_table_size); | |
8466 | + | |
8467 | + while (gr_conn_table[index] && !conn_match(gr_conn_table[index], | |
8468 | + task->gr_saddr, task->gr_daddr, task->gr_sport, | |
8469 | + task->gr_dport)) { | |
8470 | + index = (index + 1) % gr_conn_table_size; | |
8471 | + } | |
8472 | + | |
8473 | + if (gr_conn_table[index]) { | |
8474 | + if (gr_conn_table[(index + 1) % gr_conn_table_size]) | |
8475 | + gr_conn_table[index] = deleted_conn; | |
8476 | + else | |
8477 | + gr_conn_table[index] = NULL; | |
8478 | + } | |
8479 | + | |
8480 | + return; | |
8481 | +} | |
8482 | + | |
8483 | +struct task_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr, | |
8484 | + __u16 sport, __u16 dport) | |
8485 | +{ | |
8486 | + unsigned int index; | |
8487 | + | |
8488 | + if (unlikely(gr_conn_table == NULL)) | |
8489 | + return NULL; | |
8490 | + | |
8491 | + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size); | |
8492 | + | |
8493 | + while (gr_conn_table[index] && !conn_match(gr_conn_table[index], | |
8494 | + saddr, daddr, sport, dport)) { | |
8495 | + index = (index + 1) % gr_conn_table_size; | |
8496 | + } | |
8497 | + | |
8498 | + return gr_conn_table[index]; | |
8499 | +} | |
8500 | + | |
8501 | +#endif | |
8502 | + | |
8503 | +void gr_del_task_from_ip_table(struct task_struct *task) | |
8504 | +{ | |
8505 | +#ifdef CONFIG_GRKERNSEC | |
8506 | + spin_lock(&gr_conn_table_lock); | |
8507 | + if (!thread_group_leader(task)) | |
8508 | + gr_del_task_from_ip_table_nolock(task->group_leader); | |
8509 | + else | |
8510 | + gr_del_task_from_ip_table_nolock(task); | |
8511 | + spin_unlock(&gr_conn_table_lock); | |
8512 | +#endif | |
8513 | + return; | |
8514 | +} | |
8515 | + | |
8516 | +void | |
8517 | +gr_attach_curr_ip(const struct sock *sk) | |
8518 | +{ | |
8519 | +#ifdef CONFIG_GRKERNSEC | |
8520 | + struct task_struct *p; | |
8521 | + struct task_struct *set; | |
8522 | + const struct inet_opt *inet = inet_sk(sk); | |
8523 | + | |
8524 | + if (unlikely(sk->sk_protocol != IPPROTO_TCP)) | |
8525 | + return; | |
8526 | + | |
8527 | + set = current; | |
8528 | + if (!thread_group_leader(set)) | |
8529 | + set = set->group_leader; | |
8530 | + | |
8531 | + spin_lock(&gr_conn_table_lock); | |
8532 | + p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr, | |
8533 | + inet->dport, inet->sport); | |
8534 | + if (unlikely(p != NULL)) { | |
8535 | + set->curr_ip = p->curr_ip; | |
8536 | + set->used_accept = 1; | |
8537 | + gr_del_task_from_ip_table_nolock(p); | |
8538 | + spin_unlock(&gr_conn_table_lock); | |
8539 | + return; | |
8540 | + } | |
8541 | + spin_unlock(&gr_conn_table_lock); | |
8542 | + | |
8543 | + set->curr_ip = inet->daddr; | |
8544 | + set->used_accept = 1; | |
8545 | +#endif | |
8546 | + return; | |
8547 | +} | |
8548 | + | |
8549 | +int | |
8550 | +gr_handle_sock_all(const int family, const int type, const int protocol) | |
8551 | +{ | |
8552 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
8553 | + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) && | |
8554 | + (family != AF_UNIX) && (family != AF_LOCAL)) { | |
8555 | + security_alert(GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol), | |
8556 | + DEFAULTSECARGS); | |
8557 | + return -EACCES; | |
8558 | + } | |
8559 | +#endif | |
8560 | + return 0; | |
8561 | +} | |
8562 | + | |
8563 | +int | |
8564 | +gr_handle_sock_server(const struct sockaddr *sck) | |
8565 | +{ | |
8566 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
8567 | + if (grsec_enable_socket_server && | |
8568 | + in_group_p(grsec_socket_server_gid) && | |
8569 | + sck && (sck->sa_family != AF_UNIX) && | |
8570 | + (sck->sa_family != AF_LOCAL)) { | |
8571 | + security_alert(GR_BIND_MSG, DEFAULTSECARGS); | |
8572 | + return -EACCES; | |
8573 | + } | |
8574 | +#endif | |
8575 | + return 0; | |
8576 | +} | |
8577 | + | |
8578 | +int | |
8579 | +gr_handle_sock_client(const struct sockaddr *sck) | |
8580 | +{ | |
8581 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
8582 | + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) && | |
8583 | + sck && (sck->sa_family != AF_UNIX) && | |
8584 | + (sck->sa_family != AF_LOCAL)) { | |
8585 | + security_alert(GR_CONNECT_MSG, DEFAULTSECARGS); | |
8586 | + return -EACCES; | |
8587 | + } | |
8588 | +#endif | |
8589 | + return 0; | |
8590 | +} | |
8591 | + | |
8592 | +__u32 | |
8593 | +gr_cap_rtnetlink(void) | |
8594 | +{ | |
8595 | +#ifdef CONFIG_GRKERNSEC | |
8596 | + if (!gr_acl_is_enabled()) | |
8597 | + return current->cap_effective; | |
8598 | + else | |
8599 | + return (current->cap_effective & ~(current->acl->cap_lower)); | |
8600 | +#else | |
8601 | + return current->cap_effective; | |
8602 | +#endif | |
8603 | +} | |
8604 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_sysctl.c linux-2.6.7-rc1/grsecurity/grsec_sysctl.c | |
8605 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_sysctl.c 1970-01-01 01:00:00.000000000 +0100 | |
8606 | +++ linux-2.6.7-rc1/grsecurity/grsec_sysctl.c 2004-05-25 14:33:58.956397592 +0200 | |
806c2378 | 8607 | @@ -0,0 +1,443 @@ |
1db5cd70 PS |
8608 | +#include <linux/kernel.h> |
8609 | +#include <linux/sched.h> | |
8610 | +#include <linux/sysctl.h> | |
8611 | +#include <linux/grsecurity.h> | |
8612 | +#include <linux/grinternal.h> | |
8613 | + | |
8614 | +int | |
8615 | +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op) | |
8616 | +{ | |
8617 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
8618 | + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & 002)) { | |
8619 | + security_alert(GR_SYSCTL_MSG, name, DEFAULTSECARGS); | |
8620 | + return -EACCES; | |
8621 | + } | |
8622 | +#endif | |
8623 | + return 0; | |
8624 | +} | |
8625 | + | |
8626 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
8627 | +enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL, | |
8628 | +GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT, | |
8629 | +GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM, | |
8630 | +GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS, | |
8631 | +GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, GS_SIDCAPS, | |
8632 | +GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDISN, | |
8633 | +GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, | |
8634 | +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, | |
8635 | +GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, | |
806c2378 | 8636 | +GS_FINDTASK, GS_LOCK}; |
1db5cd70 PS |
8637 | + |
8638 | + | |
8639 | +ctl_table grsecurity_table[] = { | |
8640 | +#ifdef CONFIG_GRKERNSEC_LINK | |
8641 | + { | |
8642 | + .ctl_name = GS_LINK, | |
8643 | + .procname = "linking_restrictions", | |
8644 | + .data = &grsec_enable_link, | |
8645 | + .maxlen = sizeof(int), | |
8646 | + .mode = 0600, | |
8647 | + .proc_handler = &proc_dointvec, | |
8648 | + }, | |
8649 | +#endif | |
8650 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
8651 | + { | |
8652 | + .ctl_name = GS_FIFO, | |
8653 | + .procname = "fifo_restrictions", | |
8654 | + .data = &grsec_enable_fifo, | |
8655 | + .maxlen = sizeof(int), | |
8656 | + .mode = 0600, | |
8657 | + .proc_handler = &proc_dointvec, | |
8658 | + }, | |
8659 | +#endif | |
8660 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
8661 | + { | |
8662 | + .ctl_name = GS_EXECVE, | |
8663 | + .procname = "execve_limiting", | |
8664 | + .data = &grsec_enable_execve, | |
8665 | + .maxlen = sizeof(int), | |
8666 | + .mode = 0600, | |
8667 | + .proc_handler = &proc_dointvec, | |
8668 | + }, | |
8669 | +#endif | |
8670 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
8671 | + { | |
8672 | + .ctl_name = GS_EXECLOG, | |
8673 | + .procname = "exec_logging", | |
8674 | + .data = &grsec_enable_execlog, | |
8675 | + .maxlen = sizeof(int), | |
8676 | + .mode = 0600, | |
8677 | + .proc_handler = &proc_dointvec, | |
8678 | + }, | |
8679 | +#endif | |
8680 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
8681 | + { | |
8682 | + .ctl_name = GS_SIGNAL, | |
8683 | + .procname = "signal_logging", | |
8684 | + .data = &grsec_enable_signal, | |
8685 | + .maxlen = sizeof(int), | |
8686 | + .mode = 0600, | |
8687 | + .proc_handler = &proc_dointvec, | |
8688 | + }, | |
8689 | +#endif | |
8690 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
8691 | + { | |
8692 | + .ctl_name = GS_FORKFAIL, | |
8693 | + .procname = "forkfail_logging", | |
8694 | + .data = &grsec_enable_forkfail, | |
8695 | + .maxlen = sizeof(int), | |
8696 | + .mode = 0600, | |
8697 | + .proc_handler = &proc_dointvec, | |
8698 | + }, | |
8699 | +#endif | |
8700 | +#ifdef CONFIG_GRKERNSEC_TIME | |
8701 | + { | |
8702 | + .ctl_name = GS_TIME, | |
8703 | + .procname = "timechange_logging", | |
8704 | + .data = &grsec_enable_time, | |
8705 | + .maxlen = sizeof(int), | |
8706 | + .mode = 0600, | |
8707 | + .proc_handler = &proc_dointvec, | |
8708 | + }, | |
8709 | +#endif | |
8710 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
8711 | + { | |
8712 | + .ctl_name = GS_CHROOT_SHMAT, | |
8713 | + .procname = "chroot_deny_shmat", | |
8714 | + .data = &grsec_enable_chroot_shmat, | |
8715 | + .maxlen = sizeof(int), | |
8716 | + .mode = 0600, | |
8717 | + .proc_handler = &proc_dointvec, | |
8718 | + }, | |
8719 | +#endif | |
8720 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
8721 | + { | |
8722 | + .ctl_name = GS_CHROOT_UNIX, | |
8723 | + .procname = "chroot_deny_unix", | |
8724 | + .data = &grsec_enable_chroot_unix, | |
8725 | + .maxlen = sizeof(int), | |
8726 | + .mode = 0600, | |
8727 | + .proc_handler = &proc_dointvec, | |
8728 | + }, | |
8729 | +#endif | |
8730 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
8731 | + { | |
8732 | + .ctl_name = GS_CHROOT_MNT, | |
8733 | + .procname = "chroot_deny_mount", | |
8734 | + .data = &grsec_enable_chroot_mount, | |
8735 | + .maxlen = sizeof(int), | |
8736 | + .mode = 0600, | |
8737 | + .proc_handler = &proc_dointvec, | |
8738 | + }, | |
8739 | +#endif | |
8740 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
8741 | + { | |
8742 | + .ctl_name = GS_CHROOT_FCHDIR, | |
8743 | + .procname = "chroot_deny_fchdir", | |
8744 | + .data = &grsec_enable_chroot_fchdir, | |
8745 | + .maxlen = sizeof(int), | |
8746 | + .mode = 0600, | |
8747 | + .proc_handler = &proc_dointvec, | |
8748 | + }, | |
8749 | +#endif | |
8750 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
8751 | + { | |
8752 | + .ctl_name = GS_CHROOT_DBL, | |
8753 | + .procname = "chroot_deny_chroot", | |
8754 | + .data = &grsec_enable_chroot_double, | |
8755 | + .maxlen = sizeof(int), | |
8756 | + .mode = 0600, | |
8757 | + .proc_handler = &proc_dointvec, | |
8758 | + }, | |
8759 | +#endif | |
8760 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
8761 | + { | |
8762 | + .ctl_name = GS_CHROOT_PVT, | |
8763 | + .procname = "chroot_deny_pivot", | |
8764 | + .data = &grsec_enable_chroot_pivot, | |
8765 | + .maxlen = sizeof(int), | |
8766 | + .mode = 0600, | |
8767 | + .proc_handler = &proc_dointvec, | |
8768 | + }, | |
8769 | +#endif | |
8770 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
8771 | + { | |
8772 | + .ctl_name = GS_CHROOT_CD, | |
8773 | + .procname = "chroot_enforce_chdir", | |
8774 | + .data = &grsec_enable_chroot_chdir, | |
8775 | + .maxlen = sizeof(int), | |
8776 | + .mode = 0600, | |
8777 | + .proc_handler = &proc_dointvec, | |
8778 | + }, | |
8779 | +#endif | |
8780 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
8781 | + { | |
8782 | + .ctl_name = GS_CHROOT_CM, | |
8783 | + .procname = "chroot_deny_chmod", | |
8784 | + .data = &grsec_enable_chroot_chmod, | |
8785 | + .maxlen = sizeof(int), | |
8786 | + .mode = 0600, | |
8787 | + .proc_handler = &proc_dointvec, | |
8788 | + }, | |
8789 | +#endif | |
8790 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
8791 | + { | |
8792 | + .ctl_name = GS_CHROOT_MK, | |
8793 | + .procname = "chroot_deny_mknod", | |
8794 | + .data = &grsec_enable_chroot_mknod, | |
8795 | + .maxlen = sizeof(int), | |
8796 | + .mode = 0600, | |
8797 | + .proc_handler = &proc_dointvec, | |
8798 | + }, | |
8799 | +#endif | |
8800 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
8801 | + { | |
8802 | + .ctl_name = GS_CHROOT_NI, | |
8803 | + .procname = "chroot_restrict_nice", | |
8804 | + .data = &grsec_enable_chroot_nice, | |
8805 | + .maxlen = sizeof(int), | |
8806 | + .mode = 0600, | |
8807 | + .proc_handler = &proc_dointvec, | |
8808 | + }, | |
8809 | +#endif | |
8810 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
8811 | + { | |
8812 | + .ctl_name = GS_CHROOT_EXECLOG, | |
8813 | + .procname = "chroot_execlog", | |
8814 | + .data = &grsec_enable_chroot_execlog, | |
8815 | + .maxlen = sizeof(int), | |
8816 | + .mode = 0600, | |
8817 | + .proc_handler = &proc_dointvec, | |
8818 | + }, | |
8819 | +#endif | |
8820 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
8821 | + { | |
8822 | + .ctl_name = GS_CHROOT_CAPS, | |
8823 | + .procname = "chroot_caps", | |
8824 | + .data = &grsec_enable_chroot_caps, | |
8825 | + .maxlen = sizeof(int), | |
8826 | + .mode = 0600, | |
8827 | + .proc_handler = &proc_dointvec, | |
8828 | + }, | |
8829 | +#endif | |
8830 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
8831 | + { | |
8832 | + .ctl_name = GS_CHROOT_SYSCTL, | |
8833 | + .procname = "chroot_deny_sysctl", | |
8834 | + .data = &grsec_enable_chroot_sysctl, | |
8835 | + .maxlen = sizeof(int), | |
8836 | + .mode = 0600, | |
8837 | + .proc_handler = &proc_dointvec, | |
8838 | + }, | |
8839 | +#endif | |
8840 | +#ifdef CONFIG_GRKERNSEC_TPE | |
8841 | + { | |
8842 | + .ctl_name = GS_TPE, | |
8843 | + .procname = "tpe", | |
8844 | + .data = &grsec_enable_tpe, | |
8845 | + .maxlen = sizeof(int), | |
8846 | + .mode = 0600, | |
8847 | + .proc_handler = &proc_dointvec, | |
8848 | + }, | |
8849 | + { | |
8850 | + .ctl_name = GS_TPE_GID, | |
8851 | + .procname = "tpe_gid", | |
8852 | + .data = &grsec_tpe_gid, | |
8853 | + .maxlen = sizeof(int), | |
8854 | + .mode = 0600, | |
8855 | + .proc_handler = &proc_dointvec, | |
8856 | + }, | |
8857 | +#endif | |
8858 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
8859 | + { | |
8860 | + .ctl_name = GS_TPE_ALL, | |
8861 | + .procname = "tpe_restrict_all", | |
8862 | + .data = &grsec_enable_tpe_all, | |
8863 | + .maxlen = sizeof(int), | |
8864 | + .mode = 0600, | |
8865 | + .proc_handler = &proc_dointvec, | |
8866 | + }, | |
8867 | +#endif | |
8868 | +#ifdef CONFIG_GRKERNSEC_RANDPID | |
8869 | + { | |
8870 | + .ctl_name = GS_RANDPID, | |
8871 | + .procname = "rand_pids", | |
8872 | + .data = &grsec_enable_randpid, | |
8873 | + .maxlen = sizeof(int), | |
8874 | + .mode = 0600, | |
8875 | + .proc_handler = &proc_dointvec, | |
8876 | + }, | |
8877 | +#endif | |
8878 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
8879 | + { | |
8880 | + .ctl_name = GS_RANDID, | |
8881 | + .procname = "rand_ip_ids", | |
8882 | + .data = &grsec_enable_randid, | |
8883 | + .maxlen = sizeof(int), | |
8884 | + .mode = 0600, | |
8885 | + .proc_handler = &proc_dointvec, | |
8886 | + }, | |
8887 | +#endif | |
8888 | +#ifdef CONFIG_GRKERNSEC_RANDSRC | |
8889 | + { | |
8890 | + .ctl_name = GS_RANDSRC, | |
8891 | + .procname = "rand_tcp_src_ports", | |
8892 | + .data = &grsec_enable_randsrc, | |
8893 | + .maxlen = sizeof(int), | |
8894 | + .mode = 0600, | |
8895 | + .proc_handler = &proc_dointvec, | |
8896 | + }, | |
8897 | +#endif | |
8898 | +#ifdef CONFIG_GRKERNSEC_RANDISN | |
8899 | + { | |
8900 | + .ctl_name = GS_RANDISN, | |
8901 | + .procname = "rand_isns", | |
8902 | + .data = &grsec_enable_randisn, | |
8903 | + .maxlen = sizeof(int), | |
8904 | + .mode = 0600, | |
8905 | + .proc_handler = &proc_dointvec, | |
8906 | + }, | |
8907 | +#endif | |
8908 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
8909 | + { | |
8910 | + .ctl_name = GS_SOCKET_ALL, | |
8911 | + .procname = "socket_all", | |
8912 | + .data = &grsec_enable_socket_all, | |
8913 | + .maxlen = sizeof(int), | |
8914 | + .mode = 0600, | |
8915 | + .proc_handler = &proc_dointvec, | |
8916 | + }, | |
8917 | + { | |
8918 | + .ctl_name = GS_SOCKET_ALL_GID, | |
8919 | + .procname = "socket_all_gid", | |
8920 | + .data = &grsec_socket_all_gid, | |
8921 | + .maxlen = sizeof(int), | |
8922 | + .mode = 0600, | |
8923 | + .proc_handler = &proc_dointvec, | |
8924 | + }, | |
8925 | +#endif | |
8926 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
8927 | + { | |
8928 | + .ctl_name = GS_SOCKET_CLIENT, | |
8929 | + .procname = "socket_client", | |
8930 | + .data = &grsec_enable_socket_client, | |
8931 | + .maxlen = sizeof(int), | |
8932 | + .mode = 0600, | |
8933 | + .proc_handler = &proc_dointvec, | |
8934 | + }, | |
8935 | + { | |
8936 | + .ctl_name = GS_SOCKET_CLIENT_GID, | |
8937 | + .procname = "socket_client_gid", | |
8938 | + .data = &grsec_socket_client_gid, | |
8939 | + .maxlen = sizeof(int), | |
8940 | + .mode = 0600, | |
8941 | + .proc_handler = &proc_dointvec, | |
8942 | + }, | |
8943 | +#endif | |
8944 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
8945 | + { | |
8946 | + .ctl_name = GS_SOCKET_SERVER, | |
8947 | + .procname = "socket_server", | |
8948 | + .data = &grsec_enable_socket_server, | |
8949 | + .maxlen = sizeof(int), | |
8950 | + .mode = 0600, | |
8951 | + .proc_handler = &proc_dointvec, | |
8952 | + }, | |
8953 | + { | |
8954 | + .ctl_name = GS_SOCKET_SERVER_GID, | |
8955 | + .procname = "socket_server_gid", | |
8956 | + .data = &grsec_socket_server_gid, | |
8957 | + .maxlen = sizeof(int), | |
8958 | + .mode = 0600, | |
8959 | + .proc_handler = &proc_dointvec, | |
8960 | + }, | |
8961 | +#endif | |
8962 | +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP | |
8963 | + { | |
8964 | + .ctl_name = GS_GROUP, | |
8965 | + .procname = "audit_group", | |
8966 | + .data = &grsec_enable_group, | |
8967 | + .maxlen = sizeof(int), | |
8968 | + .mode = 0600, | |
8969 | + .proc_handler = &proc_dointvec, | |
8970 | + }, | |
8971 | + { | |
8972 | + .ctl_name = GS_GID, | |
8973 | + .procname = "audit_gid", | |
8974 | + .data = &grsec_audit_gid, | |
8975 | + .maxlen = sizeof(int), | |
8976 | + .mode = 0600, | |
8977 | + .proc_handler = &proc_dointvec, | |
8978 | + }, | |
8979 | +#endif | |
8980 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
8981 | + { | |
8982 | + .ctl_name = GS_ACHDIR, | |
8983 | + .procname = "audit_chdir", | |
8984 | + .data = &grsec_enable_chdir, | |
8985 | + .maxlen = sizeof(int), | |
8986 | + .mode = 0600, | |
8987 | + .proc_handler = &proc_dointvec, | |
8988 | + }, | |
8989 | +#endif | |
8990 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
8991 | + { | |
8992 | + .ctl_name = GS_AMOUNT, | |
8993 | + .procname = "audit_mount", | |
8994 | + .data = &grsec_enable_mount, | |
8995 | + .maxlen = sizeof(int), | |
8996 | + .mode = 0600, | |
8997 | + .proc_handler = &proc_dointvec, | |
8998 | + }, | |
8999 | +#endif | |
9000 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
9001 | + { | |
9002 | + .ctl_name = GS_AIPC, | |
9003 | + .procname = "audit_ipc", | |
9004 | + .data = &grsec_enable_audit_ipc, | |
9005 | + .maxlen = sizeof(int), | |
9006 | + .mode = 0600, | |
9007 | + .proc_handler = &proc_dointvec, | |
9008 | + }, | |
9009 | +#endif | |
1db5cd70 PS |
9010 | +#ifdef CONFIG_GRKERNSEC_DMESG |
9011 | + { | |
9012 | + .ctl_name = GS_DMSG, | |
9013 | + .procname = "dmesg", | |
9014 | + .data = &grsec_enable_dmesg, | |
9015 | + .maxlen = sizeof(int), | |
9016 | + .mode = 0600, | |
9017 | + .proc_handler = &proc_dointvec, | |
9018 | + }, | |
9019 | +#endif | |
9020 | +#ifdef CONFIG_GRKERNSEC_RANDRPC | |
9021 | + { | |
9022 | + .ctl_name = GS_RANDRPC, | |
9023 | + .procname = "rand_rpc", | |
9024 | + .data = &grsec_enable_randrpc, | |
9025 | + .maxlen = sizeof(int), | |
9026 | + .mode = 0600, | |
9027 | + .proc_handler = &proc_dointvec, | |
9028 | + }, | |
9029 | +#endif | |
9030 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
9031 | + { | |
9032 | + .ctl_name = GS_FINDTASK, | |
9033 | + .procname = "chroot_findtask", | |
9034 | + .data = &grsec_enable_chroot_findtask, | |
9035 | + .maxlen = sizeof(int), | |
9036 | + .mode = 0600, | |
9037 | + .proc_handler = &proc_dointvec, | |
9038 | + }, | |
9039 | +#endif | |
9040 | + { | |
9041 | + .ctl_name = GS_LOCK, | |
9042 | + .procname = "grsec_lock", | |
9043 | + .data = &grsec_lock, | |
9044 | + .maxlen = sizeof(int), | |
9045 | + .mode = 0600, | |
9046 | + .proc_handler = &proc_dointvec, | |
9047 | + }, | |
9048 | + { .ctl_name = 0 } | |
9049 | +}; | |
9050 | +#endif | |
1db5cd70 PS |
9051 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_time.c linux-2.6.7-rc1/grsecurity/grsec_time.c |
9052 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_time.c 1970-01-01 01:00:00.000000000 +0100 | |
9053 | +++ linux-2.6.7-rc1/grsecurity/grsec_time.c 2004-05-25 14:33:58.958397288 +0200 | |
9054 | @@ -0,0 +1,13 @@ | |
9055 | +#include <linux/kernel.h> | |
9056 | +#include <linux/sched.h> | |
9057 | +#include <linux/grinternal.h> | |
9058 | + | |
9059 | +void | |
9060 | +gr_log_timechange(void) | |
9061 | +{ | |
9062 | +#ifdef CONFIG_GRKERNSEC_TIME | |
9063 | + if (grsec_enable_time) | |
9064 | + security_alert_good(GR_TIME_MSG, DEFAULTSECARGS); | |
9065 | +#endif | |
9066 | + return; | |
9067 | +} | |
9068 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsec_tpe.c linux-2.6.7-rc1/grsecurity/grsec_tpe.c | |
9069 | --- linux-2.6.7-rc1.orig/grsecurity/grsec_tpe.c 1970-01-01 01:00:00.000000000 +0100 | |
9070 | +++ linux-2.6.7-rc1/grsecurity/grsec_tpe.c 2004-05-25 14:33:58.960396984 +0200 | |
9071 | @@ -0,0 +1,35 @@ | |
9072 | +#include <linux/kernel.h> | |
9073 | +#include <linux/sched.h> | |
9074 | +#include <linux/file.h> | |
9075 | +#include <linux/fs.h> | |
9076 | +#include <linux/grinternal.h> | |
9077 | + | |
9078 | +extern int gr_acl_tpe_check(void); | |
9079 | + | |
9080 | +int | |
9081 | +gr_tpe_allow(const struct file *file) | |
9082 | +{ | |
9083 | +#ifdef CONFIG_GRKERNSEC | |
9084 | + struct inode *inode = file->f_dentry->d_parent->d_inode; | |
9085 | + | |
9086 | + if (current->uid && ((grsec_enable_tpe && in_group_p(grsec_tpe_gid)) || gr_acl_tpe_check()) && | |
9087 | + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) || | |
9088 | + (inode->i_mode & S_IWOTH))))) { | |
9089 | + security_alert(GR_EXEC_TPE_MSG, | |
9090 | + gr_to_filename(file->f_dentry, file->f_vfsmnt), | |
9091 | + DEFAULTSECARGS); | |
9092 | + return 0; | |
9093 | + } | |
9094 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
9095 | + if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all && | |
9096 | + ((inode->i_uid && (inode->i_uid != current->uid)) || | |
9097 | + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) { | |
9098 | + security_alert(GR_EXEC_TPE_MSG, | |
9099 | + gr_to_filename(file->f_dentry, file->f_vfsmnt), | |
9100 | + DEFAULTSECARGS); | |
9101 | + return 0; | |
9102 | + } | |
9103 | +#endif | |
9104 | +#endif | |
9105 | + return 1; | |
9106 | +} | |
9107 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/grsum.c linux-2.6.7-rc1/grsecurity/grsum.c | |
9108 | --- linux-2.6.7-rc1.orig/grsecurity/grsum.c 1970-01-01 01:00:00.000000000 +0100 | |
9109 | +++ linux-2.6.7-rc1/grsecurity/grsum.c 2004-05-25 14:33:58.961396832 +0200 | |
9110 | @@ -0,0 +1,59 @@ | |
9111 | +#include <linux/kernel.h> | |
9112 | +#include <linux/sched.h> | |
9113 | +#include <linux/mm.h> | |
9114 | +#include <asm/scatterlist.h> | |
9115 | +#include <linux/crypto.h> | |
9116 | +#include <linux/gracl.h> | |
9117 | + | |
9118 | + | |
9119 | +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE) | |
9120 | +#error "crypto and sha256 must be built into the kernel" | |
9121 | +#endif | |
9122 | + | |
9123 | +int | |
9124 | +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum) | |
9125 | +{ | |
9126 | + char *p; | |
9127 | + struct crypto_tfm *tfm; | |
9128 | + unsigned char temp_sum[GR_SHA_LEN]; | |
9129 | + struct scatterlist sg[2]; | |
9130 | + volatile int retval = 0; | |
9131 | + volatile int dummy = 0; | |
9132 | + unsigned int i; | |
9133 | + | |
9134 | + tfm = crypto_alloc_tfm("sha256", 0); | |
9135 | + if (tfm == NULL) { | |
