[packages/kernel.git] / linux-2.4.20-grsecurity-1.9.8-dev_mem.patch

--- linux-2.4.20/kernel/sysctl.c.org	Tue Dec 31 21:38:21 2002
+++ linux-2.4.20/kernel/sysctl.c	Tue Dec 31 22:17:01 2002
@@ -277,7 +277,7 @@
 GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL, 
 GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, 
 GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, 
-GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK};
+GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK, GS_MEM};
 
 static ctl_table grsecurity_table[] = {
 	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
@@ -431,6 +431,10 @@
 	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
 	 sizeof (int), 0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_MEM
+	{GS_MEM, "secure_mem", &grsec_enable_mem, sizeof (int), 0600, NULL,
+	 &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 #endif
--- linux-2.4.20/include/linux/grsecurity.h.org	Tue Dec 31 21:38:18 2002
+++ linux-2.4.20/include/linux/grsecurity.h	Tue Dec 31 22:11:04 2002
@@ -102,6 +102,7 @@
 extern int grsec_enable_mount;
 extern int grsec_enable_chdir;
 extern int grsec_lock;
+extern int grsec_enable_mem;
 
 extern struct task_struct *child_reaper;
 
--- linux-2.4.20/drivers/char/mem.c.org	Tue Dec 31 21:38:16 2002
+++ linux-2.4.20/drivers/char/mem.c	Tue Dec 31 22:08:46 2002
@@ -115,10 +115,10 @@
 	unsigned long p = *ppos;
 	unsigned long end_mem;
 
-#ifdef CONFIG_GRKERNSEC_MEM
+if(grsec_enable_mem) {
         security_alert(GR_MEM_WRITE_MSG, GR_MEM_WRITE_FLD, DEFAULTSECARGS);
         return -EPERM;
-#endif
+}
 
 	end_mem = __pa(high_memory);
 	if (p >= end_mem)
@@ -192,7 +192,7 @@
 {
 	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
 
-#ifdef CONFIG_GRKERNSEC_MEM
+if(grsec_enable_mem){
 	if (offset < __pa(high_memory) &&
 	    (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
 	    (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) {
@@ -200,7 +200,7 @@
 		return -EPERM;
 	} else if (offset < __pa(high_memory))
 		vma->vm_flags &= ~VM_MAYWRITE;
-#endif
+}
 
 
 	/*
--- linux-2.4.20/grsecurity/grsecurity.c.org	Tue Dec 31 21:38:17 2002
+++ linux-2.4.20/grsecurity/grsecurity.c	Tue Dec 31 22:04:35 2002
@@ -53,6 +53,7 @@
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
 int grsec_lock;
+int grsec_enable_mem;
 
 /* 
    handle the variables if parts of grsecurity are configured without sysctl 
@@ -167,6 +168,9 @@
 grsec_enable_socket_server = 1;
 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_MEM
+grsec_enable_mem = 1;
+#endif
 #endif
 
 return;
Commit	Line	Data
41374369	1	--- linux-2.4.20/kernel/sysctl.c.org Tue Dec 31 21:38:21 2002
	2	+++ linux-2.4.20/kernel/sysctl.c Tue Dec 31 22:17:01 2002
	3	@@ -277,7 +277,7 @@
	4	GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL,
	5	GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER,
	6	GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR,
	7	-GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK};
	8	+GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK, GS_MEM};
	9
	10	static ctl_table grsecurity_table[] = {
	11	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
	12	@@ -431,6 +431,10 @@
	13	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
	14	sizeof (int), 0600, NULL, &proc_dointvec},
	15	#endif
	16	+#ifdef CONFIG_GRKERNSEC_MEM
	17	+ {GS_MEM, "secure_mem", &grsec_enable_mem, sizeof (int), 0600, NULL,
	18	+ &proc_dointvec},
	19	+#endif
	20	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
	21	&proc_dointvec},
	22	#endif
	23	--- linux-2.4.20/include/linux/grsecurity.h.org Tue Dec 31 21:38:18 2002
	24	+++ linux-2.4.20/include/linux/grsecurity.h Tue Dec 31 22:11:04 2002
	25	@@ -102,6 +102,7 @@
	26	extern int grsec_enable_mount;
	27	extern int grsec_enable_chdir;
	28	extern int grsec_lock;
	29	+extern int grsec_enable_mem;
	30
	31	extern struct task_struct *child_reaper;
	32
	33	--- linux-2.4.20/drivers/char/mem.c.org Tue Dec 31 21:38:16 2002
	34	+++ linux-2.4.20/drivers/char/mem.c Tue Dec 31 22:08:46 2002
	35	@@ -115,10 +115,10 @@
	36	unsigned long p = *ppos;
	37	unsigned long end_mem;
	38
	39	-#ifdef CONFIG_GRKERNSEC_MEM
	40	+if(grsec_enable_mem) {
	41	security_alert(GR_MEM_WRITE_MSG, GR_MEM_WRITE_FLD, DEFAULTSECARGS);
	42	return -EPERM;
	43	-#endif
	44	+}
	45
	46	end_mem = __pa(high_memory);
	47	if (p >= end_mem)
	48	@@ -192,7 +192,7 @@
	49	{
	50	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
	51
	52	-#ifdef CONFIG_GRKERNSEC_MEM
	53	+if(grsec_enable_mem){
	54	if (offset < __pa(high_memory) &&
	55	(pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
	56	(offset != 0xa0000 \|\| ((vma->vm_end - vma->vm_start) > 0x20000))) {
	57	@@ -200,7 +200,7 @@
	58	return -EPERM;
	59	} else if (offset < __pa(high_memory))
	60	vma->vm_flags &= ~VM_MAYWRITE;
	61	-#endif
	62	+}
	63
	64
65	/*
66	--- linux-2.4.20/grsecurity/grsecurity.c.org Tue Dec 31 21:38:17 2002
67	+++ linux-2.4.20/grsecurity/grsecurity.c Tue Dec 31 22:04:35 2002
68	@@ -53,6 +53,7 @@
69	int grsec_enable_socket_server;
70	int grsec_socket_server_gid;
71	int grsec_lock;
72	+int grsec_enable_mem;
73
74	/*
75	handle the variables if parts of grsecurity are configured without sysctl
76	@@ -167,6 +168,9 @@
77	grsec_enable_socket_server = 1;
78	grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
79	#endif
80	+#ifdef CONFIG_GRKERNSEC_MEM
81	+grsec_enable_mem = 1;
82	+#endif
83	#endif
84
85	return;