]>
Commit | Line | Data |
---|---|---|
41374369 | 1 | --- linux-2.4.20/kernel/sysctl.c.org Tue Dec 31 21:38:21 2002 |
2 | +++ linux-2.4.20/kernel/sysctl.c Tue Dec 31 22:17:01 2002 | |
3 | @@ -277,7 +277,7 @@ | |
4 | GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL, | |
5 | GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, | |
6 | GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, | |
7 | -GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK}; | |
8 | +GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK, GS_MEM}; | |
9 | ||
10 | static ctl_table grsecurity_table[] = { | |
11 | {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler}, | |
12 | @@ -431,6 +431,10 @@ | |
13 | {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, | |
14 | sizeof (int), 0600, NULL, &proc_dointvec}, | |
15 | #endif | |
16 | +#ifdef CONFIG_GRKERNSEC_MEM | |
17 | + {GS_MEM, "secure_mem", &grsec_enable_mem, sizeof (int), 0600, NULL, | |
18 | + &proc_dointvec}, | |
19 | +#endif | |
20 | {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL, | |
21 | &proc_dointvec}, | |
22 | #endif | |
23 | --- linux-2.4.20/include/linux/grsecurity.h.org Tue Dec 31 21:38:18 2002 | |
24 | +++ linux-2.4.20/include/linux/grsecurity.h Tue Dec 31 22:11:04 2002 | |
25 | @@ -102,6 +102,7 @@ | |
26 | extern int grsec_enable_mount; | |
27 | extern int grsec_enable_chdir; | |
28 | extern int grsec_lock; | |
29 | +extern int grsec_enable_mem; | |
30 | ||
31 | extern struct task_struct *child_reaper; | |
32 | ||
33 | --- linux-2.4.20/drivers/char/mem.c.org Tue Dec 31 21:38:16 2002 | |
34 | +++ linux-2.4.20/drivers/char/mem.c Tue Dec 31 22:08:46 2002 | |
35 | @@ -115,10 +115,10 @@ | |
36 | unsigned long p = *ppos; | |
37 | unsigned long end_mem; | |
38 | ||
39 | -#ifdef CONFIG_GRKERNSEC_MEM | |
40 | +if(grsec_enable_mem) { | |
41 | security_alert(GR_MEM_WRITE_MSG, GR_MEM_WRITE_FLD, DEFAULTSECARGS); | |
42 | return -EPERM; | |
43 | -#endif | |
44 | +} | |
45 | ||
46 | end_mem = __pa(high_memory); | |
47 | if (p >= end_mem) | |
48 | @@ -192,7 +192,7 @@ | |
49 | { | |
50 | unsigned long offset = vma->vm_pgoff << PAGE_SHIFT; | |
51 | ||
52 | -#ifdef CONFIG_GRKERNSEC_MEM | |
53 | +if(grsec_enable_mem){ | |
54 | if (offset < __pa(high_memory) && | |
55 | (pgprot_val(vma->vm_page_prot) & PROT_WRITE) && | |
56 | (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) { | |
57 | @@ -200,7 +200,7 @@ | |
58 | return -EPERM; | |
59 | } else if (offset < __pa(high_memory)) | |
60 | vma->vm_flags &= ~VM_MAYWRITE; | |
61 | -#endif | |
62 | +} | |
63 | ||
64 | ||
65 | /* | |
66 | --- linux-2.4.20/grsecurity/grsecurity.c.org Tue Dec 31 21:38:17 2002 | |
67 | +++ linux-2.4.20/grsecurity/grsecurity.c Tue Dec 31 22:04:35 2002 | |
68 | @@ -53,6 +53,7 @@ | |
69 | int grsec_enable_socket_server; | |
70 | int grsec_socket_server_gid; | |
71 | int grsec_lock; | |
72 | +int grsec_enable_mem; | |
73 | ||
74 | /* | |
75 | handle the variables if parts of grsecurity are configured without sysctl | |
76 | @@ -167,6 +168,9 @@ | |
77 | grsec_enable_socket_server = 1; | |
78 | grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID; | |
79 | #endif | |
80 | +#ifdef CONFIG_GRKERNSEC_MEM | |
81 | +grsec_enable_mem = 1; | |
82 | +#endif | |
83 | #endif | |
84 | ||
85 | return; |