9136 | + /* should never happen, since sha256 should be built in */ | |
9137 | + return 1; | |
9138 | + } | |
9139 | + | |
9140 | + crypto_digest_init(tfm); | |
9141 | + | |
9142 | + p = salt; | |
9143 | + sg[0].page = virt_to_page(p); | |
9144 | + sg[0].offset = ((long) p & ~PAGE_MASK); | |
9145 | + sg[0].length = GR_SALT_LEN; | |
9146 | + | |
9147 | + crypto_digest_update(tfm, sg, 1); | |
9148 | + | |
9149 | + p = entry->pw; | |
9150 | + sg[0].page = virt_to_page(p); | |
9151 | + sg[0].offset = ((long) p & ~PAGE_MASK); | |
9152 | + sg[0].length = strlen(entry->pw); | |
9153 | + | |
9154 | + crypto_digest_update(tfm, sg, 1); | |
9155 | + | |
9156 | + crypto_digest_final(tfm, temp_sum); | |
9157 | + | |
9158 | + memset(entry->pw, 0, GR_PW_LEN); | |
9159 | + | |
9160 | + for (i = 0; i < GR_SHA_LEN; i++) | |
9161 | + if (sum[i] != temp_sum[i]) | |
9162 | + retval = 1; | |
9163 | + else | |
9164 | + dummy = 1; // waste a cycle | |
9165 | + | |
9166 | + crypto_free_tfm(tfm); | |
9167 | + | |
9168 | + return retval; | |
9169 | +} | |
9170 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/Kconfig linux-2.6.7-rc1/grsecurity/Kconfig | |
9171 | --- linux-2.6.7-rc1.orig/grsecurity/Kconfig 1970-01-01 01:00:00.000000000 +0100 | |
9172 | +++ linux-2.6.7-rc1/grsecurity/Kconfig 2004-05-25 14:33:58.846414312 +0200 | |
3aa50353 | 9173 | @@ -0,0 +1,819 @@ |
1db5cd70 PS |
9174 | +# |
9175 | +# grecurity configuration | |
9176 | +# | |
9177 | + | |
9178 | +menu "Grsecurity" | |
9179 | + | |
9180 | +config GRKERNSEC | |
9181 | + bool "Grsecurity" | |
9182 | + select CRYPTO | |
9183 | + select CRYPTO_SHA256 | |
9184 | + help | |
9185 | + If you say Y here, you will be able to configure many features | |
9186 | + that will enhance the security of your system. It is highly | |
9187 | + recommended that you say Y here and read through the help | |
9188 | + for each option so that you fully understand the features and | |
9189 | + can evaluate their usefulness for your machine. | |
9190 | + | |
9191 | +choice | |
9192 | + prompt "Security Level" | |
9193 | + depends GRKERNSEC | |
9194 | + default GRKERNSEC_CUSTOM | |
9195 | + | |
9196 | +config GRKERNSEC_LOW | |
9197 | + bool "Low" | |
9198 | + select GRKERNSEC_LINK | |
9199 | + select GRKERNSEC_FIFO | |
9200 | + select GRKERNSEC_RANDPID | |
9201 | + select GRKERNSEC_EXECVE | |
9202 | + select GRKERNSEC_RANDNET | |
9203 | + select GRKERNSEC_RANDISN | |
9204 | + select GRKERNSEC_DMESG | |
9205 | + select GRKERNSEC_RANDID | |
9206 | + select GRKERNSEC_CHROOT_CHDIR | |
9207 | + help | |
9208 | + If you choose this option, several of the grsecurity options will | |
9209 | + be enabled that will give you greater protection against a number | |
9210 | + of attacks, while assuring that none of your software will have any | |
9211 | + conflicts with the additional security measures. If you run a lot | |
9212 | + of unusual software, or you are having problems with the higher | |
9213 | + security levels, you should say Y here. With this option, the | |
9214 | + following features are enabled: | |
9215 | + | |
9216 | + - Linking Restrictions | |
9217 | + - FIFO Restrictions | |
9218 | + - Randomized PIDs | |
9219 | + - Enforcing RLIMIT_NPROC on execve | |
9220 | + - Restricted dmesg | |
9221 | + - Randomized IP IDs | |
9222 | + - Enforced chdir("/") on chroot | |
9223 | + | |
9224 | +config GRKERNSEC_MEDIUM | |
9225 | + bool "Medium" | |
1db5cd70 PS |
9226 | + select GRKERNSEC_PROC_MEMMAP |
9227 | + select GRKERNSEC_CHROOT_SYSCTL | |
9228 | + select GRKERNSEC_LINK | |
9229 | + select GRKERNSEC_FIFO | |
9230 | + select GRKERNSEC_RANDPID | |
9231 | + select GRKERNSEC_EXECVE | |
9232 | + select GRKERNSEC_DMESG | |
9233 | + select GRKERNSEC_RANDID | |
9234 | + select GRKERNSEC_RANDNET | |
9235 | + select GRKERNSEC_RANDISN | |
9236 | + select GRKERNSEC_RANDSRC | |
9237 | + select GRKERNSEC_RANDRPC | |
9238 | + select GRKERNSEC_FORKFAIL | |
9239 | + select GRKERNSEC_TIME | |
9240 | + select GRKERNSEC_SIGNAL | |
9241 | + select GRKERNSEC_CHROOT | |
9242 | + select GRKERNSEC_CHROOT_UNIX | |
9243 | + select GRKERNSEC_CHROOT_MOUNT | |
9244 | + select GRKERNSEC_CHROOT_PIVOT | |
9245 | + select GRKERNSEC_CHROOT_DOUBLE | |
9246 | + select GRKERNSEC_CHROOT_CHDIR | |
9247 | + select GRKERNSEC_CHROOT_MKNOD | |
9248 | + select GRKERNSEC_PROC | |
9249 | + select GRKERNSEC_PROC_USERGROUP | |
1db5cd70 PS |
9250 | + |
9251 | + help | |
9252 | + If you say Y here, several features in addition to those included | |
9253 | + in the low additional security level will be enabled. These | |
9254 | + features provide even more security to your system, though in rare | |
9255 | + cases they may be incompatible with very old or poorly written | |
9256 | + software. If you enable this option, make sure that your auth | |
9257 | + service (identd) is running as gid 1001. With this option, | |
9258 | + the following features (in addition to those provided in the | |
9259 | + low additional security level) will be enabled: | |
9260 | + | |
9261 | + - Randomized TCP Source Ports | |
9262 | + - Failed Fork Logging | |
9263 | + - Time Change Logging | |
9264 | + - Signal Logging | |
9265 | + - Deny Mounts in chroot | |
9266 | + - Deny Double chrooting | |
9267 | + - Deny Sysctl Writes in chroot | |
9268 | + - Deny Mknod in chroot | |
9269 | + - Deny Access to Abstract AF_UNIX Sockets out of chroot | |
9270 | + - Deny pivot_root in chroot | |
9271 | + - Denied Writes of /dev/kmem, /dev/mem, and /dev/port | |
9272 | + - /proc restrictions with special GID set to 10 (usually wheel) | |
1db5cd70 PS |
9273 | + |
9274 | +config GRKERNSEC_HIGH | |
9275 | + bool "High" | |
9276 | + select GRKERNSEC_LINK | |
9277 | + select GRKERNSEC_FIFO | |
9278 | + select GRKERNSEC_RANDPID | |
9279 | + select GRKERNSEC_EXECVE | |
9280 | + select GRKERNSEC_DMESG | |
9281 | + select GRKERNSEC_RANDID | |
9282 | + select GRKERNSEC_RANDSRC | |
9283 | + select GRKERNSEC_RANDRPC | |
9284 | + select GRKERNSEC_FORKFAIL | |
9285 | + select GRKERNSEC_TIME | |
9286 | + select GRKERNSEC_SIGNAL | |
9287 | + select GRKERNSEC_CHROOT_SHMAT | |
9288 | + select GRKERNSEC_CHROOT_UNIX | |
9289 | + select GRKERNSEC_CHROOT_MOUNT | |
9290 | + select GRKERNSEC_CHROOT_FCHDIR | |
9291 | + select GRKERNSEC_CHROOT_PIVOT | |
9292 | + select GRKERNSEC_CHROOT_DOUBLE | |
9293 | + select GRKERNSEC_CHROOT_CHDIR | |
9294 | + select GRKERNSEC_CHROOT_MKNOD | |
9295 | + select GRKERNSEC_CHROOT_CAPS | |
9296 | + select GRKERNSEC_CHROOT_SYSCTL | |
9297 | + select GRKERNSEC_CHROOT_FINDTASK | |
9298 | + select GRKERNSEC_PROC | |
9299 | + select GRKERNSEC_PROC_MEMMAP | |
9300 | + select GRKERNSEC_HIDESYM | |
9301 | + select GRKERNSEC_PROC_USERGROUP | |
9302 | + select GRKERNSEC_KMEM | |
9303 | + select GRKERNSEC_RESLOG | |
9304 | + select GRKERNSEC_RANDNET | |
9305 | + select GRKERNSEC_RANDISN | |
9306 | + select GRKERNSEC_PROC_ADD | |
9307 | + select GRKERNSEC_CHROOT_CHMOD | |
9308 | + select GRKERNSEC_CHROOT_NICE | |
9309 | + select GRKERNSEC_AUDIT_MOUNT | |
1db5cd70 PS |
9310 | + help |
9311 | + If you say Y here, many of the features of grsecurity will be | |
9312 | + enabled, which will protect you against many kinds of attacks | |
9313 | + against your system. The heightened security comes at a cost | |
9314 | + of an increased chance of incompatibilities with rare software | |
3aa50353 PS |
9315 | + on your machine. Also remember that since the /proc restrictions |
9316 | + are enabled, you must run your identd as gid 1001. | |
9317 | + This security level enables the following features in addition | |
9318 | + to those listed in the low and medium security levels: | |
1db5cd70 PS |
9319 | + |
9320 | + - Additional /proc Restrictions | |
9321 | + - Chmod Restrictions in chroot | |
9322 | + - No Signals, Ptrace, or Viewing of Processes Outside of chroot | |
9323 | + - Capability Restrictions in chroot | |
9324 | + - Deny fchdir out of chroot | |
9325 | + - Priority Restrictions in chroot | |
1db5cd70 PS |
9326 | + - Mprotect Restrictions |
9327 | + - Removal of Addresses from /proc/<pid>/[maps|stat] | |
1db5cd70 PS |
9328 | + - Mount/Unmount/Remount Logging |
9329 | + - Kernel Symbol Hiding | |
9330 | + | |
9331 | +config GRKERNSEC_CUSTOM | |
9332 | + bool "Custom" | |
9333 | + help | |
9334 | + If you say Y here, you will be able to configure every grsecurity | |
9335 | + option, which allows you to enable many more features that aren't | |
9336 | + covered in the basic security levels. These additional features | |
9337 | + include TPE, socket restrictions, and the sysctl system for | |
9338 | + grsecurity. It is advised that you read through the help for | |
9339 | + each option to determine its usefulness in your situation. | |
9340 | + | |
9341 | +endchoice | |
9342 | + | |
9343 | +menu "Address Space Protection" | |
9344 | +depends on GRKERNSEC | |
9345 | + | |
9346 | +config GRKERNSEC_KMEM | |
9347 | + bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port" | |
9348 | + help | |
9349 | + If you say Y here, /dev/kmem and /dev/mem won't be allowed to | |
9350 | + be written to via mmap or otherwise to modify the running kernel. | |
9351 | + /dev/port will also not be allowed to be opened. If you have module | |
9352 | + support disabled, enabling this will close up four ways that are | |
9353 | + currently used to insert malicious code into the running kernel. | |
9354 | + Even with all these features enabled, we still highly recommend that | |
9355 | + you use the ACL system, as it is still possible for an attacker to | |
9356 | + modify the running kernel through privileged I/O granted by ioperm/iopl. | |
9357 | + If you are not using XFree86, you may be able to stop this additional | |
9358 | + case by enabling the 'Disable privileged I/O' option. Though nothing | |
9359 | + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem, | |
9360 | + but only to video memory, which is the only writing we allow in this | |
9361 | + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will | |
9362 | + not be allowed to mprotect it with PROT_WRITE later. | |
9363 | + Enabling this feature could make certain apps like VMWare stop working, | |
9364 | + as they need to write to other locations in /dev/mem. | |
9365 | + It is highly recommended that you say Y here if you meet all the | |
9366 | + conditions above. | |
9367 | + | |
9368 | +config GRKERNSEC_IO | |
9369 | + bool "Disable privileged I/O" | |
9370 | + depends on X86 | |
9371 | + select RTC | |
9372 | + help | |
9373 | + If you say Y here, all ioperm and iopl calls will return an error. | |
9374 | + Ioperm and iopl can be used to modify the running kernel. | |
9375 | + Unfortunately, some programs need this access to operate properly, | |
9376 | + the most notable of which are XFree86 and hwclock. hwclock can be | |
9377 | + remedied by having RTC support in the kernel, so CONFIG_RTC is | |
9378 | + enabled if this option is enabled, to ensure that hwclock operates | |
9379 | + correctly. XFree86 still will not operate correctly with this option | |
9380 | + enabled, so DO NOT CHOOSE Y IF YOU USE XFree86. If you use XFree86 | |
9381 | + and you still want to protect your kernel against modification, | |
9382 | + use the ACL system. | |
9383 | + | |
9384 | +config GRKERNSEC_PROC_MEMMAP | |
9385 | + bool "Remove addresses from /proc/<pid>/[maps|stat]" | |
9386 | + help | |
3aa50353 PS |
9387 | + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files |
9388 | + will give no information about the addresses of its mappings. | |
1db5cd70 PS |
9389 | + |
9390 | +config GRKERNSEC_HIDESYM | |
9391 | + bool "Hide kernel symbols" | |
9392 | + help | |
9393 | + If you say Y here, getting information on loaded modules, and | |
9394 | + displaying all kernel symbols through a syscall will be restricted | |
9395 | + to users with CAP_SYS_MODULE. This option is only effective | |
9396 | + provided the following conditions are met: | |
9397 | + 1) The kernel using grsecurity is not precompiled by some distribution | |
9398 | + 2) You are using the ACL system and hiding other files such as your | |
9399 | + kernel image and System.map | |
9400 | + 3) You have the additional /proc restrictions enabled, which removes | |
9401 | + /proc/kcore | |
9402 | + If the above conditions are met, this option will aid to provide a | |
9403 | + useful protection against local and remote kernel exploitation of | |
9404 | + overflows and arbitrary read/write vulnerabilities. | |
9405 | + | |
9406 | +endmenu | |
9407 | +menu "Role Based Access Control Options" | |
9408 | +depends on GRKERNSEC | |
9409 | + | |
9410 | +config GRKERNSEC_ACL_HIDEKERN | |
9411 | + bool "Hide kernel processes" | |
9412 | + help | |
9413 | + If you say Y here, when the RBAC system is enabled via gradm -E, | |
9414 | + an additional ACL will be passed to the kernel that hides all kernel | |
9415 | + processes. These processes will only be viewable by the authenticated | |
9416 | + admin, or processes that have viewing access set. | |
9417 | + | |
9418 | +config GRKERNSEC_ACL_MAXTRIES | |
9419 | + int "Maximum tries before password lockout" | |
9420 | + default 3 | |
9421 | + help | |
9422 | + This option enforces the maximum number of times a user can attempt | |
9423 | + to authorize themselves with the grsecurity ACL system before being | |
9424 | + denied the ability to attempt authorization again for a specified time. | |
9425 | + The lower the number, the harder it will be to brute-force a password. | |
9426 | + | |
9427 | +config GRKERNSEC_ACL_TIMEOUT | |
9428 | + int "Time to wait after max password tries, in seconds" | |
9429 | + default 30 | |
9430 | + help | |
9431 | + This option specifies the time the user must wait after attempting to | |
9432 | + authorize to the ACL system with the maximum number of invalid | |
9433 | + passwords. The higher the number, the harder it will be to brute-force | |
9434 | + a password. | |
9435 | + | |
9436 | +endmenu | |
9437 | +menu "Filesystem Protections" | |
9438 | +depends on GRKERNSEC | |
9439 | + | |
9440 | +config GRKERNSEC_PROC | |
9441 | + bool "Proc restrictions" | |
9442 | + help | |
9443 | + If you say Y here, the permissions of the /proc filesystem | |
9444 | + will be altered to enhance system security and privacy. Depending | |
9445 | + upon the options you choose, you can either restrict users to see | |
9446 | + only the processes they themselves run, or choose a group that can | |
9447 | + view all processes and files normally restricted to root if you choose | |
9448 | + the "restrict to user only" option. NOTE: If you're running identd as | |
9449 | + a non-root user, you will have to run it as the group you specify here. | |
9450 | + | |
9451 | +config GRKERNSEC_PROC_USER | |
9452 | + bool "Restrict /proc to user only" | |
9453 | + depends on GRKERNSEC_PROC | |
9454 | + help | |
9455 | + If you say Y here, non-root users will only be able to view their own | |
9456 | + processes, and restricts them from viewing network-related information, | |
9457 | + and viewing kernel symbol and module information. | |
9458 | + | |
9459 | +config GRKERNSEC_PROC_USERGROUP | |
9460 | + bool "Allow special group" | |
9461 | + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER | |
9462 | + help | |
9463 | + If you say Y here, you will be able to select a group that will be | |
9464 | + able to view all processes, network-related information, and | |
9465 | + kernel and symbol information. This option is useful if you want | |
9466 | + to run identd as a non-root user. | |
9467 | + | |
9468 | +config GRKERNSEC_PROC_GID | |
9469 | + int "GID for special group" | |
9470 | + depends on GRKERNSEC_PROC_USERGROUP | |
9471 | + default 1001 | |
9472 | + | |
9473 | +config GRKERNSEC_PROC_ADD | |
9474 | + bool "Additional restrictions" | |
9475 | + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP | |
9476 | + help | |
9477 | + If you say Y here, additional restrictions will be placed on | |
9478 | + /proc that keep normal users from viewing cpu and device information. | |
9479 | + | |
9480 | +config GRKERNSEC_LINK | |
9481 | + bool "Linking restrictions" | |
9482 | + help | |
9483 | + If you say Y here, /tmp race exploits will be prevented, since users | |
9484 | + will no longer be able to follow symlinks owned by other users in | |
9485 | + world-writable +t directories (i.e. /tmp), unless the owner of the | |
9486 | + symlink is the owner of the directory. users will also not be | |
9487 | + able to hardlink to files they do not own. If the sysctl option is | |
9488 | + enabled, a sysctl option with name "linking_restrictions" is created. | |
9489 | + | |
9490 | +config GRKERNSEC_FIFO | |
9491 | + bool "FIFO restrictions" | |
9492 | + help | |
9493 | + If you say Y here, users will not be able to write to FIFOs they don't | |
9494 | + own in world-writable +t directories (i.e. /tmp), unless the owner of | |
9495 | + the FIFO is the same owner of the directory it's held in. If the sysctl | |
9496 | + option is enabled, a sysctl option with name "fifo_restrictions" is | |
9497 | + created. | |
9498 | + | |
9499 | +config GRKERNSEC_CHROOT | |
9500 | + bool "Chroot jail restrictions" | |
9501 | + help | |
9502 | + If you say Y here, you will be able to choose several options that will | |
9503 | + make breaking out of a chrooted jail much more difficult. If you | |
9504 | + encounter no software incompatibilities with the following options, it | |
9505 | + is recommended that you enable each one. | |
9506 | + | |
9507 | +config GRKERNSEC_CHROOT_MOUNT | |
9508 | + bool "Deny mounts" | |
9509 | + depends on GRKERNSEC_CHROOT | |
9510 | + help | |
9511 | + If you say Y here, processes inside a chroot will not be able to | |
9512 | + mount or remount filesystems. If the sysctl option is enabled, a | |
9513 | + sysctl option with name "chroot_deny_mount" is created. | |
9514 | + | |
9515 | +config GRKERNSEC_CHROOT_DOUBLE | |
9516 | + bool "Deny double-chroots" | |
9517 | + depends on GRKERNSEC_CHROOT | |
9518 | + help | |
9519 | + If you say Y here, processes inside a chroot will not be able to chroot | |
9520 | + again outside the chroot. This is a widely used method of breaking | |
9521 | + out of a chroot jail and should not be allowed. If the sysctl | |
9522 | + option is enabled, a sysctl option with name | |
9523 | + "chroot_deny_chroot" is created. | |
9524 | + | |
9525 | +config GRKERNSEC_CHROOT_PIVOT | |
9526 | + bool "Deny pivot_root in chroot" | |
9527 | + depends on GRKERNSEC_CHROOT | |
9528 | + help | |
9529 | + If you say Y here, processes inside a chroot will not be able to use | |
9530 | + a function called pivot_root() that was introduced in Linux 2.3.41. It | |
9531 | + works similar to chroot in that it changes the root filesystem. This | |
9532 | + function could be misused in a chrooted process to attempt to break out | |
9533 | + of the chroot, and therefore should not be allowed. If the sysctl | |
9534 | + option is enabled, a sysctl option with name "chroot_deny_pivot" is | |
9535 | + created. | |
9536 | + | |
9537 | +config GRKERNSEC_CHROOT_CHDIR | |
9538 | + bool "Enforce chdir(\"/\") on all chroots" | |
9539 | + depends on GRKERNSEC_CHROOT | |
9540 | + help | |
9541 | + If you say Y here, the current working directory of all newly-chrooted | |
9542 | + applications will be set to the the root directory of the chroot. | |
9543 | + The man page on chroot(2) states: | |
9544 | + Note that this call does not change the current working | |
9545 | + directory, so that `.' can be outside the tree rooted at | |
9546 | + `/'. In particular, the super-user can escape from a | |
9547 | + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'. | |
9548 | + | |
9549 | + It is recommended that you say Y here, since it's not known to break | |
9550 | + any software. If the sysctl option is enabled, a sysctl option with | |
9551 | + name "chroot_enforce_chdir" is created. | |
9552 | + | |
9553 | +config GRKERNSEC_CHROOT_CHMOD | |
9554 | + bool "Deny (f)chmod +s" | |
9555 | + depends on GRKERNSEC_CHROOT | |
9556 | + help | |
9557 | + If you say Y here, processes inside a chroot will not be able to chmod | |
9558 | + or fchmod files to make them have suid or sgid bits. This protects | |
9559 | + against another published method of breaking a chroot. If the sysctl | |
9560 | + option is enabled, a sysctl option with name "chroot_deny_chmod" is | |
9561 | + created. | |
9562 | + | |
9563 | +config GRKERNSEC_CHROOT_FCHDIR | |
9564 | + bool "Deny fchdir out of chroot" | |
9565 | + depends on GRKERNSEC_CHROOT | |
9566 | + help | |
9567 | + If you say Y here, a well-known method of breaking chroots by fchdir'ing | |
9568 | + to a file descriptor of the chrooting process that points to a directory | |
9569 | + outside the filesystem will be stopped. If the sysctl option | |
9570 | + is enabled, a sysctl option with name "chroot_deny_fchdir" is created. | |
9571 | + | |
9572 | +config GRKERNSEC_CHROOT_MKNOD | |
9573 | + bool "Deny mknod" | |
9574 | + depends on GRKERNSEC_CHROOT | |
9575 | + help | |
9576 | + If you say Y here, processes inside a chroot will not be allowed to | |
9577 | + mknod. The problem with using mknod inside a chroot is that it | |
9578 | + would allow an attacker to create a device entry that is the same | |
9579 | + as one on the physical root of your system, which could range from | |
9580 | + anything from the console device to a device for your harddrive (which | |
9581 | + they could then use to wipe the drive or steal data). It is recommended | |
9582 | + that you say Y here, unless you run into software incompatibilities. | |
9583 | + If the sysctl option is enabled, a sysctl option with name | |
9584 | + "chroot_deny_mknod" is created. | |
9585 | + | |
9586 | +config GRKERNSEC_CHROOT_SHMAT | |
9587 | + bool "Deny shmat() out of chroot" | |
9588 | + depends on GRKERNSEC_CHROOT | |
9589 | + help | |
9590 | + If you say Y here, processes inside a chroot will not be able to attach | |
9591 | + to shared memory segments that were created outside of the chroot jail. | |
9592 | + It is recommended that you say Y here. If the sysctl option is enabled, | |
9593 | + a sysctl option with name "chroot_deny_shmat" is created. | |
9594 | + | |
9595 | +config GRKERNSEC_CHROOT_UNIX | |
9596 | + bool "Deny access to abstract AF_UNIX sockets out of chroot" | |
9597 | + depends on GRKERNSEC_CHROOT | |
9598 | + help | |
9599 | + If you say Y here, processes inside a chroot will not be able to | |
9600 | + connect to abstract (meaning not belonging to a filesystem) Unix | |
9601 | + domain sockets that were bound outside of a chroot. It is recommended | |
9602 | + that you say Y here. If the sysctl option is enabled, a sysctl option | |
9603 | + with name "chroot_deny_unix" is created. | |
9604 | + | |
9605 | +config GRKERNSEC_CHROOT_FINDTASK | |
9606 | + bool "Protect outside processes" | |
9607 | + depends on GRKERNSEC_CHROOT | |
9608 | + help | |
9609 | + If you say Y here, processes inside a chroot will not be able to | |
9610 | + kill, send signals with fcntl, ptrace, capget, setpgid, getpgid, | |
9611 | + getsid, or view any process outside of the chroot. If the sysctl | |
9612 | + option is enabled, a sysctl option with name "chroot_findtask" is | |
9613 | + created. | |
9614 | + | |
9615 | +config GRKERNSEC_CHROOT_NICE | |
9616 | + bool "Restrict priority changes" | |
9617 | + depends on GRKERNSEC_CHROOT | |
9618 | + help | |
9619 | + If you say Y here, processes inside a chroot will not be able to raise | |
9620 | + the priority of processes in the chroot, or alter the priority of | |
9621 | + processes outside the chroot. This provides more security than simply | |
9622 | + removing CAP_SYS_NICE from the process' capability set. If the | |
9623 | + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice" | |
9624 | + is created. | |
9625 | + | |
9626 | +config GRKERNSEC_CHROOT_SYSCTL | |
9627 | + bool "Deny sysctl writes" | |
9628 | + depends on GRKERNSEC_CHROOT | |
9629 | + help | |
9630 | + If you say Y here, an attacker in a chroot will not be able to | |
9631 | + write to sysctl entries, either by sysctl(2) or through a /proc | |
9632 | + interface. It is strongly recommended that you say Y here. If the | |
9633 | + sysctl option is enabled, a sysctl option with name | |
9634 | + "chroot_deny_sysctl" is created. | |
9635 | + | |
9636 | +config GRKERNSEC_CHROOT_CAPS | |
9637 | + bool "Capability restrictions" | |
9638 | + depends on GRKERNSEC_CHROOT | |
9639 | + help | |
9640 | + If you say Y here, the capabilities on all root processes within a | |
9641 | + chroot jail will be lowered to stop module insertion, raw i/o, | |
9642 | + system and net admin tasks, rebooting the system, modifying immutable | |
9643 | + files, modifying IPC owned by another, and changing the system time. | |
9644 | + This is left an option because it can break some apps. Disable this | |
9645 | + if your chrooted apps are having problems performing those kinds of | |
9646 | + tasks. If the sysctl option is enabled, a sysctl option with | |
9647 | + name "chroot_caps" is created. | |
9648 | + | |
9649 | +endmenu | |
9650 | +menu "Kernel Auditing" | |
9651 | +depends on GRKERNSEC | |
9652 | + | |
9653 | +config GRKERNSEC_AUDIT_GROUP | |
9654 | + bool "Single group for auditing" | |
9655 | + help | |
9656 | + If you say Y here, the exec, chdir, (un)mount, and ipc logging features | |
9657 | + will only operate on a group you specify. This option is recommended | |
9658 | + if you only want to watch certain users instead of having a large | |
9659 | + amount of logs from the entire system. If the sysctl option is enabled, | |
9660 | + a sysctl option with name "audit_group" is created. | |
9661 | + | |
9662 | +config GRKERNSEC_AUDIT_GID | |
9663 | + int "GID for auditing" | |
9664 | + depends on GRKERNSEC_AUDIT_GROUP | |
9665 | + default 1007 | |
9666 | + | |
9667 | +config GRKERNSEC_EXECLOG | |
9668 | + bool "Exec logging" | |
9669 | + help | |
9670 | + If you say Y here, all execve() calls will be logged (since the | |
9671 | + other exec*() calls are frontends to execve(), all execution | |
9672 | + will be logged). Useful for shell-servers that like to keep track | |
9673 | + of their users. If the sysctl option is enabled, a sysctl option with | |
9674 | + name "exec_logging" is created. | |
9675 | + WARNING: This option when enabled will produce a LOT of logs, especially | |
9676 | + on an active system. | |
9677 | + | |
9678 | +config GRKERNSEC_RESLOG | |
9679 | + bool "Resource logging" | |
9680 | + help | |
9681 | + If you say Y here, all attempts to overstep resource limits will | |
9682 | + be logged with the resource name, the requested size, and the current | |
9683 | + limit. It is highly recommended that you say Y here. | |
9684 | + | |
9685 | +config GRKERNSEC_CHROOT_EXECLOG | |
9686 | + bool "Log execs within chroot" | |
9687 | + help | |
9688 | + If you say Y here, all executions inside a chroot jail will be logged | |
9689 | + to syslog. This can cause a large amount of logs if certain | |
9690 | + applications (eg. djb's daemontools) are installed on the system, and | |
9691 | + is therefore left as an option. If the sysctl option is enabled, a | |
9692 | + sysctl option with name "chroot_execlog" is created. | |
9693 | + | |
9694 | +config GRKERNSEC_AUDIT_CHDIR | |
9695 | + bool "Chdir logging" | |
9696 | + help | |
9697 | + If you say Y here, all chdir() calls will be logged. If the sysctl | |
9698 | + option is enabled, a sysctl option with name "audit_chdir" is created. | |
9699 | + | |
9700 | +config GRKERNSEC_AUDIT_MOUNT | |
9701 | + bool "(Un)Mount logging" | |
9702 | + help | |
9703 | + If you say Y here, all mounts and unmounts will be logged. If the | |
9704 | + sysctl option is enabled, a sysctl option with name "audit_mount" is | |
9705 | + created. | |
9706 | + | |
9707 | +config GRKERNSEC_AUDIT_IPC | |
9708 | + bool "IPC logging" | |
9709 | + help | |
9710 | + If you say Y here, creation and removal of message queues, semaphores, | |
9711 | + and shared memory will be logged. If the sysctl option is enabled, a | |
9712 | + sysctl option with name "audit_ipc" is created. | |
9713 | + | |
9714 | +config GRKERNSEC_SIGNAL | |
9715 | + bool "Signal logging" | |
9716 | + help | |
9717 | + If you say Y here, certain important signals will be logged, such as | |
9718 | + SIGSEGV, which will as a result inform you of when a error in a program | |
9719 | + occurred, which in some cases could mean a possible exploit attempt. | |
9720 | + If the sysctl option is enabled, a sysctl option with name | |
9721 | + "signal_logging" is created. | |
9722 | + | |
9723 | +config GRKERNSEC_FORKFAIL | |
9724 | + bool "Fork failure logging" | |
9725 | + help | |
9726 | + If you say Y here, all failed fork() attempts will be logged. | |
9727 | + This could suggest a fork bomb, or someone attempting to overstep | |
9728 | + their process limit. If the sysctl option is enabled, a sysctl option | |
9729 | + with name "forkfail_logging" is created. | |
9730 | + | |
9731 | +config GRKERNSEC_TIME | |
9732 | + bool "Time change logging" | |
9733 | + help | |
9734 | + If you say Y here, any changes of the system clock will be logged. | |
9735 | + If the sysctl option is enabled, a sysctl option with name | |
9736 | + "timechange_logging" is created. | |
9737 | + | |
9738 | +config GRKERNSEC_PROC_IPADDR | |
9739 | + bool "/proc/<pid>/ipaddr support" | |
9740 | + help | |
9741 | + If you say Y here, a new entry will be added to each /proc/<pid> | |
9742 | + directory that contains the IP address of the person using the task. | |
9743 | + The IP is carried across local TCP and AF_UNIX stream sockets. | |
9744 | + This information can be useful for IDS/IPSes to perform remote response | |
9745 | + to a local attack. The entry is readable by only the owner of the | |
9746 | + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via | |
9747 | + the RBAC system), and thus does not create privacy concerns. | |
9748 | + | |
1db5cd70 PS |
9749 | +endmenu |
9750 | + | |
9751 | +menu "Executable Protections" | |
9752 | +depends on GRKERNSEC | |
9753 | + | |
9754 | +config GRKERNSEC_EXECVE | |
9755 | + bool "Enforce RLIMIT_NPROC on execs" | |
9756 | + help | |
9757 | + If you say Y here, users with a resource limit on processes will | |
9758 | + have the value checked during execve() calls. The current system | |
9759 | + only checks the system limit during fork() calls. If the sysctl option | |
9760 | + is enabled, a sysctl option with name "execve_limiting" is created. | |
9761 | + | |
9762 | +config GRKERNSEC_DMESG | |
9763 | + bool "Dmesg(8) restriction" | |
9764 | + help | |
9765 | + If you say Y here, non-root users will not be able to use dmesg(8) | |
9766 | + to view up to the last 4kb of messages in the kernel's log buffer. | |
9767 | + If the sysctl option is enabled, a sysctl option with name "dmesg" is | |
9768 | + created. | |
9769 | + | |
9770 | +config GRKERNSEC_RANDPID | |
9771 | + bool "Randomized PIDs" | |
9772 | + help | |
9773 | + If you say Y here, all PIDs created on the system will be | |
9774 | + pseudo-randomly generated. This is extremely effective along | |
9775 | + with the /proc restrictions to disallow an attacker from guessing | |
9776 | + pids of daemons, etc. PIDs are also used in some cases as part | |
9777 | + of a naming system for temporary files, so this option would keep | |
9778 | + those filenames from being predicted as well. We also use code | |
9779 | + to make sure that PID numbers aren't reused too soon. If the sysctl | |
9780 | + option is enabled, a sysctl option with name "rand_pids" is created. | |
9781 | + | |
9782 | +config GRKERNSEC_TPE | |
9783 | + bool "Trusted Path Execution (TPE)" | |
9784 | + help | |
9785 | + If you say Y here, you will be able to choose a gid to add to the | |
9786 | + supplementary groups of users you want to mark as "untrusted." | |
9787 | + These users will not be able to execute any files that are not in | |
9788 | + root-owned directories writable only by root. If the sysctl option | |
9789 | + is enabled, a sysctl option with name "tpe" is created. | |
9790 | + | |
9791 | +config GRKERNSEC_TPE_ALL | |
9792 | + bool "Partially restrict non-root users" | |
9793 | + depends on GRKERNSEC_TPE | |
9794 | + help | |
9795 | + If you say Y here, All non-root users other than the ones in the | |
9796 | + group specified in the main TPE option will only be allowed to | |
9797 | + execute files in directories they own that are not group or | |
9798 | + world-writable, or in directories owned by root and writable only by | |
9799 | + root. If the sysctl option is enabled, a sysctl option with name | |
9800 | + "tpe_restrict_all" is created. | |
9801 | + | |
9802 | +config GRKERNSEC_TPE_GID | |
9803 | + int "GID for untrusted users" | |
9804 | + depends on GRKERNSEC_TPE | |
9805 | + default 1005 | |
9806 | + help | |
9807 | + Here you can choose the GID to enable trusted path protection for. | |
9808 | + Remember to add the users you want protection enabled for to the GID | |
9809 | + specified here. If the sysctl option is enabled, whatever you choose | |
9810 | + here won't matter. You'll have to specify the GID in your bootup | |
9811 | + script by echoing the GID to the proper /proc entry. View the help | |
9812 | + on the sysctl option for more information. If the sysctl option is | |
9813 | + enabled, a sysctl option with name "tpe_gid" is created. | |
9814 | + | |
9815 | +endmenu | |
9816 | +menu "Network Protections" | |
9817 | +depends on GRKERNSEC | |
9818 | + | |
9819 | +config GRKERNSEC_RANDNET | |
9820 | + bool "Larger entropy pools" | |
9821 | + help | |
9822 | + If you say Y here, the entropy pools used for many features of Linux | |
9823 | + and grsecurity will be doubled in size. Since several grsecurity | |
9824 | + features use additional randomness, it is recommended that you say Y | |
9825 | + here. Saying Y here has a similar effect as modifying | |
9826 | + /proc/sys/kernel/random/poolsize. | |
9827 | + | |
9828 | +config GRKERNSEC_RANDISN | |
9829 | + bool "Truly random TCP ISN selection" | |
9830 | + help | |
9831 | + If you say Y here, Linux's default selection of TCP Initial Sequence | |
9832 | + Numbers (ISNs) will be replaced with that of OpenBSD. Linux uses | |
9833 | + an MD4 hash based on the connection plus a time value to create the | |
9834 | + ISN, while OpenBSD's selection is random. If the sysctl option is | |
9835 | + enabled, a sysctl option with name "rand_isns" is created. | |
9836 | + | |
9837 | +config GRKERNSEC_RANDID | |
9838 | + bool "Randomized IP IDs" | |
9839 | + help | |
9840 | + If you say Y here, all the id field on all outgoing packets | |
9841 | + will be randomized. This hinders os fingerprinters and | |
9842 | + keeps your machine from being used as a bounce for an untraceable | |
9843 | + portscan. Ids are used for fragmented packets, fragments belonging | |
9844 | + to the same packet have the same id. By default linux only | |
9845 | + increments the id value on each packet sent to an individual host. | |
9846 | + We use a port of the OpenBSD random ip id code to achieve the | |
9847 | + randomness, while keeping the possibility of id duplicates to | |
9848 | + near none. If the sysctl option is enabled, a sysctl option with name | |
9849 | + "rand_ip_ids" is created. | |
9850 | + | |
9851 | +config GRKERNSEC_RANDSRC | |
9852 | + bool "Randomized TCP source ports" | |
9853 | + default n if GRKERNSEC_LOW || GRKERNSEC_MID | |
9854 | + default y if GRKERNSEC_HIGH | |
9855 | + help | |
9856 | + If you say Y here, situations where a source port is generated on the | |
9857 | + fly for the TCP protocol (ie. with connect() ) will be altered so that | |
9858 | + the source port is generated at random, instead of a simple incrementing | |
9859 | + algorithm. If the sysctl option is enabled, a sysctl option with name | |
9860 | + "rand_tcp_src_ports" is created. | |
9861 | + | |
9862 | +config GRKERNSEC_RANDRPC | |
9863 | + bool "Randomized RPC XIDs" | |
9864 | + help | |
9865 | + If you say Y here, the method of determining XIDs for RPC requests will | |
9866 | + be randomized, instead of using linux's default behavior of simply | |
9867 | + incrementing the XID. If you want your RPC connections to be more | |
9868 | + secure, say Y here. If the sysctl option is enabled, a sysctl option | |
9869 | + with name "rand_rpc" is created. | |
9870 | + | |
9871 | +config GRKERNSEC_SOCKET | |
9872 | + bool "Socket restrictions" | |
9873 | + help | |
9874 | + If you say Y here, you will be able to choose from several options. | |
9875 | + If you assign a GID on your system and add it to the supplementary | |
9876 | + groups of users you want to restrict socket access to, this patch | |
9877 | + will perform up to three things, based on the option(s) you choose. | |
9878 | + | |
9879 | +config GRKERNSEC_SOCKET_ALL | |
9880 | + bool "Deny any sockets to group" | |
9881 | + depends on GRKERNSEC_SOCKET | |
9882 | + help | |
9883 | + If you say Y here, you will be able to choose a GID of whose users will | |
9884 | + be unable to connect to other hosts from your machine or run server | |
9885 | + applications from your machine. If the sysctl option is enabled, a | |
9886 | + sysctl option with name "socket_all" is created. | |
9887 | + | |
9888 | +config GRKERNSEC_SOCKET_ALL_GID | |
9889 | + int "GID to deny all sockets for" | |
9890 | + depends on GRKERNSEC_SOCKET_ALL | |
9891 | + default 1004 | |
9892 | + help | |
9893 | + Here you can choose the GID to disable socket access for. Remember to | |
9894 | + add the users you want socket access disabled for to the GID | |
9895 | + specified here. If the sysctl option is enabled, whatever you choose | |
9896 | + here won't matter. You'll have to specify the GID in your bootup | |
9897 | + script by echoing the GID to the proper /proc entry. View the help | |
9898 | + on the sysctl option for more information. If the sysctl option is | |
9899 | + enabled, a sysctl option with name "socket_all_gid" is created. | |
9900 | + | |
9901 | +config GRKERNSEC_SOCKET_CLIENT | |
9902 | + bool "Deny client sockets to group" | |
9903 | + depends on GRKERNSEC_SOCKET | |
9904 | + help | |
9905 | + If you say Y here, you will be able to choose a GID of whose users will | |
9906 | + be unable to connect to other hosts from your machine, but will be | |
9907 | + able to run servers. If this option is enabled, all users in the group | |
9908 | + you specify will have to use passive mode when initiating ftp transfers | |
9909 | + from the shell on your machine. If the sysctl option is enabled, a | |
9910 | + sysctl option with name "socket_client" is created. | |
9911 | + | |
9912 | +config GRKERNSEC_SOCKET_CLIENT_GID | |
9913 | + int "GID to deny client sockets for" | |
9914 | + depends on GRKERNSEC_SOCKET_CLIENT | |
9915 | + default 1003 | |
9916 | + help | |
9917 | + Here you can choose the GID to disable client socket access for. | |
9918 | + Remember to add the users you want client socket access disabled for to | |
9919 | + the GID specified here. If the sysctl option is enabled, whatever you | |
9920 | + choose here won't matter. You'll have to specify the GID in your bootup | |
9921 | + script by echoing the GID to the proper /proc entry. View the help | |
9922 | + on the sysctl option for more information. If the sysctl option is | |
9923 | + enabled, a sysctl option with name "socket_client_gid" is created. | |
9924 | + | |
9925 | +config GRKERNSEC_SOCKET_SERVER | |
9926 | + bool "Deny server sockets to group" | |
9927 | + depends on GRKERNSEC_SOCKET | |
9928 | + help | |
9929 | + If you say Y here, you will be able to choose a GID of whose users will | |
9930 | + be unable to run server applications from your machine. If the sysctl | |
9931 | + option is enabled, a sysctl option with name "socket_server" is created. | |
9932 | + | |
9933 | +config GRKERNSEC_SOCKET_SERVER_GID | |
9934 | + int "GID to deny server sockets for" | |
9935 | + depends on GRKERNSEC_SOCKET_SERVER | |
9936 | + default 1002 | |
9937 | + help | |
9938 | + Here you can choose the GID to disable server socket access for. | |
9939 | + Remember to add the users you want server socket access disabled for to | |
9940 | + the GID specified here. If the sysctl option is enabled, whatever you | |
9941 | + choose here won't matter. You'll have to specify the GID in your bootup | |
9942 | + script by echoing the GID to the proper /proc entry. View the help | |
9943 | + on the sysctl option for more information. If the sysctl option is | |
9944 | + enabled, a sysctl option with name "socket_server_gid" is created. | |
9945 | + | |
9946 | +endmenu | |
9947 | +menu "Sysctl support" | |
9948 | +depends on GRKERNSEC && SYSCTL | |
9949 | + | |
9950 | +config GRKERNSEC_SYSCTL | |
9951 | + bool "Sysctl support" | |
9952 | + help | |
9953 | + If you say Y here, you will be able to change the options that | |
9954 | + grsecurity runs with at bootup, without having to recompile your | |
9955 | + kernel. You can echo values to files in /proc/sys/kernel/grsecurity | |
9956 | + to enable (1) or disable (0) various features. All the sysctl entries | |
9957 | + are mutable until the "grsec_lock" entry is set to a non-zero value. | |
9958 | + All features are disabled by default. Please note that this option could | |
9959 | + reduce the effectiveness of the added security of this patch if an ACL | |
9960 | + system is not put in place. Your init scripts should be read-only, and | |
9961 | + root should not have access to adding modules or performing raw i/o | |
9962 | + operations. All options should be set at startup, and the grsec_lock | |
9963 | + entry should be set to a non-zero value after all the options are set. | |
9964 | + *THIS IS EXTREMELY IMPORTANT* | |
9965 | + | |
9966 | +endmenu | |
9967 | +menu "Logging Options" | |
9968 | +depends on GRKERNSEC | |
9969 | + | |
9970 | +config GRKERNSEC_FLOODTIME | |
9971 | + int "Seconds in between log messages (minimum)" | |
9972 | + default 10 | |
9973 | + help | |
9974 | + This option allows you to enforce the number of seconds between | |
9975 | + grsecurity log messages. The default should be suitable for most | |
9976 | + people, however, if you choose to change it, choose a value small enough | |
9977 | + to allow informative logs to be produced, but large enough to | |
9978 | + prevent flooding. | |
9979 | + | |
9980 | +config GRKERNSEC_FLOODBURST | |
9981 | + int "Number of messages in a burst (maximum)" | |
9982 | + default 4 | |
9983 | + help | |
9984 | + This option allows you to choose the maximum number of messages allowed | |
9985 | + within the flood time interval you chose in a separate option. The | |
9986 | + default should be suitable for most people, however if you find that | |
9987 | + many of your logs are being interpreted as flooding, you may want to | |
9988 | + raise this value. | |
9989 | + | |
9990 | +endmenu | |
9991 | + | |
9992 | +endmenu | |
9993 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/Makefile linux-2.6.7-rc1/grsecurity/Makefile | |
9994 | --- linux-2.6.7-rc1.orig/grsecurity/Makefile 1970-01-01 01:00:00.000000000 +0100 | |
9995 | +++ linux-2.6.7-rc1/grsecurity/Makefile 2004-05-25 14:33:58.847414160 +0200 | |
9996 | @@ -0,0 +1,21 @@ | |
9997 | +# grsecurity's ACL system was originally written in 2001 by Michael Dalton | |
9998 | +# during 2001, 2002, and 2003 it has been completely redesigned by | |
9999 | +# Brad Spengler | |
10000 | +# | |
10001 | +# All code in this directory and various hooks inserted throughout the kernel | |
10002 | +# are copyright Brad Spengler, and released under the GPL, unless otherwise | |
10003 | +# noted (as in obsd_rand.c) | |
10004 | + | |
10005 | +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ | |
10006 | + grsec_mount.o grsec_rand.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ | |
806c2378 | 10007 | + grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o |
1db5cd70 PS |
10008 | + |
10009 | +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o obsd_rand.o \ | |
10010 | + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ | |
10011 | + gracl_learn.o | |
10012 | +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o | |
10013 | + | |
10014 | +ifndef CONFIG_GRKERNSEC | |
10015 | +obj-y += grsec_disabled.o | |
10016 | +endif | |
10017 | + | |
10018 | diff -uNr linux-2.6.7-rc1.orig/grsecurity/obsd_rand.c linux-2.6.7-rc1/grsecurity/obsd_rand.c | |
10019 | --- linux-2.6.7-rc1.orig/grsecurity/obsd_rand.c 1970-01-01 01:00:00.000000000 +0100 | |
10020 | +++ linux-2.6.7-rc1/grsecurity/obsd_rand.c 2004-05-25 14:33:58.964396376 +0200 | |
10021 | @@ -0,0 +1,186 @@ | |
10022 | + | |
10023 | +/* | |
10024 | + * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff. | |
10025 | + * | |
10026 | + * Version 1.89, last modified 19-Sep-99 | |
10027 | + * | |
10028 | + * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999. | |
10029 | + * All rights reserved. | |
10030 | + * | |
10031 | + * Copyright 1998 Niels Provos <provos@citi.umich.edu> | |
10032 | + * All rights reserved. | |
10033 | + * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using | |
10034 | + * such a mathematical system to generate more random (yet non-repeating) | |
10035 | + * ids to solve the resolver/named problem. But Niels designed the | |
10036 | + * actual system based on the constraints. | |
10037 | + * | |
10038 | + * Redistribution and use in source and binary forms, with or without | |
10039 | + * modification, are permitted provided that the following conditions | |
10040 | + * are met: | |
10041 | + * 1. Redistributions of source code must retain the above copyright | |
10042 | + * notice, this list of conditions and the following disclaimer, | |
10043 | + * 2. Redistributions in binary form must reproduce the above copyright | |
10044 | + * notice, this list of conditions and the following disclaimer in the | |
10045 | + * documentation and/or other materials provided with the distribution. | |
10046 | + * | |
10047 | + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
10048 | + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
10049 | + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
10050 | + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
10051 | + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
10052 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
10053 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
10054 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
10055 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
10056 | + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
10057 | + */ | |
10058 | + | |
10059 | +#include <linux/kernel.h> | |
10060 | +#include <linux/sched.h> | |
10061 | +#include <linux/time.h> | |
10062 | +#include <linux/timer.h> | |
10063 | +#include <linux/smp_lock.h> | |
10064 | +#include <linux/random.h> | |
10065 | +#include <linux/grsecurity.h> | |
10066 | + | |
10067 | +#define RU_OUT 180 | |
10068 | +#define RU_MAX 30000 | |
10069 | +#define RU_GEN 2 | |
10070 | +#define RU_N 32749 | |
10071 | +#define RU_AGEN 7 | |
10072 | +#define RU_M 31104 | |
10073 | +#define PFAC_N 3 | |
10074 | +const static __u16 pfacts[PFAC_N] = { 2, 3, 2729 }; | |
10075 | + | |
10076 | +static __u16 ru_x; | |
10077 | +static __u16 ru_seed, ru_seed2; | |
10078 | +static __u16 ru_a, ru_b; | |
10079 | +static __u16 ru_g; | |
10080 | +static __u16 ru_counter = 0; | |
10081 | +static __u16 ru_msb = 0; | |
10082 | +static unsigned long ru_reseed = 0; | |
10083 | +static __u32 tmp; | |
10084 | + | |
10085 | +#define TCP_RNDISS_ROUNDS 15 | |
10086 | +#define TCP_RNDISS_OUT 7200 | |
10087 | +#define TCP_RNDISS_MAX 30000 | |
10088 | + | |
10089 | +static __u8 tcp_rndiss_sbox[128]; | |
10090 | +static __u16 tcp_rndiss_msb; | |
10091 | +static __u16 tcp_rndiss_cnt; | |
10092 | +static unsigned long tcp_rndiss_reseed; | |
10093 | + | |
10094 | +static __u16 pmod(__u16, __u16, __u16); | |
10095 | +static void ip_initid(void); | |
10096 | +__u16 ip_randomid(void); | |
10097 | + | |
10098 | +static __u16 | |
10099 | +pmod(__u16 gen, __u16 exp, __u16 mod) | |
10100 | +{ | |
10101 | + __u16 s, t, u; | |
10102 | + | |
10103 | + s = 1; | |
10104 | + t = gen; | |
10105 | + u = exp; | |
10106 | + | |
10107 | + while (u) { | |
10108 | + if (u & 1) | |
10109 | + s = (s * t) % mod; | |
10110 | + u >>= 1; | |
10111 | + t = (t * t) % mod; | |
10112 | + } | |
10113 | + return (s); | |
10114 | +} | |
10115 | + | |
10116 | +static void | |
10117 | +ip_initid(void) | |
10118 | +{ | |
10119 | + __u16 j, i; | |
10120 | + int noprime = 1; | |
10121 | + | |
10122 | + ru_x = ((tmp = get_random_long()) & 0xFFFF) % RU_M; | |
10123 | + | |
10124 | + ru_seed = (tmp >> 16) & 0x7FFF; | |
10125 | + ru_seed2 = get_random_long() & 0x7FFF; | |
10126 | + | |
10127 | + ru_b = ((tmp = get_random_long()) & 0xfffe) | 1; | |
10128 | + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M); | |
10129 | + while (ru_b % 3 == 0) | |
10130 | + ru_b += 2; | |
10131 | + | |
10132 | + j = (tmp = get_random_long()) % RU_N; | |
10133 | + tmp = tmp >> 16; | |
10134 | + | |
10135 | + while (noprime) { | |
10136 | + for (i = 0; i < PFAC_N; i++) | |
10137 | + if (j % pfacts[i] == 0) | |
10138 | + break; | |
10139 | + | |
10140 | + if (i >= PFAC_N) | |
10141 | + noprime = 0; | |
10142 | + else | |
10143 | + j = (j + 1) % RU_N; | |
10144 | + } | |
10145 | + | |
10146 | + ru_g = pmod(RU_GEN, j, RU_N); | |
10147 | + ru_counter = 0; | |
10148 | + | |
10149 | + ru_reseed = xtime.tv_sec + RU_OUT; | |
10150 | + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; | |
10151 | +} | |
10152 | + | |
10153 | +__u16 | |
10154 | +ip_randomid(void) | |
10155 | +{ | |
10156 | + int i, n; | |
10157 | + | |
10158 | + if (ru_counter >= RU_MAX || time_after(get_seconds(), ru_reseed)) | |
10159 | + ip_initid(); | |
10160 | + | |
10161 | + if (!tmp) | |
10162 | + tmp = get_random_long(); | |
10163 | + | |
10164 | + n = tmp & 0x3; | |
10165 | + tmp = tmp >> 2; | |
10166 | + if (ru_counter + n >= RU_MAX) | |
10167 | + ip_initid(); | |
10168 | + for (i = 0; i <= n; i++) | |
10169 | + ru_x = (ru_a * ru_x + ru_b) % RU_M; | |
10170 | + ru_counter += i; | |
10171 | + | |
10172 | + return ((ru_seed ^ pmod(ru_g, ru_seed2 ^ ru_x, RU_N)) | ru_msb); | |
10173 | +} | |
10174 | + | |
10175 | +__u16 | |
10176 | +tcp_rndiss_encrypt(__u16 val) | |
10177 | +{ | |
10178 | + __u16 sum = 0, i; | |
10179 | + | |
10180 | + for (i = 0; i < TCP_RNDISS_ROUNDS; i++) { | |
10181 | + sum += 0x79b9; | |
10182 | + val ^= ((__u16) tcp_rndiss_sbox[(val ^ sum) & 0x7f]) << 7; | |
10183 | + val = ((val & 0xff) << 7) | (val >> 8); | |
10184 | + } | |
10185 | + | |
10186 | + return val; | |
10187 | +} | |
10188 | + | |
10189 | +static void | |
10190 | +tcp_rndiss_init(void) | |
10191 | +{ | |
10192 | + get_random_bytes(tcp_rndiss_sbox, sizeof (tcp_rndiss_sbox)); | |
10193 | + tcp_rndiss_reseed = get_seconds() + TCP_RNDISS_OUT; | |
10194 | + tcp_rndiss_msb = tcp_rndiss_msb == 0x8000 ? 0 : 0x8000; | |
10195 | + tcp_rndiss_cnt = 0; | |
10196 | +} | |
10197 | + | |
10198 | +__u32 | |
10199 | +ip_randomisn(void) | |
10200 | +{ | |
10201 | + if (tcp_rndiss_cnt >= TCP_RNDISS_MAX || | |
10202 | + time_after(get_seconds(), tcp_rndiss_reseed)) | |
10203 | + tcp_rndiss_init(); | |
10204 | + | |
10205 | + return (((tcp_rndiss_encrypt(tcp_rndiss_cnt++) | | |
10206 | + tcp_rndiss_msb) << 16) | (get_random_long() & 0x7fff)); | |
10207 | +} | |
1db5cd70 PS |
10208 | diff -uNr linux-2.6.7-rc1.orig/include/asm-i386/module.h linux-2.6.7-rc1/include/asm-i386/module.h |
10209 | --- linux-2.6.7-rc1.orig/include/asm-i386/module.h 2004-05-23 07:53:35.000000000 +0200 | |
10210 | +++ linux-2.6.7-rc1/include/asm-i386/module.h 2004-05-25 14:33:59.087377680 +0200 | |
10211 | @@ -60,12 +60,18 @@ | |
10212 | #define MODULE_REGPARM "" | |
10213 | #endif | |
10214 | ||
10215 | +#ifdef CONFIG_GRKERNSEC | |
10216 | +#define MODULE_GRSEC "GRSECURITY " | |
10217 | +#else | |
10218 | +#define MODULE_GRSEC "" | |
10219 | +#endif | |
10220 | + | |
10221 | #ifdef CONFIG_4KSTACKS | |
10222 | #define MODULE_STACKSIZE "4KSTACKS " | |
10223 | #else | |
10224 | #define MODULE_STACKSIZE "" | |
10225 | #endif | |
10226 | ||
10227 | -#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_REGPARM MODULE_STACKSIZE | |
10228 | +#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_REGPARM MODULE_STACKSIZE MODULE_GRSEC | |
10229 | ||
10230 | #endif /* _ASM_I386_MODULE_H */ | |
1db5cd70 PS |
10231 | diff -uNr linux-2.6.7-rc1.orig/include/linux/binfmts.h linux-2.6.7-rc1/include/linux/binfmts.h |
10232 | --- linux-2.6.7-rc1.orig/include/linux/binfmts.h 2004-05-23 07:54:18.000000000 +0200 | |
10233 | +++ linux-2.6.7-rc1/include/linux/binfmts.h 2004-05-25 14:33:59.302345000 +0200 | |
10234 | @@ -36,6 +36,7 @@ | |
10235 | of the time same as filename, but could be | |
10236 | different for binfmt_{misc,script} */ | |
10237 | unsigned long loader, exec; | |
10238 | + int misc; | |
10239 | }; | |
10240 | ||
10241 | /* | |
1db5cd70 PS |
10242 | diff -uNr linux-2.6.7-rc1.orig/include/linux/fs.h linux-2.6.7-rc1/include/linux/fs.h |
10243 | --- linux-2.6.7-rc1.orig/include/linux/fs.h 2004-05-23 07:53:47.000000000 +0200 | |
10244 | +++ linux-2.6.7-rc1/include/linux/fs.h 2004-05-25 14:33:59.335339984 +0200 | |
10245 | @@ -1192,7 +1192,7 @@ | |
10246 | ||
10247 | /* fs/open.c */ | |
10248 | ||
10249 | -extern int do_truncate(struct dentry *, loff_t start); | |
10250 | +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *); | |
10251 | extern struct file *filp_open(const char *, int, int); | |
10252 | extern struct file * dentry_open(struct dentry *, struct vfsmount *, int); | |
10253 | extern int filp_close(struct file *, fl_owner_t id); | |
10254 | diff -uNr linux-2.6.7-rc1.orig/include/linux/gracl.h linux-2.6.7-rc1/include/linux/gracl.h | |
10255 | --- linux-2.6.7-rc1.orig/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100 | |
10256 | +++ linux-2.6.7-rc1/include/linux/gracl.h 2004-05-25 14:33:59.339339376 +0200 | |
10257 | @@ -0,0 +1,246 @@ | |
10258 | +#ifndef GR_ACL_H | |
10259 | +#define GR_ACL_H | |
10260 | +#endif | |
10261 | +#include <linux/grdefs.h> | |
10262 | +#include <linux/resource.h> | |
10263 | +#include <linux/dcache.h> | |
10264 | +#include <asm/resource.h> | |
10265 | + | |
10266 | +/* * * * * * * * * * * * * * * * * * * * * | |
10267 | + * grsecurity ACL System | |
10268 | + * Main header file | |
10269 | + * Purpose: define most gracl data structures | |
10270 | + * * * * * * * * * * * * * * * * * * * * */ | |
10271 | + | |
10272 | +/* Major status information */ | |
10273 | + | |
10274 | +#define GR_VERSION "grsecurity 2.0" | |
10275 | + | |
10276 | +enum { | |
10277 | + | |
10278 | + SHUTDOWN = 0, | |
10279 | + ENABLE = 1, | |
10280 | + SPROLE = 2, | |
10281 | + RELOAD = 3, | |
10282 | + SEGVMOD = 4, | |
10283 | + STATUS = 5, | |
10284 | + UNSPROLE = 6 | |
10285 | +}; | |
10286 | + | |
10287 | +/* Password setup definitions | |
10288 | + * kernel/grhash.c */ | |
10289 | +enum { | |
10290 | + GR_PW_LEN = 128, | |
10291 | + GR_SALT_LEN = 16, | |
10292 | + GR_SHA_LEN = 32, | |
10293 | +}; | |
10294 | + | |
10295 | +enum { | |
10296 | + GR_SPROLE_LEN = 64, | |
10297 | +}; | |
10298 | + | |
10299 | +/* Begin Data Structures */ | |
10300 | + | |
10301 | +struct sprole_pw { | |
10302 | + unsigned char *rolename; | |
10303 | + unsigned char salt[GR_SALT_LEN]; | |
10304 | + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */ | |
10305 | +}; | |
10306 | + | |
10307 | +struct name_entry { | |
10308 | + ino_t inode; | |
10309 | + dev_t device; | |
10310 | + char *name; | |
10311 | + __u16 len; | |
10312 | +}; | |
10313 | + | |
10314 | +struct acl_role_db { | |
10315 | + struct acl_role_label **r_hash; | |
10316 | + __u32 r_size; | |
10317 | +}; | |
10318 | + | |
10319 | +struct name_db { | |
10320 | + struct name_entry **n_hash; | |
10321 | + __u32 n_size; | |
10322 | +}; | |
10323 | + | |
10324 | +struct crash_uid { | |
10325 | + uid_t uid; | |
10326 | + unsigned long expires; | |
10327 | +}; | |
10328 | + | |
10329 | +struct gr_hash_struct { | |
10330 | + void **table; | |
10331 | + void **nametable; | |
10332 | + void *first; | |
10333 | + __u32 table_size; | |
10334 | + __u32 used_size; | |
10335 | + int type; | |
10336 | +}; | |
10337 | + | |
10338 | +/* Userspace Grsecurity ACL data structures */ | |
10339 | +struct acl_subject_label { | |
10340 | + char *filename; | |
10341 | + ino_t inode; | |
10342 | + dev_t device; | |
10343 | + __u32 mode; | |
10344 | + __u32 cap_mask; | |
10345 | + __u32 cap_lower; | |
10346 | + | |
10347 | + struct rlimit res[RLIM_NLIMITS + 1]; | |
10348 | + __u16 resmask; | |
10349 | + | |
10350 | + __u8 user_trans_type; | |
10351 | + __u8 group_trans_type; | |
10352 | + uid_t *user_transitions; | |
10353 | + gid_t *group_transitions; | |
10354 | + __u16 user_trans_num; | |
10355 | + __u16 group_trans_num; | |
10356 | + | |
10357 | + __u32 ip_proto[8]; | |
10358 | + __u32 ip_type; | |
10359 | + struct acl_ip_label **ips; | |
10360 | + __u32 ip_num; | |
10361 | + | |
10362 | + __u32 crashes; | |
10363 | + unsigned long expires; | |
10364 | + | |
10365 | + struct acl_subject_label *parent_subject; | |
10366 | + struct gr_hash_struct *hash; | |
10367 | + struct acl_ip_label *ip_object; | |
10368 | + struct acl_subject_label *prev; | |
10369 | + struct acl_subject_label *next; | |
10370 | + | |
10371 | + struct acl_object_label **obj_hash; | |
10372 | + __u32 obj_hash_size; | |
10373 | +}; | |
10374 | + | |
10375 | +struct role_allowed_ip { | |
10376 | + __u32 addr; | |
10377 | + __u32 netmask; | |
10378 | + | |
10379 | + struct role_allowed_ip *prev; | |
10380 | + struct role_allowed_ip *next; | |
10381 | +}; | |
10382 | + | |
10383 | +struct role_transition { | |
10384 | + char *rolename; | |
10385 | + | |
10386 | + struct role_transition *prev; | |
10387 | + struct role_transition *next; | |
10388 | +}; | |
10389 | + | |
10390 | +struct acl_role_label { | |
10391 | + char *rolename; | |
10392 | + uid_t uidgid; | |
10393 | + __u16 roletype; | |
10394 | + | |
10395 | + __u16 auth_attempts; | |
10396 | + unsigned long expires; | |
10397 | + | |
10398 | + struct acl_subject_label *root_label; | |
10399 | + struct gr_hash_struct *hash; | |
10400 | + | |
10401 | + struct acl_role_label *prev; | |
10402 | + struct acl_role_label *next; | |
10403 | + | |
10404 | + struct role_transition *transitions; | |
10405 | + struct role_allowed_ip *allowed_ips; | |
10406 | + struct acl_subject_label **subj_hash; | |
10407 | + __u32 subj_hash_size; | |
10408 | +}; | |
10409 | + | |
10410 | +struct user_acl_role_db { | |
10411 | + struct acl_role_label **r_table; | |
10412 | + __u32 r_entries; /* number of entries in table */ | |
10413 | + __u32 s_entries; /* total number of subject acls */ | |
10414 | + __u32 i_entries; /* total number of ip acls */ | |
10415 | + __u32 o_entries; /* Total number of object acls */ | |
10416 | + __u32 g_entries; /* total number of globbed objects */ | |
10417 | + __u32 a_entries; /* total number of allowed ips */ | |
10418 | + __u32 t_entries; /* total number of transitions */ | |
10419 | +}; | |
10420 | + | |
10421 | +struct acl_object_label { | |
10422 | + char *filename; | |
10423 | + ino_t inode; | |
10424 | + dev_t device; | |
10425 | + __u32 mode; | |
10426 | + | |
10427 | + struct acl_subject_label *nested; | |
10428 | + struct acl_object_label *globbed; | |
10429 | + | |
10430 | + /* next two structures not used */ | |
10431 | + | |
10432 | + struct acl_object_label *prev; | |
10433 | + struct acl_object_label *next; | |
10434 | +}; | |
10435 | + | |
10436 | +struct acl_ip_label { | |
10437 | + __u32 addr; | |
10438 | + __u32 netmask; | |
10439 | + __u16 low, high; | |
10440 | + __u8 mode; | |
10441 | + __u32 type; | |
10442 | + __u32 proto[8]; | |
10443 | + | |
10444 | + /* next two structures not used */ | |
10445 | + | |
10446 | + struct acl_ip_label *prev; | |
10447 | + struct acl_ip_label *next; | |
10448 | +}; | |
10449 | + | |
10450 | +struct gr_arg { | |
10451 | + struct user_acl_role_db role_db; | |
10452 | + unsigned char pw[GR_PW_LEN]; | |
10453 | + unsigned char salt[GR_SALT_LEN]; | |
10454 | + unsigned char sum[GR_SHA_LEN]; | |
10455 | + unsigned char sp_role[GR_SPROLE_LEN]; | |
10456 | + struct sprole_pw *sprole_pws; | |
10457 | + dev_t segv_device; | |
10458 | + ino_t segv_inode; | |
10459 | + uid_t segv_uid; | |
10460 | + __u16 num_sprole_pws; | |
10461 | + __u16 mode; | |
10462 | +}; | |
10463 | + | |
10464 | +struct subject_map { | |
10465 | + struct acl_subject_label *user; | |
10466 | + struct acl_subject_label *kernel; | |
10467 | +}; | |
10468 | + | |
10469 | +struct acl_subj_map_db { | |
10470 | + struct subject_map **s_hash; | |
10471 | + __u32 s_size; | |
10472 | +}; | |
10473 | + | |
10474 | +/* End Data Structures Section */ | |
10475 | + | |
10476 | +/* Hash functions generated by empirical testing by Brad Spengler | |
10477 | + Makes good use of the low bits of the inode. Generally 0-1 times | |
10478 | + in loop for successful match. 0-3 for unsuccessful match. | |
10479 | + Shift/add algorithm with modulus of table size and an XOR*/ | |
10480 | + | |
10481 | +static __inline__ unsigned long | |
10482 | +rhash(const uid_t uid, const __u16 type, const unsigned long sz) | |
10483 | +{ | |
10484 | + return (((uid << type) + (uid ^ type)) % sz); | |
10485 | +} | |
10486 | + | |
10487 | + static __inline__ unsigned long | |
10488 | +shash(const struct acl_subject_label *userp, const unsigned long sz) | |
10489 | +{ | |
10490 | + return ((const unsigned long)userp % sz); | |
10491 | +} | |
10492 | + | |
10493 | +static __inline__ unsigned long | |
10494 | +fhash(const ino_t ino, const dev_t dev, const unsigned long sz) | |
10495 | +{ | |
10496 | + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz); | |
10497 | +} | |
10498 | + | |
10499 | +static __inline__ unsigned long | |
10500 | +nhash(const char *name, const __u16 len, const unsigned long sz) | |
10501 | +{ | |
10502 | + return full_name_hash(name, len) % sz; | |
10503 | +} | |
10504 | diff -uNr linux-2.6.7-rc1.orig/include/linux/gralloc.h linux-2.6.7-rc1/include/linux/gralloc.h | |
10505 | --- linux-2.6.7-rc1.orig/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100 | |
10506 | +++ linux-2.6.7-rc1/include/linux/gralloc.h 2004-05-25 14:33:59.341339072 +0200 | |
10507 | @@ -0,0 +1,8 @@ | |
10508 | +#ifndef __GRALLOC_H | |
10509 | +#define __GRALLOC_H | |
10510 | + | |
10511 | +void acl_free_all(void); | |
10512 | +int acl_alloc_stack_init(unsigned long size); | |
10513 | +void *acl_alloc(unsigned long len); | |
10514 | + | |
10515 | +#endif | |
10516 | diff -uNr linux-2.6.7-rc1.orig/include/linux/grdefs.h linux-2.6.7-rc1/include/linux/grdefs.h | |
10517 | --- linux-2.6.7-rc1.orig/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100 | |
10518 | +++ linux-2.6.7-rc1/include/linux/grdefs.h 2004-05-25 14:33:59.342338920 +0200 | |
10519 | @@ -0,0 +1,116 @@ | |
10520 | +#ifndef GRDEFS_H | |
10521 | +#define GRDEFS_H | |
10522 | + | |
10523 | +/* Begin grsecurity status declarations */ | |
10524 | + | |
10525 | +enum { | |
10526 | + GR_READY = 0x01, | |
10527 | + GR_STATUS_INIT = 0x00 // disabled state | |
10528 | +}; | |
10529 | + | |
10530 | +/* Begin ACL declarations */ | |
10531 | + | |
10532 | +/* Role flags */ | |
10533 | + | |
10534 | +enum { | |
10535 | + GR_ROLE_USER = 0x0001, | |
10536 | + GR_ROLE_GROUP = 0x0002, | |
10537 | + GR_ROLE_DEFAULT = 0x0004, | |
10538 | + GR_ROLE_SPECIAL = 0x0008, | |
10539 | + GR_ROLE_AUTH = 0x0010, | |
10540 | + GR_ROLE_NOPW = 0x0020, | |
10541 | + GR_ROLE_GOD = 0x0040, | |
10542 | + GR_ROLE_LEARN = 0x0080, | |
10543 | + GR_ROLE_TPE = 0x0100 | |
10544 | +}; | |
10545 | + | |
10546 | +/* ACL Subject and Object mode flags */ | |
10547 | +enum { | |
10548 | + GR_DELETED = 0x00000080 | |
10549 | +}; | |
10550 | + | |
10551 | +/* ACL Object-only mode flags */ | |
10552 | +enum { | |
10553 | + GR_READ = 0x00000001, | |
10554 | + GR_APPEND = 0x00000002, | |
10555 | + GR_WRITE = 0x00000004, | |
10556 | + GR_EXEC = 0x00000008, | |
10557 | + GR_FIND = 0x00000010, | |
10558 | + GR_INHERIT = 0x00000040, | |
10559 | + GR_PTRACERD = 0x00000100, | |
10560 | + GR_SETID = 0x00000200, | |
10561 | + GR_CREATE = 0x00000400, | |
10562 | + GR_DELETE = 0x00000800, | |
10563 | + GR_NOPTRACE = 0x00001000, | |
10564 | + GR_AUDIT_READ = 0x00002000, | |
10565 | + GR_AUDIT_APPEND = 0x00004000, | |
10566 | + GR_AUDIT_WRITE = 0x00008000, | |
10567 | + GR_AUDIT_EXEC = 0x00010000, | |
10568 | + GR_AUDIT_FIND = 0x00020000, | |
10569 | + GR_AUDIT_INHERIT= 0x00040000, | |
10570 | + GR_AUDIT_SETID = 0x00080000, | |
10571 | + GR_AUDIT_CREATE = 0x00100000, | |
10572 | + GR_AUDIT_DELETE = 0x00200000, | |
10573 | + GR_SUPPRESS = 0x00400000, | |
10574 | + GR_NOLEARN = 0x00800000 | |
10575 | +}; | |
10576 | + | |
10577 | +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \ | |
10578 | + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \ | |
10579 | + GR_AUDIT_CREATE | GR_AUDIT_DELETE) | |
10580 | + | |
10581 | +/* ACL subject-only mode flags */ | |
10582 | +enum { | |
10583 | + GR_KILL = 0x00000001, | |
10584 | + GR_VIEW = 0x00000002, | |
10585 | + GR_PROTECTED = 0x00000100, | |
10586 | + GR_LEARN = 0x00000200, | |
10587 | + GR_OVERRIDE = 0x00000400, | |
10588 | + /* just a placeholder, this mode is only used in userspace */ | |
10589 | + GR_DUMMY = 0x00000800, | |
10590 | + GR_PAXPAGE = 0x00001000, | |
10591 | + GR_PAXSEGM = 0x00002000, | |
10592 | + GR_PAXGCC = 0x00004000, | |
10593 | + GR_PAXRANDMMAP = 0x00008000, | |
10594 | + GR_PAXRANDEXEC = 0x00010000, | |
10595 | + GR_PAXMPROTECT = 0x00020000, | |
10596 | + GR_PROTSHM = 0x00040000, | |
10597 | + GR_KILLPROC = 0x00080000, | |
10598 | + GR_KILLIPPROC = 0x00100000, | |
10599 | + /* just a placeholder, this mode is only used in userspace */ | |
10600 | + GR_NOTROJAN = 0x00200000, | |
10601 | + GR_PROTPROCFD = 0x00400000, | |
10602 | + GR_PROCACCT = 0x00800000, | |
10603 | + GR_RELAXPTRACE = 0x01000000, | |
10604 | + GR_NESTED = 0x02000000 | |
10605 | +}; | |
10606 | + | |
10607 | +enum { | |
10608 | + GR_ID_USER = 0x01, | |
10609 | + GR_ID_GROUP = 0x02, | |
10610 | +}; | |
10611 | + | |
10612 | +enum { | |
10613 | + GR_ID_ALLOW = 0x01, | |
10614 | + GR_ID_DENY = 0x02, | |
10615 | +}; | |
10616 | + | |
10617 | +#define GR_CRASH_RES 11 | |
10618 | +#define GR_UIDTABLE_MAX 500 | |
10619 | + | |
10620 | +/* begin resource learning section */ | |
10621 | +enum { | |
10622 | + GR_RLIM_CPU_BUMP = 60, | |
10623 | + GR_RLIM_FSIZE_BUMP = 50000, | |
10624 | + GR_RLIM_DATA_BUMP = 10000, | |
10625 | + GR_RLIM_STACK_BUMP = 1000, | |
10626 | + GR_RLIM_CORE_BUMP = 10000, | |
10627 | + GR_RLIM_RSS_BUMP = 500000, | |
10628 | + GR_RLIM_NPROC_BUMP = 1, | |
10629 | + GR_RLIM_NOFILE_BUMP = 5, | |
10630 | + GR_RLIM_MEMLOCK_BUMP = 50000, | |
10631 | + GR_RLIM_AS_BUMP = 500000, | |
10632 | + GR_RLIM_LOCKS_BUMP = 2 | |
10633 | +}; | |
10634 | + | |
10635 | +#endif | |
10636 | diff -uNr linux-2.6.7-rc1.orig/include/linux/grinternal.h linux-2.6.7-rc1/include/linux/grinternal.h | |
10637 | --- linux-2.6.7-rc1.orig/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100 | |
10638 | +++ linux-2.6.7-rc1/include/linux/grinternal.h 2004-05-25 14:33:59.344338616 +0200 | |
806c2378 | 10639 | @@ -0,0 +1,200 @@ |
1db5cd70 PS |
10640 | +#ifndef __GRINTERNAL_H |
10641 | +#define __GRINTERNAL_H | |
10642 | + | |
10643 | +#ifdef CONFIG_GRKERNSEC | |
10644 | + | |
10645 | +#include <linux/fs.h> | |
10646 | +#include <linux/grdefs.h> | |
10647 | +#include <linux/grmsg.h> | |
10648 | + | |
10649 | +extern void gr_add_learn_entry(const char *fmt, ...); | |
10650 | +extern __u32 gr_search_file(const struct dentry *dentry, const __u32 mode, | |
10651 | + const struct vfsmount *mnt); | |
10652 | +extern __u32 gr_check_create(const struct dentry *new_dentry, | |
10653 | + const struct dentry *parent, | |
10654 | + const struct vfsmount *mnt, const __u32 mode); | |
10655 | +extern int gr_check_protected_task(const struct task_struct *task); | |
10656 | +extern __u32 to_gr_audit(const __u32 reqmode); | |
10657 | +extern int gr_set_acls(const int type); | |
10658 | + | |
10659 | +extern void gr_handle_alertkill(void); | |
10660 | +extern char *gr_to_filename(const struct dentry *dentry, | |
10661 | + const struct vfsmount *mnt); | |
10662 | +extern char *gr_to_filename1(const struct dentry *dentry, | |
10663 | + const struct vfsmount *mnt); | |
10664 | +extern char *gr_to_filename2(const struct dentry *dentry, | |
10665 | + const struct vfsmount *mnt); | |
10666 | +extern char *gr_to_filename3(const struct dentry *dentry, | |
10667 | + const struct vfsmount *mnt); | |
10668 | + | |
10669 | +extern int grsec_enable_link; | |
10670 | +extern int grsec_enable_fifo; | |
10671 | +extern int grsec_enable_execve; | |
10672 | +extern int grsec_enable_forkbomb; | |
10673 | +extern int grsec_forkbomb_gid; | |
10674 | +extern int grsec_forkbomb_sec; | |
10675 | +extern int grsec_forkbomb_max; | |
10676 | +extern int grsec_enable_execlog; | |
10677 | +extern int grsec_enable_signal; | |
10678 | +extern int grsec_enable_forkfail; | |
10679 | +extern int grsec_enable_time; | |
10680 | +extern int grsec_enable_chroot_shmat; | |
10681 | +extern int grsec_enable_chroot_findtask; | |
10682 | +extern int grsec_enable_chroot_mount; | |
10683 | +extern int grsec_enable_chroot_double; | |
10684 | +extern int grsec_enable_chroot_pivot; | |
10685 | +extern int grsec_enable_chroot_chdir; | |
10686 | +extern int grsec_enable_chroot_chmod; | |
10687 | +extern int grsec_enable_chroot_mknod; | |
10688 | +extern int grsec_enable_chroot_fchdir; | |
10689 | +extern int grsec_enable_chroot_nice; | |
10690 | +extern int grsec_enable_chroot_execlog; | |
10691 | +extern int grsec_enable_chroot_caps; | |
10692 | +extern int grsec_enable_chroot_sysctl; | |
10693 | +extern int grsec_enable_chroot_unix; | |
10694 | +extern int grsec_enable_tpe; | |
10695 | +extern int grsec_tpe_gid; | |
10696 | +extern int grsec_enable_tpe_all; | |
10697 | +extern int grsec_enable_sidcaps; | |
10698 | +extern int grsec_enable_randpid; | |
10699 | +extern int grsec_enable_socket_all; | |
10700 | +extern int grsec_socket_all_gid; | |
10701 | +extern int grsec_enable_socket_client; | |
10702 | +extern int grsec_socket_client_gid; | |
10703 | +extern int grsec_enable_socket_server; | |
10704 | +extern int grsec_socket_server_gid; | |
10705 | +extern int grsec_audit_gid; | |
10706 | +extern int grsec_enable_group; | |
10707 | +extern int grsec_enable_audit_ipc; | |
1db5cd70 PS |
10708 | +extern int grsec_enable_mount; |
10709 | +extern int grsec_enable_chdir; | |
10710 | +extern int grsec_lock; | |
10711 | + | |
10712 | +extern struct task_struct *child_reaper; | |
10713 | + | |
10714 | +extern spinlock_t grsec_alert_lock; | |
10715 | +extern unsigned long grsec_alert_wtime; | |
10716 | +extern unsigned long grsec_alert_fyet; | |
10717 | + | |
10718 | +extern spinlock_t grsec_alertgood_lock; | |
10719 | +extern unsigned long grsec_alertgood_wtime; | |
10720 | +extern unsigned long grsec_alertgood_fyet; | |
10721 | + | |
10722 | +extern spinlock_t grsec_audit_lock; | |
10723 | + | |
10724 | +#define gr_task_fullpath(tsk) (tsk->exec_file ? \ | |
10725 | + gr_to_filename2(tsk->exec_file->f_dentry, \ | |
10726 | + tsk->exec_file->f_vfsmnt) : "/") | |
10727 | + | |
10728 | +#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \ | |
10729 | + gr_to_filename3(tsk->parent->exec_file->f_dentry, \ | |
10730 | + tsk->parent->exec_file->f_vfsmnt) : "/") | |
10731 | + | |
10732 | +#define gr_task_fullpath0(tsk) (tsk->exec_file ? \ | |
10733 | + gr_to_filename(tsk->exec_file->f_dentry, \ | |
10734 | + tsk->exec_file->f_vfsmnt) : "/") | |
10735 | + | |
10736 | +#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \ | |
10737 | + gr_to_filename1(tsk->parent->exec_file->f_dentry, \ | |
10738 | + tsk->parent->exec_file->f_vfsmnt) : "/") | |
10739 | + | |
10740 | +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && \ | |
10741 | + ((tsk_a->fs->root->d_inode->i_sb->s_dev != \ | |
10742 | + child_reaper->fs->root->d_inode->i_sb->s_dev) || \ | |
10743 | + (tsk_a->fs->root->d_inode->i_ino != \ | |
10744 | + child_reaper->fs->root->d_inode->i_ino))) | |
10745 | + | |
10746 | +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_sb->s_dev == \ | |
10747 | + tsk_b->fs->root->d_inode->i_sb->s_dev) && \ | |
10748 | + (tsk_a->fs->root->d_inode->i_ino == \ | |
10749 | + tsk_b->fs->root->d_inode->i_ino)) | |
10750 | + | |
10751 | +#define DEFAULTSECARGS gr_task_fullpath(current), current->comm, \ | |
10752 | + current->pid, current->uid, \ | |
10753 | + current->euid, current->gid, current->egid, \ | |
10754 | + gr_parent_task_fullpath(current), \ | |
10755 | + current->parent->comm, current->parent->pid, \ | |
10756 | + current->parent->uid, current->parent->euid, \ | |
10757 | + current->parent->gid, current->parent->egid | |
10758 | + | |
10759 | +#define GR_CHROOT_CAPS ( \ | |
10760 | + CAP_TO_MASK(CAP_FOWNER) | \ | |
10761 | + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \ | |
10762 | + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \ | |
10763 | + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \ | |
10764 | + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \ | |
10765 | + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \ | |
10766 | + CAP_TO_MASK(CAP_IPC_OWNER)) | |
10767 | + | |
10768 | +#define security_alert_good(normal_msg,args...) \ | |
10769 | +({ \ | |
10770 | + spin_lock(&grsec_alertgood_lock); \ | |
10771 | + \ | |
10772 | + if (!grsec_alertgood_wtime || get_seconds() - grsec_alertgood_wtime > CONFIG_GRKERNSEC_FLOODTIME) { \ | |
10773 | + grsec_alertgood_wtime = get_seconds(); grsec_alertgood_fyet = 0; \ | |
10774 | + if (current->curr_ip) \ | |
10775 | + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \ | |
10776 | + else \ | |
10777 | + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \ | |
10778 | + } else if((get_seconds() - grsec_alertgood_wtime < CONFIG_GRKERNSEC_FLOODTIME) && (grsec_alertgood_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \ | |
10779 | + grsec_alertgood_fyet++; \ | |
10780 | + if (current->curr_ip) \ | |
10781 | + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \ | |
10782 | + else \ | |
10783 | + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \ | |
10784 | + } else if (grsec_alertgood_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \ | |
10785 | + grsec_alertgood_wtime = get_seconds(); grsec_alertgood_fyet++; \ | |
10786 | + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \ | |
10787 | + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \ | |
10788 | + } \ | |
10789 | + \ | |
10790 | + spin_unlock(&grsec_alertgood_lock); \ | |
10791 | +}) | |
10792 | + | |
10793 | +#define security_alert(normal_msg,args...) \ | |
10794 | +({ \ | |
10795 | + spin_lock(&grsec_alert_lock); \ | |
10796 | + \ | |
10797 | + if (!grsec_alert_wtime || get_seconds() - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME) { \ | |
10798 | + grsec_alert_wtime = get_seconds(); grsec_alert_fyet = 0; \ | |
10799 | + if (current->curr_ip) \ | |
10800 | + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \ | |
10801 | + else \ | |
10802 | + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \ | |
10803 | + } else if((get_seconds() - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \ | |
10804 | + grsec_alert_fyet++; \ | |
10805 | + if (current->curr_ip) \ | |
10806 | + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \ | |
10807 | + else \ | |
10808 | + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \ | |
10809 | + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \ | |
10810 | + grsec_alert_wtime = get_seconds(); grsec_alert_fyet++; \ | |
10811 | + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \ | |
10812 | + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \ | |
10813 | + } \ | |
10814 | + \ | |
10815 | + gr_handle_alertkill(); \ | |
10816 | + spin_unlock(&grsec_alert_lock); \ | |
10817 | +}) | |
10818 | + | |
10819 | +#define security_audit(normal_msg,args...) \ | |
10820 | +({ \ | |
10821 | + spin_lock(&grsec_audit_lock); \ | |
10822 | + if (current->curr_ip) \ | |
10823 | + printk(KERN_INFO "grsec: From %u.%u.%u.%u: " normal_msg "\n", \ | |
10824 | + NIPQUAD(current->curr_ip) , ## args); \ | |
10825 | + else \ | |
10826 | + printk(KERN_INFO "grsec: " normal_msg "\n", ## args); \ | |
10827 | + spin_unlock(&grsec_audit_lock); \ | |
10828 | +}) | |
10829 | + | |
10830 | +#define security_learn(normal_msg,args...) \ | |
10831 | +({ \ | |
10832 | + preempt_disable(); \ | |
10833 | + gr_add_learn_entry(normal_msg "\n", ## args); \ | |
10834 | + preempt_enable(); \ | |
10835 | +}) | |
10836 | + | |
10837 | +#endif | |
10838 | + | |
10839 | +#endif | |
10840 | diff -uNr linux-2.6.7-rc1.orig/include/linux/grmsg.h linux-2.6.7-rc1/include/linux/grmsg.h | |
10841 | --- linux-2.6.7-rc1.orig/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100 | |
10842 | +++ linux-2.6.7-rc1/include/linux/grmsg.h 2004-05-25 14:33:59.347338160 +0200 | |
806c2378 | 10843 | @@ -0,0 +1,107 @@ |
1db5cd70 PS |
10844 | +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%d/%d gid/egid:%d/%d, parent %.256s[%.16s:%d] uid/euid:%d/%d gid/egid:%d/%d" |
10845 | +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d" | |
10846 | +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " DEFAULTSECMSG | |
10847 | +#define GR_IOPERM_MSG "denied use of ioperm() by " DEFAULTSECMSG | |
10848 | +#define GR_IOPL_MSG "denied use of iopl() by " DEFAULTSECMSG | |
10849 | +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " DEFAULTSECMSG | |
10850 | +#define GR_UNIX_CHROOT_MSG "denied connect to abstract AF_UNIX socket outside of chroot by " DEFAULTSECMSG | |
10851 | +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " DEFAULTSECMSG | |
10852 | +#define GR_KMEM_MSG "attempted write to /dev/kmem by " DEFAULTSECMSG | |
10853 | +#define GR_PORT_OPEN_MSG "attempted open of /dev/port by " DEFAULTSECMSG | |
10854 | +#define GR_MEM_WRITE_MSG "attempted write of /dev/mem by " DEFAULTSECMSG | |
10855 | +#define GR_MEM_MMAP_MSG "attempted mmap write of /dev/[k]mem by " DEFAULTSECMSG | |
10856 | +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " DEFAULTSECMSG | |
10857 | +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%u.%u.%u.%u" | |
10858 | +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " DEFAULTSECMSG | |
10859 | +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " DEFAULTSECMSG | |
10860 | +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " DEFAULTSECMSG | |
10861 | +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " DEFAULTSECMSG | |
10862 | +#define GR_MKNOD_CHROOT_MSG "refused attempt to mknod %.950s from chroot by " DEFAULTSECMSG | |
10863 | +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " DEFAULTSECMSG | |
10864 | +#define GR_UNIXCONNECT_ACL_MSG "%s connect to the unix domain socket %.950s by " DEFAULTSECMSG | |
10865 | +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " DEFAULTSECMSG | |
10866 | +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " DEFAULTSECMSG | |
10867 | +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " DEFAULTSECMSG | |
10868 | +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " DEFAULTSECMSG | |
10869 | +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " DEFAULTSECMSG | |
10870 | +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " DEFAULTSECMSG | |
10871 | +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " DEFAULTSECMSG | |
10872 | +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " DEFAULTSECMSG | |
10873 | +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " DEFAULTSECMSG | |
10874 | +#define GR_NPROC_MSG "attempt to overstep process limit by " DEFAULTSECMSG | |
10875 | +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " DEFAULTSECMSG | |
10876 | +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " DEFAULTSECMSG | |
10877 | +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning uid %u from login for %lu seconds" | |
10878 | +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning execution for %lu seconds" | |
10879 | +#define GR_MOUNT_CHROOT_MSG "denied attempt to mount %.30s as %.930s from chroot by " DEFAULTSECMSG | |
10880 | +#define GR_PIVOT_CHROOT_MSG "denied attempt to pivot_root from chroot by " DEFAULTSECMSG | |
10881 | +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " DEFAULTSECMSG | |
10882 | +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " DEFAULTSECMSG | |
10883 | +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " DEFAULTSECMSG | |
10884 | +#define GR_CHROOT_CHROOT_MSG "denied attempt to double chroot to %.950s by " DEFAULTSECMSG | |
10885 | +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by " DEFAULTSECMSG | |
10886 | +#define GR_CHMOD_CHROOT_MSG "denied attempt to chmod +s %.950s by " DEFAULTSECMSG | |
10887 | +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " DEFAULTSECMSG | |
10888 | +#define GR_CHROOT_FCHDIR_MSG "attempted fchdir outside of chroot to %.950s by " DEFAULTSECMSG | |
10889 | +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " DEFAULTSECMSG | |
10890 | +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " DEFAULTSECMSG | |
10891 | +#define GR_INITF_ACL_MSG "init_variables() failed %s" | |
10892 | +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader" | |
10893 | +#define GR_DEV_ACL_MSG "/dev/grsec: being fed garbage %d bytes sent %d required" | |
10894 | +#define GR_SHUTS_ACL_MSG "shutdown auth success for " DEFAULTSECMSG | |
10895 | +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " DEFAULTSECMSG | |
10896 | +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " DEFAULTSECMSG | |
10897 | +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " DEFAULTSECMSG | |
10898 | +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " DEFAULTSECMSG | |
10899 | +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " DEFAULTSECMSG | |
10900 | +#define GR_ENABLE_ACL_MSG "Loaded %s" | |
10901 | +#define GR_ENABLEF_ACL_MSG "Unable to load %s for " DEFAULTSECMSG " RBAC system may already be enabled." | |
10902 | +#define GR_RELOADI_ACL_MSG "Ignoring reload request for disabled RBAC system" | |
10903 | +#define GR_RELOAD_ACL_MSG "Reloaded %s" | |
10904 | +#define GR_RELOADF_ACL_MSG "Failed reload of %s for " DEFAULTSECMSG | |
10905 | +#define GR_SPROLEI_ACL_MSG "Ignoring change to special role for disabled RBAC system for " DEFAULTSECMSG | |
10906 | +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " DEFAULTSECMSG | |
10907 | +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " DEFAULTSECMSG | |
10908 | +#define GR_SPROLEF_ACL_MSG "special role %s failure for " DEFAULTSECMSG | |
10909 | +#define GR_UNSPROLEI_ACL_MSG "Ignoring unauth of special role for disabled RBAC system for " DEFAULTSECMSG | |
10910 | +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by " DEFAULTSECMSG | |
10911 | +#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for " DEFAULTSECMSG | |
10912 | +#define GR_INVMODE_ACL_MSG "Invalid mode %d by " DEFAULTSECMSG | |
10913 | +#define GR_MAXPW_ACL_MSG "Maximum pw attempts reached (%d), locking password authentication" | |
10914 | +#define GR_MAXROLEPW_ACL_MSG "Maximum pw attempts reached (%d) trying to auth to special role %s, locking auth for role of " DEFAULTSECMSG | |
10915 | +#define GR_PRIORITY_CHROOT_MSG "attempted priority change of process (%.16s:%d) by " DEFAULTSECMSG | |
10916 | +#define GR_CAPSET_CHROOT_MSG "denied capset of (%.16s:%d) within chroot by " DEFAULTSECMSG | |
10917 | +#define GR_FAILFORK_MSG "failed fork with errno %d by " DEFAULTSECMSG | |
10918 | +#define GR_NICE_CHROOT_MSG "attempted priority change by " DEFAULTSECMSG | |
10919 | +#define GR_UNISIGLOG_MSG "signal %d sent to " DEFAULTSECMSG | |
10920 | +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " DEFAULTSECMSG | |
10921 | +#define GR_SIG_ACL_MSG "Attempted send of signal %d to protected task " DEFAULTSECMSG " by " DEFAULTSECMSG | |
10922 | +#define GR_SYSCTL_MSG "attempt to modify grsecurity sysctl value : %.32s by " DEFAULTSECMSG | |
10923 | +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " DEFAULTSECMSG | |
10924 | +#define GR_TIME_MSG "time set by " DEFAULTSECMSG | |
10925 | +#define GR_DEFACL_MSG "Fatal: Unable to find ACL for (%.16s:%d)" | |
10926 | +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " DEFAULTSECMSG | |
10927 | +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " DEFAULTSECMSG | |
10928 | +#define GR_SOCK_MSG "attempted socket(%.16s,%.16s,%.16s) by " DEFAULTSECMSG | |
10929 | +#define GR_SOCK2_MSG "attempted socket(%d,%.16s,%.16s) by " DEFAULTSECMSG | |
10930 | +#define GR_BIND_MSG "attempted bind() by " DEFAULTSECMSG | |
10931 | +#define GR_CONNECT_MSG "attempted connect by " DEFAULTSECMSG | |
10932 | +#define GR_BIND_ACL_MSG "attempted bind to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " DEFAULTSECMSG | |
10933 | +#define GR_CONNECT_ACL_MSG "attempted connect to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " DEFAULTSECMSG | |
10934 | +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%u.%u.%u.%u\t%u\t%u\t%u\t%u\t%u.%u.%u.%u" | |
10935 | +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " DEFAULTSECMSG | |
10936 | +#define GR_CAP_ACL_MSG "use of %s denied for " DEFAULTSECMSG | |
10937 | +#define GR_USRCHANGE_ACL_MSG "change to uid %d denied for " DEFAULTSECMSG | |
10938 | +#define GR_GRPCHANGE_ACL_MSG "change to gid %d denied for " DEFAULTSECMSG | |
10939 | +#define GR_REMOUNT_AUDIT_MSG "remount of %.30s by " DEFAULTSECMSG | |
10940 | +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.30s by " DEFAULTSECMSG | |
10941 | +#define GR_MOUNT_AUDIT_MSG "mount %.30s to %.64s by " DEFAULTSECMSG | |
10942 | +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " DEFAULTSECMSG | |
10943 | +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.63s) by " DEFAULTSECMSG | |
10944 | +#define GR_MSGQ_AUDIT_MSG "message queue created by " DEFAULTSECMSG | |
10945 | +#define GR_MSGQR_AUDIT_MSG "message queue of uid:%d euid:%d removed by " DEFAULTSECMSG | |
10946 | +#define GR_SEM_AUDIT_MSG "semaphore created by " DEFAULTSECMSG | |
10947 | +#define GR_SEMR_AUDIT_MSG "semaphore of uid:%d euid:%d removed by " DEFAULTSECMSG | |
10948 | +#define GR_SHM_AUDIT_MSG "shared memory of size %d created by " DEFAULTSECMSG | |
10949 | +#define GR_SHMR_AUDIT_MSG "shared memory of uid:%d euid:%d removed by " DEFAULTSECMSG | |
10950 | +#define GR_RESOURCE_MSG "attempted resource overstep by requesting %lu for %.16s against limit %lu by " DEFAULTSECMSG | |
1db5cd70 PS |
10951 | diff -uNr linux-2.6.7-rc1.orig/include/linux/grsecurity.h linux-2.6.7-rc1/include/linux/grsecurity.h |
10952 | --- linux-2.6.7-rc1.orig/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100 | |
10953 | +++ linux-2.6.7-rc1/include/linux/grsecurity.h 2004-05-25 14:33:59.349337856 +0200 | |
806c2378 | 10954 | @@ -0,0 +1,187 @@ |
1db5cd70 PS |
10955 | +#ifndef GR_SECURITY_H |
10956 | +#define GR_SECURITY_H | |
10957 | +#include <linux/fs.h> | |
10958 | +#include <linux/binfmts.h> | |
10959 | + | |
10960 | +extern int gr_check_user_change(int real, int effective, int fs); | |
10961 | +extern int gr_check_group_change(int real, int effective, int fs); | |
10962 | + | |
10963 | +extern void gr_add_to_task_ip_table(struct task_struct *p); | |
10964 | +extern void gr_del_task_from_ip_table(struct task_struct *p); | |
10965 | + | |
10966 | +extern int gr_pid_is_chrooted(const struct task_struct *p); | |
10967 | +extern int gr_handle_chroot_nice(void); | |
10968 | +extern int gr_handle_chroot_sysctl(const int op); | |
10969 | +extern int gr_handle_chroot_capset(const struct task_struct *target); | |
10970 | +extern int gr_handle_chroot_setpriority(struct task_struct *p, | |
10971 | + const int niceval); | |
10972 | +extern int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); | |
10973 | +extern int gr_handle_chroot_chroot(const struct dentry *dentry, | |
10974 | + const struct vfsmount *mnt); | |
10975 | +extern void gr_handle_chroot_caps(struct task_struct *task); | |
10976 | +extern void gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt); | |
10977 | +extern int gr_handle_chroot_chmod(const struct dentry *dentry, | |
10978 | + const struct vfsmount *mnt, const int mode); | |
10979 | +extern int gr_handle_chroot_mknod(const struct dentry *dentry, | |
10980 | + const struct vfsmount *mnt, const int mode); | |
10981 | +extern int gr_handle_chroot_mount(const struct dentry *dentry, | |
10982 | + const struct vfsmount *mnt, | |
10983 | + const char *dev_name); | |
10984 | +extern int gr_handle_chroot_pivot(void); | |
10985 | +extern int gr_handle_chroot_unix(const pid_t pid); | |
10986 | + | |
10987 | +extern int gr_handle_rawio(const struct inode *inode); | |
10988 | +extern int gr_handle_nproc(void); | |
10989 | + | |
10990 | +extern void gr_handle_ioperm(void); | |
10991 | +extern void gr_handle_iopl(void); | |
10992 | + | |
10993 | +extern int gr_tpe_allow(const struct file *file); | |
10994 | + | |
10995 | +extern int gr_random_pid(void); | |
10996 | + | |
10997 | +extern void gr_log_forkfail(const int retval); | |
10998 | +extern void gr_log_timechange(void); | |
10999 | +extern void gr_log_signal(const int sig, const struct task_struct *t); | |
11000 | +extern void gr_log_chdir(const struct dentry *dentry, | |
11001 | + const struct vfsmount *mnt); | |
11002 | +extern void gr_log_chroot_exec(const struct dentry *dentry, | |
11003 | + const struct vfsmount *mnt); | |
11004 | +extern void gr_handle_exec_args(struct linux_binprm *bprm, char **argv); | |
11005 | +extern void gr_log_remount(const char *devname, const int retval); | |
11006 | +extern void gr_log_unmount(const char *devname, const int retval); | |
11007 | +extern void gr_log_mount(const char *from, const char *to, const int retval); | |
11008 | +extern void gr_log_msgget(const int ret, const int msgflg); | |
11009 | +extern void gr_log_msgrm(const uid_t uid, const uid_t cuid); | |
11010 | +extern void gr_log_semget(const int err, const int semflg); | |
11011 | +extern void gr_log_semrm(const uid_t uid, const uid_t cuid); | |
11012 | +extern void gr_log_shmget(const int err, const int shmflg, const size_t size); | |
11013 | +extern void gr_log_shmrm(const uid_t uid, const uid_t cuid); | |
1db5cd70 PS |
11014 | + |
11015 | +extern int gr_handle_follow_link(const struct inode *parent, | |
11016 | + const struct inode *inode, | |
11017 | + const struct dentry *dentry, | |
11018 | + const struct vfsmount *mnt); | |
11019 | +extern int gr_handle_fifo(const struct dentry *dentry, | |
11020 | + const struct vfsmount *mnt, | |
11021 | + const struct dentry *dir, const int flag, | |
11022 | + const int acc_mode); | |
11023 | +extern int gr_handle_hardlink(const struct dentry *dentry, | |
11024 | + const struct vfsmount *mnt, | |
11025 | + struct inode *inode, | |
11026 | + const int mode, const char *to); | |
11027 | + | |
11028 | +extern int gr_task_is_capable(struct task_struct *task, const int cap); | |
11029 | +extern int gr_is_capable_nolog(const int cap); | |
11030 | +extern void gr_learn_resource(const struct task_struct *task, const int limit, | |
11031 | + const unsigned long wanted, const int gt); | |
11032 | +extern void gr_copy_label(struct task_struct *tsk); | |
11033 | +extern void gr_handle_crash(struct task_struct *task, const int sig); | |
11034 | +extern int gr_handle_signal(const struct task_struct *p, const int sig); | |
11035 | +extern int gr_check_crash_uid(const uid_t uid); | |
11036 | +extern int gr_check_protected_task(const struct task_struct *task); | |
11037 | +extern int gr_acl_handle_mmap(const struct file *file, | |
11038 | + const unsigned long prot); | |
11039 | +extern int gr_acl_handle_mprotect(const struct file *file, | |
11040 | + const unsigned long prot); | |
11041 | +extern int gr_check_hidden_task(const struct task_struct *tsk); | |
11042 | +extern __u32 gr_acl_handle_truncate(const struct dentry *dentry, | |
11043 | + const struct vfsmount *mnt); | |
11044 | +extern __u32 gr_acl_handle_utime(const struct dentry *dentry, | |
11045 | + const struct vfsmount *mnt); | |
11046 | +extern __u32 gr_acl_handle_access(const struct dentry *dentry, | |
11047 | + const struct vfsmount *mnt, const int fmode); | |
11048 | +extern __u32 gr_acl_handle_fchmod(const struct dentry *dentry, | |
11049 | + const struct vfsmount *mnt, mode_t mode); | |
11050 | +extern __u32 gr_acl_handle_chmod(const struct dentry *dentry, | |
11051 | + const struct vfsmount *mnt, mode_t mode); | |
11052 | +extern __u32 gr_acl_handle_chown(const struct dentry *dentry, | |
11053 | + const struct vfsmount *mnt); | |
11054 | +extern int gr_handle_ptrace_exec(const struct dentry *dentry, | |
11055 | + const struct vfsmount *mnt); | |
11056 | +extern int gr_handle_ptrace(struct task_struct *task, const long request); | |
11057 | +extern int gr_handle_proc_ptrace(struct task_struct *task); | |
11058 | +extern int gr_handle_mmap(const struct file *filp, const unsigned long prot); | |
11059 | +extern __u32 gr_acl_handle_execve(const struct dentry *dentry, | |
11060 | + const struct vfsmount *mnt); | |
11061 | +extern int gr_check_crash_exec(const struct file *filp); | |
11062 | +extern int gr_acl_is_enabled(void); | |
11063 | +extern void gr_set_kernel_label(struct task_struct *task); | |
11064 | +extern void gr_set_role_label(struct task_struct *task, const uid_t uid, | |
11065 | + const gid_t gid); | |
11066 | +extern void gr_set_proc_label(const struct dentry *dentry, | |
11067 | + const struct vfsmount *mnt); | |
11068 | +extern __u32 gr_acl_handle_hidden_file(const struct dentry *dentry, | |
11069 | + const struct vfsmount *mnt); | |
11070 | +extern __u32 gr_acl_handle_open(const struct dentry *dentry, | |
11071 | + const struct vfsmount *mnt, const int fmode); | |
11072 | +extern __u32 gr_acl_handle_creat(const struct dentry *dentry, | |
11073 | + const struct dentry *p_dentry, | |
11074 | + const struct vfsmount *p_mnt, const int fmode, | |
11075 | + const int imode); | |
11076 | +extern void gr_handle_create(const struct dentry *dentry, | |
11077 | + const struct vfsmount *mnt); | |
11078 | +extern __u32 gr_acl_handle_mknod(const struct dentry *new_dentry, | |
11079 | + const struct dentry *parent_dentry, | |
11080 | + const struct vfsmount *parent_mnt, | |
11081 | + const int mode); | |
11082 | +extern __u32 gr_acl_handle_mkdir(const struct dentry *new_dentry, | |
11083 | + const struct dentry *parent_dentry, | |
11084 | + const struct vfsmount *parent_mnt); | |
11085 | +extern __u32 gr_acl_handle_rmdir(const struct dentry *dentry, | |
11086 | + const struct vfsmount *mnt); | |
11087 | +extern void gr_handle_delete(const ino_t ino, const dev_t dev); | |
11088 | +extern __u32 gr_acl_handle_unlink(const struct dentry *dentry, | |
11089 | + const struct vfsmount *mnt); | |
11090 | +extern __u32 gr_acl_handle_symlink(const struct dentry *new_dentry, | |
11091 | + const struct dentry *parent_dentry, | |
11092 | + const struct vfsmount *parent_mnt, | |
11093 | + const char *from); | |
11094 | +extern __u32 gr_acl_handle_link(const struct dentry *new_dentry, | |
11095 | + const struct dentry *parent_dentry, | |
11096 | + const struct vfsmount *parent_mnt, | |
11097 | + const struct dentry *old_dentry, | |
11098 | + const struct vfsmount *old_mnt, const char *to); | |
11099 | +extern int gr_acl_handle_rename(struct dentry *new_dentry, | |
11100 | + struct dentry *parent_dentry, | |
11101 | + const struct vfsmount *parent_mnt, | |
11102 | + struct dentry *old_dentry, | |
11103 | + struct inode *old_parent_inode, | |
11104 | + struct vfsmount *old_mnt, const char *newname); | |
11105 | +extern void gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
11106 | + struct dentry *old_dentry, | |
11107 | + struct dentry *new_dentry, | |
11108 | + struct vfsmount *mnt, const __u8 replace); | |
11109 | +extern __u32 gr_check_link(const struct dentry *new_dentry, | |
11110 | + const struct dentry *parent_dentry, | |
11111 | + const struct vfsmount *parent_mnt, | |
11112 | + const struct dentry *old_dentry, | |
11113 | + const struct vfsmount *old_mnt); | |
11114 | +extern __u32 gr_acl_handle_filldir(const struct dentry *dentry, | |
11115 | + const struct vfsmount *mnt, const ino_t ino); | |
11116 | +extern __u32 gr_acl_handle_unix(const struct dentry *dentry, | |
11117 | + const struct vfsmount *mnt); | |
11118 | +extern void gr_acl_handle_exit(void); | |
11119 | +extern void gr_acl_handle_psacct(struct task_struct *task, const long code); | |
11120 | +extern int gr_acl_handle_procpidmem(const struct task_struct *task); | |
11121 | +extern __u32 gr_cap_rtnetlink(void); | |
11122 | + | |
11123 | +#ifdef CONFIG_GRKERNSEC | |
11124 | +extern void gr_handle_mem_write(void); | |
11125 | +extern void gr_handle_kmem_write(void); | |
11126 | +extern void gr_handle_open_port(void); | |
11127 | +extern int gr_handle_mem_mmap(const unsigned long offset, | |
11128 | + struct vm_area_struct *vma); | |
11129 | + | |
11130 | +extern __u16 ip_randomid(void); | |
11131 | +extern __u32 ip_randomisn(void); | |
11132 | +extern unsigned long get_random_long(void); | |
11133 | + | |
11134 | +extern int grsec_enable_dmesg; | |
11135 | +extern int grsec_enable_randid; | |
11136 | +extern int grsec_enable_randisn; | |
11137 | +extern int grsec_enable_randsrc; | |
11138 | +extern int grsec_enable_randrpc; | |
11139 | +#endif | |
11140 | + | |
11141 | +#endif | |
1db5cd70 PS |
11142 | diff -uNr linux-2.6.7-rc1.orig/include/linux/proc_fs.h linux-2.6.7-rc1/include/linux/proc_fs.h |
11143 | --- linux-2.6.7-rc1.orig/include/linux/proc_fs.h 2004-05-23 07:55:03.000000000 +0200 | |
11144 | +++ linux-2.6.7-rc1/include/linux/proc_fs.h 2004-05-25 14:33:59.376333752 +0200 | |
11145 | @@ -221,7 +221,7 @@ | |
11146 | ||
11147 | #endif /* CONFIG_PROC_FS */ | |
11148 | ||
11149 | -#if !defined(CONFIG_PROC_FS) | |
11150 | +#if !defined(CONFIG_PROC_FS) || !defined(CONFIG_PROC_KCORE) | |
11151 | static inline void kclist_add(struct kcore_list *new, void *addr, size_t size) | |
11152 | { | |
11153 | } | |
1db5cd70 | 11154 | diff -uNr linux-2.6.7-rc1.orig/include/linux/sched.h linux-2.6.7-rc1/include/linux/sched.h |
2359ff29 PS |
11155 | --- linux-2.6.7-rc2/include/linux/sched.h.orig 2004-06-02 23:31:55.729266024 +0200 |
11156 | +++ linux-2.6.7-rc2/include/linux/sched.h 2004-06-02 23:34:05.803491736 +0200 | |
1db5cd70 PS |
11157 | @@ -31,6 +31,7 @@ |
11158 | #include <linux/percpu.h> | |
11159 | ||
11160 | struct exec_domain; | |
11161 | +struct linux_binprm; | |
dd62ee14 | 11162 | |
11163 | /* | |
11164 | * cloning flags: | |
2359ff29 | 11165 | @@ -518,6 +519,21 @@ |
1db5cd70 PS |
11166 | struct mempolicy *mempolicy; |
11167 | short il_next; /* could be shared with used_math */ | |
11168 | #endif | |
11169 | +#ifdef CONFIG_GRKERNSEC | |
11170 | + /* grsecurity */ | |
11171 | + struct acl_subject_label *acl; | |
11172 | + struct acl_role_label *role; | |
11173 | + struct file *exec_file; | |
11174 | + u32 curr_ip; | |
11175 | + u32 gr_saddr; | |
11176 | + u32 gr_daddr; | |
11177 | + u16 gr_sport; | |
11178 | + u16 gr_dport; | |
11179 | + u16 acl_role_id; | |
11180 | + u8 acl_sp_role:1; | |
11181 | + u8 used_accept:1; | |
11182 | + u8 is_writable:1; | |
11183 | +#endif | |
11184 | }; | |
11185 | ||
11186 | static inline pid_t process_group(struct task_struct *tsk) | |
2359ff29 | 11187 | @@ -816,14 +832,29 @@ |
1db5cd70 PS |
11188 | : on_sig_stack(sp) ? SS_ONSTACK : 0); |
11189 | } | |
11190 | ||
11191 | +extern int gr_task_is_capable(struct task_struct *task, const int cap); | |
11192 | +extern int gr_is_capable_nolog(const int cap); | |
11193 | ||
11194 | #ifdef CONFIG_SECURITY | |
11195 | /* code is in security.c */ | |
11196 | extern int capable(int cap); | |
11197 | +static inline int capable_nolog(int cap) | |
11198 | +{ | |
11199 | + return capable(cap); | |
11200 | +} | |
11201 | #else | |
11202 | static inline int capable(int cap) | |
11203 | { | |
11204 | - if (cap_raised(current->cap_effective, cap)) { | |
11205 | + if (cap_raised(current->cap_effective, cap) && gr_task_is_capable(current, cap)) { | |
11206 | + current->flags |= PF_SUPERPRIV; | |
11207 | + return 1; | |
11208 | + } | |
11209 | + return 0; | |
11210 | +} | |
11211 | + | |
11212 | +static inline int capable_nolog(int cap) | |
11213 | +{ | |
11214 | + if (cap_raised(current->cap_effective, cap) && gr_is_capable_nolog(cap)) { | |
11215 | current->flags |= PF_SUPERPRIV; | |
11216 | return 1; | |
11217 | } | |
11218 | diff -uNr linux-2.6.7-rc1.orig/include/linux/shm.h linux-2.6.7-rc1/include/linux/shm.h | |
11219 | --- linux-2.6.7-rc1.orig/include/linux/shm.h 2004-05-23 07:54:29.000000000 +0200 | |
11220 | +++ linux-2.6.7-rc1/include/linux/shm.h 2004-05-25 14:33:59.412328280 +0200 | |
11221 | @@ -84,6 +84,10 @@ | |
11222 | time_t shm_ctim; | |
11223 | pid_t shm_cprid; | |
11224 | pid_t shm_lprid; | |
11225 | +#ifdef CONFIG_GRKERNSEC | |
11226 | + time_t shm_createtime; | |
11227 | + pid_t shm_lapid; | |
11228 | +#endif | |
11229 | }; | |
11230 | ||
11231 | /* shm_mode upper byte flags */ | |
11232 | diff -uNr linux-2.6.7-rc1.orig/include/linux/sysctl.h linux-2.6.7-rc1/include/linux/sysctl.h | |
11233 | --- linux-2.6.7-rc1.orig/include/linux/sysctl.h 2004-05-25 14:25:39.000000000 +0200 | |
11234 | +++ linux-2.6.7-rc1/include/linux/sysctl.h 2004-05-25 14:33:59.418327368 +0200 | |
11235 | @@ -133,6 +133,7 @@ | |
11236 | KERN_NGROUPS_MAX=63, /* int: NGROUPS_MAX */ | |
11237 | KERN_SPARC_SCONS_PWROFF=64, /* int: serial console power-off halt */ | |
11238 | KERN_HZ_TIMER=65, /* int: hz timer on or off */ | |
11239 | + KERN_GRSECURITY=68, /* grsecurity */ | |
11240 | }; | |
11241 | ||
11242 | ||
11243 | diff -uNr linux-2.6.7-rc1.orig/include/net/ip.h linux-2.6.7-rc1/include/net/ip.h | |
11244 | --- linux-2.6.7-rc1.orig/include/net/ip.h 2004-05-25 14:25:40.000000000 +0200 | |
11245 | +++ linux-2.6.7-rc1/include/net/ip.h 2004-05-25 14:33:59.430325544 +0200 | |
78638fc5 | 11246 | @@ -34,6 +34,11 @@ |
1db5cd70 | 11247 | #include <net/arp.h> |
78638fc5 | 11248 | #include <net/snmp.h> |
1db5cd70 PS |
11249 | |
11250 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
11251 | +extern int grsec_enable_randid; | |
11252 | +extern __u16 ip_randomid(void); | |
11253 | +#endif | |
11254 | + | |
78638fc5 AM |
11255 | struct sock; |
11256 | ||
11257 | struct inet_skb_parm | |
1db5cd70 PS |
11258 | @@ -191,6 +196,13 @@ |
11259 | ||
11260 | static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, struct sock *sk) | |
11261 | { | |
11262 | + | |
11263 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
11264 | + if (grsec_enable_randid) | |
11265 | + iph->id = htons(ip_randomid()); | |
11266 | + else | |
11267 | +#endif | |
11268 | + | |
11269 | if (iph->frag_off & htons(IP_DF)) { | |
11270 | /* This is only to work around buggy Windows95/2000 | |
11271 | * VJ compression implementations. If the ID field | |
1db5cd70 PS |
11272 | diff -uNr linux-2.6.7-rc1.orig/init/Kconfig linux-2.6.7-rc1/init/Kconfig |
11273 | --- linux-2.6.7-rc1.orig/init/Kconfig 2004-05-23 07:54:30.000000000 +0200 | |
11274 | +++ linux-2.6.7-rc1/init/Kconfig 2004-05-25 14:33:59.434324936 +0200 | |
11275 | @@ -230,6 +230,7 @@ | |
11276 | config KALLSYMS | |
11277 | bool "Load all symbols for debugging/kksymoops" if EMBEDDED | |
11278 | default y | |
11279 | + depends on !GRKERNSEC_HIDESYM | |
11280 | help | |
11281 | Say Y here to let the kernel print out symbolic crash information and | |
11282 | symbolic stack backtraces. This increases the size of the kernel | |
11283 | diff -uNr linux-2.6.7-rc1.orig/init/main.c linux-2.6.7-rc1/init/main.c | |
11284 | --- linux-2.6.7-rc1.orig/init/main.c 2004-05-23 07:53:46.000000000 +0200 | |
11285 | +++ linux-2.6.7-rc1/init/main.c 2004-05-25 14:33:59.440324024 +0200 | |
11286 | @@ -91,6 +91,7 @@ | |
11287 | extern void populate_rootfs(void); | |
11288 | extern void driver_init(void); | |
11289 | extern void prepare_namespace(void); | |
11290 | +extern void grsecurity_init(void); | |
11291 | ||
11292 | #ifdef CONFIG_TC | |
11293 | extern void tc_init(void); | |
11294 | @@ -638,6 +639,7 @@ | |
11295 | else | |
11296 | prepare_namespace(); | |
11297 | ||
11298 | + grsecurity_init(); | |
11299 | /* | |
11300 | * Ok, we have completed the initial bootup, and | |
11301 | * we're essentially up and running. Get rid of the | |
11302 | diff -uNr linux-2.6.7-rc1.orig/ipc/msg.c linux-2.6.7-rc1/ipc/msg.c | |
11303 | --- linux-2.6.7-rc1.orig/ipc/msg.c 2004-05-23 07:53:30.000000000 +0200 | |
11304 | +++ linux-2.6.7-rc1/ipc/msg.c 2004-05-25 14:33:59.445323264 +0200 | |
11305 | @@ -24,6 +24,7 @@ | |
11306 | #include <linux/list.h> | |
11307 | #include <linux/security.h> | |
11308 | #include <linux/sched.h> | |
11309 | +#include <linux/grsecurity.h> | |
11310 | #include <asm/current.h> | |
11311 | #include <asm/uaccess.h> | |
11312 | #include "util.h" | |
11313 | @@ -226,6 +227,9 @@ | |
11314 | msg_unlock(msq); | |
11315 | } | |
11316 | up(&msg_ids.sem); | |
11317 | + | |
11318 | + gr_log_msgget(ret, msgflg); | |
11319 | + | |
11320 | return ret; | |
11321 | } | |
11322 | ||
11323 | @@ -475,6 +479,8 @@ | |
11324 | break; | |
11325 | } | |
11326 | case IPC_RMID: | |
11327 | + gr_log_msgrm(ipcp->uid, ipcp->cuid); | |
11328 | + | |
11329 | freeque (msq, msqid); | |
11330 | break; | |
11331 | } | |
11332 | diff -uNr linux-2.6.7-rc1.orig/ipc/sem.c linux-2.6.7-rc1/ipc/sem.c | |
11333 | --- linux-2.6.7-rc1.orig/ipc/sem.c 2004-05-23 07:53:57.000000000 +0200 | |
11334 | +++ linux-2.6.7-rc1/ipc/sem.c 2004-05-25 14:33:59.448322808 +0200 | |
11335 | @@ -71,6 +71,7 @@ | |
11336 | #include <linux/time.h> | |
11337 | #include <linux/smp_lock.h> | |
11338 | #include <linux/security.h> | |
11339 | +#include <linux/grsecurity.h> | |
11340 | #include <asm/uaccess.h> | |
11341 | #include "util.h" | |
11342 | ||
11343 | @@ -238,6 +239,9 @@ | |
11344 | } | |
11345 | ||
11346 | up(&sem_ids.sem); | |
11347 | + | |
11348 | + gr_log_semget(err, semflg); | |
11349 | + | |
11350 | return err; | |
11351 | } | |
11352 | ||
11353 | @@ -804,6 +808,8 @@ | |
11354 | ||
11355 | switch(cmd){ | |
11356 | case IPC_RMID: | |
11357 | + gr_log_semrm(ipcp->uid, ipcp->cuid); | |
11358 | + | |
11359 | freeary(sma, semid); | |
11360 | err = 0; | |
11361 | break; | |
11362 | diff -uNr linux-2.6.7-rc1.orig/ipc/shm.c linux-2.6.7-rc1/ipc/shm.c | |
11363 | --- linux-2.6.7-rc1.orig/ipc/shm.c 2004-05-23 07:54:17.000000000 +0200 | |
11364 | +++ linux-2.6.7-rc1/ipc/shm.c 2004-05-25 14:33:59.460320984 +0200 | |
11365 | @@ -26,6 +26,7 @@ | |
11366 | #include <linux/proc_fs.h> | |
11367 | #include <linux/shmem_fs.h> | |
11368 | #include <linux/security.h> | |
11369 | +#include <linux/grsecurity.h> | |
11370 | #include <asm/uaccess.h> | |
11371 | ||
11372 | #include "util.h" | |
11373 | @@ -50,6 +51,14 @@ | |
11374 | static int sysvipc_shm_read_proc(char *buffer, char **start, off_t offset, int length, int *eof, void *data); | |
11375 | #endif | |
11376 | ||
11377 | +#ifdef CONFIG_GRKERNSEC | |
11378 | +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
11379 | + const time_t shm_createtime, const uid_t cuid, | |
11380 | + const int shmid); | |
11381 | +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
11382 | + const time_t shm_createtime); | |
11383 | +#endif | |
11384 | + | |
11385 | size_t shm_ctlmax = SHMMAX; | |
11386 | size_t shm_ctlall = SHMALL; | |
11387 | int shm_ctlmni = SHMMNI; | |
11388 | @@ -217,6 +226,9 @@ | |
11389 | shp->shm_lprid = 0; | |
11390 | shp->shm_atim = shp->shm_dtim = 0; | |
11391 | shp->shm_ctim = get_seconds(); | |
11392 | +#ifdef CONFIG_GRKERNSEC | |
11393 | + shp->shm_createtime = get_seconds(); | |
11394 | +#endif | |
11395 | shp->shm_segsz = size; | |
11396 | shp->shm_nattch = 0; | |
11397 | shp->id = shm_buildid(id,shp->shm_perm.seq); | |
11398 | @@ -271,6 +283,8 @@ | |
11399 | } | |
11400 | up(&shm_ids.sem); | |
11401 | ||
11402 | + gr_log_shmget(err, shmflg, size); | |
11403 | + | |
11404 | return err; | |
11405 | } | |
11406 | ||
11407 | @@ -569,6 +583,8 @@ | |
11408 | if (err) | |
11409 | goto out_unlock_up; | |
11410 | ||
11411 | + gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid); | |
11412 | + | |
11413 | if (shp->shm_nattch){ | |
11414 | shp->shm_flags |= SHM_DEST; | |
11415 | /* Do not find it any more */ | |
11416 | @@ -707,9 +723,27 @@ | |
11417 | return err; | |
11418 | } | |
11419 | ||
11420 | +#ifdef CONFIG_GRKERNSEC | |
11421 | + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime, | |
11422 | + shp->shm_perm.cuid, shmid)) { | |
11423 | + shm_unlock(shp); | |
11424 | + return -EACCES; | |
11425 | + } | |
11426 | + | |
11427 | + if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) { | |
11428 | + shm_unlock(shp); | |
11429 | + return -EACCES; | |
11430 | + } | |
11431 | +#endif | |
11432 | + | |
11433 | file = shp->shm_file; | |
11434 | size = i_size_read(file->f_dentry->d_inode); | |
11435 | shp->shm_nattch++; | |
11436 | + | |
11437 | +#ifdef CONFIG_GRKERNSEC | |
11438 | + shp->shm_lapid = current->pid; | |
11439 | +#endif | |
11440 | + | |
11441 | shm_unlock(shp); | |
11442 | ||
11443 | down_write(¤t->mm->mmap_sem); | |
11444 | diff -uNr linux-2.6.7-rc1.orig/kernel/capability.c linux-2.6.7-rc1/kernel/capability.c | |
11445 | --- linux-2.6.7-rc1.orig/kernel/capability.c 2004-05-23 07:54:22.000000000 +0200 | |
11446 | +++ linux-2.6.7-rc1/kernel/capability.c 2004-05-25 14:33:59.462320680 +0200 | |
11447 | @@ -10,6 +10,7 @@ | |
11448 | #include <linux/mm.h> | |
11449 | #include <linux/module.h> | |
11450 | #include <linux/security.h> | |
11451 | +#include <linux/grsecurity.h> | |
11452 | #include <asm/uaccess.h> | |
11453 | ||
11454 | unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ | |
11455 | @@ -168,6 +169,11 @@ | |
11456 | } else | |
11457 | target = current; | |
11458 | ||
11459 | + if (gr_handle_chroot_capset(target)) { | |
11460 | + ret = -ESRCH; | |
11461 | + goto out; | |
11462 | + } | |
11463 | + | |
11464 | ret = -EPERM; | |
11465 | ||
11466 | if (security_capset_check(target, &effective, &inheritable, &permitted)) | |
11467 | diff -uNr linux-2.6.7-rc1.orig/kernel/configs.c linux-2.6.7-rc1/kernel/configs.c | |
11468 | --- linux-2.6.7-rc1.orig/kernel/configs.c 2004-05-23 07:53:57.000000000 +0200 | |
11469 | +++ linux-2.6.7-rc1/kernel/configs.c 2004-05-25 14:33:59.465320224 +0200 | |
11470 | @@ -78,8 +78,16 @@ | |
11471 | struct proc_dir_entry *entry; | |
11472 | ||
11473 | /* create the current config file */ | |
11474 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11475 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11476 | + entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR, &proc_root); | |
11477 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11478 | + entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR | S_IRGRP, &proc_root); | |
11479 | +#endif | |
11480 | +#else | |
11481 | entry = create_proc_entry("config.gz", S_IFREG | S_IRUGO, | |
11482 | &proc_root); | |
11483 | +#endif | |
11484 | if (!entry) | |
11485 | return -ENOMEM; | |
11486 | ||
11487 | diff -uNr linux-2.6.7-rc1.orig/kernel/exit.c linux-2.6.7-rc1/kernel/exit.c | |
11488 | --- linux-2.6.7-rc1.orig/kernel/exit.c 2004-05-23 07:54:43.000000000 +0200 | |
11489 | +++ linux-2.6.7-rc1/kernel/exit.c 2004-05-25 14:33:59.468319768 +0200 | |
11490 | @@ -23,6 +23,7 @@ | |
11491 | #include <linux/mount.h> | |
11492 | #include <linux/proc_fs.h> | |
11493 | #include <linux/mempolicy.h> | |
11494 | +#include <linux/grsecurity.h> | |
11495 | ||
11496 | #include <asm/uaccess.h> | |
11497 | #include <asm/unistd.h> | |
11498 | @@ -233,6 +234,13 @@ | |
11499 | { | |
11500 | write_lock_irq(&tasklist_lock); | |
11501 | ||
11502 | +#ifdef CONFIG_GRKERNSEC | |
11503 | + if (current->exec_file) { | |
11504 | + fput(current->exec_file); | |
11505 | + current->exec_file = NULL; | |
11506 | + } | |
11507 | +#endif | |
11508 | + | |
11509 | ptrace_unlink(current); | |
11510 | /* Reparent to init */ | |
11511 | REMOVE_LINKS(current); | |
11512 | @@ -240,6 +248,8 @@ | |
11513 | current->real_parent = child_reaper; | |
11514 | SET_LINKS(current); | |
11515 | ||
11516 | + gr_set_kernel_label(current); | |
11517 | + | |
11518 | /* Set the exit signal to SIGCHLD so we signal init on exit */ | |
11519 | current->exit_signal = SIGCHLD; | |
11520 | ||
11521 | @@ -334,6 +344,15 @@ | |
11522 | vsnprintf(current->comm, sizeof(current->comm), name, args); | |
11523 | va_end(args); | |
11524 | ||
11525 | +#ifdef CONFIG_GRKERNSEC | |
11526 | + if (current->exec_file) { | |
11527 | + fput(current->exec_file); | |
11528 | + current->exec_file = NULL; | |
11529 | + } | |
11530 | +#endif | |
11531 | + | |
11532 | + gr_set_kernel_label(current); | |
11533 | + | |
11534 | /* | |
11535 | * If we were started as result of loading a module, close all of the | |
11536 | * user space pages. We don't need them, and if we didn't close them | |
11537 | @@ -785,6 +804,11 @@ | |
11538 | } | |
11539 | ||
11540 | acct_process(code); | |
11541 | + | |
11542 | + gr_acl_handle_psacct(tsk, code); | |
11543 | + gr_acl_handle_exit(); | |
11544 | + gr_del_task_from_ip_table(tsk); | |
11545 | + | |
11546 | __exit_mm(tsk); | |
11547 | ||
11548 | exit_sem(tsk); | |
11549 | diff -uNr linux-2.6.7-rc1.orig/kernel/fork.c linux-2.6.7-rc1/kernel/fork.c | |
11550 | --- linux-2.6.7-rc1.orig/kernel/fork.c 2004-05-25 14:25:38.000000000 +0200 | |
11551 | +++ linux-2.6.7-rc1/kernel/fork.c 2004-05-25 14:33:59.472319160 +0200 | |
11552 | @@ -36,6 +36,7 @@ | |
11553 | #include <linux/mount.h> | |
11554 | #include <linux/audit.h> | |
11555 | #include <linux/rmap.h> | |
11556 | +#include <linux/grsecurity.h> | |
11557 | ||
11558 | #include <asm/pgtable.h> | |
11559 | #include <asm/pgalloc.h> | |
11560 | @@ -279,7 +280,7 @@ | |
11561 | mm->locked_vm = 0; | |
11562 | mm->mmap = NULL; | |
11563 | mm->mmap_cache = NULL; | |
11564 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
11565 | + mm->free_area_cache = oldmm->free_area_cache; | |
11566 | mm->map_count = 0; | |
11567 | mm->rss = 0; | |
11568 | cpus_clear(mm->cpu_vm_mask); | |
11569 | @@ -901,6 +902,9 @@ | |
11570 | goto fork_out; | |
11571 | ||
11572 | retval = -EAGAIN; | |
11573 | + | |
11574 | + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes), 0); | |
11575 | + | |
11576 | if (atomic_read(&p->user->processes) >= | |
11577 | p->rlim[RLIMIT_NPROC].rlim_cur) { | |
11578 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && | |
11579 | @@ -997,6 +1001,8 @@ | |
11580 | if (retval) | |
11581 | goto bad_fork_cleanup_namespace; | |
11582 | ||
11583 | + gr_copy_label(p); | |
11584 | + | |
11585 | p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; | |
11586 | /* | |
11587 | * Clear TID on mm_release()? | |
11588 | @@ -1138,6 +1144,9 @@ | |
11589 | free_uid(p->user); | |
11590 | bad_fork_free: | |
11591 | free_task(p); | |
11592 | + | |
11593 | + gr_log_forkfail(retval); | |
11594 | + | |
11595 | goto fork_out; | |
11596 | } | |
11597 | ||
11598 | diff -uNr linux-2.6.7-rc1.orig/kernel/kallsyms.c linux-2.6.7-rc1/kernel/kallsyms.c | |
11599 | --- linux-2.6.7-rc1.orig/kernel/kallsyms.c 2004-05-23 07:55:01.000000000 +0200 | |
11600 | +++ linux-2.6.7-rc1/kernel/kallsyms.c 2004-05-25 14:33:59.474318856 +0200 | |
11601 | @@ -313,7 +313,15 @@ | |
11602 | { | |
11603 | struct proc_dir_entry *entry; | |
11604 | ||
11605 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11606 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11607 | + entry = create_proc_entry("kallsyms", S_IFREG | S_IRUSR, NULL); | |
11608 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11609 | + entry = create_proc_entry("kallsyms", S_IFREG | S_IRUSR | S_IRGRP, NULL); | |
11610 | +#endif | |
11611 | +#else | |
11612 | entry = create_proc_entry("kallsyms", 0444, NULL); | |
11613 | +#endif | |
11614 | if (entry) | |
11615 | entry->proc_fops = &kallsyms_operations; | |
11616 | return 0; | |
11617 | diff -uNr linux-2.6.7-rc1.orig/kernel/pid.c linux-2.6.7-rc1/kernel/pid.c | |
11618 | --- linux-2.6.7-rc1.orig/kernel/pid.c 2004-05-23 07:54:20.000000000 +0200 | |
11619 | +++ linux-2.6.7-rc1/kernel/pid.c 2004-05-25 14:33:59.477318400 +0200 | |
11620 | @@ -25,6 +25,7 @@ | |
11621 | #include <linux/init.h> | |
11622 | #include <linux/bootmem.h> | |
11623 | #include <linux/hash.h> | |
11624 | +#include <linux/grsecurity.h> | |
11625 | ||
11626 | #define pid_hashfn(nr) hash_long((unsigned long)nr, pidhash_shift) | |
11627 | static struct list_head *pid_hash[PIDTYPE_MAX]; | |
11628 | @@ -99,10 +100,12 @@ | |
11629 | ||
11630 | int alloc_pidmap(void) | |
11631 | { | |
11632 | - int pid, offset, max_steps = PIDMAP_ENTRIES + 1; | |
11633 | + int pid = 0, offset, max_steps = PIDMAP_ENTRIES + 1; | |
11634 | pidmap_t *map; | |
11635 | ||
11636 | - pid = last_pid + 1; | |
11637 | + pid = gr_random_pid(); | |
11638 | + if (!pid) | |
11639 | + pid = last_pid + 1; | |
11640 | if (pid >= pid_max) | |
11641 | pid = RESERVED_PIDS; | |
11642 | ||
11643 | @@ -225,10 +228,16 @@ | |
11644 | task_t *find_task_by_pid(int nr) | |
11645 | { | |
11646 | struct pid *pid = find_pid(PIDTYPE_PID, nr); | |
11647 | + struct task_struct *task = NULL; | |
11648 | ||
11649 | if (!pid) | |
11650 | return NULL; | |
11651 | - return pid_task(pid->task_list.next, PIDTYPE_PID); | |
11652 | + task = pid_task(pid->task_list.next, PIDTYPE_PID); | |
11653 | + | |
11654 | + if (gr_pid_is_chrooted(task)) | |
11655 | + return NULL; | |
11656 | + | |
11657 | + return task; | |
11658 | } | |
11659 | ||
11660 | EXPORT_SYMBOL(find_task_by_pid); | |
11661 | diff -uNr linux-2.6.7-rc1.orig/kernel/printk.c linux-2.6.7-rc1/kernel/printk.c | |
11662 | --- linux-2.6.7-rc1.orig/kernel/printk.c 2004-05-23 07:55:02.000000000 +0200 | |
11663 | +++ linux-2.6.7-rc1/kernel/printk.c 2004-05-25 14:33:59.481317792 +0200 | |
11664 | @@ -30,6 +30,7 @@ | |
11665 | #include <linux/smp.h> | |
11666 | #include <linux/security.h> | |
11667 | #include <linux/bootmem.h> | |
11668 | +#include <linux/grsecurity.h> | |
11669 | ||
11670 | #include <asm/uaccess.h> | |
11671 | ||
11672 | @@ -249,6 +250,11 @@ | |
11673 | char c; | |
11674 | int error = 0; | |
11675 | ||
11676 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
11677 | + if (!capable(CAP_SYS_ADMIN) && grsec_enable_dmesg) | |
11678 | + return -EPERM; | |
11679 | +#endif | |
11680 | + | |
11681 | error = security_syslog(type); | |
11682 | if (error) | |
11683 | return error; | |
11684 | diff -uNr linux-2.6.7-rc1.orig/kernel/resource.c linux-2.6.7-rc1/kernel/resource.c | |
11685 | --- linux-2.6.7-rc1.orig/kernel/resource.c 2004-05-23 07:54:22.000000000 +0200 | |
11686 | +++ linux-2.6.7-rc1/kernel/resource.c 2004-05-25 14:33:59.483317488 +0200 | |
11687 | @@ -134,10 +134,27 @@ | |
11688 | { | |
11689 | struct proc_dir_entry *entry; | |
11690 | ||
11691 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11692 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11693 | + entry = create_proc_entry("ioports", S_IRUSR, NULL); | |
11694 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11695 | + entry = create_proc_entry("ioports", S_IRUSR | S_IRGRP, NULL); | |
11696 | +#endif | |
11697 | +#else | |
11698 | entry = create_proc_entry("ioports", 0, NULL); | |
11699 | +#endif | |
11700 | if (entry) | |
11701 | entry->proc_fops = &proc_ioports_operations; | |
11702 | + | |
11703 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11704 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11705 | + entry = create_proc_entry("iomem", S_IRUSR, NULL); | |
11706 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11707 | + entry = create_proc_entry("iomem", S_IRUSR | S_IRGRP, NULL); | |
11708 | +#endif | |
11709 | +#else | |
11710 | entry = create_proc_entry("iomem", 0, NULL); | |
11711 | +#endif | |
11712 | if (entry) | |
11713 | entry->proc_fops = &proc_iomem_operations; | |
11714 | return 0; | |
11715 | diff -uNr linux-2.6.7-rc1.orig/kernel/sched.c linux-2.6.7-rc1/kernel/sched.c | |
11716 | --- linux-2.6.7-rc1.orig/kernel/sched.c 2004-05-23 07:54:30.000000000 +0200 | |
11717 | +++ linux-2.6.7-rc1/kernel/sched.c 2004-05-25 14:33:59.504314296 +0200 | |
11718 | @@ -40,6 +40,7 @@ | |
11719 | #include <linux/cpu.h> | |
11720 | #include <linux/percpu.h> | |
11721 | #include <linux/kthread.h> | |
11722 | +#include <linux/grsecurity.h> | |
11723 | ||
e228341c PS |
11724 | #ifdef CONFIG_NUMA |
11725 | #define cpu_to_node_mask(cpu) node_to_cpumask(cpu_to_node(cpu)) | |
11726 | @@ -2159,6 +2160,8 @@ | |
11727 | } | |
11728 | #endif | |
11729 | ||
11730 | +void __sched_text_start(void) {} | |
11731 | + | |
11732 | /* | |
11733 | * schedule() is the main scheduler function. | |
11734 | */ | |
11735 | @@ -2538,6 +2541,8 @@ | |
1db5cd70 | 11736 | |
e228341c PS |
11737 | EXPORT_SYMBOL(sleep_on_timeout); |
11738 | ||
11739 | +void __sched_text_end(void) {} | |
11740 | + | |
11741 | void set_user_nice(task_t *p, long nice) | |
11742 | { | |
11743 | unsigned long flags; | |
11744 | @@ -2611,6 +2616,8 @@ | |
1db5cd70 PS |
11745 | return -EPERM; |
11746 | if (increment < -40) | |
11747 | increment = -40; | |
11748 | + if (gr_handle_chroot_nice()) | |
11749 | + return -EPERM; | |
11750 | } | |
11751 | if (increment > 40) | |
11752 | increment = 40; | |
e228341c PS |
11753 | @@ -3868,8 +3875,6 @@ |
11754 | ||
11755 | int in_sched_functions(unsigned long addr) | |
11756 | { | |
11757 | - /* Linker adds these: start and end of __sched functions */ | |
11758 | - extern char __sched_text_start[], __sched_text_end[]; | |
11759 | return addr >= (unsigned long)__sched_text_start | |
11760 | && addr < (unsigned long)__sched_text_end; | |
11761 | } | |
1db5cd70 PS |
11762 | diff -uNr linux-2.6.7-rc1.orig/kernel/signal.c linux-2.6.7-rc1/kernel/signal.c |
11763 | --- linux-2.6.7-rc1.orig/kernel/signal.c 2004-05-23 07:53:57.000000000 +0200 | |
11764 | +++ linux-2.6.7-rc1/kernel/signal.c 2004-05-25 14:33:59.518312168 +0200 | |
11765 | @@ -21,6 +21,7 @@ | |
11766 | #include <linux/binfmts.h> | |
11767 | #include <linux/security.h> | |
11768 | #include <linux/ptrace.h> | |
11769 | +#include <linux/grsecurity.h> | |
11770 | #include <asm/param.h> | |
11771 | #include <asm/uaccess.h> | |
11772 | #include <asm/unistd.h> | |
11773 | @@ -770,11 +771,13 @@ | |
11774 | (((sig) < SIGRTMIN) && sigismember(&(sigptr)->signal, (sig))) | |
11775 | ||
11776 | ||
11777 | -static int | |
11778 | +int | |
11779 | specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) | |
11780 | { | |
11781 | int ret = 0; | |
11782 | ||
11783 | + gr_log_signal(sig, t); | |
11784 | + | |
11785 | if (!irqs_disabled()) | |
11786 | BUG(); | |
11787 | #ifdef CONFIG_SMP | |
11788 | @@ -825,6 +828,8 @@ | |
11789 | ret = specific_send_sig_info(sig, info, t); | |
11790 | spin_unlock_irqrestore(&t->sighand->siglock, flags); | |
11791 | ||
11792 | + gr_handle_crash(t, sig); | |
11793 | + | |
11794 | return ret; | |
11795 | } | |
11796 | ||
dd62ee14 | 11797 | @@ -1086,10 +1086,14 @@ |
1db5cd70 | 11798 | |
dd62ee14 | 11799 | success = 0; |
11800 | retval = -ESRCH; | |
11801 | - for_each_task_pid(pgrp, PIDTYPE_PGID, p, l, pid) { | |
11802 | - int err = group_send_sig_info(sig, info, p); | |
11803 | - success |= !err; | |
11804 | - retval = err; | |
11805 | + if (gr_handle_signal(p,sig)) | |
5768ba12 | 11806 | + retval = -EPERM; |
dd62ee14 | 11807 | + else { |
11808 | + for_each_task_pid(pgrp, PIDTYPE_PGID, p, l, pid) { | |
11809 | + int err = group_send_sig_info(sig, info, p); | |
11810 | + success |= !err; | |
11811 | + retval = err; | |
11812 | + } | |
1db5cd70 | 11813 | } |
dd62ee14 | 11814 | return success ? 0 : retval; |
1db5cd70 PS |
11815 | } |
11816 | @@ -1143,8 +1153,12 @@ | |
11817 | read_lock(&tasklist_lock); | |
11818 | p = find_task_by_pid(pid); | |
11819 | error = -ESRCH; | |
11820 | - if (p) | |
11821 | - error = group_send_sig_info(sig, info, p); | |
11822 | + if (p) { | |
11823 | + if (gr_handle_signal(p, sig)) | |
11824 | + error = -EPERM; | |
11825 | + else | |
11826 | + error = group_send_sig_info(sig, info, p); | |
11827 | + } | |
11828 | read_unlock(&tasklist_lock); | |
11829 | return error; | |
11830 | } | |
11831 | @@ -1168,10 +1182,14 @@ | |
11832 | read_lock(&tasklist_lock); | |
11833 | for_each_process(p) { | |
11834 | if (p->pid > 1 && p->tgid != current->tgid) { | |
11835 | - int err = group_send_sig_info(sig, info, p); | |
11836 | - ++count; | |
11837 | - if (err != -EPERM) | |
11838 | - retval = err; | |
11839 | + if (gr_handle_signal(p, sig)) | |
11840 | + retval = -EPERM; | |
11841 | + else { | |
11842 | + int err = group_send_sig_info(sig, info, p); | |
11843 | + ++count; | |
11844 | + if (err != -EPERM) | |
11845 | + retval = err; | |
11846 | + } | |
11847 | } | |
11848 | } | |
11849 | read_unlock(&tasklist_lock); | |
11850 | diff -uNr linux-2.6.7-rc1.orig/kernel/sys.c linux-2.6.7-rc1/kernel/sys.c | |
11851 | --- linux-2.6.7-rc1.orig/kernel/sys.c 2004-05-23 07:53:34.000000000 +0200 | |
11852 | +++ linux-2.6.7-rc1/kernel/sys.c 2004-05-25 14:33:59.529310496 +0200 | |
11853 | @@ -23,6 +23,7 @@ | |
11854 | #include <linux/security.h> | |
11855 | #include <linux/dcookies.h> | |
11856 | #include <linux/suspend.h> | |
11857 | +#include <linux/grsecurity.h> | |
11858 | ||
11859 | #include <asm/uaccess.h> | |
11860 | #include <asm/io.h> | |
11861 | @@ -293,6 +294,12 @@ | |
11862 | error = -EACCES; | |
11863 | goto out; | |
11864 | } | |
11865 | + | |
11866 | + if (gr_handle_chroot_setpriority(p, niceval)) { | |
11867 | + error = -ESRCH; | |
11868 | + goto out; | |
11869 | + } | |
11870 | + | |
11871 | no_nice = security_task_setnice(p, niceval); | |
11872 | if (no_nice) { | |
11873 | error = no_nice; | |
11874 | @@ -597,6 +604,9 @@ | |
11875 | if (rgid != (gid_t) -1 || | |
11876 | (egid != (gid_t) -1 && egid != old_rgid)) | |
11877 | current->sgid = new_egid; | |
11878 | + | |
11879 | + gr_set_role_label(current, current->uid, new_rgid); | |
11880 | + | |
11881 | current->fsgid = new_egid; | |
11882 | current->egid = new_egid; | |
11883 | current->gid = new_rgid; | |
11884 | @@ -624,6 +634,9 @@ | |
11885 | current->mm->dumpable=0; | |
11886 | wmb(); | |
11887 | } | |
11888 | + | |
11889 | + gr_set_role_label(current, current->uid, gid); | |
11890 | + | |
11891 | current->gid = current->egid = current->sgid = current->fsgid = gid; | |
11892 | } | |
11893 | else if ((gid == current->gid) || (gid == current->sgid)) | |
11894 | @@ -662,6 +675,9 @@ | |
11895 | current->mm->dumpable = 0; | |
11896 | wmb(); | |
11897 | } | |
11898 | + | |
11899 | + gr_set_role_label(current, new_ruid, current->gid); | |
11900 | + | |
11901 | current->uid = new_ruid; | |
11902 | return 0; | |
11903 | } | |
11904 | @@ -762,6 +778,9 @@ | |
11905 | } else if ((uid != current->uid) && (uid != new_suid)) | |
11906 | return -EPERM; | |
11907 | ||
11908 | + if (gr_check_crash_uid(uid)) | |
11909 | + return -EPERM; | |
11910 | + | |
11911 | if (old_euid != uid) | |
11912 | { | |
11913 | current->mm->dumpable = 0; | |
11914 | @@ -861,8 +880,10 @@ | |
11915 | current->egid = egid; | |
11916 | } | |
11917 | current->fsgid = current->egid; | |
11918 | - if (rgid != (gid_t) -1) | |
11919 | + if (rgid != (gid_t) -1) { | |
11920 | + gr_set_role_label(current, current->uid, rgid); | |
11921 | current->gid = rgid; | |
11922 | + } | |
11923 | if (sgid != (gid_t) -1) | |
11924 | current->sgid = sgid; | |
11925 | return 0; | |
11926 | diff -uNr linux-2.6.7-rc1.orig/kernel/sysctl.c linux-2.6.7-rc1/kernel/sysctl.c | |
11927 | --- linux-2.6.7-rc1.orig/kernel/sysctl.c 2004-05-25 14:25:41.000000000 +0200 | |
11928 | +++ linux-2.6.7-rc1/kernel/sysctl.c 2004-05-25 14:33:59.538309128 +0200 | |
11929 | @@ -46,6 +46,14 @@ | |
11930 | #endif | |
11931 | ||
11932 | #if defined(CONFIG_SYSCTL) | |
11933 | +#include <linux/grsecurity.h> | |
11934 | +#include <linux/grinternal.h> | |
11935 | + | |
11936 | +extern __u32 gr_handle_sysctl(const ctl_table *table, const void *oldval, | |
11937 | + const void *newval); | |
11938 | +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, | |
11939 | + const int op); | |
11940 | +extern int gr_handle_chroot_sysctl(const int op); | |
11941 | ||
11942 | /* External variables not in a header file. */ | |
11943 | extern int panic_timeout; | |
49166ac6 | 11944 | @@ -145,6 +153,7 @@ |
1db5cd70 PS |
11945 | #ifdef CONFIG_UNIX98_PTYS |
11946 | extern ctl_table pty_table[]; | |
11947 | #endif | |
11948 | +extern ctl_table grsecurity_table[]; | |
1db5cd70 PS |
11949 | |
11950 | /* /proc declarations: */ | |
11951 | ||
49166ac6 | 11952 | @@ -639,6 +648,14 @@ |
1db5cd70 PS |
11953 | .mode = 0444, |
11954 | .proc_handler = &proc_dointvec, | |
11955 | }, | |
11956 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
11957 | + { | |
11958 | + .ctl_name = KERN_GRSECURITY, | |
11959 | + .procname = "grsecurity", | |
11960 | + .mode = 0500, | |
11961 | + .child = grsecurity_table, | |
11962 | + }, | |
11963 | +#endif | |
11964 | { .ctl_name = 0 } | |
11965 | }; | |
11966 | ||
49166ac6 | 11967 | @@ -1000,6 +1017,10 @@ |
1db5cd70 PS |
11968 | static inline int ctl_perm(ctl_table *table, int op) |
11969 | { | |
11970 | int error; | |
11971 | + if (table->de && gr_handle_sysctl_mod(table->de->parent->name, table->de->name, op)) | |
11972 | + return -EACCES; | |
11973 | + if (gr_handle_chroot_sysctl(op)) | |
11974 | + return -EACCES; | |
11975 | error = security_sysctl(table, op); | |
11976 | if (error) | |
11977 | return error; | |
49166ac6 | 11978 | @@ -1036,6 +1057,10 @@ |
1db5cd70 PS |
11979 | table = table->child; |
11980 | goto repeat; | |
11981 | } | |
11982 | + | |
11983 | + if (!gr_handle_sysctl(table, oldval, newval)) | |
11984 | + return -EACCES; | |
11985 | + | |
11986 | error = do_sysctl_strategy(table, name, nlen, | |
11987 | oldval, oldlenp, | |
11988 | newval, newlen, context); | |
11989 | diff -uNr linux-2.6.7-rc1.orig/kernel/time.c linux-2.6.7-rc1/kernel/time.c | |
11990 | --- linux-2.6.7-rc1.orig/kernel/time.c 2004-05-23 07:53:46.000000000 +0200 | |
11991 | +++ linux-2.6.7-rc1/kernel/time.c 2004-05-25 14:33:59.550307304 +0200 | |
11992 | @@ -28,6 +28,7 @@ | |
11993 | #include <linux/timex.h> | |
11994 | #include <linux/errno.h> | |
11995 | #include <linux/smp_lock.h> | |
11996 | +#include <linux/grsecurity.h> | |
11997 | #include <asm/uaccess.h> | |
11998 | #include <asm/unistd.h> | |
11999 | ||
12000 | @@ -82,6 +83,9 @@ | |
12001 | ||
12002 | tv.tv_nsec = 0; | |
12003 | do_settimeofday(&tv); | |
12004 | + | |
12005 | + gr_log_timechange(); | |
12006 | + | |
12007 | return 0; | |
12008 | } | |
12009 | ||
12010 | @@ -183,6 +187,8 @@ | |
12011 | return -EFAULT; | |
12012 | } | |
12013 | ||
12014 | + gr_log_timechange(); | |
12015 | + | |
12016 | return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL); | |
12017 | } | |
12018 | ||
12019 | diff -uNr linux-2.6.7-rc1.orig/kernel/timer.c linux-2.6.7-rc1/kernel/timer.c | |
12020 | --- linux-2.6.7-rc1.orig/kernel/timer.c 2004-05-23 07:54:42.000000000 +0200 | |
12021 | +++ linux-2.6.7-rc1/kernel/timer.c 2004-05-25 14:33:59.555306544 +0200 | |
12022 | @@ -31,6 +31,7 @@ | |
12023 | #include <linux/time.h> | |
12024 | #include <linux/jiffies.h> | |
12025 | #include <linux/cpu.h> | |
12026 | +#include <linux/grsecurity.h> | |
12027 | ||
12028 | #include <asm/uaccess.h> | |
12029 | #include <asm/unistd.h> | |
12030 | @@ -792,6 +793,9 @@ | |
12031 | ||
12032 | psecs = (p->utime += user); | |
12033 | psecs += (p->stime += system); | |
12034 | + | |
12035 | + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ, 1); | |
12036 | + | |
12037 | if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) { | |
12038 | /* Send SIGXCPU every second.. */ | |
12039 | if (!(psecs % HZ)) | |
12040 | diff -uNr linux-2.6.7-rc1.orig/mm/filemap.c linux-2.6.7-rc1/mm/filemap.c | |
12041 | --- linux-2.6.7-rc1.orig/mm/filemap.c 2004-05-23 07:53:57.000000000 +0200 | |
12042 | +++ linux-2.6.7-rc1/mm/filemap.c 2004-05-25 14:33:59.561305632 +0200 | |
12043 | @@ -27,6 +27,8 @@ | |
12044 | #include <linux/pagevec.h> | |
12045 | #include <linux/blkdev.h> | |
12046 | #include <linux/security.h> | |
12047 | +#include <linux/grsecurity.h> | |
12048 | + | |
12049 | /* | |
12050 | * This is needed for the following functions: | |
12051 | * - try_to_release_page | |
12052 | @@ -1721,6 +1723,7 @@ | |
12053 | *pos = i_size_read(inode); | |
12054 | ||
12055 | if (limit != RLIM_INFINITY) { | |
12056 | + gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0); | |
12057 | if (*pos >= limit) { | |
12058 | send_sig(SIGXFSZ, current, 0); | |
12059 | return -EFBIG; | |
12060 | diff -uNr linux-2.6.7-rc1.orig/mm/memory.c linux-2.6.7-rc1/mm/memory.c | |
12061 | --- linux-2.6.7-rc1.orig/mm/memory.c 2004-05-23 07:54:09.000000000 +0200 | |
12062 | +++ linux-2.6.7-rc1/mm/memory.c 2004-05-25 14:33:59.568304568 +0200 | |
12063 | @@ -46,6 +46,7 @@ | |
12064 | #include <linux/rmap.h> | |
12065 | #include <linux/module.h> | |
12066 | #include <linux/init.h> | |
12067 | +#include <linux/grsecurity.h> | |
12068 | ||
12069 | #include <asm/pgalloc.h> | |
12070 | #include <asm/uaccess.h> | |
12071 | @@ -1220,6 +1221,7 @@ | |
12072 | ||
12073 | do_expand: | |
12074 | limit = current->rlim[RLIMIT_FSIZE].rlim_cur; | |
12075 | + gr_learn_resource(current, RLIMIT_FSIZE, offset, 1); | |
12076 | if (limit != RLIM_INFINITY && offset > limit) | |
12077 | goto out_sig; | |
12078 | if (offset > inode->i_sb->s_maxbytes) | |
12079 | diff -uNr linux-2.6.7-rc1.orig/mm/mlock.c linux-2.6.7-rc1/mm/mlock.c | |
12080 | --- linux-2.6.7-rc1.orig/mm/mlock.c 2004-05-23 07:53:32.000000000 +0200 | |
12081 | +++ linux-2.6.7-rc1/mm/mlock.c 2004-05-25 14:33:59.574303656 +0200 | |
49166ac6 | 12082 | @@ -8,6 +8,7 @@ |
1db5cd70 PS |
12083 | #include <linux/mman.h> |
12084 | #include <linux/mm.h> | |
1db5cd70 | 12085 | |
49166ac6 | 12086 | +#include <linux/grsecurity.h> |
1db5cd70 PS |
12087 | |
12088 | static int mlock_fixup(struct vm_area_struct * vma, | |
12089 | unsigned long start, unsigned long end, unsigned int newflags) | |
49166ac6 | 12090 | @@ -68,6 +69,9 @@ |
1db5cd70 PS |
12091 | return -EINVAL; |
12092 | if (end == start) | |
12093 | return 0; | |
1db5cd70 PS |
12094 | + if (end > TASK_SIZE) |
12095 | + return -EINVAL; | |
12096 | + | |
12097 | vma = find_vma(current->mm, start); | |
12098 | if (!vma || vma->vm_start > start) | |
12099 | return -ENOMEM; | |
49166ac6 | 12100 | @@ -118,6 +122,7 @@ |
1db5cd70 PS |
12101 | lock_limit >>= PAGE_SHIFT; |
12102 | ||
12103 | /* check against resource limits */ | |
12104 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked, 1); | |
12105 | if (locked <= lock_limit) | |
12106 | error = do_mlock(start, len, 1); | |
12107 | up_write(¤t->mm->mmap_sem); | |
49166ac6 | 12108 | @@ -154,6 +159,9 @@ |
1db5cd70 PS |
12109 | for (vma = current->mm->mmap; vma ; vma = vma->vm_next) { |
12110 | unsigned int newflags; | |
12111 | ||
1db5cd70 PS |
12112 | + if (vma->vm_end > TASK_SIZE) |
12113 | + break; | |
12114 | + | |
12115 | newflags = vma->vm_flags | VM_LOCKED; | |
12116 | if (!(flags & MCL_CURRENT)) | |
12117 | newflags &= ~VM_LOCKED; | |
49166ac6 | 12118 | @@ -177,6 +185,7 @@ |
1db5cd70 PS |
12119 | lock_limit >>= PAGE_SHIFT; |
12120 | ||
12121 | ret = -ENOMEM; | |
12122 | + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1); | |
12123 | if (current->mm->total_vm <= lock_limit) | |
12124 | ret = do_mlockall(flags); | |
12125 | out: | |
12126 | diff -uNr linux-2.6.7-rc1.orig/mm/mmap.c linux-2.6.7-rc1/mm/mmap.c | |
2359ff29 PS |
12127 | --- linux-2.6.7-rc2/mm/mmap.c.orig 2004-06-02 23:45:34.377812528 +0200 |
12128 | +++ linux-2.6.7-rc2/mm/mmap.c 2004-06-02 23:54:52.740928432 +0200 | |
1db5cd70 PS |
12129 | @@ -23,6 +23,7 @@ |
12130 | #include <linux/mount.h> | |
12131 | #include <linux/mempolicy.h> | |
12132 | #include <linux/rmap.h> | |
12133 | +#include <linux/grsecurity.h> | |
12134 | ||
12135 | #include <asm/uaccess.h> | |
12136 | #include <asm/pgalloc.h> | |
12137 | @@ -137,6 +138,7 @@ | |
12138 | ||
12139 | /* Check against rlimit.. */ | |
12140 | rlim = current->rlim[RLIMIT_DATA].rlim_cur; | |
12141 | + gr_learn_resource(current, RLIMIT_DATA, brk - mm->start_data, 1); | |
12142 | if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim) | |
12143 | goto out; | |
12144 | ||
2359ff29 | 12145 | @@ -781,6 +786,7 @@ |
1db5cd70 PS |
12146 | if (vm_flags & VM_LOCKED) { |
12147 | unsigned long locked = mm->locked_vm << PAGE_SHIFT; | |
12148 | locked += len; | |
12149 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked, 1); | |
12150 | if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur) | |
12151 | return -EAGAIN; | |
12152 | } | |
2359ff29 | 12153 | @@ -839,6 +845,9 @@ |
1db5cd70 PS |
12154 | if (error) |
12155 | return error; | |
12156 | ||
12157 | + if (!gr_acl_handle_mmap(file, prot)) | |
12158 | + return -EACCES; | |
12159 | + | |
12160 | /* Clear old maps */ | |
12161 | error = -ENOMEM; | |
12162 | munmap_back: | |
2359ff29 | 12163 | @@ -850,6 +859,7 @@ |
1db5cd70 PS |
12164 | } |
12165 | ||
12166 | /* Check against address space limit. */ | |
12167 | + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len, 1); | |
12168 | if ((mm->total_vm << PAGE_SHIFT) + len | |
12169 | > current->rlim[RLIMIT_AS].rlim_cur) | |
12170 | return -ENOMEM; | |
2359ff29 | 12171 | @@ -1197,9 +1210,17 @@ |
1db5cd70 PS |
12172 | return -ENOMEM; |
12173 | } | |
12174 | ||
12175 | + gr_learn_resource(current, RLIMIT_STACK, address - vma->vm_start, 1); | |
12176 | + gr_learn_resource(current, RLIMIT_AS, (vma->vm_mm->total_vm + grow) << PAGE_SHIFT, 1); | |
12177 | + if (vma->vm_flags & VM_LOCKED) | |
12178 | + gr_learn_resource(current, RLIMIT_MEMLOCK, (vma->vm_mm->locked_vm + grow) << PAGE_SHIFT, 1); | |
12179 | + | |
dd62ee14 | 12180 | if (address - vma->vm_start > current->rlim[RLIMIT_STACK].rlim_cur || |
1db5cd70 PS |
12181 | ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > |
12182 | - current->rlim[RLIMIT_AS].rlim_cur) { | |
12183 | + current->rlim[RLIMIT_AS].rlim_cur || | |
12184 | + ((vma->vm_flags & VM_LOCKED) && | |
12185 | + ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > | |
12186 | + current->rlim[RLIMIT_MEMLOCK].rlim_cur)) { | |
12187 | anon_vma_unlock(vma); | |
12188 | vm_unacct_memory(grow); | |
12189 | return -ENOMEM; | |
2359ff29 | 12190 | @@ -1258,9 +1279,17 @@ |
1db5cd70 PS |
12191 | return -ENOMEM; |
12192 | } | |
2359ff29 | 12193 | |
1db5cd70 PS |
12194 | + gr_learn_resource(current, RLIMIT_STACK, vma->vm_end - address, 1); |
12195 | + gr_learn_resource(current, RLIMIT_AS, (vma->vm_mm->total_vm + grow) << PAGE_SHIFT, 1); | |
12196 | + if (vma->vm_flags & VM_LOCKED) | |
12197 | + gr_learn_resource(current, RLIMIT_MEMLOCK, (vma->vm_mm->locked_vm + grow) << PAGE_SHIFT, 1); | |
12198 | + | |
dd62ee14 | 12199 | if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur || |
1db5cd70 PS |
12200 | ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > |
12201 | - current->rlim[RLIMIT_AS].rlim_cur) { | |
12202 | + current->rlim[RLIMIT_AS].rlim_cur || | |
12203 | + ((vma->vm_flags & VM_LOCKED) && | |
12204 | + ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > | |
12205 | + current->rlim[RLIMIT_MEMLOCK].rlim_cur)) { | |
12206 | anon_vma_unlock(vma); | |
12207 | vm_unacct_memory(grow); | |
12208 | return -ENOMEM; | |
2359ff29 | 12209 | @@ -1623,6 +1655,7 @@ |
1db5cd70 PS |
12210 | if (mm->def_flags & VM_LOCKED) { |
12211 | unsigned long locked = mm->locked_vm << PAGE_SHIFT; | |
12212 | locked += len; | |
12213 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked, 1); | |
12214 | if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur) | |
12215 | return -EAGAIN; | |
12216 | } | |
2359ff29 | 12217 | @@ -1639,6 +1672,7 @@ |
1db5cd70 PS |
12218 | } |
12219 | ||
12220 | /* Check against address space limits *after* clearing old maps... */ | |
12221 | + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len, 1); | |
12222 | if ((mm->total_vm << PAGE_SHIFT) + len | |
12223 | > current->rlim[RLIMIT_AS].rlim_cur) | |
12224 | return -ENOMEM; | |
1db5cd70 PS |
12225 | diff -uNr linux-2.6.7-rc1.orig/mm/mprotect.c linux-2.6.7-rc1/mm/mprotect.c |
12226 | --- linux-2.6.7-rc1.orig/mm/mprotect.c 2004-05-23 07:55:03.000000000 +0200 | |
12227 | +++ linux-2.6.7-rc1/mm/mprotect.c 2004-05-25 14:33:59.581302592 +0200 | |
12228 | @@ -17,6 +17,7 @@ | |
12229 | #include <linux/highmem.h> | |
12230 | #include <linux/security.h> | |
12231 | #include <linux/mempolicy.h> | |
12232 | +#include <linux/grsecurity.h> | |
12233 | ||
12234 | #include <asm/uaccess.h> | |
12235 | #include <asm/pgalloc.h> | |
12236 | @@ -202,6 +203,10 @@ | |
12237 | end = start + len; | |
12238 | if (end < start) | |
12239 | return -ENOMEM; | |
12240 | + | |
12241 | + if (end > TASK_SIZE) | |
12242 | + return -EINVAL; | |
12243 | + | |
12244 | if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM)) | |
12245 | return -EINVAL; | |
12246 | if (end == start) | |
12247 | @@ -236,6 +241,11 @@ | |
12248 | if (start > vma->vm_start) | |
12249 | prev = vma; | |
12250 | ||
12251 | + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) { | |
12252 | + error = -EACCES; | |
12253 | + goto out; | |
12254 | + } | |
12255 | + | |
12256 | for (nstart = start ; ; ) { | |
12257 | unsigned int newflags; | |
12258 | ||
12259 | diff -uNr linux-2.6.7-rc1.orig/mm/mremap.c linux-2.6.7-rc1/mm/mremap.c | |
12260 | --- linux-2.6.7-rc1.orig/mm/mremap.c 2004-05-23 07:54:19.000000000 +0200 | |
12261 | +++ linux-2.6.7-rc1/mm/mremap.c 2004-05-25 14:33:59.584302136 +0200 | |
49166ac6 | 12262 | @@ -267,6 +267,10 @@ |
1db5cd70 PS |
12263 | if (!new_len) |
12264 | goto out; | |
12265 | ||
1db5cd70 PS |
12266 | + if (new_len > TASK_SIZE || addr > TASK_SIZE-new_len || |
12267 | + old_len > TASK_SIZE || addr > TASK_SIZE-old_len) | |
12268 | + goto out; | |
12269 | + | |
12270 | /* new_addr is only valid if MREMAP_FIXED is specified */ | |
12271 | if (flags & MREMAP_FIXED) { | |
12272 | if (new_addr & ~PAGE_MASK) | |
12273 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/af_inet.c linux-2.6.7-rc1/net/ipv4/af_inet.c | |
12274 | --- linux-2.6.7-rc1.orig/net/ipv4/af_inet.c 2004-05-23 07:53:35.000000000 +0200 | |
12275 | +++ linux-2.6.7-rc1/net/ipv4/af_inet.c 2004-05-25 14:33:59.595300464 +0200 | |
12276 | @@ -87,6 +87,7 @@ | |
12277 | #include <linux/init.h> | |
12278 | #include <linux/poll.h> | |
12279 | #include <linux/netfilter_ipv4.h> | |
12280 | +#include <linux/grsecurity.h> | |
12281 | ||
12282 | #include <asm/uaccess.h> | |
12283 | #include <asm/system.h> | |
12284 | @@ -387,7 +388,12 @@ | |
12285 | else | |
12286 | inet->pmtudisc = IP_PMTUDISC_WANT; | |
12287 | ||
12288 | - inet->id = 0; | |
12289 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
12290 | + if (grsec_enable_randid) | |
12291 | + inet->id = htons(ip_randomid()); | |
12292 | + else | |
12293 | +#endif | |
12294 | + inet->id = 0; | |
12295 | ||
12296 | sock_init_data(sock, sk); | |
12297 | sk_set_owner(sk, THIS_MODULE); | |
12298 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/ip_output.c linux-2.6.7-rc1/net/ipv4/ip_output.c | |
12299 | --- linux-2.6.7-rc1.orig/net/ipv4/ip_output.c 2004-05-25 14:25:40.000000000 +0200 | |
12300 | +++ linux-2.6.7-rc1/net/ipv4/ip_output.c 2004-05-25 14:33:59.600299704 +0200 | |
12301 | @@ -64,6 +64,7 @@ | |
12302 | #include <linux/proc_fs.h> | |
12303 | #include <linux/stat.h> | |
12304 | #include <linux/init.h> | |
12305 | +#include <linux/grsecurity.h> | |
12306 | ||
12307 | #include <net/snmp.h> | |
12308 | #include <net/ip.h> | |
12309 | @@ -1180,6 +1181,12 @@ | |
12310 | iph->tos = inet->tos; | |
12311 | iph->tot_len = htons(skb->len); | |
12312 | iph->frag_off = df; | |
12313 | + | |
12314 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
12315 | + if (grsec_enable_randid) | |
12316 | + iph->id = htons(ip_randomid()); | |
12317 | + else | |
12318 | +#endif | |
12319 | if (!df) { | |
12320 | __ip_select_ident(iph, &rt->u.dst, 0); | |
12321 | } else { | |
12322 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/netfilter/ipt_stealth.c linux-2.6.7-rc1/net/ipv4/netfilter/ipt_stealth.c | |
12323 | --- linux-2.6.7-rc1.orig/net/ipv4/netfilter/ipt_stealth.c 1970-01-01 01:00:00.000000000 +0100 | |
12324 | +++ linux-2.6.7-rc1/net/ipv4/netfilter/ipt_stealth.c 2004-05-25 14:33:59.610298184 +0200 | |
12325 | @@ -0,0 +1,112 @@ | |
12326 | +/* Kernel module to add stealth support. | |
12327 | + * | |
12328 | + * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net> | |
12329 | + * | |
12330 | + */ | |
12331 | + | |
12332 | +#include <linux/kernel.h> | |
12333 | +#include <linux/module.h> | |
12334 | +#include <linux/skbuff.h> | |
12335 | +#include <linux/net.h> | |
12336 | +#include <linux/sched.h> | |
12337 | +#include <linux/inet.h> | |
12338 | +#include <linux/stddef.h> | |
12339 | + | |
12340 | +#include <net/ip.h> | |
12341 | +#include <net/sock.h> | |
12342 | +#include <net/tcp.h> | |
12343 | +#include <net/udp.h> | |
12344 | +#include <net/route.h> | |
12345 | +#include <net/inet_common.h> | |
12346 | + | |
12347 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
12348 | + | |
12349 | +MODULE_LICENSE("GPL"); | |
12350 | + | |
12351 | +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif); | |
12352 | + | |
12353 | +static int | |
12354 | +match(const struct sk_buff *skb, | |
12355 | + const struct net_device *in, | |
12356 | + const struct net_device *out, | |
12357 | + const void *matchinfo, | |
12358 | + int offset, | |
12359 | + int *hotdrop) | |
12360 | +{ | |
12361 | + struct iphdr *ip = skb->nh.iph; | |
12362 | + struct tcphdr th; | |
12363 | + struct udphdr uh; | |
12364 | + struct sock *sk = NULL; | |
12365 | + | |
12366 | + if (!ip || offset) return 0; | |
12367 | + | |
12368 | + switch(ip->protocol) { | |
12369 | + case IPPROTO_TCP: | |
12370 | + if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &th, sizeof(th)) < 0) { | |
12371 | + *hotdrop = 1; | |
12372 | + return 0; | |
12373 | + } | |
12374 | + if (!(th.syn && !th.ack)) return 0; | |
12375 | + sk = tcp_v4_lookup_listener(ip->daddr, ntohs(th.dest), ((struct rtable*)skb->dst)->rt_iif); | |
12376 | + break; | |
12377 | + case IPPROTO_UDP: | |
12378 | + if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &uh, sizeof(uh)) < 0) { | |
12379 | + *hotdrop = 1; | |
12380 | + return 0; | |
12381 | + } | |
12382 | + sk = udp_v4_lookup(ip->saddr, uh.source, ip->daddr, uh.dest, skb->dev->ifindex); | |
12383 | + break; | |
12384 | + default: | |
12385 | + return 0; | |
12386 | + } | |
12387 | + | |
12388 | + if(!sk) // port is being listened on, match this | |
12389 | + return 1; | |
12390 | + else { | |
12391 | + sock_put(sk); | |
12392 | + return 0; | |
12393 | + } | |
12394 | +} | |
12395 | + | |
12396 | +/* Called when user tries to insert an entry of this type. */ | |
12397 | +static int | |
12398 | +checkentry(const char *tablename, | |
12399 | + const struct ipt_ip *ip, | |
12400 | + void *matchinfo, | |
12401 | + unsigned int matchsize, | |
12402 | + unsigned int hook_mask) | |
12403 | +{ | |
12404 | + if (matchsize != IPT_ALIGN(0)) | |
12405 | + return 0; | |
12406 | + | |
12407 | + if(((ip->proto == IPPROTO_TCP && !(ip->invflags & IPT_INV_PROTO)) || | |
12408 | + ((ip->proto == IPPROTO_UDP) && !(ip->invflags & IPT_INV_PROTO))) | |
12409 | + && (hook_mask & (1 << NF_IP_LOCAL_IN))) | |
12410 | + return 1; | |
12411 | + | |
12412 | + printk("stealth: Only works on TCP and UDP for the INPUT chain.\n"); | |
12413 | + | |
12414 | + return 0; | |
12415 | +} | |
12416 | + | |
12417 | + | |
12418 | +static struct ipt_match stealth_match = { | |
12419 | + .name = "stealth", | |
12420 | + .match = &match, | |
12421 | + .checkentry = &checkentry, | |
12422 | + .destroy = NULL, | |
12423 | + .me = THIS_MODULE | |
12424 | +}; | |
12425 | + | |
12426 | +static int __init init(void) | |
12427 | +{ | |
12428 | + return ipt_register_match(&stealth_match); | |
12429 | +} | |
12430 | + | |
12431 | +static void __exit fini(void) | |
12432 | +{ | |
12433 | + ipt_unregister_match(&stealth_match); | |
12434 | +} | |
12435 | + | |
12436 | +module_init(init); | |
12437 | +module_exit(fini); | |
12438 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/netfilter/Kconfig linux-2.6.7-rc1/net/ipv4/netfilter/Kconfig | |
12439 | --- linux-2.6.7-rc1.orig/net/ipv4/netfilter/Kconfig 2004-05-25 14:25:41.000000000 +0200 | |
12440 | +++ linux-2.6.7-rc1/net/ipv4/netfilter/Kconfig 2004-05-25 14:33:59.604299096 +0200 | |
12441 | @@ -241,6 +241,21 @@ | |
12442 | ||
12443 | To compile it as a module, choose M here. If unsure, say N. | |
12444 | ||
12445 | +config IP_NF_MATCH_STEALTH | |
12446 | + tristate "stealth match support" | |
12447 | + depends on IP_NF_IPTABLES | |
12448 | + help | |
12449 | + Enabling this option will drop all syn packets coming to unserved tcp | |
12450 | + ports as well as all packets coming to unserved udp ports. If you | |
12451 | + are using your system to route any type of packets (ie. via NAT) | |
12452 | + you should put this module at the end of your ruleset, since it will | |
12453 | + drop packets that aren't going to ports that are listening on your | |
12454 | + machine itself, it doesn't take into account that the packet might be | |
12455 | + destined for someone on your internal network if you're using NAT for | |
12456 | + instance. | |
12457 | + | |
12458 | + To compile it as a module, choose M here. If unsure, say N. | |
12459 | + | |
12460 | config IP_NF_MATCH_HELPER | |
12461 | tristate "Helper match support" | |
12462 | depends on IP_NF_CONNTRACK && IP_NF_IPTABLES | |
12463 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/netfilter/Makefile linux-2.6.7-rc1/net/ipv4/netfilter/Makefile | |
12464 | --- linux-2.6.7-rc1.orig/net/ipv4/netfilter/Makefile 2004-05-25 14:25:41.000000000 +0200 | |
12465 | +++ linux-2.6.7-rc1/net/ipv4/netfilter/Makefile 2004-05-25 14:33:59.608298488 +0200 | |
12466 | @@ -140,6 +140,8 @@ | |
12467 | obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o | |
12468 | obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o | |
12469 | ||
12470 | +obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o | |
12471 | + | |
12472 | obj-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev.o | |
12473 | obj-$(CONFIG_IP_NF_MATCH_POLICY) += ipt_policy.o | |
12474 | ||
12475 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/tcp_ipv4.c linux-2.6.7-rc1/net/ipv4/tcp_ipv4.c | |
12476 | --- linux-2.6.7-rc1.orig/net/ipv4/tcp_ipv4.c 2004-05-25 14:25:40.000000000 +0200 | |
12477 | +++ linux-2.6.7-rc1/net/ipv4/tcp_ipv4.c 2004-05-25 14:33:59.615297424 +0200 | |
12478 | @@ -62,6 +62,7 @@ | |
12479 | #include <linux/jhash.h> | |
12480 | #include <linux/init.h> | |
12481 | #include <linux/times.h> | |
12482 | +#include <linux/grsecurity.h> | |
12483 | ||
12484 | #include <net/icmp.h> | |
12485 | #include <net/tcp.h> | |
12486 | @@ -224,9 +225,16 @@ | |
12487 | spin_lock(&tcp_portalloc_lock); | |
12488 | rover = tcp_port_rover; | |
12489 | do { | |
12490 | - rover++; | |
12491 | - if (rover < low || rover > high) | |
12492 | - rover = low; | |
12493 | +#ifdef CONFIG_GRKERNSEC_RANDSRC | |
12494 | + if (grsec_enable_randsrc && (high > low)) { | |
12495 | + rover = low + (get_random_long() % (high - low)); | |
12496 | + } else | |
12497 | +#endif | |
12498 | + { | |
12499 | + rover++; | |
12500 | + if (rover < low || rover > high) | |
12501 | + rover = low; | |
12502 | + } | |
12503 | head = &tcp_bhash[tcp_bhashfn(rover)]; | |
12504 | spin_lock(&head->lock); | |
12505 | tb_for_each(tb, node, &head->chain) | |
12506 | @@ -537,6 +545,11 @@ | |
12507 | ||
12508 | static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb) | |
12509 | { | |
12510 | +#ifdef CONFIG_GRKERNSEC_RANDISN | |
12511 | + if (likely(grsec_enable_randisn)) | |
12512 | + return ip_randomisn(); | |
12513 | + else | |
12514 | +#endif | |
12515 | return secure_tcp_sequence_number(skb->nh.iph->daddr, | |
12516 | skb->nh.iph->saddr, | |
12517 | skb->h.th->dest, | |
12518 | @@ -671,10 +684,17 @@ | |
12519 | rover = tcp_port_rover; | |
12520 | ||
12521 | do { | |
12522 | - rover++; | |
12523 | - if ((rover < low) || (rover > high)) | |
12524 | - rover = low; | |
12525 | - head = &tcp_bhash[tcp_bhashfn(rover)]; | |
12526 | +#ifdef CONFIG_GRKERNSEC_RANDSRC | |
12527 | + if (grsec_enable_randsrc && (high > low)) { | |
12528 | + rover = low + (get_random_long() % (high - low)); | |
12529 | + } else | |
12530 | +#endif | |
12531 | + { | |
12532 | + rover++; | |
12533 | + if ((rover < low) || (rover > high)) | |
12534 | + rover = low; | |
12535 | + } | |
12536 | + head = &tcp_bhash[tcp_bhashfn(rover)]; | |
12537 | spin_lock(&head->lock); | |
12538 | ||
12539 | /* Does not bother with rcv_saddr checks, | |
12540 | @@ -724,6 +744,15 @@ | |
12541 | } | |
12542 | spin_unlock(&head->lock); | |
12543 | ||
12544 | +#ifdef CONFIG_GRKERNSEC | |
12545 | + gr_del_task_from_ip_table(current); | |
12546 | + current->gr_saddr = inet_sk(sk)->rcv_saddr; | |
12547 | + current->gr_daddr = inet_sk(sk)->daddr; | |
12548 | + current->gr_sport = inet_sk(sk)->sport; | |
12549 | + current->gr_dport = inet_sk(sk)->dport; | |
12550 | + gr_add_to_task_ip_table(current); | |
12551 | +#endif | |
12552 | + | |
12553 | if (tw) { | |
12554 | tcp_tw_deschedule(tw); | |
12555 | tcp_tw_put(tw); | |
12556 | @@ -843,13 +872,24 @@ | |
12557 | tcp_v4_setup_caps(sk, &rt->u.dst); | |
12558 | tp->ext2_header_len = rt->u.dst.header_len; | |
12559 | ||
12560 | - if (!tp->write_seq) | |
12561 | + if (!tp->write_seq) { | |
12562 | +#ifdef CONFIG_GRKERNSEC_RANDISN | |
12563 | + if (likely(grsec_enable_randisn)) | |
12564 | + tp->write_seq = ip_randomisn(); | |
12565 | + else | |
12566 | +#endif | |
12567 | tp->write_seq = secure_tcp_sequence_number(inet->saddr, | |
12568 | inet->daddr, | |
12569 | inet->sport, | |
12570 | usin->sin_port); | |
12571 | + } | |
12572 | ||
12573 | - inet->id = tp->write_seq ^ jiffies; | |
12574 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
12575 | + if (grsec_enable_randid) | |
12576 | + inet->id = htons(ip_randomid()); | |
12577 | + else | |
12578 | +#endif | |
12579 | + inet->id = tp->write_seq ^ jiffies; | |
12580 | ||
12581 | err = tcp_connect(sk); | |
12582 | rt = NULL; | |
12583 | @@ -1593,7 +1633,13 @@ | |
12584 | if (newinet->opt) | |
12585 | newtp->ext_header_len = newinet->opt->optlen; | |
12586 | newtp->ext2_header_len = dst->header_len; | |
12587 | - newinet->id = newtp->write_seq ^ jiffies; | |
12588 | + | |
12589 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
12590 | + if (grsec_enable_randid) | |
12591 | + newinet->id = htons(ip_randomid()); | |
12592 | + else | |
12593 | +#endif | |
12594 | + newinet->id = newtp->write_seq ^ jiffies; | |
12595 | ||
12596 | tcp_sync_mss(newsk, dst_pmtu(dst)); | |
12597 | newtp->advmss = dst_metric(dst, RTAX_ADVMSS); | |
12598 | diff -uNr linux-2.6.7-rc1.orig/net/ipv4/udp.c linux-2.6.7-rc1/net/ipv4/udp.c | |
12599 | --- linux-2.6.7-rc1.orig/net/ipv4/udp.c 2004-05-25 14:25:40.000000000 +0200 | |
12600 | +++ linux-2.6.7-rc1/net/ipv4/udp.c 2004-05-25 14:33:59.619296816 +0200 | |
12601 | @@ -100,6 +100,7 @@ | |
12602 | #include <linux/skbuff.h> | |
12603 | #include <linux/proc_fs.h> | |
12604 | #include <linux/seq_file.h> | |
12605 | +#include <linux/grsecurity.h> | |
12606 | #include <net/sock.h> | |
12607 | #include <net/udp.h> | |
12608 | #include <net/icmp.h> | |
12609 | @@ -108,6 +109,12 @@ | |
12610 | #include <net/checksum.h> | |
12611 | #include <net/xfrm.h> | |
12612 | ||
12613 | +extern int gr_search_udp_recvmsg(const struct sock *sk, | |
12614 | + const struct sk_buff *skb); | |
12615 | +extern int gr_search_udp_sendmsg(const struct sock *sk, | |
12616 | + const struct sockaddr_in *addr); | |
12617 | + | |
12618 | + | |
12619 | /* | |
12620 | * Snmp MIB for the UDP layer | |
12621 | */ | |
12622 | @@ -538,9 +545,16 @@ | |
12623 | dport = usin->sin_port; | |
12624 | if (dport == 0) | |
12625 | return -EINVAL; | |
12626 | + | |
12627 | + if (!gr_search_udp_sendmsg(sk, usin)) | |
12628 | + return -EPERM; | |
12629 | } else { | |
12630 | if (sk->sk_state != TCP_ESTABLISHED) | |
12631 | return -EDESTADDRREQ; | |
12632 | + | |
12633 | + if (!gr_search_udp_sendmsg(sk, NULL)) | |
12634 | + return -EPERM; | |
12635 | + | |
12636 | daddr = inet->daddr; | |
12637 | dport = inet->dport; | |
12638 | /* Open fast path for connected socket. | |
12639 | @@ -792,7 +806,12 @@ | |
12640 | if (!skb) | |
12641 | goto out; | |
12642 | ||
12643 | - copied = skb->len - sizeof(struct udphdr); | |
12644 | + if (!gr_search_udp_recvmsg(sk, skb)) { | |
12645 | + err = -EPERM; | |
12646 | + goto out_free; | |
12647 | + } | |
12648 | + | |
12649 | + copied = skb->len - sizeof(struct udphdr); | |
12650 | if (copied > len) { | |
12651 | copied = len; | |
12652 | msg->msg_flags |= MSG_TRUNC; | |
12653 | @@ -901,7 +920,12 @@ | |
12654 | inet->daddr = rt->rt_dst; | |
12655 | inet->dport = usin->sin_port; | |
12656 | sk->sk_state = TCP_ESTABLISHED; | |
12657 | - inet->id = jiffies; | |
12658 | +#ifdef CONFIG_GRKERNSEC_RANDID | |
12659 | + if (grsec_enable_randid) | |
12660 | + inet->id = htons(ip_randomid()); | |
12661 | + else | |
12662 | +#endif | |
12663 | + inet->id = jiffies; | |
12664 | ||
12665 | sk_dst_set(sk, &rt->u.dst); | |
12666 | return(0); | |
12667 | diff -uNr linux-2.6.7-rc1.orig/net/socket.c linux-2.6.7-rc1/net/socket.c | |
12668 | --- linux-2.6.7-rc1.orig/net/socket.c 2004-05-23 07:53:57.000000000 +0200 | |
12669 | +++ linux-2.6.7-rc1/net/socket.c 2004-05-25 14:33:59.634294536 +0200 | |
12670 | @@ -81,6 +81,7 @@ | |
12671 | #include <linux/syscalls.h> | |
12672 | #include <linux/compat.h> | |
12673 | #include <linux/kmod.h> | |
12674 | +#include <linux/in.h> | |
12675 | ||
12676 | #ifdef CONFIG_NET_RADIO | |
12677 | #include <linux/wireless.h> /* Note : will define WIRELESS_EXT */ | |
12678 | @@ -94,6 +95,18 @@ | |
12679 | #include <net/sock.h> | |
12680 | #include <linux/netfilter.h> | |
12681 | ||
12682 | +extern void gr_attach_curr_ip(const struct sock *sk); | |
12683 | +extern int gr_handle_sock_all(const int family, const int type, | |
12684 | + const int protocol); | |
12685 | +extern int gr_handle_sock_server(const struct sockaddr *sck); | |
12686 | +extern int gr_handle_sock_client(const struct sockaddr *sck); | |
12687 | +extern int gr_search_connect(const struct socket * sock, | |
12688 | + const struct sockaddr_in * addr); | |
12689 | +extern int gr_search_bind(const struct socket * sock, | |
12690 | + const struct sockaddr_in * addr); | |
12691 | +extern int gr_search_socket(const int domain, const int type, | |
12692 | + const int protocol); | |
12693 | + | |
12694 | static int sock_no_open(struct inode *irrelevant, struct file *dontcare); | |
12695 | static ssize_t sock_aio_read(struct kiocb *iocb, char __user *buf, | |
12696 | size_t size, loff_t pos); | |
12697 | @@ -897,6 +910,7 @@ | |
12698 | printk(KERN_DEBUG "sock_close: NULL inode\n"); | |
12699 | return 0; | |
12700 | } | |
12701 | + | |
12702 | sock_fasync(-1, filp, 0); | |
12703 | sock_release(SOCKET_I(inode)); | |
12704 | return 0; | |
12705 | @@ -1126,6 +1140,16 @@ | |
12706 | int retval; | |
12707 | struct socket *sock; | |
12708 | ||
12709 | + if(!gr_search_socket(family, type, protocol)) { | |
12710 | + retval = -EACCES; | |
12711 | + goto out; | |
12712 | + } | |
12713 | + | |
12714 | + if (gr_handle_sock_all(family, type, protocol)) { | |
12715 | + retval = -EACCES; | |
12716 | + goto out; | |
12717 | + } | |
12718 | + | |
12719 | retval = sock_create(family, type, protocol, &sock); | |
12720 | if (retval < 0) | |
12721 | goto out; | |
12722 | @@ -1221,11 +1245,23 @@ | |
12723 | { | |
12724 | struct socket *sock; | |
12725 | char address[MAX_SOCK_ADDR]; | |
12726 | + struct sockaddr *sck; | |
12727 | int err; | |
12728 | ||
12729 | if((sock = sockfd_lookup(fd,&err))!=NULL) | |
12730 | { | |
12731 | if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) { | |
12732 | + sck = (struct sockaddr *)address; | |
12733 | + if (!gr_search_bind(sock, (struct sockaddr_in *)sck)) { | |
12734 | + sockfd_put(sock); | |
12735 | + return -EACCES; | |
12736 | + } | |
12737 | + | |
12738 | + if (gr_handle_sock_server(sck)) { | |
12739 | + sockfd_put(sock); | |
12740 | + return -EACCES; | |
12741 | + } | |
12742 | + | |
12743 | err = security_socket_bind(sock, (struct sockaddr *)address, addrlen); | |
12744 | if (err) { | |
12745 | sockfd_put(sock); | |
12746 | @@ -1328,6 +1364,7 @@ | |
12747 | goto out_release; | |
12748 | ||
12749 | security_socket_post_accept(sock, newsock); | |
12750 | + gr_attach_curr_ip(newsock->sk); | |
12751 | ||
12752 | out_put: | |
12753 | sockfd_put(sock); | |
12754 | @@ -1355,6 +1392,7 @@ | |
12755 | { | |
12756 | struct socket *sock; | |
12757 | char address[MAX_SOCK_ADDR]; | |
12758 | + struct sockaddr *sck; | |
12759 | int err; | |
12760 | ||
12761 | sock = sockfd_lookup(fd, &err); | |
12762 | @@ -1364,6 +1402,18 @@ | |
12763 | if (err < 0) | |
12764 | goto out_put; | |
12765 | ||
12766 | + sck = (struct sockaddr *)address; | |
12767 | + | |
12768 | + if (!gr_search_connect(sock, (struct sockaddr_in *)sck)) { | |
12769 | + err = -EACCES; | |
12770 | + goto out_put; | |
12771 | + } | |
12772 | + | |
12773 | + if (gr_handle_sock_client(sck)) { | |
12774 | + err = -EACCES; | |
12775 | + goto out_put; | |
12776 | + } | |
12777 | + | |
12778 | err = security_socket_connect(sock, (struct sockaddr *)address, addrlen); | |
12779 | if (err) | |
12780 | goto out_put; | |
12781 | @@ -1617,6 +1667,7 @@ | |
12782 | err=sock->ops->shutdown(sock, how); | |
12783 | sockfd_put(sock); | |
12784 | } | |
12785 | + | |
12786 | return err; | |
12787 | } | |
12788 | ||
12789 | diff -uNr linux-2.6.7-rc1.orig/net/sunrpc/xprt.c linux-2.6.7-rc1/net/sunrpc/xprt.c | |
12790 | --- linux-2.6.7-rc1.orig/net/sunrpc/xprt.c 2004-05-23 07:54:22.000000000 +0200 | |
12791 | +++ linux-2.6.7-rc1/net/sunrpc/xprt.c 2004-05-25 14:33:59.644293016 +0200 | |
12792 | @@ -58,6 +58,7 @@ | |
12793 | #include <linux/file.h> | |
12794 | #include <linux/workqueue.h> | |
12795 | #include <linux/random.h> | |
12796 | +#include <linux/grsecurity.h> | |
12797 | ||
12798 | #include <net/sock.h> | |
12799 | #include <net/checksum.h> | |
12800 | @@ -1337,6 +1338,12 @@ | |
12801 | */ | |
12802 | static inline u32 xprt_alloc_xid(struct rpc_xprt *xprt) | |
12803 | { | |
12804 | + | |
12805 | +#ifdef CONFIG_GRKERNSEC_RANDRPC | |
12806 | + if (grsec_enable_randrpc) | |
12807 | + return (u32) get_random_long(); | |
12808 | +#endif | |
12809 | + | |
12810 | return xprt->xid++; | |
12811 | } | |
12812 | ||
12813 | diff -uNr linux-2.6.7-rc1.orig/net/unix/af_unix.c linux-2.6.7-rc1/net/unix/af_unix.c | |
12814 | --- linux-2.6.7-rc1.orig/net/unix/af_unix.c 2004-05-23 07:54:22.000000000 +0200 | |
12815 | +++ linux-2.6.7-rc1/net/unix/af_unix.c 2004-05-25 14:33:59.653291648 +0200 | |
12816 | @@ -118,6 +118,7 @@ | |
12817 | #include <linux/mount.h> | |
12818 | #include <net/checksum.h> | |
12819 | #include <linux/security.h> | |
12820 | +#include <linux/grsecurity.h> | |
12821 | ||
12822 | int sysctl_unix_max_dgram_qlen = 10; | |
12823 | ||
12824 | @@ -681,6 +682,11 @@ | |
12825 | if (err) | |
12826 | goto put_fail; | |
12827 | ||
12828 | + if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) { | |
12829 | + err = -EACCES; | |
12830 | + goto put_fail; | |
12831 | + } | |
12832 | + | |
12833 | err = -ECONNREFUSED; | |
12834 | if (!S_ISSOCK(nd.dentry->d_inode->i_mode)) | |
12835 | goto put_fail; | |
12836 | @@ -704,6 +710,13 @@ | |
12837 | if (u) { | |
12838 | struct dentry *dentry; | |
12839 | dentry = unix_sk(u)->dentry; | |
12840 | + | |
12841 | + if (!gr_handle_chroot_unix(u->sk_peercred.pid)) { | |
12842 | + err = -EPERM; | |
12843 | + sock_put(u); | |
12844 | + goto fail; | |
12845 | + } | |
12846 | + | |
12847 | if (dentry) | |
12848 | touch_atime(unix_sk(u)->mnt, dentry); | |
12849 | } else | |
12850 | @@ -803,9 +816,18 @@ | |
12851 | */ | |
12852 | mode = S_IFSOCK | | |
12853 | (SOCK_INODE(sock)->i_mode & ~current->fs->umask); | |
12854 | + | |
12855 | + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) { | |
12856 | + err = -EACCES; | |
12857 | + goto out_mknod_dput; | |
12858 | + } | |
12859 | + | |
12860 | err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); | |
12861 | if (err) | |
12862 | goto out_mknod_dput; | |
12863 | + | |
12864 | + gr_handle_create(dentry, nd.mnt); | |
12865 | + | |
12866 | up(&nd.dentry->d_inode->i_sem); | |
12867 | dput(nd.dentry); | |
12868 | nd.dentry = dentry; | |
12869 | @@ -823,6 +845,10 @@ | |
12870 | goto out_unlock; | |
12871 | } | |
12872 | ||
12873 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
12874 | + sk->sk_peercred.pid = current->pid; | |
12875 | +#endif | |
12876 | + | |
12877 | list = &unix_socket_table[addr->hash]; | |
12878 | } else { | |
12879 | list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; | |
3aa50353 PS |
12880 | diff -uNr linux-2.6.7-rc1.orig/security/Kconfig linux-2.6.7-rc1/security/Kconfig |
12881 | --- linux-2.6.7-rc1.orig/security/Kconfig 2004-05-23 07:54:23.000000000 +0200 | |
12882 | +++ linux-2.6.7-rc1/security/Kconfig 2004-05-26 01:02:26.341672392 +0200 | |
12883 | @@ -2,6 +2,8 @@ | |
12884 | # Security configuration | |
12885 | # | |
12886 | ||
12887 | +source grsecurity/Kconfig | |
12888 | + | |
12889 | menu "Security options" | |
12890 | ||
12891 | config SECURITY | |
1db5cd70 PS |
12892 | diff -uNr linux-2.6.7-rc1.orig/security/commoncap.c linux-2.6.7-rc1/security/commoncap.c |
12893 | --- linux-2.6.7-rc1.orig/security/commoncap.c 2004-05-23 07:53:57.000000000 +0200 | |
12894 | +++ linux-2.6.7-rc1/security/commoncap.c 2004-05-25 14:33:59.657291040 +0200 | |
12895 | @@ -27,7 +27,7 @@ | |
12896 | int cap_capable (struct task_struct *tsk, int cap) | |
12897 | { | |
12898 | /* Derived from include/linux/sched.h:capable. */ | |
12899 | - if (cap_raised (tsk->cap_effective, cap)) | |
12900 | + if (cap_raised (tsk->cap_effective, cap) && gr_task_is_capable(tsk, cap)) | |
12901 | return 0; | |
12902 | else | |
12903 | return -EPERM; | |
12904 | @@ -37,7 +37,7 @@ | |
12905 | { | |
12906 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | |
12907 | if (!cap_issubset (child->cap_permitted, current->cap_permitted) && | |
12908 | - !capable (CAP_SYS_PTRACE)) | |
12909 | + !capable_nolog (CAP_SYS_PTRACE)) | |
12910 | return -EPERM; | |
12911 | else | |
12912 | return 0; | |
12913 | @@ -334,7 +334,7 @@ | |
12914 | /* | |
12915 | * Leave the last 3% for root | |
12916 | */ | |
12917 | - if (!capable(CAP_SYS_ADMIN)) | |
12918 | + if (!capable_nolog(CAP_SYS_ADMIN)) | |
12919 | free -= free / 32; | |
12920 | ||
12921 | if (free > pages) | |
12922 | @@ -345,7 +345,7 @@ | |
12923 | * only call if we're about to fail. | |
12924 | */ | |
12925 | n = nr_free_pages(); | |
12926 | - if (!capable(CAP_SYS_ADMIN)) | |
12927 | + if (!capable_nolog(CAP_SYS_ADMIN)) | |
12928 | n -= n / 32; | |
12929 | free += n; | |
12930 | ||
12931 | diff -uNr linux-2.6.7-rc1.orig/security/security.c linux-2.6.7-rc1/security/security.c | |
12932 | --- linux-2.6.7-rc1.orig/security/security.c 2004-05-23 07:53:30.000000000 +0200 | |
12933 | +++ linux-2.6.7-rc1/security/security.c 2004-05-25 14:33:59.659290736 +0200 | |
12934 | @@ -206,4 +206,5 @@ | |
12935 | EXPORT_SYMBOL_GPL(mod_reg_security); | |
12936 | EXPORT_SYMBOL_GPL(mod_unreg_security); | |
12937 | EXPORT_SYMBOL(capable); | |
12938 | +EXPORT_SYMBOL(capable_nolog); | |
12939 | EXPORT_SYMBOL(security_ops); | |
dbb7f4ea PS |
12940 | diff -uNr linux-2.6.7-rc1.orig/Makefile linux-2.6.7-rc1/Makefile |
12941 | --- linux-2.6.7-rc1.orig/Makefile 2004-05-26 00:38:42.000000000 +0200 | |
12942 | +++ linux-2.6.7-rc1/Makefile 2004-05-26 01:23:28.424806592 +0200 | |
12943 | @@ -484,7 +484,7 @@ | |
12944 | ||
12945 | ||
12946 | ifeq ($(KBUILD_EXTMOD),) | |
12947 | -core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ | |
12948 | +core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ grsecurity/ | |
12949 | ||
12950 | vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ | |
12951 | $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ |