1 diff -urN linux/Documentation/Configure.help linux/Documentation/Configure.help
2 --- linux/Documentation/Configure.help Fri Dec 21 12:41:53 2001
3 +++ linux/Documentation/Configure.help Sun Dec 23 19:13:16 2001
4 @@ -19794,6 +19794,746 @@
6 "Area6" will work for most boards. For ADX, select "Area5".
10 + If you say Y here, you will be able to configure many features that
11 + will enhance the security of your system. It is highly recommended
12 + that you say Y here and read through the help for each option so
13 + you fully understand what its doing and can evaluate its usefulness
16 +OpenWall Non-executable Stack
17 +CONFIG_GRKERNSEC_STACK
18 + If you say Y here, your system will not allow execution of
19 + code on the stack, making buffer overflow exploitation more difficult.
20 + The code for this protection is taken from the Openwall patch for
21 + linux 2.2 by Solar Designer. You can view his projects at
22 + http://www.openwall.com/linux.
23 + Exploits against your machine with this protection will have to dabble
24 + in more obscure methods of exploitation(bss,got,heap..)
26 +Gcc trampoline support
27 +CONFIG_GRKERNSEC_STACK_GCC
28 + If you say Y here, the system will support trampoline code along
29 + with the stack protection. If you do not have any programs on
30 + your system that require this (glibc 2.0 users must say YES to
31 + this option) you may say no here.
35 + By design the IA-32 architecture does not allow for protecting
36 + memory pages against execution, i.e. if a page is readable (such
37 + as the stack or heap) it is also executable. There is a well
38 + known exploit technique that makes use of this fact and a common
39 + programming mistake where an attacker can introduce executable
40 + code of his choice somewhere in the attacked program's memory
41 + (typically the stack or the heap) and then execute it. If the
42 + attacked program was running with different (typically higher)
43 + privileges than that of the attacker, then he can elevate his
44 + own privilege level (e.g. get a root shell, write to files for
45 + which he does not have write access to, etc).
47 + Since the implementation is software based, it comes with a
48 + performance impact, you should evaluate your system carefully
49 + before deciding to use this feature on production systems.
51 + Enabling this feature will enforce the non-executable flag on
52 + memory pages thereby making it harder to execute 'foreign' code
53 + in a program. This will also break programs that rely on the
54 + old behaviour and expect that dynamically allocated memory via
55 + the malloc() family of functions is executable (which it is not).
56 + Notable examples are the XFree86 4.x server, the java runtime
59 + NOTE: you can use the 'chpax' utility to enable/disable this
60 + feature on a per file basis. chpax is available at
61 + http://pageexec.virtualave.net
64 +CONFIG_GRKERNSEC_PAX_EMUTRAMP
65 + There are some programs and libraries that for one reason or
66 + another attempt to execute special small code snippets from
67 + non-executable memory pages. Most notable examples are the
68 + signal handler return code generated by the kernel itself and
69 + the GCC trampolines.
71 + If you enabled CONFIG_GRKERNSEC_PAX then such programs will no
72 + longer work under your kernel. As a remedy you can say Y here
73 + and use the 'chpax' utility to enable trampoline emulation for
74 + the affected programs yet still have the protection provided by
75 + CONFIG_GRKERNSEC_PAX. Alternatively you can say N here and use
76 + the 'chpax' utility to disable CONFIG_GRKERNSEC_PAX for the
77 + affected files. chpax is available at
78 + http://pageexec.virtualave.net
80 + NOTE: enabling this feature *may* open up a loophole in the
81 + protection provided by CONFIG_GRKERNSEC_PAX that an attacker
82 + could abuse. Therefore the best solution is to not have any
83 + files on your system that would require this option. This can
84 + be achieved by not using libc5 (which relies on the kernel
85 + signal handler return code) and not using or rewriting programs
86 + that make use of the nested function implementation of GCC.
87 + Skilled users can just fix GCC itself so that it implements
88 + nested function calls in a way that does not interfere with PaX.
91 +CONFIG_GRKERNSEC_PAX_MPROTECT
92 + Enabling this option will prevent programs from changing the
93 + executable status of memory pages that were not originally
94 + created as executable. The kernel will also prevent programs
95 + from making read-only executable pages writable again.
97 + You should say Y here to complete the protection provided by
98 + the enforcement of the PAGE_EXEC flag (CONFIG_GRKERNSEC_PAX).
100 + NOTE: you can use the 'chpax' utility to enable/disable this
101 + feature on a per file basis. chpax is available at
102 + http://pageexec.virtualave.net
104 +Randomize mmap() base
105 +CONFIG_GRKERNSEC_PAX_RANDMMAP
106 + By saying Y here the kernel will somewhat randomize the address
107 + space of programs at each execution (the top of the stack, the
108 + base address for mmap() requests that do not specify one themselves
109 + and the base address of dynamic ELF executables).
111 + As a result all dynamically loaded libraries will appear at random
112 + addresses and therefore be harder to exploit by a technique where
113 + an attacker attempts to execute library code for his purposes
114 + (e.g. spawn a shell from an exploited program that is running at
115 + an elevated privilege level).
117 + Furthermore, if a program is relinked as a dynamic ELF file, its
118 + base address will be randomized as well, completing the full
119 + randomization of the address space. Attacking such programs becomes
122 + It is strongly recommended to say Y here even if CONFIG_GRKERNSEC_PAX
123 + is not enabled as address space randomization has negligible impact
124 + on performance yet it provides a very effective protection.
126 + NOTE: you can use the 'chpax' utility to enable/disable this
127 + feature on a per file basis. chpax is available at
128 + http://pageexec.virtualave.net
131 +CONFIG_GRKERNSEC_PROC
132 + If you say Y here, the permissions of the /proc filesystem
133 + will be altered to enhance system security and privacy. Depending
134 + upon the options you choose, you can either restrict users to see
135 + only the processes they themselves run, or choose a group that can
136 + view all processes and files normally restricted to root if you choose
137 + the "restrict to user only" option. NOTE: If you're running identd as
138 + a non-root user, you will have to run it as the group you specify here.
140 +Restrict /proc to user only
141 +CONFIG_GRKERNSEC_PROC_USER
142 + If you say Y here, non-root users will only be able to view their own
143 + processes, and restricts them from viewing network-related information,
144 + running dmesg(8), and viewing kernel symbol and module information.
146 +Restrict /proc to user and group
147 +CONFIG_GRKERNSEC_PROC_USERGROUP
148 + If you say Y here, you will be able to select a group that will be
149 + able to view all processes, network-related information, and
150 + kernel and symbol information. This option is useful if you want
151 + to run identd as a non-root user.
153 +Linking restrictions
154 +CONFIG_GRKERNSEC_LINK
155 + If you say Y here, /tmp race exploits will be prevented, since users
156 + will no longer be able to follow symlinks owned by other users in
157 + world-writeable +t directories (i.e. /tmp), unless the owner of the
158 + symlink is the owner of the directory. users will also not be
159 + able to hardlink to files they do not own. If the sysctl option is
160 + enabled, a sysctl option with name "linking_restrictions" is created.
163 +CONFIG_GRKERNSEC_FIFO
164 + If you say Y here, users will not be able to write to FIFOs they don't
165 + own in world-writeable +t directories (i.e. /tmp), unless the owner of
166 + the FIFO is the same owner of the directory it's held in. If the sysctl
167 + option is enabled, a sysctl option with name "fifo_restrictions" is
170 +Secure file descriptors
172 + If you say Y here, set*id binaries will be protected from data spoofing
173 + attacks (eg. making a program read /etc/shadow). The patches do this
174 + by opening up /dev/null to any of the stdin, stdout, stderr file descriptors
175 + for set*id binaries that are open and run by a user that is not the owner
176 + of the file. If the sysctl option is enabled, a sysctl option with name
177 + "secure_fds" is created.
179 +Exec process limiting
180 +CONFIG_GRKERNSEC_EXECVE
181 + If you say Y here, users with a resource limit on processes will
182 + have the value checked during execve() calls. The current system
183 + only checks the system limit during fork() calls. If the sysctl option
184 + is enabled, a sysctl option with name "execve_limiting" is created.
186 +Fork-bombing protection
187 +CONFIG_GRKERNSEC_FORKBOMB
188 + If you say Y here, you will be able to configure a group to add to users
189 + on your system that you want to be unable to fork-bomb the system.
190 + You will be able to specify a maximum process limit for the user and
191 + set a rate limit for all forks under their uid. (Fork-bombing is a
192 + tactic used by attackers that can be enacted in two ways, (1) loading
193 + up thousands of processes until the system can't take any more (this
194 + method can be stopped outside of the kernel with PAM, however we place
195 + protection for it in the kernel to be more complete and reduce overhead),
196 + and (2), by forking processes at a rapid rate, and then killing them
197 + off, which cannot be protected against in the same way at tactic 1)
198 + The rate limit is specified in forks allowed per second. Set this
199 + limit low enough to stop tactic 2, but high enough to allow for
200 + normal operation. The protection will kill the offending process.
201 + If the sysctl option is enabled, a sysctl option with name
202 + "fork_bomb_prot" is created.
204 +Max processes for fork-bomb protection
205 +CONFIG_GRKERNSEC_FORKBOMB_MAX
206 + Here you can configure the maximum number of processes users in the
207 + fork-bomb protected group can run. I would not recommend setting a
208 + value lower than 8, since some programs like man(1) spawn up to 8
209 + processes to run. The default value should be fine for most purposes.
210 + If the sysctl option is enabled, a sysctl option with name
211 + "fork_bomb_max" is created.
213 +Forks allowed per second
214 +CONFIG_GRKERNSEC_FORKBOMB_SEC
215 + Here you can specify the maximum number of forks allowed per second.
216 + You don't want to set this value too low, or else you'll hinder
217 + normal operation of your system. The default value should be fine for
218 + most users. If the sysctl option is enabled, a sysctl option with name
219 + "fork_bomb_sec" is created.
221 +Group for fork-bomb protection
222 +CONFIG_GRKERNSEC_FORKBOMB_GID
223 + Here you can choose the GID to enable fork-bomb protection for.
224 + Remember to add the users you want protection enabled for to the GID
225 + specified here. If the sysctl option is enabled, whatever you choose
226 + here won't matter. You'll have to specify the GID in your bootup
227 + script by echoing the GID to the proper /proc entry. View the help
228 + on the sysctl option for more information. If the sysctl option is
229 + enabled, a sysctl option with name "fork_bomb_gid" is created.
231 +Exec logging for all users
232 +CONFIG_GRKERNSEC_EXECLOG
233 + If you say Y here, all execve() calls will be logged (since the
234 + other exec*() calls are frontends to execve(), all execution
235 + will be logged). Useful for shell-servers that like to keep track
236 + of their users. If the sysctl option is enabled, a sysctl option with
237 + name "exec_logging" is created.
238 + WARNING: This option when enabled will produce a LOT of logs, especially
239 + on an active system.
241 +Exec logging for a single group
242 +CONFIG_GRKERNSEC_EXECLOG_GROUP
243 + If you say Y here, only execs by users in the group you specify will
244 + be logged. Useful for shell-servers that like to keep track
245 + of their users. If the sysctl option is enabled, a sysctl option with
246 + name "exec_group logging" is created.
247 + WARNING: Depending on the number of users in the group you specify,
248 + this option could produce a lot of logs.
250 +Group for exec logging
251 +CONFIG_GRKERNSEC_EXECLOG_GID
252 + Here you can choose the GID to log all file executions for.
253 + Remember to add the users you want to log to the GID specified here.
254 + If the sysctl option is enabled, whatever you choose here won't matter.
255 + You'll have to specify the GID in your bootup script by echoing the GID
256 + to the proper /proc entry. View the help on the sysctl option for more
257 + information. If the sysctl option is enabled, a sysctl option with name
258 + "exec_logging_gid" is created.
260 +Set*id logging for all users
261 +CONFIG_GRKERNSEC_SUID
262 + If you say Y here, all set*id() calls will be logged. Such information
263 + could be useful when detecting a possible intrusion attempt. This
264 + option can produce a lot of logs on an active system. If the sysctl
265 + option is enabled, a sysctl option with name "suid_logging" is created.
267 +Set*id logging for root
268 +CONFIG_GRKERNSEC_SUID
269 + If you say Y here, only set*id() calls where a user is changing to the
270 + gid or uid of the root user will be logged. Such information
271 + could be useful when detecting a possible intrusion attempt. This
272 + option will produce less logs than logging all calls. If the sysctl
273 + option is enabled, a sysctl option with name "suid_root_logging" is
276 +Altered default IPC permissions
277 +CONFIG_GRKERNSEC_IPC
278 + If you say Y here, the default permissions for IPC objects will be
279 + set based on the filesystem umask of the user creating the object.
280 + By default linux sets the permissions to ugo+rwx, which can be
281 + a security problem if the application doesn't explicitly set the
282 + permissions of the IPC object.
285 +CONFIG_GRKERNSEC_SIGNAL
286 + If you say Y here, certain important signals will be logged, such as
287 + SIGSEGV, which will as a result inform you of when a error in a program
288 + occurred, which in some cases could mean a possible exploit attempt.
289 + If the sysctl option is enabled, a sysctl option with name
290 + "signal_logging" is created.
293 +CONFIG_GRKERNSEC_COREDUMP
294 + If you say Y here, linux will use a style similar to BSD for
295 + coredumps, core.processname. Not a security feature, just
296 + a useful one. If the sysctl option is enabled, a sysctl option with
297 + name "coredump" is created.
299 +Fork failure logging
300 +CONFIG_GRKERNSEC_FORKFAIL
301 + If you say Y here, all failed fork() attempts will be logged.
302 + This could suggest a fork bomb, or someone attempting to overstep
303 + their process limit. If the sysctl option is enabled, a sysctl option
304 + with name "forkfail_logging" is created.
307 +CONFIG_GRKERNSEC_TIME
308 + If you say Y here, any changes of the system clock will be logged.
309 + If the sysctl option is enabled, a sysctl option with name
310 + "timechange_logging" is created.
312 +Secure keymap loading
313 +CONFIG_GRKERNSEC_KBMAP
314 + If you say Y here, KDSKBENT and KDSKBSENT ioctl calls being
315 + called by unprivileged users will be denied. If you answer N,
316 + everyone with access to the console will be able to modify keyboard
317 + bindings. If the sysctl option is enabled, a sysctl option with name
318 + "secure_kbmap" is created.
320 +Enhanced network randomness
321 +CONFIG_GRKERNSEC_RANDNET
322 + If you say Y here, the functions controlling the randomness
323 + of the Linux IP stack will be enhanced to decrease the chances
324 + of being able to predict certain packets that require some
325 + amount of randomness. If the sysctl option is enabled, a sysctl option
326 + with name "rand_net" is created.
328 +Chroot jail restrictions
329 +CONFIG_GRKERNSEC_CHROOT
330 + If you say Y here, you will be able to choose several options that will
331 + make breaking out of a chrooted jail much more difficult. If you
332 + encounter no software incompatibilities with the following options, it
333 + is recommended that you enable each one.
335 +Restricted signals in chroot
336 +CONFIG_GRKERNSEC_CHROOT_SIG
337 + If you say Y here, processes inside a chroot will not be able to send
338 + signals outside of the chroot. The only signals allowed are null
339 + signals which perform no action, and the parent process sending
340 + a certain signal to its child. If the sysctl option is enabled, a
341 + sysctl option with name "chroot_restrict_sigs" is created.
343 +Deny mounts in chroot
344 +CONFIG_GRKERNSEC_CHROOT_MOUNT
345 + If you say Y here, processes inside a chroot will not be able to
346 + mount or remount filesystems. If the sysctl option is enabled, a
347 + sysctl option with name "chroot_deny_mount" is created.
350 +CONFIG_GRKERNSEC_CHROOT_DOUBLE
351 + If you say Y here, processes inside a chroot will not be able to chroot
352 + again. This is a widely used method of breaking out of a chroot jail
353 + and should not be allowed. If the sysctl option is enabled, a sysctl
354 + option with name "chroot_deny_chroot" is created.
356 +Enforce chdir("/") on all chroots
357 +CONFIG_GRKERNSEC_CHROOT_CHDIR
358 + If you say Y here, the current working directory of all newly-chrooted
359 + applications will be set to the the root directory of the chroot.
360 + The man page on chroot(2) states:
361 + Note that this call does not change the current working
362 + directory, so that `.' can be outside the tree rooted at
363 + `/'. In particular, the super-user can escape from a
364 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
366 + It is recommended that you say Y here, since it's not known to break
367 + any software. If the sysctl option is enabled, a sysctl option with
368 + name "chroot_enforce_chdir" is created.
370 +Deny (f)chmod +s in chroot
371 +CONFIG_GRKERNSEC_CHROOT_CHMOD
372 + If you say Y here, processes inside a chroot will not be able to chmod
373 + or fchmod files to make them have suid or sgid bits. This protects
374 + against another published method of breaking a chroot. If the sysctl
375 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
378 +Deny mknod in chroot
379 +CONFIG_GRKERNSEC_CHROOT_MKNOD
380 + If you say Y here, processes inside a chroot will not be allowed to
381 + mknod. The problem with using mknod inside a chroot is that it
382 + would allow an attacker to create a device entry that is the same
383 + as one on the physical root of your system, which could range from
384 + anyhing from the console device to a device for your harddrive (which
385 + they could then use to wipe the drive or steal data). It is recommended
386 + that you say Y here, unless you run into software incompatibilities.
387 + If the sysctl option is enabled, a sysctl option with name
388 + "chroot_deny_mknod" is created.
390 +Deny ptraces in chroot
391 +CONFIG_GRKERNSEC_CHROOT_PTRACE
392 + If you say Y here, processes inside a chroot will not be able to ptrace
393 + other processes. Ptracing a process allows one to attach and alter the
394 + flow of execution for the process. It is strongly recommended that you
395 + say Y here. If the sysctl option is enabled, a sysctl option with name
396 + "chroot_deny_ptrace" is created.
398 +Restrict priority changes in chroot
399 +CONFIG_GRKERNSEC_CHROOT_NICE
400 + If you say Y here, processes inside a chroot will not be able to raise
401 + the priority of processes in the chroot, or alter the priority of
402 + processes outside the chroot. This provides more security than simply
403 + removing CAP_SYS_NICE from the process' capability set. If the
404 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
407 +Log all execs within chroot
408 +CONFIG_GRKERNSEC_CHROOT_EXECLOG
409 + If you say Y here, all executions inside a chroot jail will be logged
410 + to syslog. If the sysctl option is enabled, a sysctl option with name
411 + "chroot_execlog" is created.
413 +Chroot jail capability restrictions
414 +CONFIG_GRKERNSEC_CHROOT_CAPS
415 + If you say Y here, the capabilities on all root processes within a
416 + chroot jail will be lowered to stop module insertion, raw i/o,
417 + system and net admin tasks, transferring capabilities, and
418 + tty configuration tasks. This is left an option because it breaks
419 + some apps. Disable this if your chrooted apps are having
420 + problems performing those kinds of tasks. If the sysctl option is
421 + enabled, a sysctl option with name "chroot_caps" is created.
423 +Trusted path execution
424 +CONFIG_GRKERNSEC_TPE
425 + If you say Y here, you will be able to choose a gid to add to the
426 + supplementary groups of users you want to mark as "untrusted."
427 + These users will not be able to execute any files that are not in
428 + root-owned directories writeable only by root. If the sysctl option
429 + is enabled, a sysctl option with name "tpe" is created.
431 +Group for trusted path execution
432 +CONFIG_GRKERNSEC_TPE_GID
433 + Here you can choose the GID to enable trusted path protection for.
434 + Remember to add the users you want protection enabled for to the GID
435 + specified here. If the sysctl option is enabled, whatever you choose
436 + here won't matter. You'll have to specify the GID in your bootup
437 + script by echoing the GID to the proper /proc entry. View the help
438 + on the sysctl option for more information. If the sysctl option is
439 + enabled, a sysctl option with name "tpe_gid" is created.
441 +Partially restrict non-root users
442 +CONFIG_GRKERNSEC_TPE_ALL
443 + If you say Y here, All other non-root users will only be allowed to
444 + execute files in directories they own that are not group or
445 + world-writeable, or in directories owned by root and writeable only by
446 + root. If the sysctl option is enabled, a sysctl option with name
447 + "tpe_restrict_all" is created.
449 +Trusted path execution glibc protection
450 +CONFIG_GRKERNSEC_TPE_GLIBC
451 + If you say Y here, all non-root users will not be able to execute
452 + any files while glibc specific environment variables such as
453 + LD_PRELOAD are set, which could be used to evade the trusted path
454 + execution protection. It also protects against evasion through
455 + /lib/ld-2.* It is recommended you say Y here also. If the sysctl option
456 + is enabled, a sysctl option with name "tpe_glibc" is created.
459 +CONFIG_GRKERNSEC_PTRACE
460 + If you say Y here, no one but root will be able to ptrace processes.
461 + Tracing syscalls inside the kernel will also be disabled. All allowed
462 + ptraces will be logged when this option is enabled. If the sysctl
463 + option is enabled, a sysctl option with name "restrict_ptrace" is
466 +Allow ptrace for group
467 +CONFIG_GRKERNSEC_PTRACE_GROUP
468 + If you say Y here, you will be able to choose a GID of whose users
469 + will be able to ptrace. If the sysctl option is enabled, a sysctl
470 + option with name "allow_ptrace_group" is created.
473 +CONFIG_GRKERNSEC_PTRACE_GID
474 + Here you can choose the GID of whose users will be able to ptrace.
475 + Remember to add the users you want ptrace enabled for to the GID
476 + specified here. If the sysctl option is enabled, whatever you choose
477 + here won't matter. You'll have to specify the GID in your bootup
478 + script by echoing the GID to the proper /proc entry. View the help
479 + on the sysctl option for more information. If the sysctl option is
480 + enabled, a sysctl option with name "ptrace_gid" is created.
483 +CONFIG_GRKERNSEC_RANDPID
484 + If you say Y here, all PIDs created on the system will be
485 + pseudo-randomly generated. This is extremely effective along
486 + with the /proc restrictions to disallow an attacker from guessing
487 + pids of daemons, etc. PIDs are also used in some cases as part
488 + of a naming system for temporary files, so this option would keep
489 + those filenames from being predicted as well. We also use code
490 + to make sure that PID numbers aren't reused too soon. If the sysctl
491 + option is enabled, a sysctl option with name "rand_pids" is created.
493 +Limit uid/gid changes to root
494 +CONFIG_GRKERNSEC_TTYROOT
495 + If you say Y here, you will be able choose from three option that
496 + will allow you to restrict access to the root account by console
497 + type. These options should only be enabled if you are sure of what
498 + you're doing. Also note that they only apply to processes that have
499 + ttys, which generally involves some kind of user-interaction. The
500 + options are basically in place to keep users on a system who have a
501 + (stolen) password for root from using it unless their console
504 +Deny physical consoles (tty)
505 +CONFIG_GRKERNSEC_TTYROOT_PHYS
506 + If you say Y here, access to root from physical consoles will be
507 + denied. This is only recommended for rare cases where you will
508 + never need to be physically at the machine. If the sysctl option
509 + is enabled, a sysctl option with name "deny_phys_root" is created.
511 +Deny serial consoles (ttyS)
512 +CONFIG_GRKERNSEC_TTYROOT_SERIAL
513 + If you say Y here, access to root from serial consoles will be
514 + denied. Most people can say Y here, since most don't use serial
515 + devices for their console access. If you are unsure, say N. If
516 + the sysctl option is enabled, a sysctl option with name
517 + "deny_serial_root" is created.
519 +Deny pseudo consoles (pty)
520 +CONFIG_GRKERNSEC_TTYROOT_PSEUDO
521 + If you say Y here, access to root from pseudo consoles will be
522 + denied. Pseudo consoles include consoles from telnet, ssh, or any other
523 + kind of interactive shell initiated from the network. Pseudo consoles
524 + also include any terminals you use in XFree86. If you will only be
525 + accessing the machine for root access from the physical console, you
526 + can say Y here. Only say Y here if you're sure of what you're doing.
527 + If the sysctl option is enabled, a sysctl option with name
528 + "deny_pseudo_root" is created.
531 +CONFIG_GRKERNSEC_RANDID
532 + If you say Y here, all the id field on all outgoing packets
533 + will be randomized. This hinders os fingerprinters and
534 + keeps your machine from being used as a bounce for an untraceable
535 + portscan. Ids are used for fragmented packets, fragments belonging
536 + to the same packet have the same id. By default linux only
537 + increments the id value on each packet sent to an individual host.
538 + We use a port of the OpenBSD random ip id code to achieve the
539 + randomness, while keeping the possibility of id duplicates to
540 + near none. If the sysctl option is enabled, a sysctl option with name
541 + "rand_ip_ids" is created.
543 +Randomized TCP source ports
544 +CONFIG_GRKERNSEC_RANDSRC
545 + If you say Y here, situations where a source port is generated on the
546 + fly for the TCP protocol (ie. with connect() ) will be altered so that
547 + the source port is generated at random, instead of a simple incrementing
548 + algorithm. If the sysctl option is enabled, a sysctl option with name
549 + "rand_tcp_src_ports" is created.
552 +CONFIG_GRKERNSEC_RANDPING
553 + If you say Y here, the way Linux handles echo replies will be changed
554 + so that the reply uses an ID equal to the ID of the echo request.
555 + This will help in confusing OS detection. If the sysctl option is
556 + enabled, a sysctl option with name "altered_pings" is created.
559 +CONFIG_GRKERNSEC_RANDTTL
560 + If you say Y here, your TTL (time to live) for packets will be set at
561 + random, with a base level you specify, to further confuse OS detection.
562 + If the sysctl option is enabled, a sysctl option with name "rand_ttl"
565 +Randomized TTL threshold
566 +CONFIG_GRKERNSEC_RANDTTL_THRESH
567 + Here you can choose a base TTL for the randomization. The default value
568 + for this setting is the Linux default TTL. Most users will want to
569 + leave this setting as-is. The higher you set the base level (note that
570 + you can't set it above 255) the more hops your packets will live.
571 + If the sysctl option is enabled, whatever you choose here won't matter.
572 + You'll have to specify the threshold in your bootup script by echoing
573 + the threshold to the proper /proc entry. View the help on the sysctl
574 + option for more information. If the sysctl option is enabled, a sysctl
575 + option with name "rand_ttl_thresh" is created.
578 +CONFIG_GRKERNSEC_SOCKET
579 + If you say Y here, you will be able to choose from several options.
580 + If you assign a GID on your system and add it to the supplementary
581 + groups of users you want to restrict socket access to, this patch
582 + will perform up to three things, based on the option(s) you choose.
584 +Deny all socket access
585 +CONFIG_GRKERNSEC_SOCKET_ALL
586 + If you say Y here, you will be able to choose a GID of whose users will
587 + be unable to connect to other hosts from your machine or run server
588 + applications from your machine. If the sysctl option is enabled, a
589 + sysctl option with name "socket_all" is created.
591 +Group for disabled socket access
592 +CONFIG_GRKERNSEC_SOCKET_ALL_GID
593 + Here you can choose the GID to disable socket access for. Remember to
594 + add the users you want socket access disabled for to the GID
595 + specified here. If the sysctl option is enabled, whatever you choose
596 + here won't matter. You'll have to specify the GID in your bootup
597 + script by echoing the GID to the proper /proc entry. View the help
598 + on the sysctl option for more information. If the sysctl option is
599 + enabled, a sysctl option with name "socket_all_gid" is created.
601 +Deny all client socket access
602 +CONFIG_GRKERNSEC_SOCKET_CLIENT
603 + If you say Y here, you will be able to choose a GID of whose users will
604 + be unable to connect to other hosts from your machine, but will be
605 + able to run servers. If this option is enabled, all users in the group
606 + you specify will have to use passive mode when initiating ftp transfers
607 + from the shell on your machine. If the sysctl option is enabled, a
608 + sysctl option with name "socket_client" is created.
610 +Group for disabled client socket access
611 +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID
612 + Here you can choose the GID to disable client socket access for.
613 + Remember to add the users you want client socket access disabled for to
614 + the GID specified here. If the sysctl option is enabled, whatever you
615 + choose here won't matter. You'll have to specify the GID in your bootup
616 + script by echoing the GID to the proper /proc entry. View the help
617 + on the sysctl option for more information. If the sysctl option is
618 + enabled, a sysctl option with name "socket_client_gid" is created.
620 +Deny all server socket access
621 +CONFIG_GRKERNSEC_SOCKET_SERVER
622 + If you say Y here, you will be able to choose a GID of whose users will
623 + be unable to run server applications from your machine. If the sysctl
624 + option is enabled, a sysctl option with name "socket_server" is created.
626 +Group for disabled server socket access
627 +CONFIG_GRKERNSEC_SOCKET_SERVER_GID
628 + Here you can choose the GID to disable server socket access for.
629 + Remember to add the users you want server socket access disabled for to
630 + the GID specified here. If the sysctl option is enabled, whatever you
631 + choose here won't matter. You'll have to specify the GID in your bootup
632 + script by echoing the GID to the proper /proc entry. View the help
633 + on the sysctl option for more information. If the sysctl option is
634 + enabled, a sysctl option with name "socket_server_gid" is created.
636 +Stealth network enhancements
637 +CONFIG_GRKERNSEC_STEALTH
638 + If you say Y here, you will enable several enhancements that will
639 + improve your system's protection against portscans.
640 + Enabling these options and filtering all open ports should make
641 + your machine very hard to detect, while not interfering with (most)
642 + normal operation. All the stealth options break RFC, so there's always the
643 + possibility that it might affect how certain network applications react
646 +Do not RSTs on unserved TCP
647 +CONFIG_GRKERNSEC_STEALTH_RST
648 + If you say Y here, your machine will not send RSTs (connection resets)
649 + on unserved TCP ports. This will slow down portscanners a great deal,
650 + since it has the same effect as dropping all packets to unserved TCP
651 + ports. It will also force clients connecting to a non-open port to
652 + time out instead of immediately stating "connection refused." If the
653 + sysctl option is enabled, a sysctl option with name "stealth_rst" is
656 +Do not reply to UDP with ICMP unreachables
657 +CONFIG_GRKERNSEC_STEALTH_UDP
658 + If you say Y here, your machine will not reply with ICMP unreachable
659 + packets (type 3) on UDP ports not waiting for data. This hinders
660 + portscanners from scanning your UDP ports. Enabling the UDP stealth
661 + options is known to slow down SSH connection times, and may also
662 + interfere with other protocols as well. Packets travelling across the
663 + local loopback interface will not be tampered with. If the sysctl
664 + option is enabled, a sysctl option with name "stealth_udp" is created.
666 +Do not process ICMP packets
667 +CONFIG_GRKERNSEC_STEALTH_ICMP
668 + If you say Y here, your machine will drop all ICMP packets but
669 + echo-reply (Which allows you to ping from your machine, while not
670 + allowing your machine to be pinged). Since ICMP packets can be spoofed
671 + and are commonly used in Denial of Service attacks, it is recommended
672 + that you say Y here. Theoretically, it is possible that this option
673 + could hinder your ability to connect to certain hosts since it also
674 + blocks "packet too large" icmp messages, though in reality this
675 + occurance is rare. Packets travelling across the local loopback
676 + interface will not be tampered with. If the sysctl option is enabled, a
677 + sysctl option with name "stealth_icmp" is created.
679 +Do not reply to IGMP requests
680 +CONFIG_GRKERNSEC_STEALTH_IGMP
681 + If you say Y here, your machine will drop all IGMP packets. IGMP
682 + stands for Internet Group Management Protocol. Most users should
683 + enable this option, unless you are actually connected to a multicast
684 + network, which IGMP is used for. If the sysctl option is enabled, a
685 + sysctl option with name "stealth_igmp" is created.
687 +Drop packets with illegitimate flags
688 +CONFIG_GRKERNSEC_STEALTH_FLAGS
689 + If you say Y here, your machine will drop packets with TCP flags that
690 + are never used in normal communication. Such packets are used in
691 + "stealth" scans, and should not be allowed. It is recommended that
692 + you say Y here. If the sysctl option is enabled, a sysctl option with
693 + name "stealth_flags" is created.
695 +Log requests to unserved TCP ports
696 +CONFIG_GRKERNSEC_STEALTH_RST_LOG
697 + If you say Y here, your machine will log requests to unserved TCP ports.
698 + If the sysctl option is enabled, a sysctl option with name
699 + "stealth_rst_log" is created.
701 +Log requests to unserved UDP ports
702 +CONFIG_GRKERNSEC_STEALTH_UDP_LOG
703 + If you say Y here, your machine will log packets to UDP ports on your
704 + system that are not waiting for data. Packets travelling across the
705 + local loopback interface will not be logged. If the sysctl option is
706 + enabled, a sysctl option with name "stealth_udp_log" is created.
709 +CONFIG_GRKERNSEC_STEALTH_ICMP_LOG
710 + If you say Y here, your machine will log all ICMP packets but
711 + echo-reply. Packets travelling across the local loopback interface
712 + will not be logged. If the sysctl option is enabled, a sysctl option
713 + with name "stealth_icmp_log" is created.
715 +Log packets with illegitimate flags
716 +CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG
717 + If you say Y here, your machine will log packets with TCP flags that
718 + are never used in normal communication. Such packets are used in
719 + "stealth" scans, and should not be allowed. If the sysctl option is
720 + enabled, a sysctl option with name "stealth_flags_log" is created.
723 +CONFIG_GRKERNSEC_SYSCTL
724 + If you say Y here, you will be able to change the options that
725 + grsecurity runs with at bootup, without having to recompile your
726 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
727 + to enable (1) or disable (0) various features. All the sysctl entries
728 + are mutable until the "grsec_lock" entry is set to a non-zero value.
729 + All features are disabled by default. Please note that this option could
730 + reduce the effectiveness of the added security of this patch if an ACL
731 + system is not put in place. Your init scripts should be read-only, and
732 + root should not have access to adding modules or performing raw i/o
733 + operations. All options should be set at startup, and the grsec_lock
734 + entry should be set to a non-zero value after all the options are set.
735 + *THIS IS EXTREMELY IMPORTANT*
738 +CONFIG_GRKERNSEC_ACL
739 + If you say Y here, you enable the Access Control List system for
740 + grsecurity called Oblivion. Oblivion is a very advanced ACL system
741 + that is optimized for speed and correctness of ACLS. Unlike many
742 + other popular ACL systems, it allows both process and file ACLs.
743 + To use the ACL system, you must also download the userspace code
744 + and documentation off the grsecurity website: http://grsecurity.net
745 + You will then need to run obvadm setup to set your password and create
749 # m68k-specific kernel options
750 # Documented by Chris Lawrence <mailto:quango@themall.net> et al.
751 diff -urN linux/arch/alpha/config.in linux/arch/alpha/config.in
752 --- linux/arch/alpha/config.in Tue Nov 20 18:49:31 2001
753 +++ linux/arch/alpha/config.in Sun Dec 23 19:13:16 2001
759 +mainmenu_option next_comment
760 +comment 'Grsecurity'
761 +bool 'Grsecurity' CONFIG_GRKERNSEC
762 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
763 + source grsecurity/Config.in
767 diff -urN linux/arch/arm/config.in linux/arch/arm/config.in
768 --- linux/arch/arm/config.in Fri Nov 9 16:58:02 2001
769 +++ linux/arch/arm/config.in Sun Dec 23 19:13:16 2001
771 dep_bool ' Kernel low-level debugging messages via footbridge serial port' CONFIG_DEBUG_DC21285_PORT $CONFIG_DEBUG_LL $CONFIG_FOOTBRIDGE
772 dep_bool ' kernel low-level debugging messages via UART2' CONFIG_DEBUG_CLPS711X_UART2 $CONFIG_DEBUG_LL $CONFIG_ARCH_CLPS711X
775 +mainmenu_option next_comment
776 +comment 'Grsecurity'
777 +bool 'Grsecurity' CONFIG_GRKERNSEC
778 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
779 + source grsecurity/Config.in
783 diff -urN linux/arch/cris/config.in linux/arch/cris/config.in
784 --- linux/arch/cris/config.in Mon Oct 15 16:42:14 2001
785 +++ linux/arch/cris/config.in Sun Dec 23 19:13:16 2001
787 int ' Profile shift count' CONFIG_PROFILE_SHIFT 2
791 +mainmenu_option next_comment
792 +comment 'Grsecurity'
793 +bool 'Grsecurity' CONFIG_GRKERNSEC
794 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
795 + source grsecurity/Config.in
799 diff -urN linux/arch/i386/config.in linux/arch/i386/config.in
800 --- linux/arch/i386/config.in Fri Dec 21 12:41:53 2001
801 +++ linux/arch/i386/config.in Sun Dec 23 19:13:16 2001
807 +mainmenu_option next_comment
808 +comment 'Grsecurity'
809 +bool 'Grsecurity' CONFIG_GRKERNSEC
810 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
811 + source grsecurity/Config.in
815 diff -urN linux/arch/i386/kernel/entry.S linux/arch/i386/kernel/entry.S
816 --- linux/arch/i386/kernel/entry.S Fri Nov 2 20:18:49 2001
817 +++ linux/arch/i386/kernel/entry.S Sun Dec 23 19:13:16 2001
819 #include <linux/linkage.h>
820 #include <asm/segment.h>
822 +#include <asm/page.h>
830 +#ifdef CONFIG_GRKERNSEC_PAX
832 + pushl $ SYMBOL_NAME(pax_do_page_fault)
840 + decl %eax # eax = -1
845 + movl ORIG_EAX(%esp), %esi # get the error code
846 + movl ES(%esp), %edi # get the function address
847 + movl %eax, ORIG_EAX(%esp)
848 + movl %ecx, ES(%esp)
850 + pushl %esi # push the error code
851 + pushl %edx # push the pt_regs pointer
852 + movl $(__KERNEL_DS),%edx
859 + jnz ret_from_exception
873 pushl $ SYMBOL_NAME(do_page_fault)
879 diff -urN linux/arch/i386/kernel/head.S linux/arch/i386/kernel/head.S
880 --- linux/arch/i386/kernel/head.S Wed Jun 20 14:00:53 2001
881 +++ linux/arch/i386/kernel/head.S Sun Dec 23 19:13:16 2001
883 .quad 0x0000000000000000 /* not used */
884 .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
885 .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
886 +#ifdef CONFIG_GRKERNSEC_STACK
887 + .quad 0x00cbfa000000f7ff /* 0x23 user 3GB-8MB code at 0 */
889 .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */
891 .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */
892 .quad 0x0000000000000000 /* not used */
893 .quad 0x0000000000000000 /* not used */
894 diff -urN linux/arch/i386/kernel/ptrace.c linux/arch/i386/kernel/ptrace.c
895 --- linux/arch/i386/kernel/ptrace.c Wed Nov 21 13:42:41 2001
896 +++ linux/arch/i386/kernel/ptrace.c Sun Dec 23 19:13:16 2001
898 #include <asm/i387.h>
899 #include <asm/debugreg.h>
901 +#if defined(CONFIG_GRKERNSEC_CHROOT_PTRACE) || defined(CONFIG_GRKERNSEC_PTRACE)
902 +#include <linux/grsecurity.h>
905 * does not yet catch signals sent when the child dies.
906 * in exit.c or in signal.c.
908 if (pid == 1) /* you may not mess with init */
911 +#ifdef CONFIG_GRKERNSEC_PTRACE
912 + if(grsec_enable_ptrace && current->uid
913 +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP
914 + && ((grsec_enable_ptrace_group && !in_group_p(grsec_ptrace_gid))
915 + || !grsec_enable_ptrace_group)
918 + security_alert("denied ptrace of (%.16s:%d) by " DEFAULTSECMSG,
919 + "denied ptraces", child->comm, child->pid, DEFAULTSECARGS);
922 + security_alert("ptrace of (%.16s:%d) by " DEFAULTSECMSG,
923 + "ptraces", child->comm, child->pid, DEFAULTSECARGS);
925 +#ifdef CONFIG_GRKERNSEC_CHROOT_PTRACE
926 + if(grsec_enable_chroot_ptrace && proc_is_chrooted(current) &&
927 + have_same_root(current,child)) {
928 + security_alert("denied ptrace of process(%.16s:%d) within chroot jail "
929 + "(%.32s:%lu) by " DEFAULTSECMSG,
930 + "ptrace from chroot",
931 + child->comm,child->pid,kdevname(current->fs->root->d_inode->i_dev),
932 + current->fs->root->d_inode->i_ino,
937 if (request == PTRACE_ATTACH) {
938 ret = ptrace_attach(child);
940 @@ -439,11 +468,23 @@
944 +#ifdef CONFIG_GRKERNSEC_PTRACE
945 +asmlinkage void syscall_trace(int unused)
947 asmlinkage void syscall_trace(void)
950 +#ifdef CONFIG_GRKERNSEC_PTRACE
951 + struct pt_regs *regs = (struct pt_regs *) &unused;
954 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS)) !=
955 (PT_PTRACED|PT_TRACESYS))
957 +#ifdef CONFIG_GRKERNSEC_PTRACE
958 + if(!user_mode(regs))
961 /* the 0x80 provides a way for the tracing parent to distinguish
962 between a syscall stop and SIGTRAP delivery */
963 current->exit_code = SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
964 diff -urN linux/arch/i386/kernel/signal.c linux/arch/i386/kernel/signal.c
965 --- linux/arch/i386/kernel/signal.c Fri Sep 14 17:15:40 2001
966 +++ linux/arch/i386/kernel/signal.c Sun Dec 23 19:13:16 2001
968 * 2000-06-20 Pentium III FXSR, SSE support by Gareth Hughes
971 +#include <linux/config.h>
972 #include <linux/sched.h>
973 #include <linux/mm.h>
974 #include <linux/smp.h>
975 @@ -421,11 +422,15 @@
976 if (ka->sa.sa_flags & SA_RESTORER) {
977 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);
979 +#ifdef CONFIG_GRKERNSEC_STACK
980 + err |= __put_user(MAGIC_SIGRETURN, &frame->pretcode);
982 err |= __put_user(frame->retcode, &frame->pretcode);
983 /* This is popl %eax ; movl $,%eax ; int $0x80 */
984 err |= __put_user(0xb858, (short *)(frame->retcode+0));
985 err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2));
986 err |= __put_user(0x80cd, (short *)(frame->retcode+6));
991 @@ -496,11 +501,15 @@
992 if (ka->sa.sa_flags & SA_RESTORER) {
993 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);
995 +#ifdef CONFIG_GRKERNSEC_STACK
996 + err |= __put_user(MAGIC_RT_SIGRETURN, &frame->pretcode);
998 err |= __put_user(frame->retcode, &frame->pretcode);
999 /* This is movl $,%eax ; int $0x80 */
1000 err |= __put_user(0xb8, (char *)(frame->retcode+0));
1001 err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1));
1002 err |= __put_user(0x80cd, (short *)(frame->retcode+5));
1007 @@ -557,6 +566,18 @@
1012 +#ifdef CONFIG_GRKERNSEC_PAX
1013 + /* PaX: clean up as our trace attempt became obsolete */
1014 + if ((current->flags & PF_PAX_PAGEEXEC) && (current->ptrace & PT_PAX_TRACE)) {
1015 + if (!(current->ptrace & PT_PAX_OLDTF)) {
1016 + regs->eflags &= ~TF_MASK;
1018 + current->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);
1019 + current->thread.pax_faults.eip = 0;
1020 + current->thread.pax_faults.count = 0;
1024 /* Set up the stack frame */
1025 if (ka->sa.sa_flags & SA_SIGINFO)
1026 diff -urN linux/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c
1027 --- linux/arch/i386/kernel/traps.c Sun Sep 30 15:26:08 2001
1028 +++ linux/arch/i386/kernel/traps.c Sun Dec 23 19:13:16 2001
1031 #include <linux/irq.h>
1032 #include <linux/module.h>
1033 +#ifdef CONFIG_GRKERNSEC_STACK
1034 +#include <linux/grsecurity.h>
1037 asmlinkage int system_call(void);
1038 asmlinkage void lcall7(void);
1039 @@ -348,14 +351,183 @@
1040 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
1041 DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, get_cr2())
1043 +#if defined(CONFIG_GRKERNSEC_STACK) && defined(CONFIG_GRKERNSEC_STACK_GCC)
1044 +static unsigned long *get_reg(struct pt_regs *regs, unsigned char regnum)
1047 + case 0: return ®s->eax;
1048 + case 1: return ®s->ecx;
1049 + case 2: return ®s->edx;
1050 + case 3: return ®s->ebx;
1051 + case 4: return ®s->esp;
1052 + case 5: return ®s->ebp;
1053 + case 6: return ®s->esi;
1054 + case 7: return ®s->edi;
1058 +static unsigned long get_modrm(struct pt_regs *regs, int *err)
1060 + unsigned char modrm, sib;
1062 + unsigned long rel32;
1063 + int size, regnum, scale;
1064 + unsigned long index, base, addr, value;
1066 + *err |= __get_user(modrm, (unsigned char *)(regs->eip + 1));
1068 + regnum = modrm & 7;
1069 + addr = *get_reg(regs, regnum);
1070 + if (regnum == 4 && (modrm & 0xC0) != 0xC0) {
1071 + *err |= __get_user(sib, (unsigned char *)(regs->eip + 2));
1074 + index = *get_reg(regs, (sib >> 3) & 7);
1075 + base = *get_reg(regs, sib & 7);
1076 + addr = base + (index << scale);
1079 + switch (modrm & 0xC0) {
1081 + if (regnum == 5) {
1082 + *err |= __get_user(addr,
1083 + (unsigned long *)(regs->eip + 2));
1086 + *err |= __get_user(value, (unsigned long *)addr);
1090 + *err |= __get_user(rel8, (signed char *)(regs->eip + size));
1093 + *err |= __get_user(value, (unsigned long *)addr);
1097 + *err |= __get_user(rel32, (unsigned long *)(regs->eip + size));
1100 + *err |= __get_user(value, (unsigned long *)addr);
1108 + if (*err) return 0;
1109 + regs->eip += size;
1113 asmlinkage void do_general_protection(struct pt_regs * regs, long error_code)
1115 +#ifdef CONFIG_GRKERNSEC_STACK
1116 + unsigned long addr;
1117 +#ifdef CONFIG_GRKERNSEC_STACK_GCC
1118 + unsigned char insn;
1122 if (regs->eflags & VM_MASK)
1125 if (!(regs->xcs & 3))
1128 +#ifdef CONFIG_GRKERNSEC_STACK
1129 +/* Check if it was return from a signal handler */
1130 + if ((regs->xcs & 0xFFFF) == __USER_CS)
1131 + if (*(unsigned char *)regs->eip == 0xC3)
1132 + if (!__get_user(addr, (unsigned long *)regs->esp)) {
1133 + if ((addr & 0xFFFFFFFE) == MAGIC_SIGRETURN) {
1134 +/* Call sys_sigreturn() or sys_rt_sigreturn() to restore the context */
1136 + __asm__("movl %3,%%esi\n\t"
1137 + "subl %1,%%esp\n\t"
1138 + "movl %2,%%ecx\n\t"
1139 + "movl %%esp,%%edi\n\t"
1143 + "call sys_sigreturn\n\t"
1144 + "leal %3,%%edi\n\t"
1147 + "call sys_rt_sigreturn\n\t"
1148 + "leal %3,%%edi\n\t"
1150 + "addl %1,%%edi\n\t"
1151 + "movl %%esp,%%esi\n\t"
1152 + "movl %2,%%ecx\n\t"
1153 + "movl (%%edi),%%edi\n\t"
1155 + "movl %%esi,%%esp"
1157 +/* %eax is returned separately */
1160 + "i" (sizeof(*regs)),
1161 + "i" (sizeof(*regs) >> 2),
1165 + "cx", "dx", "si", "di", "cc", "memory");
1169 + * * Check if we're returning to the stack area, which is only likely to happen
1170 + * * when attempting to exploit a buffer overflow.
1172 + if ((addr & 0xFF800000) == 0xBF800000 ||
1173 + (addr >= PAGE_OFFSET - _STK_LIM && addr < PAGE_OFFSET))
1174 + security_alert("return onto stack by " DEFAULTSECMSG,
1175 + "returns onto stack", DEFAULTSECARGS);
1178 +#ifdef CONFIG_GRKERNSEC_STACK_GCC
1179 +/* Check if it could have been a trampoline call */
1180 + if ((regs->xcs & 0xFFFF) == __USER_CS)
1181 + if (*(unsigned char *)regs->eip == 0xFF)
1182 + if (!__get_user(insn, (unsigned char *)(regs->eip + 1)))
1183 + if ((insn & 0x38) == 0x10 && insn != 0xD4) { /* call mod r/m */
1184 +/* First, emulate the call */
1186 + addr = get_modrm(regs, &err);
1189 + err = __put_user(regs->eip, (unsigned long *)regs->esp);
1192 +/* Then, start emulating the trampoline itself */
1194 + while (!err && !__get_user(insn, (unsigned char *)regs->eip++))
1195 + if ((insn & 0xF8) == 0xB8) { /* movl imm32,%reg */
1196 +/* We only have 8 GP registers, no reason to initialize one twice */
1197 + if (count++ >= 8) break;
1198 + err |= __get_user(addr, (unsigned long *)regs->eip);
1200 + *get_reg(regs, insn & 7) = addr;
1202 + if (insn == 0xFF) {
1203 + err |= __get_user(insn, (unsigned char *)regs->eip);
1204 + if ((insn & 0xF8) == 0xE0) { /* jmp *%reg */
1205 + regs->eip = *get_reg(regs, insn & 7);
1206 + if (err) break; else return;
1210 + if (insn == 0xE9) { /* jmp rel32 */
1211 + err |= __get_user(addr, (unsigned long *)regs->eip);
1213 + regs->eip += 4 + addr;
1220 current->thread.error_code = error_code;
1221 current->thread.trap_no = 13;
1222 force_sig(SIGSEGV, current);
1223 @@ -452,6 +624,10 @@
1224 inb(0x71); /* dummy */
1227 +#ifdef CONFIG_GRKERNSEC_PAX
1228 +void pax_handle_ptes(struct task_struct *tsk);
1232 * Our handling of the processor debug registers is non-trivial.
1233 * We do not clear them on entry and exit from the kernel. Therefore
1234 @@ -482,6 +658,22 @@
1236 __asm__ __volatile__("movl %%db6,%0" : "=r" (condition));
1238 +#ifdef CONFIG_GRKERNSEC_PAX
1239 + /* PaX: clean up */
1240 + if ((tsk->flags & PF_PAX_PAGEEXEC) && (condition & DR_STEP) && (tsk->ptrace & PT_PAX_TRACE)) {
1241 + tsk->ptrace &= ~PT_PAX_TRACE;
1242 + pax_handle_ptes(tsk);
1243 + if (!(tsk->ptrace & PT_PAX_KEEPTF) && !(tsk->ptrace & PT_PAX_OLDTF))
1244 + regs->eflags &= ~TF_MASK;
1245 + tsk->ptrace &= ~PT_PAX_KEEPTF;
1246 + if (!(tsk->ptrace & PT_PAX_OLDTF)) {
1247 + condition &= ~DR_STEP;
1248 + if (!(condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)))
1251 + tsk->ptrace &= ~PT_PAX_OLDTF;
1254 /* Mask out spurious debug traps due to lazy DR7 setting */
1255 if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
1256 if (!tsk->thread.debugreg[7])
1257 diff -urN linux/arch/i386/mm/fault.c linux/arch/i386/mm/fault.c
1258 --- linux/arch/i386/mm/fault.c Tue Oct 9 18:13:03 2001
1259 +++ linux/arch/i386/mm/fault.c Sun Dec 23 19:13:16 2001
1261 * Copyright (C) 1995 Linus Torvalds
1264 +#include <linux/config.h>
1265 #include <linux/signal.h>
1266 #include <linux/sched.h>
1267 #include <linux/kernel.h>
1269 #include <linux/init.h>
1270 #include <linux/tty.h>
1271 #include <linux/vt_kern.h> /* For unblank_screen() */
1272 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_RANDMMAP)
1273 +#include <linux/unistd.h>
1276 #include <asm/system.h>
1277 #include <asm/uaccess.h>
1278 @@ -146,23 +150,31 @@
1279 * bit 1 == 0 means read, 1 means write
1280 * bit 2 == 0 means kernel, 1 means user-mode
1282 +#ifdef CONFIG_GRKERNSEC_PAX
1283 +asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address)
1285 asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
1288 struct task_struct *tsk;
1289 struct mm_struct *mm;
1290 struct vm_area_struct * vma;
1291 +#ifndef CONFIG_GRKERNSEC_PAX
1292 unsigned long address;
1295 unsigned long fixup;
1299 +#ifndef CONFIG_GRKERNSEC_PAX
1300 /* get the address */
1301 __asm__("movl %%cr2,%0":"=r" (address));
1303 /* It's safe to allow irq's after cr2 has been saved */
1304 if (regs->eflags & X86_EFLAGS_IF)
1310 @@ -220,21 +232,37 @@
1312 info.si_code = SEGV_ACCERR;
1314 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
1315 + switch (error_code & 7) {
1317 switch (error_code & 3) {
1319 default: /* 3: write, present */
1320 #ifdef TEST_VERIFY_AREA
1321 if (regs->cs == KERNEL_CS)
1322 printk("WP fault at %08lx\n", regs->eip);
1325 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
1326 + case 7: /* PaX: write, present, some protection violation */
1328 case 2: /* write, not present */
1329 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
1332 if (!(vma->vm_flags & VM_WRITE))
1336 case 1: /* read, present */
1338 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
1339 + case 5: /* PaX: read, present, protection violation */
1341 case 0: /* read, not present */
1342 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
1345 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
1348 @@ -409,3 +437,441 @@
1352 +#ifdef CONFIG_GRKERNSEC_PAX
1353 +/* PaX: called with the page_table_lock spinlock held */
1354 +static inline pte_t * pax_get_pte(struct mm_struct *mm, unsigned long address)
1359 + pgd = pgd_offset(mm, address);
1360 + if (!pgd || !pgd_present(*pgd))
1362 + pmd = pmd_offset(pgd, address);
1363 + if (!pmd || !pmd_present(*pmd))
1365 + return pte_offset(pmd, address);
1369 + * PaX: decide what to do with offenders
1371 + * returns 0 when access should be allowed
1372 + * 1 when task should be killed
1373 + * 2 when sigreturn trampoline was detected
1374 + * 3 when rt_sigreturn trampoline was detected
1375 + * 4 when gcc trampoline was detected
1377 +static int pax_handle_read_fault(struct pt_regs *regs, unsigned long address)
1379 + static unsigned char trans[8] = {6, 1, 2, 0, 13, 5, 3, 4};
1382 +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP
1383 + if (!(current->flags & PF_PAX_EMUTRAMP))
1386 + { /* PaX: sigreturn emulation */
1387 + unsigned char pop, mov;
1388 + unsigned short sys;
1391 + err = __get_user(pop, (unsigned char *)(regs->eip));
1392 + err |= __get_user(mov, (unsigned char *)(regs->eip + 1));
1393 + err |= __get_user(nr, (unsigned long *)(regs->eip + 2));
1394 + err |= __get_user(sys, (unsigned short *)(regs->eip + 6));
1397 + if (pop == 0x58 &&
1399 + nr == __NR_sigreturn &&
1410 + { /* PaX: rt_sigreturn emulation */
1411 + unsigned char mov;
1412 + unsigned short sys;
1415 + err = __get_user(mov, (unsigned char *)(regs->eip));
1416 + err |= __get_user(nr, (unsigned long *)(regs->eip + 1));
1417 + err |= __get_user(sys, (unsigned short *)(regs->eip + 5));
1420 + if (mov == 0xb8 &&
1421 + nr == __NR_rt_sigreturn &&
1431 + { /* PaX: gcc trampoline emulation #1 */
1432 + unsigned char mov1, mov2;
1433 + unsigned short jmp;
1434 + unsigned long addr1, addr2, ret;
1436 + err = __get_user(mov1, (unsigned char *)(regs->eip));
1437 + err |= __get_user(addr1, (unsigned long *)(regs->eip + 1));
1438 + err |= __get_user(mov2, (unsigned char *)(regs->eip + 5));
1439 + err |= __get_user(addr2, (unsigned long *)(regs->eip + 6));
1440 + err |= __get_user(jmp, (unsigned short *)(regs->eip + 10));
1441 + err |= __get_user(ret, (unsigned long *)(regs->esp));
1444 + unsigned short call;
1446 + err = __get_user(call, (unsigned short *)(ret-2));
1448 + if ((mov1 & 0xF8) == 0xB8 &&
1449 + (mov2 & 0xF8) == 0xB8 &&
1450 + (mov1 & 0x07) != (mov2 & 0x07) &&
1451 + (jmp & 0xF8FF) == 0xE0FF &&
1452 + (mov2 & 0x07) == ((jmp>>8) & 0x07) &&
1453 + (call & 0xF8FF) == 0xD0FF &&
1454 + (regs->eip == ((unsigned long*)regs)[trans[(call>>8) & 0x07]]))
1456 + ((unsigned long *)regs)[trans[mov1 & 0x07]] = addr1;
1457 + ((unsigned long *)regs)[trans[mov2 & 0x07]] = addr2;
1458 + regs->eip = addr2;
1465 + { /* PaX: gcc trampoline emulation #2 */
1466 + unsigned char mov, jmp;
1467 + unsigned long addr1, addr2, ret;
1469 + err = __get_user(mov, (unsigned char *)(regs->eip));
1470 + err |= __get_user(addr1, (unsigned long *)(regs->eip + 1));
1471 + err |= __get_user(jmp, (unsigned char *)(regs->eip + 5));
1472 + err |= __get_user(addr2, (unsigned long *)(regs->eip + 6));
1473 + err |= __get_user(ret, (unsigned long *)(regs->esp));
1476 + unsigned short call;
1478 + err = __get_user(call, (unsigned short *)(ret-2));
1480 + if ((mov & 0xF8) == 0xB8 &&
1482 + (call & 0xF8FF) == 0xD0FF &&
1483 + (regs->eip == ((unsigned long*)regs)[trans[(call>>8) & 0x07]]))
1485 + ((unsigned long *)regs)[trans[mov & 0x07]] = addr1;
1486 + regs->eip += addr2 + 10;
1494 + return 1; /* PaX in action */
1497 +static int pax_handle_opcode(struct task_struct *tsk, struct pt_regs *regs)
1499 + unsigned long opsize = 1;
1500 + unsigned long opsize_override = 0;
1503 + if (regs->eflags & TF_MASK)
1504 + tsk->ptrace |= PT_PAX_OLDTF;
1506 + tsk->ptrace &= ~PT_PAX_OLDTF;
1507 + tsk->ptrace &= ~PT_PAX_KEEPTF;
1509 + for (i=0; i<15; i++) {
1510 + unsigned char opcode;
1511 + if (__get_user(opcode, (unsigned char*)(regs->eip+i)))
1527 + opsize_override = 1;
1530 + case 0x9C: /* PUSHF */
1531 + if (opsize ^ opsize_override) {
1532 + __put_user(regs->eflags & 0x00FCFFFFul, (unsigned long*)(regs->esp-4));
1535 + __put_user(regs->eflags, (unsigned short*)(regs->esp-2));
1538 + regs->eip += i + 1;
1541 + case 0x9D: /* POPF */
1542 + case 0xCF: /* IRET */
1543 + tsk->ptrace |= PT_PAX_KEEPTF;
1553 +static inline void pax_handle_pte(struct mm_struct *mm, unsigned long address)
1556 + pte = pax_get_pte(mm, address);
1558 + set_pte(pte, pte_exprotect(*pte));
1559 + __flush_tlb_one(address);
1563 +#define PAX_SPIN_COUNT 256
1565 +void pax_handle_ptes(struct task_struct *tsk)
1567 + struct mm_struct *mm;
1570 + spin_lock(&mm->page_table_lock);
1571 + switch (tsk->thread.pax_faults.count) {
1573 + printk(KERN_ERR "PAX: wtf: %s:%d, %ld\n", tsk->comm, tsk->pid, tsk->thread.pax_faults.count);
1576 + case PAX_SPIN_COUNT+4:
1577 + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[3]);
1579 + case PAX_SPIN_COUNT+3:
1580 + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[2]);
1582 + case PAX_SPIN_COUNT+2:
1583 + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[1]);
1585 + case PAX_SPIN_COUNT+1:
1586 + pax_handle_pte(mm, tsk->thread.pax_faults.addresses[0]);
1588 + spin_unlock(&mm->page_table_lock);
1589 + tsk->thread.pax_faults.eip = 0;
1590 + tsk->thread.pax_faults.count = 0;
1594 + * PaX: handle the extra page faults or pass it down to the original handler
1596 + * returns 0 when nothing special was detected
1597 + * 1 when sigreturn trampoline (syscall) has to be emulated
1599 +asmlinkage int pax_do_page_fault(struct pt_regs *regs, unsigned long error_code)
1601 + struct task_struct *tsk = current;
1602 + struct mm_struct *mm = current->mm;
1603 + unsigned long address;
1605 + unsigned char pte_mask = _PAGE_ACCESSED | _PAGE_USER;
1609 + __asm__("movl %%cr2,%0":"=r" (address));
1611 + /* It's safe to allow irq's after cr2 has been saved */
1612 + if (regs->eflags & X86_EFLAGS_IF)
1613 + local_irq_enable();
1615 + if ((error_code & 5) != 5 || address >= TASK_SIZE || regs->xcs != __USER_CS || (VM_MASK & regs->eflags))
1618 + /* PaX: it's our fault, let's handle it if we can */
1620 + if (error_code == 7) {
1621 + pte_mask |= _PAGE_DIRTY;
1622 + /* PaX: take a look at read faults before acquiring any locks */
1623 + } else if (regs->eip == address) { /* read/instruction fetch attempt from a protected page in user mode */
1624 + ret = pax_handle_read_fault(regs, address);
1627 + tsk->thread.pax_faults.eip = 0;
1628 + tsk->thread.pax_faults.count = 0;
1633 + tsk->thread.pax_faults.eip = 0;
1634 + tsk->thread.pax_faults.count = 0;
1639 + char* buffer = (char*)__get_free_page(GFP_KERNEL);
1643 + struct vm_area_struct* vma;
1645 + down_read(&mm->mmap_sem);
1648 + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
1651 + vma = vma->vm_next;
1654 + path = d_path(vma->vm_file->f_dentry, vma->vm_file->f_vfsmnt, buffer, PAGE_SIZE);
1655 + up_read(&mm->mmap_sem);
1657 + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, EIP: %08lX, ESP: %08lX\n", path, tsk->comm, tsk->pid, tsk->uid, tsk->euid, regs->eip, regs->esp);
1658 + if (buffer) free_page((unsigned long)buffer);
1659 + printk(KERN_ERR "PAX: bytes at EIP: ");
1660 + for (i = 0; i < 20; i++) {
1662 + if (__get_user(c, (unsigned char*)(regs->eip+i))) {
1663 + printk("<invalid address>.");
1666 + printk("%02x ", c);
1670 + tsk->thread.pax_faults.eip = 0;
1671 + tsk->thread.pax_faults.count = 0;
1672 + tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);
1673 + regs->eflags &= ~TF_MASK;
1674 + tsk->thread.cr2 = address;
1675 + tsk->thread.error_code = error_code;
1676 + tsk->thread.trap_no = 14;
1677 + force_sig(SIGKILL,tsk);
1685 + spin_lock(&mm->page_table_lock);
1686 + pte = pax_get_pte(mm, address);
1687 + if (!pte || !(pte_val(*pte) & _PAGE_PRESENT) || pte_exec(*pte)) {
1688 + spin_unlock(&mm->page_table_lock);
1692 + if ((error_code == 7) && !pte_write(*pte)) { /* write attempt to a protected page in user mode */
1693 + spin_unlock(&mm->page_table_lock);
1698 + * PaX: fill DTLB with user rights and retry
1700 + if (regs->eip != tsk->thread.pax_faults.eip) { /* detect DTLB trashing */
1701 + tsk->thread.pax_faults.eip = regs->eip;
1702 + tsk->thread.pax_faults.count = 0;
1705 + __asm__ __volatile__ (
1711 + : "m" (*(char*)address), "m" (*(char*)pte) , "r" (pte_mask) , "i" (_PAGE_USER)
1712 + : "memory", "cc");
1713 + spin_unlock(&mm->page_table_lock);
1717 + if (tsk->thread.pax_faults.count < PAX_SPIN_COUNT) {
1718 + ++tsk->thread.pax_faults.count;
1721 + spin_unlock(&mm->page_table_lock);
1723 + if (tsk->thread.pax_faults.count == PAX_SPIN_COUNT) {
1724 + if (pax_handle_opcode(tsk, regs)) {
1725 + tsk->thread.pax_faults.eip = 0;
1726 + tsk->thread.pax_faults.count = 0;
1727 + tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);
1730 + ++tsk->thread.pax_faults.count;
1734 + if (tsk->thread.pax_faults.count > PAX_SPIN_COUNT+1+3) {
1735 + printk(KERN_ERR "PAX: preventing DoS: %s:%d, EIP: %08lX, ESP: %08lX\n", tsk->comm, tsk->pid, regs->eip, regs->esp);
1736 + printk(KERN_ERR "PAX: bytes at EIP: ");
1737 + for (i = 0; i < 20; i++) {
1739 + if (__get_user(c, (unsigned char*)(regs->eip+i))) {
1740 + printk("<invalid address>.");
1743 + printk("%02x ", c);
1747 + tsk->thread.pax_faults.eip = 0;
1748 + tsk->thread.pax_faults.count = 0;
1749 + tsk->ptrace &= ~(PT_PAX_TRACE | PT_PAX_KEEPTF | PT_PAX_OLDTF);
1750 + regs->eflags &= ~TF_MASK;
1751 + tsk->thread.cr2 = address;
1752 + tsk->thread.error_code = error_code;
1753 + tsk->thread.trap_no = 14;
1754 + force_sig(SIGKILL,tsk);
1758 + spin_lock(&mm->page_table_lock);
1759 + pte = pax_get_pte(mm, address);
1761 + set_pte(pte, pte_mkexec(*pte));
1762 + __flush_tlb_one(address);
1763 + tsk->thread.pax_faults.addresses[tsk->thread.pax_faults.count-PAX_SPIN_COUNT-1] = address;
1764 + ++tsk->thread.pax_faults.count;
1766 + spin_unlock(&mm->page_table_lock);
1767 + tsk->ptrace |= PT_PAX_TRACE;
1768 + regs->eflags |= TF_MASK;
1771 + if (tsk->thread.pax_faults.count > PAX_SPIN_COUNT+1+1) {
1772 + printk(KERN_ERR "PAX: DTLB trashing, level %ld: %s:%d,"
1773 + "EIP: %08lX, ESP: %08lX, cr2: %08lX\n",
1774 + tsk->thread.pax_faults.count - (PAX_SPIN_COUNT+1),
1775 + tsk->comm, tsk->pid, regs->eip, regs->esp, address);
1776 + printk(KERN_ERR "PAX: DTLB trashing, %08lX, %08lX, %08lX\n",
1777 + tsk->thread.pax_faults.addresses[0],
1778 + tsk->thread.pax_faults.addresses[1],
1779 + tsk->thread.pax_faults.addresses[2]);
1785 + do_page_fault(regs, error_code, address);
1790 diff -urN linux/arch/i386/mm/init.c linux/arch/i386/mm/init.c
1791 --- linux/arch/i386/mm/init.c Fri Dec 21 12:41:53 2001
1792 +++ linux/arch/i386/mm/init.c Sun Dec 23 19:13:16 2001
1793 @@ -400,7 +400,11 @@
1794 pmd = pmd_offset(pgd, vaddr);
1795 pte = pte_offset(pmd, vaddr);
1797 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
1798 + *pte = mk_pte_phys(0, PAGE_READONLY_EXEC);
1800 *pte = mk_pte_phys(0, PAGE_READONLY);
1804 boot_cpu_data.wp_works_ok = do_test_wp_bit(vaddr);
1805 diff -urN linux/arch/ia64/config.in linux/arch/ia64/config.in
1806 --- linux/arch/ia64/config.in Fri Nov 9 17:26:17 2001
1807 +++ linux/arch/ia64/config.in Sun Dec 23 19:13:16 2001
1808 @@ -276,3 +276,12 @@
1813 +mainmenu_option next_comment
1814 +comment 'Grsecurity'
1815 +bool 'Grsecurity' CONFIG_GRKERNSEC
1816 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1817 + source grsecurity/Config.in
1821 diff -urN linux/arch/m68k/config.in linux/arch/m68k/config.in
1822 --- linux/arch/m68k/config.in Mon Jun 11 22:15:27 2001
1823 +++ linux/arch/m68k/config.in Sun Dec 23 19:13:16 2001
1824 @@ -546,3 +546,12 @@
1825 #bool 'Debug kmalloc/kfree' CONFIG_DEBUG_MALLOC
1826 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
1829 +mainmenu_option next_comment
1830 +comment 'Grsecurity'
1831 +bool 'Grsecurity' CONFIG_GRKERNSEC
1832 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1833 + source grsecurity/Config.in
1837 diff -urN linux/arch/mips/config.in linux/arch/mips/config.in
1838 --- linux/arch/mips/config.in Mon Oct 15 16:41:34 2001
1839 +++ linux/arch/mips/config.in Sun Dec 23 19:13:16 2001
1840 @@ -520,3 +520,12 @@
1841 bool 'Run uncached' CONFIG_MIPS_UNCACHED
1845 +mainmenu_option next_comment
1846 +comment 'Grsecurity'
1847 +bool 'Grsecurity' CONFIG_GRKERNSEC
1848 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1849 + source grsecurity/Config.in
1853 diff -urN linux/arch/mips64/config.in linux/arch/mips64/config.in
1854 --- linux/arch/mips64/config.in Sun Sep 9 13:43:02 2001
1855 +++ linux/arch/mips64/config.in Sun Dec 23 19:13:16 2001
1856 @@ -276,3 +276,12 @@
1857 bool 'Run uncached' CONFIG_MIPS_UNCACHED
1861 +mainmenu_option next_comment
1862 +comment 'Grsecurity'
1863 +bool 'Grsecurity' CONFIG_GRKERNSEC
1864 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1865 + source grsecurity/Config.in
1869 diff -urN linux/arch/parisc/config.in linux/arch/parisc/config.in
1870 --- linux/arch/parisc/config.in Tue Apr 17 20:19:25 2001
1871 +++ linux/arch/parisc/config.in Sun Dec 23 19:13:16 2001
1872 @@ -208,3 +208,11 @@
1873 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
1876 +mainmenu_option next_comment
1877 +comment 'Grsecurity'
1878 +bool 'Grsecurity' CONFIG_GRKERNSEC
1879 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1880 + source grsecurity/Config.in
1884 diff -urN linux/arch/ppc/config.in linux/arch/ppc/config.in
1885 --- linux/arch/ppc/config.in Fri Nov 16 13:10:08 2001
1886 +++ linux/arch/ppc/config.in Sun Dec 23 19:13:16 2001
1887 @@ -393,3 +393,12 @@
1888 bool 'Include kgdb kernel debugger' CONFIG_KGDB
1889 bool 'Include xmon kernel debugger' CONFIG_XMON
1892 +mainmenu_option next_comment
1893 +comment 'Grsecurity'
1894 +bool 'Grsecurity' CONFIG_GRKERNSEC
1895 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1896 + source grsecurity/Config.in
1900 diff -urN linux/arch/s390/config.in linux/arch/s390/config.in
1901 --- linux/arch/s390/config.in Fri Nov 9 16:58:02 2001
1902 +++ linux/arch/s390/config.in Sun Dec 23 19:13:16 2001
1904 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
1907 +mainmenu_option next_comment
1908 +comment 'Grsecurity'
1909 +bool 'Grsecurity' CONFIG_GRKERNSEC
1910 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1911 + source grsecurity/Config.in
1915 diff -urN linux/arch/s390x/config.in linux/arch/s390x/config.in
1916 --- linux/arch/s390x/config.in Thu Oct 11 12:04:57 2001
1917 +++ linux/arch/s390x/config.in Sun Dec 23 19:13:16 2001
1919 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
1922 +mainmenu_option next_comment
1923 +comment 'Grsecurity'
1924 +bool 'Grsecurity' CONFIG_GRKERNSEC
1925 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1926 + source grsecurity/Config.in
1930 diff -urN linux/arch/sh/config.in linux/arch/sh/config.in
1931 --- linux/arch/sh/config.in Mon Oct 15 16:36:48 2001
1932 +++ linux/arch/sh/config.in Sun Dec 23 19:13:16 2001
1933 @@ -386,3 +386,12 @@
1934 bool 'Early printk support' CONFIG_SH_EARLY_PRINTK
1938 +mainmenu_option next_comment
1939 +comment 'Grsecurity'
1940 +bool 'Grsecurity' CONFIG_GRKERNSEC
1941 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1942 + source grsecurity/Config.in
1946 diff -urN linux/arch/sparc/config.in linux/arch/sparc/config.in
1947 --- linux/arch/sparc/config.in Mon Jun 11 22:15:27 2001
1948 +++ linux/arch/sparc/config.in Sun Dec 23 19:13:16 2001
1949 @@ -266,3 +266,12 @@
1951 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
1954 +mainmenu_option next_comment
1955 +comment 'Grsecurity'
1956 +bool 'Grsecurity' CONFIG_GRKERNSEC
1957 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1958 + source grsecurity/Config.in
1962 diff -urN linux/arch/sparc64/config.in linux/arch/sparc64/config.in
1963 --- linux/arch/sparc64/config.in Fri Dec 21 12:41:53 2001
1964 +++ linux/arch/sparc64/config.in Sun Dec 23 19:13:16 2001
1965 @@ -306,3 +306,12 @@
1970 +mainmenu_option next_comment
1971 +comment 'Grsecurity'
1972 +bool 'Grsecurity' CONFIG_GRKERNSEC
1973 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1974 + source grsecurity/Config.in
1978 diff -urN linux/drivers/char/mem.c linux/drivers/char/mem.c
1979 --- linux/drivers/char/mem.c Fri Dec 21 12:41:54 2001
1980 +++ linux/drivers/char/mem.c Sun Dec 23 19:13:16 2001
1981 @@ -200,9 +200,21 @@
1983 * Don't dump addresses that are not real memory to a core file.
1985 +#ifdef CONFIG_GRKERNSEC_PAX
1986 + if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC)) {
1988 if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC))
1990 vma->vm_flags |= VM_IO;
1992 +#ifdef CONFIG_GRKERNSEC_PAX
1993 + /* it turned out to be device memory (eg. video RAM), don't apply PaX */
1994 + if ((current->flags & PF_PAX_PAGEEXEC) &&!(vma->vm_flags & VM_EXEC)) {
1995 + vma->vm_flags |= VM_EXEC | VM_MAYEXEC;
1996 + vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];
2000 if (remap_page_range(vma->vm_start, offset, vma->vm_end-vma->vm_start,
2003 @@ -401,8 +413,12 @@
2006 zap_page_range(mm, addr, count);
2007 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2008 + zeromap_page_range(addr, count, vma->vm_page_prot);
2010 zeromap_page_range(addr, count, PAGE_COPY);
2016 diff -urN linux/drivers/char/random.c linux/drivers/char/random.c
2017 --- linux/drivers/char/random.c Fri Nov 9 17:01:21 2001
2018 +++ linux/drivers/char/random.c Sun Dec 23 19:13:16 2001
2019 @@ -260,6 +260,12 @@
2021 * Configuration information
2023 +#ifdef CONFIG_GRKERNSEC_RANDNET
2024 +#include <linux/grsecurity.h>
2025 +#define DEFAULT_POOL_SIZE_RANDNET 4096
2026 +#define SECONDARY_POOL_SIZE_RANDNET 1024
2027 +#define BATCH_ENTROPY_SIZE_RANDNET 2048
2029 #define DEFAULT_POOL_SIZE 512
2030 #define SECONDARY_POOL_SIZE 128
2031 #define BATCH_ENTROPY_SIZE 256
2032 @@ -387,8 +393,13 @@
2034 * Static global variables
2036 +#ifdef CONFIG_GRKERNSEC_RANDPID
2037 +struct entropy_store *random_state; /* The default global store */
2038 +struct entropy_store *sec_random_state; /* secondary store */
2040 static struct entropy_store *random_state; /* The default global store */
2041 static struct entropy_store *sec_random_state; /* secondary store */
2043 static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
2044 static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);
2046 @@ -1433,11 +1444,23 @@
2050 - if (create_entropy_store(DEFAULT_POOL_SIZE, &random_state))
2051 + if (create_entropy_store(
2052 +#ifdef CONFIG_GRKERNSEC_RANDNET
2053 + grsec_enable_randnet?DEFAULT_POOL_SIZE_RANDNET:
2055 + DEFAULT_POOL_SIZE, &random_state))
2056 return; /* Error, return */
2057 - if (batch_entropy_init(BATCH_ENTROPY_SIZE, random_state))
2058 + if (batch_entropy_init(
2059 +#ifdef CONFIG_GRKERNSEC_RANDNET
2060 + grsec_enable_randnet?BATCH_ENTROPY_SIZE_RANDNET:
2062 + BATCH_ENTROPY_SIZE, random_state))
2063 return; /* Error, return */
2064 - if (create_entropy_store(SECONDARY_POOL_SIZE, &sec_random_state))
2065 + if (create_entropy_store(
2066 +#ifdef CONFIG_GRKERNSEC_RANDNET
2067 + grsec_enable_randnet?SECONDARY_POOL_SIZE_RANDNET:
2069 + SECONDARY_POOL_SIZE, &sec_random_state))
2070 return; /* Error, return */
2071 clear_entropy_store(random_state);
2072 clear_entropy_store(sec_random_state);
2073 diff -urN linux/drivers/char/vt.c linux/drivers/char/vt.c
2074 --- linux/drivers/char/vt.c Fri Nov 16 13:08:28 2001
2075 +++ linux/drivers/char/vt.c Sun Dec 23 19:13:16 2001
2077 #include <asm/vc_ioctl.h>
2078 #endif /* CONFIG_FB_COMPAT_XPMAC */
2080 +#ifdef CONFIG_GRKERNSEC_KBMAP
2081 +#include <linux/grsecurity.h>
2084 char vt_dont_switch;
2085 extern struct tty_driver console_driver;
2087 @@ -177,7 +181,11 @@
2088 val = (i ? K_HOLE : K_NOSUCHMAP);
2089 return put_user(val, &user_kbe->kb_value);
2091 +#ifdef CONFIG_GRKERNSEC_KBMAP
2092 + if (!perm || (grsec_enable_kbmap && !suser()))
2097 if (!i && v == K_NOSUCHMAP) {
2098 /* disallocate map */
2099 @@ -298,7 +306,11 @@
2101 return ((p && *p) ? -EOVERFLOW : 0);
2103 +#ifdef CONFIG_GRKERNSEC_KBMAP
2104 + if (!perm || (grsec_enable_kbmap && !suser()))
2111 diff -urN linux/drivers/ieee1394/video1394.c linux/drivers/ieee1394/video1394.c
2112 --- linux/drivers/ieee1394/video1394.c Fri Dec 21 12:41:54 2001
2113 +++ linux/drivers/ieee1394/video1394.c Sun Dec 23 19:13:16 2001
2114 @@ -843,7 +843,11 @@
2115 pos=(unsigned long) d->buf;
2117 page = kvirt_to_pa(pos);
2118 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2119 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))
2121 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))
2126 diff -urN linux/drivers/media/video/bttv-driver.c linux/drivers/media/video/bttv-driver.c
2127 --- linux/drivers/media/video/bttv-driver.c Fri Dec 21 12:41:54 2001
2128 +++ linux/drivers/media/video/bttv-driver.c Sun Dec 23 19:13:16 2001
2129 @@ -2052,7 +2052,11 @@
2130 pos=(unsigned long) btv->fbuffer;
2132 page = kvirt_to_pa(pos);
2133 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2134 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))
2136 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))
2141 diff -urN linux/drivers/media/video/cpia.c linux/drivers/media/video/cpia.c
2142 --- linux/drivers/media/video/cpia.c Thu Oct 25 16:53:47 2001
2143 +++ linux/drivers/media/video/cpia.c Sun Dec 23 19:13:16 2001
2144 @@ -3005,7 +3005,11 @@
2145 pos = (unsigned long)(cam->frame_buf);
2147 page = kvirt_to_pa(pos);
2148 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2149 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {
2151 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {
2153 up(&cam->busy_lock);
2156 diff -urN linux/drivers/media/video/meye.c linux/drivers/media/video/meye.c
2157 --- linux/drivers/media/video/meye.c Fri Dec 21 12:41:54 2001
2158 +++ linux/drivers/media/video/meye.c Sun Dec 23 19:13:16 2001
2159 @@ -1263,7 +1263,11 @@
2162 page = kvirt_to_pa(pos);
2163 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2164 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {
2166 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {
2171 diff -urN linux/drivers/media/video/planb.c linux/drivers/media/video/planb.c
2172 --- linux/drivers/media/video/planb.c Thu Oct 25 16:53:47 2001
2173 +++ linux/drivers/media/video/planb.c Sun Dec 23 19:13:16 2001
2174 @@ -2009,7 +2009,11 @@
2176 for (i = 0; i < pb->rawbuf_size; i++) {
2177 if (remap_page_range(start, virt_to_phys((void *)pb->rawbuf[i]),
2178 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2179 + PAGE_SIZE, PAGE_SHARED_EXEC))
2181 PAGE_SIZE, PAGE_SHARED))
2185 if (size <= PAGE_SIZE)
2186 diff -urN linux/drivers/media/video/zr36067.c linux/drivers/media/video/zr36067.c
2187 --- linux/drivers/media/video/zr36067.c Fri Nov 9 17:01:22 2001
2188 +++ linux/drivers/media/video/zr36067.c Sun Dec 23 19:13:16 2001
2189 @@ -4322,7 +4322,11 @@
2191 page = virt_to_phys(bus_to_virt(pos)); /* should just be pos on i386 */
2192 if (remap_page_range
2193 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2194 + (start, page, todo, PAGE_SHARED_EXEC)) {
2196 (start, page, todo, PAGE_SHARED)) {
2199 "%s: zoran_mmap(V4L): remap_page_range failed\n",
2201 @@ -4363,7 +4367,11 @@
2202 ("V4L remap page range %d 0x%lx %ld to 0x%lx\n",
2203 i, page, todo, start));
2204 if (remap_page_range
2205 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2206 + (start, page, todo, PAGE_SHARED_EXEC)) {
2208 (start, page, todo, PAGE_SHARED)) {
2211 "%s: zoran_mmap(V4L): remap_page_range failed\n",
2213 diff -urN linux/drivers/media/video/zr36120.c linux/drivers/media/video/zr36120.c
2214 --- linux/drivers/media/video/zr36120.c Fri Nov 9 17:01:22 2001
2215 +++ linux/drivers/media/video/zr36120.c Sun Dec 23 19:13:16 2001
2216 @@ -1484,7 +1484,11 @@
2217 pos = (unsigned long)ztv->fbuffer;
2219 unsigned long page = virt_to_phys((void*)pos);
2220 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2221 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))
2223 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))
2228 diff -urN linux/drivers/usb/ov511.c linux/drivers/usb/ov511.c
2229 --- linux/drivers/usb/ov511.c Fri Sep 14 17:04:07 2001
2230 +++ linux/drivers/usb/ov511.c Sun Dec 23 19:13:16 2001
2231 @@ -2769,7 +2769,11 @@
2232 pos = (unsigned long)ov511->fbuf;
2234 page = kvirt_to_pa(pos);
2235 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2236 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))
2238 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))
2243 diff -urN linux/drivers/usb/pwc-if.c linux/drivers/usb/pwc-if.c
2244 --- linux/drivers/usb/pwc-if.c Fri Dec 21 12:41:55 2001
2245 +++ linux/drivers/usb/pwc-if.c Sun Dec 23 19:13:16 2001
2246 @@ -1581,7 +1581,11 @@
2247 pos = (unsigned long)pdev->image_data;
2249 page = kvirt_to_pa(pos);
2250 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2251 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))
2253 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))
2258 diff -urN linux/drivers/usb/se401.c linux/drivers/usb/se401.c
2259 --- linux/drivers/usb/se401.c Fri Sep 14 17:27:10 2001
2260 +++ linux/drivers/usb/se401.c Sun Dec 23 19:13:16 2001
2261 @@ -1374,7 +1374,11 @@
2262 pos = (unsigned long)se401->fbuf;
2264 page = kvirt_to_pa(pos);
2265 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2266 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC)) {
2268 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED)) {
2273 diff -urN linux/drivers/usb/usbvideo.c linux/drivers/usb/usbvideo.c
2274 --- linux/drivers/usb/usbvideo.c Thu Oct 11 02:42:46 2001
2275 +++ linux/drivers/usb/usbvideo.c Sun Dec 23 19:13:16 2001
2276 @@ -1199,7 +1199,11 @@
2277 pos = (unsigned long) uvd->fbuf;
2279 page = usbvideo_kvirt_to_pa(pos);
2280 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2281 + if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED_EXEC))
2283 if (remap_page_range(start, page, PAGE_SIZE, PAGE_SHARED))
2288 diff -urN linux/fs/binfmt_aout.c linux/fs/binfmt_aout.c
2289 --- linux/fs/binfmt_aout.c Fri Nov 2 20:39:20 2001
2290 +++ linux/fs/binfmt_aout.c Sun Dec 23 19:13:16 2001
2294 #include <linux/module.h>
2295 +#include <linux/config.h>
2297 #include <linux/sched.h>
2298 #include <linux/kernel.h>
2299 @@ -307,6 +308,25 @@
2300 current->mm->mmap = NULL;
2301 compute_creds(bprm);
2302 current->flags &= ~PF_FORKNOEXEC;
2303 +#ifdef CONFIG_GRKERNSEC_STACK
2304 + if (N_FLAGS(ex) & F_STACKEXEC) current->flags |= PF_STACKEXEC;
2307 +#ifdef CONFIG_GRKERNSEC_PAX
2308 + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC))
2309 + current->flags |= PF_PAX_PAGEEXEC;
2312 +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP
2313 + if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
2314 + current->flags |= PF_PAX_EMUTRAMP;
2317 +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT
2318 + if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
2319 + current->flags |= PF_PAX_MPROTECT;
2323 if (N_MAGIC(ex) == NMAGIC) {
2324 loff_t pos = fd_offset;
2325 @@ -393,7 +413,11 @@
2327 down_write(¤t->mm->mmap_sem);
2328 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
2329 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2330 + PROT_READ | PROT_WRITE,
2332 PROT_READ | PROT_WRITE | PROT_EXEC,
2334 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
2335 fd_offset + ex.a_text);
2336 up_write(¤t->mm->mmap_sem);
2337 diff -urN linux/fs/binfmt_elf.c linux/fs/binfmt_elf.c
2338 --- linux/fs/binfmt_elf.c Fri Dec 21 12:41:55 2001
2339 +++ linux/fs/binfmt_elf.c Sun Dec 23 19:14:37 2001
2342 #include <linux/module.h>
2344 +#include <linux/config.h>
2345 #include <linux/fs.h>
2346 #include <linux/stat.h>
2347 #include <linux/sched.h>
2349 #include <linux/smp_lock.h>
2350 #include <linux/compiler.h>
2351 #include <linux/highmem.h>
2352 +#if defined(CONFIG_GRKERNSEC_PAX_RANDMMAP) || defined(CONFIG_GRKERNSEC_PAX)
2353 +#include <linux/random.h>
2356 #include <asm/uaccess.h>
2357 #include <asm/param.h>
2359 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
2360 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
2362 -static struct linux_binfmt elf_format = {
2363 +#ifndef CONFIG_GRKERNSEC_STACK
2366 +struct linux_binfmt elf_format = {
2367 NULL, THIS_MODULE, load_elf_binary, load_elf_library, elf_core_dump, ELF_EXEC_PAGESIZE
2370 @@ -138,6 +145,11 @@
2374 +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
2375 + if (current->flags & PF_PAX_RANDMMAP)
2376 + u_platform -= (current->mm->delta_stack & ~PAGE_MASK);
2380 * Force 16 byte _final_ alignment here for generality.
2382 @@ -599,7 +611,49 @@
2383 current->mm->end_data = 0;
2384 current->mm->end_code = 0;
2385 current->mm->mmap = NULL;
2386 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2387 + current->mm->delta_mmap = 0;
2388 + current->mm->delta_exec = 0;
2389 + current->mm->delta_stack = 0;
2391 current->flags &= ~PF_FORKNOEXEC;
2393 +#ifdef CONFIG_GRKERNSEC_STACK
2394 + if (elf_ex.e_flags & EF_STACKEXEC)
2395 + current->flags |= PF_STACKEXEC;
2398 +#ifdef CONFIG_GRKERNSEC_PAX
2399 + if (!(elf_ex.e_flags & EF_PAX_PAGEEXEC))
2400 + current->flags |= PF_PAX_PAGEEXEC;
2403 +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP
2404 + if (elf_ex.e_flags & EF_PAX_EMUTRAMP)
2405 + current->flags |= PF_PAX_EMUTRAMP;
2408 +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT
2409 + if (!(elf_ex.e_flags & EF_PAX_MPROTECT))
2410 + current->flags |= PF_PAX_MPROTECT;
2413 +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
2414 + if (!(elf_ex.e_flags & EF_PAX_RANDMMAP)) {
2415 + unsigned short delta;
2416 + current->flags |= PF_PAX_RANDMMAP;
2418 + get_random_bytes(&delta, sizeof(delta));
2419 + current->mm->delta_mmap = (unsigned long)delta << PAGE_SHIFT;
2421 + get_random_bytes(&delta, sizeof(delta));
2422 + current->mm->delta_exec = (unsigned long)delta << PAGE_SHIFT;
2424 + get_random_bytes(&delta, sizeof(delta));
2425 + current->mm->delta_stack = (unsigned long)delta << 4;
2429 elf_entry = (unsigned long) elf_ex.e_entry;
2431 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
2432 @@ -654,6 +708,13 @@
2433 base, as well as whatever program they might try to exec. This
2434 is because the brk will follow the loader, and is not movable. */
2435 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
2436 +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
2437 + /* PaX: randomize base address at the default exe base if requested */
2438 + if (current->flags | PF_PAX_RANDMMAP) {
2439 + load_bias = ELF_PAGESTART(0x08048000 - vaddr + current->mm->delta_exec);
2445 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
2446 diff -urN linux/fs/devices.c linux/fs/devices.c
2447 --- linux/fs/devices.c Sat Sep 22 23:35:43 2001
2448 +++ linux/fs/devices.c Sun Dec 23 19:13:16 2001
2449 @@ -162,7 +162,11 @@
2450 * is contain the open that then fills in the correct operations
2451 * depending on the special file...
2453 -static struct file_operations def_chr_fops = {
2455 +#ifndef CONFIG_GRKERNSEC_FD
2458 +struct file_operations def_chr_fops = {
2462 diff -urN linux/fs/exec.c linux/fs/exec.c
2463 --- linux/fs/exec.c Fri Dec 21 12:41:55 2001
2464 +++ linux/fs/exec.c Sun Dec 23 19:13:16 2001
2469 +#if defined(CONFIG_GRKERNSEC_FD) || defined(CONFIG_GRKERNSEC_EXECVE) ||\
2470 + defined(CONFIG_GRKERNSEC_COREDUMP)||defined(CONFIG_GRKERNSEC_TPE) ||\
2471 + defined(CONFIG_GRKERNSEC_CHROOT_EXECLOG) || \
2472 + defined(CONFIG_GRKERNSEC_EXECLOG) ||\
2473 + defined(CONFIG_GRKERNSEC_EXECLOG_GROUP) ||\
2474 + defined(CONFIG_GRKERNSEC_PTRACE) || defined(CONFIG_GRKERNSEC_ACL)
2475 +#include <linux/grsecurity.h>
2478 +#ifdef CONFIG_GRKERNSEC_FD
2479 +#include <linux/major.h>
2480 +extern struct file_operations def_chr_fops;
2483 static struct linux_binfmt *formats;
2484 static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;
2486 @@ -278,7 +292,12 @@
2487 lru_cache_add(page);
2488 flush_dcache_page(page);
2489 flush_page_to_ram(page);
2490 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2491 + set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page,
2492 + (tsk->flags & PF_PAX_PAGEEXEC)?PAGE_COPY_NOEXEC:PAGE_COPY_EXEC))));
2494 set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY))));
2497 spin_unlock(&tsk->mm->page_table_lock);
2499 @@ -299,6 +318,12 @@
2501 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
2503 +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
2504 + if (current->flags & PF_PAX_RANDMMAP)
2505 + stack_base = PAGE_MASK & (stack_base - current->mm->delta_stack);
2509 bprm->p += stack_base;
2511 bprm->loader += stack_base;
2512 @@ -312,9 +337,15 @@
2514 mpnt->vm_mm = current->mm;
2515 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
2516 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
2517 + mpnt->vm_end = stack_base + MAX_ARG_PAGES*PAGE_SIZE;
2518 + mpnt->vm_page_prot = (current->flags & PF_PAX_PAGEEXEC)?PAGE_COPY_NOEXEC:PAGE_COPY_EXEC;
2519 + mpnt->vm_flags = (current->flags & PF_PAX_PAGEEXEC)?VM_STACK_FLAGS:(VM_STACK_FLAGS|VM_EXEC|VM_MAYEXEC);
2521 mpnt->vm_end = STACK_TOP;
2522 mpnt->vm_page_prot = PAGE_COPY;
2523 mpnt->vm_flags = VM_STACK_FLAGS;
2525 mpnt->vm_ops = NULL;
2527 mpnt->vm_file = NULL;
2528 @@ -473,6 +504,69 @@
2529 if (atomic_dec_and_test(&oldsig->count))
2530 kmem_cache_free(sigact_cachep, oldsig);
2532 +#ifdef CONFIG_GRKERNSEC_FD
2533 +static inline int tweak_fd_open_null(struct linux_binprm *bprm)
2539 + if(!(i = get_empty_inode()))
2541 + if(!(d = dget(d_alloc_root(i)))) {
2545 + if(!(f = get_empty_filp())) {
2550 + i->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2551 + i->i_uid = current->fsuid;
2552 + i->i_gid = current->fsgid;
2553 + i->i_rdev = MKDEV(MEM_MAJOR,3);
2554 + i->i_blksize = PAGE_SIZE;
2556 + i->i_atime = i->i_mtime = i->i_ctime = CURRENT_TIME;
2557 + i->i_fop = &def_chr_fops;
2558 + i->i_state = I_DIRTY;
2560 + f->f_flags = O_RDWR;
2561 + f->f_mode = FMODE_READ | FMODE_WRITE;
2563 + f->f_op = i->i_fop;
2566 + f->f_op->open(i,f);
2568 + bprm->tweak_fd_null = f;
2573 +static int tweak_fd_0_1_2(struct linux_binprm *bprm)
2575 + int fd,new,retval;
2577 + for(fd=0;fd<=2;fd++) {
2578 + if(current->files->fd[fd]) continue;
2579 + if((new = get_unused_fd()) != fd) {
2580 + if(new >= 0) put_unused_fd(new);
2583 + if(bprm->tweak_fd_null)
2584 + atomic_inc(&bprm->tweak_fd_null->f_count);
2586 + if((retval = tweak_fd_open_null(bprm)))
2589 + fd_install(fd,bprm->tweak_fd_null);
2590 + bprm->tweak_fd_mask |= 1 << fd;
2597 * These functions flushes out all traces of the currently running executable
2598 @@ -563,6 +657,25 @@
2599 current->comm[i++] = ch;
2601 current->comm[i] = '\0';
2602 +#ifdef CONFIG_GRKERNSEC_STACK
2603 + current->flags &= ~PF_STACKEXEC;
2606 +#ifdef CONFIG_GRKERNSEC_PAX
2607 + current->flags &= ~PF_PAX_PAGEEXEC;
2610 +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP
2611 + current->flags &= ~PF_PAX_EMUTRAMP;
2614 +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT
2615 + current->flags &= ~PF_PAX_MPROTECT;
2618 +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
2619 + current->flags &= ~PF_PAX_RANDMMAP;
2624 @@ -580,6 +693,10 @@
2625 flush_signal_handlers(current);
2626 flush_old_files(current->files);
2628 +#ifdef CONFIG_GRKERNSEC_FD
2629 + if(grsec_enable_fd && bprm->priv_change)
2630 + return tweak_fd_0_1_2(bprm);
2638 struct inode * inode = bprm->file->f_dentry->d_inode;
2639 +#ifdef CONFIG_GRKERNSEC_FD
2640 + if (grsec_enable_fd) bprm->priv_change = 0;
2643 mode = inode->i_mode;
2645 @@ -626,8 +746,16 @@
2647 if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {
2649 - if (mode & S_ISUID)
2650 - bprm->e_uid = inode->i_uid;
2651 +#ifdef CONFIG_GRKERNSEC_FD
2652 + if (mode & S_ISUID) {
2653 + bprm->e_uid = inode->i_uid;
2654 + if(grsec_enable_fd && (bprm->e_uid != current->euid))
2655 + bprm->priv_change = 1;
2658 + if (mode & S_ISUID)
2659 + bprm->e_uid = inode->i_uid;
2664 @@ -635,9 +763,17 @@
2665 * is a candidate for mandatory locking, not a setgid
2668 - if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
2669 - bprm->e_gid = inode->i_gid;
2671 +#ifdef CONFIG_GRKERNSEC_FD
2672 + if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
2673 + bprm->e_gid = inode->i_gid;
2674 + if(grsec_enable_fd && !in_group_p(bprm->e_gid))
2675 + bprm->priv_change = 1;
2678 + if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
2679 + bprm->e_gid = inode->i_gid;
2683 /* We don't have VFS support for capabilities yet */
2684 cap_clear(bprm->cap_inheritable);
2685 @@ -660,7 +796,26 @@
2686 if (bprm->e_uid == 0)
2687 cap_set_full(bprm->cap_effective);
2690 +#ifdef CONFIG_GRKERNSEC_PTRACE
2691 + if (current->ptrace & PT_PTRACED){
2692 + if(current->uid && grsec_enable_ptrace
2693 +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP
2694 + && ((grsec_enable_ptrace_group && !in_group_p(grsec_ptrace_gid))
2695 + || !grsec_enable_ptrace_group)
2698 + security_alert("denied ptrace of [%.32s:%lu] (%s) by " DEFAULTSECMSG,
2699 + "denied ptraces", kdevname(bprm->file->f_dentry->d_inode->i_dev),
2700 + bprm->file->f_dentry->d_inode->i_ino, bprm->filename,
2704 + security_alert("ptrace of [%.32s:%lu] (%s) by " DEFAULTSECMSG,
2705 + "ptraces", kdevname(bprm->file->f_dentry->d_inode->i_dev),
2706 + bprm->file->f_dentry->d_inode->i_ino, bprm->filename,
2710 memset(bprm->buf,0,BINPRM_BUF_SIZE);
2711 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
2714 current->cap_permitted);
2717 +#ifdef CONFIG_GRKERNSEC_FD
2718 + if (grsec_enable_fd) tweak_fd_0_1_2(bprm);
2723 @@ -859,6 +1017,20 @@
2727 +#if defined(CONFIG_GRKERNSEC_EXECLOG) || defined(CONFIG_GRKERNSEC_EXECLOG_GROUP)
2733 +#ifdef CONFIG_GRKERNSEC_EXECVE
2734 + if(grsec_enable_execve && current->user)
2735 + if(atomic_read(¤t->user->processes) > current->rlim[RLIMIT_NPROC].rlim_cur) {
2736 + security_alert("Attempt to overstep process limit by " DEFAULTSECMSG,
2737 + "proc limit overstep", DEFAULTSECARGS);
2742 file = open_exec(filename);
2744 @@ -866,6 +1038,16 @@
2748 +#ifdef CONFIG_GRKERNSEC_ACL
2749 +if( ( (gr_search(file->f_dentry,GR_EXEC,file->f_vfsmnt)) == GR_DENY) ) {
2750 + security_alert("denying execution of %.1024s by " DEFAULTSECMSG,
2751 + "file exec attempts", filename, DEFAULTSECARGS);
2752 + allow_write_access(file);
2758 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
2759 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
2761 @@ -886,10 +1068,111 @@
2765 +#ifdef CONFIG_GRKERNSEC_FD
2766 + if (grsec_enable_fd) {
2767 + bprm.tweak_fd_mask = 0;
2768 + bprm.tweak_fd_null = NULL;
2771 retval = prepare_binprm(&bprm);
2776 +#ifdef CONFIG_GRKERNSEC_TPE
2777 +if (grsec_enable_tpe) {
2778 +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC
2779 +if (grsec_enable_tpe_glibc) {
2780 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
2781 +if(grsec_enable_tpe_all?current->uid:in_group_p(grsec_tpe_gid)){
2783 +if(in_group_p(grsec_tpe_gid)){
2785 + char **envpp=envp,*envpt;
2788 + if((*envpt == 'L') && (*(envpt + 1) == 'D') &&
2789 + (*(envpt + 2) == '_') && strchr(envpt,'=')){
2790 + security_alert("denied exec of %.32s by " DEFAULTSECMSG
2791 + "reason: malicious environment","denied execs",
2792 + filename, DEFAULTSECARGS);
2793 + dput(file->f_dentry);
2798 + if(!strncmp(file->f_dentry->d_name.name,"ld-2.",5) &&
2799 + !strncmp(file->f_dentry->d_parent->d_name.name,"lib",3)){
2800 + security_alert("denied exec of %.32s by " DEFAULTSECMSG
2801 + "reason: tried to bypass via ld","denied execs",
2802 + filename, DEFAULTSECARGS);
2803 + dput(file->f_dentry);
2809 +if((current->uid) &&
2810 + ((file->f_dentry->d_parent->d_inode->i_uid) ||
2811 + (!(file->f_dentry->d_parent->d_inode->i_uid) &&
2812 + ((file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) ||
2813 + (file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH)))) &&
2814 + (in_group_p(grsec_tpe_gid))){
2815 + security_alert("denied exec of %.32s by " DEFAULTSECMSG
2816 + "reason: untrusted","denied execs",
2817 + filename, DEFAULTSECARGS);
2818 + dput(file->f_dentry);
2821 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
2822 +else if(grsec_enable_tpe_all &&
2823 + (current->uid) && !(((!(file->f_dentry->d_parent->d_inode->i_uid) &&
2824 + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) &&
2825 + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH)) ||
2826 + ((file->f_dentry->d_parent->d_inode->i_uid == current->uid) &&
2827 + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWGRP) &&
2828 + !(file->f_dentry->d_parent->d_inode->i_mode & S_IWOTH))))){
2829 + security_alert("denied exec of %.32s by " DEFAULTSECMSG
2830 + "reason: untrusted","denied execs",
2831 + filename, DEFAULTSECARGS);
2832 + dput(file->f_dentry);
2839 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
2840 + if(grsec_enable_chroot_execlog && proc_is_chrooted(current)) {
2841 + printk(KERN_INFO "grsec: exec of %.64s within chroot "
2842 + "jail (%.32s:%lu) by process " DEFAULTSECMSG "\n",
2843 + filename,kdevname(current->fs->root->d_inode->i_dev),
2844 + current->fs->root->d_inode->i_ino,
2849 +#if defined(CONFIG_GRKERNSEC_EXECLOG) || defined(CONFIG_GRKERNSEC_EXECLOG_GROUP)
2850 +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP
2851 + if (in_group_p(grsec_execlog_gid) && grsec_enable_execlog_group) {
2853 + if (grsec_enable_execlog) {
2855 + for(x=0;x<sizeof(grarg);x++)
2857 + for(x=0;x<bprm.argc;x++) {
2858 + if((strlen(argv[x]) + strlen(grarg) + 2) < sizeof(grarg)) {
2859 + grargs=strcat(grarg,argv[x]);
2861 + grargs=strcat(grarg," ");
2864 + printk(KERN_INFO "grsec: exec of [%.32s:%lu] (%.68s) by " DEFAULTSECMSG
2865 + "\n", kdevname(file->f_dentry->d_inode->i_dev),
2866 + file->f_dentry->d_inode->i_ino, grarg, DEFAULTSECARGS);
2870 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
2873 @@ -904,9 +1187,20 @@
2876 retval = search_binary_handler(&bprm,regs);
2878 + if (retval >= 0) {
2879 +#ifdef CONFIG_GRKERNSEC_ACL
2880 + if(gr_set_proc_acl(file->f_dentry,current,filename,file->f_vfsmnt)) {
2881 + security_alert("could not set acl for %ld %d",
2882 + "acl set failures",
2883 + file->f_dentry->d_inode->i_ino,
2884 + file->f_dentry->d_inode->i_dev);
2889 /* execve success */
2894 /* Something went wrong, return the inode and free the argument pages*/
2895 @@ -920,6 +1214,13 @@
2899 +#ifdef CONFIG_GRKERNSEC_FD
2900 + if(grsec_enable_fd && bprm.tweak_fd_mask) {
2902 + if(bprm.tweak_fd_mask & (1 << i))
2903 + (void)sys_close(i);
2909 @@ -952,7 +1253,14 @@
2912 memcpy(corename,"core.", 5);
2913 +#ifdef CONFIG_GRKERNSEC_COREDUMP
2914 + if(grsec_enable_coredump)
2915 + memcpy(corename+5,current->comm,sizeof(current->comm));
2917 + corename[4] = '\0';
2921 if (core_uses_pid || atomic_read(¤t->mm->mm_users) != 1)
2922 sprintf(&corename[4], ".%d", current->pid);
2923 file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);
2924 @@ -970,7 +1278,11 @@
2926 if (!file->f_op->write)
2928 +#ifdef CONFIG_GRKERNSEC_ACL
2929 + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)
2931 if (do_truncate(file->f_dentry, 0) != 0)
2935 retval = binfmt->core_dump(signr, regs, file);
2936 diff -urN linux/fs/namei.c linux/fs/namei.c
2937 --- linux/fs/namei.c Wed Oct 17 17:46:29 2001
2938 +++ linux/fs/namei.c Sun Dec 23 19:13:16 2001
2940 #include <asm/namei.h>
2941 #include <asm/uaccess.h>
2943 +#if defined(CONFIG_GRKERNSEC_LINK) || defined(CONFIG_GRKERNSEC_FIFO) ||\
2944 + defined(CONFIG_GRKERNSEC_CHROOT_MKNOD) || defined(CONFIG_GRKERNSEC_ACL)
2945 +#include <linux/grsecurity.h>
2948 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
2950 /* [Feb-1997 T. Schoebel-Theuer]
2951 @@ -342,6 +347,27 @@
2952 current->state = TASK_RUNNING;
2956 +#ifdef CONFIG_GRKERNSEC_LINK
2957 + if(grsec_enable_link && S_ISLNK(dentry->d_inode->i_mode) &&
2958 + (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&
2959 + dentry->d_parent->d_inode->i_uid != dentry->d_inode->i_uid &&
2960 + (dentry->d_parent->d_inode->i_mode & S_IWOTH) &&
2961 + current->fsuid != dentry->d_inode->i_uid) {
2962 + security_alert("not following symlink (%.30s/%.30s) of [%.32s]:%lu owned by %d.%d "
2963 + "by " DEFAULTSECMSG,"symlinks not followed",
2964 + dentry->d_parent->d_name.name,
2965 + dentry->d_name.name,
2966 + kdevname(dentry->d_inode->i_dev),
2967 + dentry->d_inode->i_ino,
2968 + dentry->d_inode->i_uid,
2969 + dentry->d_inode->i_gid,
2976 current->link_count++;
2977 current->total_link_count++;
2978 UPDATE_ATIME(dentry->d_inode);
2979 @@ -625,6 +651,22 @@
2980 else if (this.len == 2 && this.name[1] == '.')
2981 nd->last_type = LAST_DOTDOT;
2983 +#ifdef CONFIG_GRKERNSEC_ACL
2984 + if(nd->dentry && !(IS_ERR(nd->dentry)))
2985 + if( ( (gr_check_hidden(nd->dentry,nd->mnt)) == GR_DENY) ) {
2986 + security_alert("attempt to access hidden file "
2987 + "with inode %ld dev %d by "
2989 + "hidden file access attempts",
2990 + nd->dentry->d_inode->i_ino,
2991 + nd->dentry->d_inode->i_dev, DEFAULTSECARGS);
2992 + err = -ENOENT; /*Fake that its not there*/
3002 @@ -976,6 +1018,52 @@
3003 struct dentry *dentry;
3006 +#ifdef CONFIG_GRKERNSEC_ACL
3008 + if(flag & GR_NONEXISTANT) {
3009 + flag &= ~GR_NONEXISTANT;
3010 + if(path_init(pathname,lookup_flags(flag)|LOOKUP_PARENT,nd))
3011 + error = path_walk(pathname,nd);
3012 + if(error) return error;
3014 + if(path_init(pathname,lookup_flags(flag),nd))
3015 + error = path_walk(pathname,nd);
3016 + if(error) return error;
3018 + if( (tmp = (flag&O_ACCMODE)) > 0) {
3019 + if(tmp & FMODE_READ ) {
3020 + if( (gr_search(nd->dentry,GR_READ,nd->mnt)) == GR_DENY) {
3021 + security_alert("attempt to open %.1024s read-only "
3022 + "by " DEFAULTSECMSG,
3023 + "file open attempts", pathname, DEFAULTSECARGS);
3028 + else if(flag & O_APPEND) {
3029 + if( (gr_search(nd->dentry,GR_APPEND,nd->mnt)) == GR_DENY) {
3030 + security_alert("attempt to open %.1024s "
3031 + "append-only by " DEFAULTSECMSG ,
3032 + "file open attempts",
3033 + pathname, DEFAULTSECARGS);
3038 + if(tmp & FMODE_WRITE && (!(flag & O_APPEND))) { /* its write*/
3039 + if( ( (gr_search(nd->dentry,GR_WRITE,nd->mnt)) == GR_DENY) ) {
3040 + security_alert("attempt to open %.1024s "
3041 + "for writing by " DEFAULTSECMSG,
3042 + "file open attempts",
3043 + pathname, DEFAULTSECARGS);
3053 acc_mode = ACC_MODE(flag);
3055 @@ -1083,6 +1171,22 @@
3056 * actually live on the filesystem itself, and as such you
3057 * can write to them even if the filesystem is read-only.
3059 +#ifdef CONFIG_GRKERNSEC_FIFO
3060 + if (grsec_enable_fifo &&
3061 + S_ISFIFO(inode->i_mode) && !(flag & O_EXCL) &&
3062 + (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&
3063 + inode->i_uid != dentry->d_parent->d_inode->i_uid &&
3064 + current->fsuid != inode->i_uid) {
3065 + if (!permission(inode, acc_mode))
3066 + security_alert("denied writing FIFO (%.32s/%.32s) of %d.%d "
3067 + "by " DEFAULTSECMSG,
3068 + "writes into a FIFO denied",dentry->d_parent->d_name.name,dentry->d_name.name,
3069 + inode->i_uid, inode->i_gid,
3075 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
3077 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
3078 @@ -1126,7 +1230,11 @@
3082 +#ifdef CONFIG_GRKERNSEC_ACL
3083 + error = do_truncate(dentry,0,nd->mnt);
3085 error = do_truncate(dentry, 0);
3088 put_write_access(inode);
3090 @@ -1157,6 +1265,24 @@
3091 * stored in nd->last.name and we will have to putname() it when we
3092 * are done. Procfs-like symlinks just set LAST_BIND.
3094 +#ifdef CONFIG_GRKERNSEC_LINK
3095 + if(grsec_enable_link && S_ISLNK(dentry->d_inode->i_mode) &&
3096 + (dentry->d_parent->d_inode->i_mode & S_ISVTX) &&
3097 + dentry->d_parent->d_inode->i_uid != dentry->d_inode->i_uid &&
3098 + (dentry->d_parent->d_inode->i_mode & S_IWOTH) &&
3099 + current->fsuid != dentry->d_inode->i_uid) {
3100 + security_alert("not following symlink (%.30s/%.30s) [%.32s]:%lu of %d.%d "
3101 + "by " DEFAULTSECMSG,"symlinks not followed",
3102 + dentry->d_parent->d_name.name, dentry->d_name.name,
3103 + kdevname(dentry->d_inode->i_dev),
3104 + dentry->d_inode->i_ino, dentry->d_inode->i_uid,
3105 + dentry->d_inode->i_gid,
3112 UPDATE_ATIME(dentry->d_inode);
3113 error = dentry->d_inode->i_op->follow_link(dentry, nd);
3115 @@ -1241,6 +1367,9 @@
3116 struct dentry * dentry;
3117 struct nameidata nd;
3119 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
3124 tmp = getname(filename);
3125 @@ -1256,6 +1385,37 @@
3127 mode &= ~current->fs->umask;
3128 if (!IS_ERR(dentry)) {
3129 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
3130 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && proc_is_chrooted(current)) {
3131 + switch (mode & S_IFMT) {
3132 + case S_IFREG: grdevmode = 'r'; break;
3133 + case S_IFCHR: grdevmode = 'c'; break;
3134 + case S_IFBLK: grdevmode = 'b'; break;
3135 + case S_IFSOCK: grdevmode = 's'; break;
3136 + default: grdevmode = 'u';
3138 + security_alert("refused attempt to mknod(%c:%.32s) (%.30s) from chroot() jail (%s:%lu) "
3139 + "owned by %d %d by " DEFAULTSECMSG,
3140 + "mknods in chroot denied",grdevmode,kdevname(dev),tmp,
3141 + kdevname(current->fs->root->d_inode->i_dev),current->fs->root->d_inode->i_ino,
3142 + current->fs->root->d_inode->i_uid,current->fs->root->d_inode->i_gid,
3149 +#ifdef CONFIG_GRKERNSEC_ACL
3150 + if( ( (gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY) ) {
3151 + security_alert("attempt to mknod %.1024s (dev %d) by "
3152 + DEFAULTSECMSG, "mknod attempts", filename, dev,
3160 switch (mode & S_IFMT) {
3161 case 0: case S_IFREG:
3162 error = vfs_create(nd.dentry->d_inode,dentry,mode);
3163 @@ -1271,6 +1431,7 @@
3168 up(&nd.dentry->d_inode->i_sem);
3171 @@ -1323,6 +1484,18 @@
3172 dentry = lookup_create(&nd, 1);
3173 error = PTR_ERR(dentry);
3174 if (!IS_ERR(dentry)) {
3175 +#ifdef CONFIG_GRKERNSEC_ACL
3177 + if( ( ((gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY))){
3178 + security_alert("attempt to mkdir %.1024s by "
3179 + DEFAULTSECMSG, "mkdir attempts",
3187 if (!IS_POSIX_ACL(nd.dentry->d_inode))
3188 mode &= ~current->fs->umask;
3189 error = vsf_mkdir(nd.dentry->d_inode, dentry, mode);
3190 @@ -1431,7 +1604,18 @@
3191 dentry = lookup_hash(&nd.last, nd.dentry);
3192 error = PTR_ERR(dentry);
3193 if (!IS_ERR(dentry)) {
3194 - error = vfs_rmdir(nd.dentry->d_inode, dentry);
3195 +#ifdef CONFIG_GRKERNSEC_ACL
3197 + if( ( (gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY)) {
3198 + security_alert("attempt to rmdir %.1024s by "
3199 + DEFAULTSECMSG, "rmdir attempts",
3206 + error = vfs_rmdir(nd.dentry->d_inode, dentry);
3209 up(&nd.dentry->d_inode->i_sem);
3210 @@ -1494,7 +1678,18 @@
3211 /* Why not before? Because we want correct error value */
3212 if (nd.last.name[nd.last.len])
3214 - error = vfs_unlink(nd.dentry->d_inode, dentry);
3215 +#ifdef CONFIG_GRKERNSEC_ACL
3217 + if( ( (gr_search(dentry,GR_WRITE, nd.mnt)) == GR_DENY)) {
3218 + security_alert("attempt to unlink %.1024s by " DEFAULTSECMSG,
3219 + "unlink attempts",
3220 + name, DEFAULTSECARGS);
3226 + error = vfs_unlink(nd.dentry->d_inode, dentry);
3230 @@ -1559,7 +1754,20 @@
3231 dentry = lookup_create(&nd, 0);
3232 error = PTR_ERR(dentry);
3233 if (!IS_ERR(dentry)) {
3234 - error = vfs_symlink(nd.dentry->d_inode, dentry, from);
3235 +#ifdef CONFIG_GRKERNSEC_ACL
3237 + if( gr_search(nd.dentry,GR_WRITE,nd.mnt) == GR_DENY)
3239 + security_alert("attempt to symlink %.1024s"
3240 + "to %.1024s by " DEFAULTSECMSG,
3241 + "symlink attempts",
3242 + from, to, DEFAULTSECARGS);
3248 + error = vfs_symlink(nd.dentry->d_inode, dentry, from);
3251 up(&nd.dentry->d_inode->i_sem);
3252 @@ -1650,6 +1858,35 @@
3253 new_dentry = lookup_create(&nd, 0);
3254 error = PTR_ERR(new_dentry);
3255 if (!IS_ERR(new_dentry)) {
3256 +#ifdef CONFIG_GRKERNSEC_LINK
3257 + if(grsec_enable_link) {
3259 + if(current->fsuid != old_nd.dentry->d_inode->i_uid &&
3260 + (!S_ISREG(old_nd.dentry->d_inode->i_mode) ||
3261 + (old_nd.dentry->d_inode->i_mode & S_ISUID) ||
3262 + ((old_nd.dentry->d_inode->i_mode & (S_ISGID | S_IXGRP)) ==
3263 + (S_ISGID | S_IXGRP)) || (error = permission(old_nd.dentry->d_inode,
3264 + MAY_READ | MAY_WRITE))) && !capable(CAP_FOWNER)
3265 + && current->uid) {
3266 + security_alert("denied hardlink of %.30s (owned by %d.%d) to %.30s for "
3267 + DEFAULTSECMSG, "denied hardlinks",oldname,old_nd.dentry->d_inode->i_uid,
3268 + old_nd.dentry->d_inode->i_gid,newname,DEFAULTSECARGS);
3274 +#ifdef CONFIG_GRKERNSEC_ACL
3276 + if( gr_search(old_nd.dentry,GR_WRITE,old_nd.mnt) == GR_DENY || gr_search(nd.dentry,GR_WRITE,nd.mnt) == GR_DENY) {
3277 + security_alert("attempt to link %.1024s to %.1024s by "
3278 + DEFAULTSECMSG, "attempted links", oldname, newname,
3285 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
3288 @@ -1887,11 +2124,26 @@
3289 error = PTR_ERR(new_dentry);
3290 if (IS_ERR(new_dentry))
3292 +#ifdef CONFIG_GRKERNSEC_ACL
3294 + if( gr_search(old_dir,GR_WRITE,oldnd.mnt) == GR_DENY || gr_search(new_dir,GR_WRITE,newnd.mnt) == GR_DENY) {
3295 + security_alert("attempt to rename %.1024s to %.1024s by "
3296 + DEFAULTSECMSG, "rename attempts",
3306 error = vfs_rename(old_dir->d_inode, old_dentry,
3307 new_dir->d_inode, new_dentry);
3309 +#ifdef CONFIG_GRKERNSEC_ACL
3315 diff -urN linux/fs/namespace.c linux/fs/namespace.c
3316 --- linux/fs/namespace.c Fri Dec 21 12:41:55 2001
3317 +++ linux/fs/namespace.c Sun Dec 23 19:13:16 2001
3319 #include <linux/acct.h>
3320 #include <linux/module.h>
3321 #include <linux/devfs_fs_kernel.h>
3322 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
3323 +#include <linux/sched.h>
3324 +#include <linux/grsecurity.h>
3327 #include <asm/uaccess.h>
3329 @@ -673,6 +677,20 @@
3330 retval = path_walk(dir_name, &nd);
3334 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
3335 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
3336 + security_alert("denied attempt to mount (%.30s) as %.64s from chroot jail (%.32s:%lu) "
3337 + "of %d.%d by " DEFAULTSECMSG, "denied mounts in chroot",
3338 + dev_name,dir_name, kdevname(current->fs->root->d_inode->i_dev),
3339 + current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,
3340 + current->fs->root->d_inode->i_gid, DEFAULTSECARGS);
3342 + path_release(&nd);
3348 if (flags & MS_REMOUNT)
3349 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
3350 diff -urN linux/fs/open.c linux/fs/open.c
3351 --- linux/fs/open.c Fri Oct 12 16:48:42 2001
3352 +++ linux/fs/open.c Sun Dec 23 19:13:16 2001
3355 #include <asm/uaccess.h>
3357 +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE)||\
3358 + defined(CONFIG_GRKERNSEC_CHROOT_CAPS) ||\
3359 + defined(CONFIG_GRKERNSEC_CHROOT_CHMOD) ||\
3360 + defined(CONFIG_GRKERNSEC_CHROOT_CHDIR) ||\
3361 + defined(CONFIG_GRKERNSEC_ACL)
3362 +#include <linux/grsecurity.h>
3366 #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))
3368 +#ifdef CONFIG_GRKERNSEC_ACL
3369 +static int conv_flags(int p) {
3370 + int retval = LOOKUP_FOLLOW;
3371 + if(p & O_NOFOLLOW)
3372 + retval &= ~LOOKUP_FOLLOW;
3373 + if( (p & (O_CREAT|O_EXCL)) == (O_CREAT | O_EXCL))
3374 + retval &= ~LOOKUP_FOLLOW;
3375 + if(p & O_DIRECTORY)
3376 + retval |= LOOKUP_DIRECTORY;
3382 int vfs_statfs(struct super_block *sb, struct statfs *buf)
3384 int retval = -ENODEV;
3389 +#ifdef CONFIG_GRKERNSEC_ACL
3390 +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)
3392 int do_truncate(struct dentry *dentry, loff_t length)
3395 struct inode *inode = dentry->d_inode;
3401 +#ifdef CONFIG_GRKERNSEC_ACL
3402 + if( ( (gr_search(dentry,GR_WRITE,mnt)) == GR_DENY)) {
3403 + security_alert("attempted to truncate file with inode %ld dev "
3404 + "%d by " DEFAULTSECMSG, "file truncate attempts",
3405 + dentry->d_inode->i_ino,
3406 + dentry->d_inode->i_dev, DEFAULTSECARGS);
3412 down(&inode->i_sem);
3413 newattrs.ia_size = length;
3414 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
3415 @@ -139,7 +177,11 @@
3416 error = locks_verify_truncate(inode, NULL, length);
3419 +#ifdef CONFIG_GRKERNSEC_ACL
3420 + error = do_truncate(nd.dentry, length, nd.mnt);
3422 error = do_truncate(nd.dentry, length);
3425 put_write_access(inode);
3427 @@ -191,7 +233,11 @@
3429 error = locks_verify_truncate(inode, file, length);
3431 +#ifdef CONFIG_GRKERNSEC_ACL
3432 + error = do_truncate(dentry, length, file->f_vfsmnt);
3434 error = do_truncate(dentry, length);
3439 @@ -245,6 +291,19 @@
3440 if (IS_RDONLY(inode))
3443 +#ifdef CONFIG_GRKERNSEC_ACL
3444 + if( ( (gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY)) {
3445 + security_alert("attempted to change access time for file"
3446 + "with inode %ld dev %d by " DEFAULTSECMSG,
3447 + "file access time change attempts",
3448 + nd.dentry->d_inode->i_ino,
3449 + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);
3451 + goto dput_and_out;
3456 /* Don't worry, the checks are done in inode_change_ok() */
3457 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
3459 @@ -290,6 +349,19 @@
3460 if (IS_RDONLY(inode))
3463 +#ifdef CONFIG_GRKERNSEC_ACL
3464 + if( ( (gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY)) {
3465 + security_alert("attempted to change access time for file with"
3466 + "inode %ld dev %d by " DEFAULTSECMSG,
3467 + "file access time change attempts",
3468 + nd.dentry->d_inode->i_ino,
3469 + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);
3471 + goto dput_and_out;
3476 /* Don't worry, the checks are done in inode_change_ok() */
3477 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
3479 @@ -341,6 +413,17 @@
3481 res = user_path_walk(filename, &nd);
3483 +#ifdef CONFIG_GRKERNSEC_ACL
3484 + if( ( (gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY)) {
3485 + security_alert("attempted to access file with inode %ld dev "
3486 + "%d by " DEFAULTSECMSG, "file access attempts",
3487 + nd.dentry->d_inode->i_ino,
3488 + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);
3489 + path_release(&nd);
3494 res = permission(nd.dentry->d_inode, mode);
3495 /* SuS v2 requires we report a read only fs too */
3496 if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
3497 @@ -378,6 +461,17 @@
3501 +#ifdef CONFIG_GRKERNSEC_ACL
3502 + if( ( (gr_search(nd.dentry,GR_READ,nd.mnt)) == GR_DENY)) {
3503 + security_alert("Attempted to chdir to directory with inode %ld dev "
3504 + "%d by " DEFAULTSECMSG, "chdir attempts",
3505 + nd.dentry->d_inode->i_ino,
3506 + nd.dentry->d_inode->i_dev, DEFAULTSECARGS);
3508 + goto dput_and_out;
3512 set_fs_pwd(current->fs, nd.mnt, nd.dentry);
3515 @@ -408,6 +502,17 @@
3518 error = permission(inode, MAY_EXEC);
3520 +#ifdef CONFIG_GRKERNSEC_ACL
3521 + if( ( (gr_search(file->f_dentry,GR_WRITE,file->f_vfsmnt)) == GR_DENY)) {
3522 + security_alert("attempted to truncate file with inode %ld dev "
3523 + "%d by " DEFAULTSECMSG, "file truncate attempts",
3524 + file->f_dentry->d_inode->i_ino,
3525 + file->f_dentry->d_inode->i_dev, DEFAULTSECARGS);
3531 set_fs_pwd(current->fs, mnt, dentry);
3533 @@ -441,9 +546,39 @@
3535 if (!capable(CAP_SYS_CHROOT))
3537 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
3538 + if(grsec_enable_chroot_double && proc_is_chrooted(current)) {
3539 + security_alert("denied attempt to chroot() from (%.32s:%lu) to (%.30s)"
3540 + ", process " DEFAULTSECMSG,
3541 + "double chroot() denied",
3542 + kdevname(current->fs->root->d_inode->i_dev),
3543 + current->fs->root->d_inode->i_ino,name,
3545 + goto dput_and_out;
3549 set_fs_root(current->fs, nd.mnt, nd.dentry);
3551 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
3552 + if(grsec_enable_chroot_caps && current->pid && current->pid > 1) {
3553 + cap_lower(current->cap_permitted,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &
3554 + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &
3555 + CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &
3556 + CAP_SYS_TTY_CONFIG);
3557 + cap_lower(current->cap_inheritable,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &
3558 + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &
3559 + CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &
3560 + CAP_SYS_TTY_CONFIG);
3561 + cap_lower(current->cap_effective,CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &
3562 + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO & CAP_SYS_PACCT &
3563 + CAP_SYS_ADMIN & CAP_SYS_BOOT & CAP_SYS_RESOURCE & CAP_SYS_TIME &
3564 + CAP_SYS_TTY_CONFIG);
3567 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
3568 + if (grsec_enable_chroot_chdir) set_fs_pwd(current->fs, nd.mnt, nd.dentry);
3573 @@ -472,8 +607,36 @@
3575 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
3578 +#ifdef CONFIG_GRKERNSEC_ACL
3579 + if( ( (gr_search(dentry,GR_WRITE,file->f_vfsmnt)) == GR_DENY)) {
3580 + security_alert("Attempt to fchmod program with inode %ld dev %d "
3581 + "by " DEFAULTSECMSG, "fchmod attempts",
3582 + dentry->d_inode->i_ino,
3583 + dentry->d_inode->i_dev, DEFAULTSECARGS);
3590 if (mode == (mode_t) -1)
3591 mode = inode->i_mode;
3592 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
3593 + if(grsec_enable_chroot_chmod && ((mode & S_ISUID) || (mode & S_ISGID))
3594 + && proc_is_chrooted(current)) {
3595 + security_alert("denied attempt to fchmod +s (%.32s:%lu) owned by %d.%d to mode 0%07o "
3596 + "from chroot jail (%.32s:%lu) of %d.%d by "
3598 + "denied fchmod +s in chroot",
3599 + kdevname(inode->i_dev),inode->i_ino,inode->i_uid,inode->i_gid,mode,
3600 + kdevname(current->fs->root->d_inode->i_dev),current->fs->root->d_inode->i_ino,
3601 + current->fs->root->d_inode->i_uid,current->fs->root->d_inode->i_gid,
3607 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
3608 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
3609 err = notify_change(dentry, &newattrs);
3610 @@ -504,8 +667,34 @@
3611 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
3614 +#ifdef CONFIG_GRKERNSEC_ACL
3615 + if( ( (gr_search(nd.dentry,GR_WRITE,nd.mnt)) == GR_DENY)) {
3616 + security_alert("Attempt to chmod file %1024s by "
3617 + DEFAULTSECMSG, "chmod attempts",
3618 + filename, DEFAULTSECARGS);
3620 + goto dput_and_out;
3625 if (mode == (mode_t) -1)
3626 mode = inode->i_mode;
3627 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
3628 + if (grsec_enable_chroot_chmod && ((mode & S_ISUID) || (mode & S_ISGID))
3629 + && proc_is_chrooted(current)) {
3630 + security_alert("denied attempt to chmod +s (%.32s:%lu) (%.30s) owned by %d.%d to mode 0%07o "
3631 + "from chroot jail (%.32s:%lu) of %d.%d by "
3632 + DEFAULTSECMSG,"denied chmod +s in chroot",
3633 + kdevname(inode->i_dev),inode->i_ino,filename,inode->i_uid,inode->i_gid,
3634 + mode,kdevname(current->fs->root->d_inode->i_dev),
3635 + current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,
3636 + current->fs->root->d_inode->i_gid,
3639 + goto dput_and_out;
3642 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
3643 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
3644 error = notify_change(nd.dentry, &newattrs);
3645 @@ -516,7 +705,11 @@
3649 +#ifdef CONFIG_GRKERNSEC_ACL
3650 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
3652 static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
3655 struct inode * inode;
3657 @@ -533,6 +726,17 @@
3659 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
3661 +#ifdef CONFIG_GRKERNSEC_ACL
3662 + if( ( (gr_search(dentry,GR_WRITE,mnt)) == GR_DENY)) {
3663 + security_alert("Attempt to chown file with inode %ld dev %d "
3664 + "to %d.%d by " DEFAULTSECMSG, "chown attempts",
3665 + dentry->d_inode->i_ino,dentry->d_inode->i_dev,
3666 + user, group, DEFAULTSECARGS);
3672 if (user == (uid_t) -1)
3673 user = inode->i_uid;
3674 if (group == (gid_t) -1)
3675 @@ -583,7 +787,11 @@
3677 error = user_path_walk(filename, &nd);
3679 +#ifdef CONFIG_GRKERNSEC_ACL
3680 + error = chown_common(nd.dentry, user, group, nd.mnt);
3682 error = chown_common(nd.dentry, user, group);
3687 @@ -596,7 +804,11 @@
3689 error = user_path_walk_link(filename, &nd);
3691 +#ifdef CONFIG_GRKERNSEC_ACL
3692 + error = chown_common(nd.dentry, user, group, nd.mnt);
3694 error = chown_common(nd.dentry, user, group);
3699 @@ -610,7 +822,11 @@
3703 +#ifdef CONFIG_GRKERNSEC_ACL
3704 + error = chown_common(file->f_dentry, user, group, file->f_vfsmnt);
3706 error = chown_common(file->f_dentry, user, group);
3711 @@ -634,12 +850,41 @@
3713 int namei_flags, error;
3714 struct nameidata nd;
3715 +#ifdef CONFIG_GRKERNSEC_ACL
3716 + struct nameidata obv;
3719 namei_flags = flags;
3720 if ((namei_flags+1) & O_ACCMODE)
3722 if (namei_flags & O_TRUNC)
3725 +#ifdef CONFIG_GRKERNSEC_ACL
3727 + if(path_init(filename,conv_flags(namei_flags),&obv))
3728 + error = path_walk(filename,&obv);
3729 + if(error) goto out;
3730 + if(!obv.dentry->d_inode)
3731 + flags |= GR_NONEXISTANT;
3733 + if(S_ISBLK(obv.dentry->d_inode->i_mode) && !capable(CAP_SYS_RAWIO)) {
3734 + security_alert("Attempt to block device %ld %d with "
3735 + "insuffificent capabilities by process "
3737 + "attempt to access block devices",
3738 + obv.dentry->d_inode->i_ino,
3739 + obv.dentry->d_inode->i_dev, DEFAULTSECARGS);
3740 + path_release(&obv);
3742 + return ERR_PTR(error);
3745 + path_release(&obv);
3751 error = open_namei(filename, namei_flags, mode, &nd);
3753 diff -urN linux/fs/proc/base.c linux/fs/proc/base.c
3754 --- linux/fs/proc/base.c Thu Oct 11 02:42:47 2001
3755 +++ linux/fs/proc/base.c Sun Dec 23 19:13:16 2001
3757 #include <linux/file.h>
3758 #include <linux/string.h>
3760 +#ifdef CONFIG_GRKERNSEC_ACL
3761 +#include <linux/grsecurity.h>
3765 * For hysterical raisins we keep the same inumbers as in the old procfs.
3766 * Feel free to change the macro below - just keep the range distinct from
3767 @@ -663,7 +667,11 @@
3769 if (ino == PROC_PID_INO || task_dumpable(task)) {
3770 inode->i_uid = task->euid;
3771 +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP
3772 inode->i_gid = task->egid;
3774 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
3779 @@ -966,13 +974,27 @@
3783 +#ifdef CONFIG_GRKERNSEC_ACL
3784 + if(gr_check_hidden_proc(task->acl)) {
3785 + free_task_struct(task);
3791 inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);
3793 free_task_struct(task);
3797 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3798 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
3799 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3800 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
3802 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
3804 inode->i_op = &proc_base_inode_operations;
3805 inode->i_fop = &proc_base_operations;
3807 @@ -1012,8 +1034,13 @@
3811 +#ifdef CONFIG_GRKERNSEC_ACL
3812 + if(gr_check_hidden_proc(p->acl))
3818 pids[nr_pids] = pid;
3820 if (nr_pids >= PROC_MAXPIDS)
3821 diff -urN linux/fs/proc/generic.c linux/fs/proc/generic.c
3822 --- linux/fs/proc/generic.c Fri Sep 7 13:53:59 2001
3823 +++ linux/fs/proc/generic.c Sun Dec 23 19:13:16 2001
3824 @@ -491,6 +491,22 @@
3828 +#ifdef CONFIG_GRKERNSEC_PROC
3829 +struct proc_dir_entry *proc_priv_mkdir(const char *name, mode_t mode, struct proc_dir_entry *parent)
3831 + struct proc_dir_entry *ent;
3833 + ent = proc_create(&parent, name, mode, 2);
3835 + ent->proc_fops = &proc_dir_operations;
3836 + ent->proc_iops = &proc_dir_inode_operations;
3838 + proc_register(parent, ent);
3844 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
3845 struct proc_dir_entry *parent)
3847 diff -urN linux/fs/proc/inode.c linux/fs/proc/inode.c
3848 --- linux/fs/proc/inode.c Sat Nov 17 14:24:32 2001
3849 +++ linux/fs/proc/inode.c Sun Dec 23 19:13:16 2001
3850 @@ -152,7 +152,11 @@
3852 inode->i_mode = de->mode;
3853 inode->i_uid = de->uid;
3854 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3855 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
3857 inode->i_gid = de->gid;
3861 inode->i_size = de->size;
3862 diff -urN linux/fs/proc/proc_misc.c linux/fs/proc/proc_misc.c
3863 --- linux/fs/proc/proc_misc.c Wed Nov 21 00:29:09 2001
3864 +++ linux/fs/proc/proc_misc.c Sun Dec 23 19:13:16 2001
3865 @@ -507,8 +507,10 @@
3866 {"meminfo", meminfo_read_proc},
3867 {"version", version_read_proc},
3868 #ifdef CONFIG_MODULES
3869 +#ifndef CONFIG_GRKERNSEC_PROC
3870 {"modules", modules_read_proc},
3873 {"stat", kstat_read_proc},
3874 {"devices", devices_read_proc},
3875 {"partitions", partitions_read_proc},
3876 @@ -531,6 +533,13 @@
3877 for (p = simple_ones; p->name; p++)
3878 create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
3880 +#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)
3881 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3882 + create_proc_read_entry("modules", S_IRUSR, NULL, &modules_read_proc, NULL);
3883 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3884 + create_proc_read_entry("modules", S_IRUSR | S_IRGRP, NULL, &modules_read_proc, NULL);
3887 /* And now for trickier ones */
3888 entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
3890 @@ -538,7 +547,13 @@
3891 create_seq_entry("mounts", 0, &proc_mounts_operations);
3892 create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
3893 #ifdef CONFIG_MODULES
3894 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3895 + create_seq_entry("ksyms", S_IRUSR, &proc_ksyms_operations);
3896 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3897 + create_seq_entry("ksyms", S_IRUSR | S_IRGRP, &proc_ksyms_operations);
3899 create_seq_entry("ksyms", 0, &proc_ksyms_operations);
3902 proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
3903 if (proc_root_kcore) {
3904 diff -urN linux/fs/proc/proc_tty.c linux/fs/proc/proc_tty.c
3905 --- linux/fs/proc/proc_tty.c Fri Apr 21 18:17:57 2000
3906 +++ linux/fs/proc/proc_tty.c Sun Dec 23 19:13:16 2001
3907 @@ -174,7 +174,13 @@
3908 if (!proc_mkdir("tty", 0))
3910 proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);
3911 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3912 + proc_tty_driver = proc_priv_mkdir("tty/driver", S_IFDIR|S_IRUSR|S_IXUSR, 0);
3913 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3914 + proc_tty_driver = proc_priv_mkdir("tty/driver", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);
3916 proc_tty_driver = proc_mkdir("tty/driver", 0);
3919 create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
3920 create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);
3921 diff -urN linux/fs/proc/root.c linux/fs/proc/root.c
3922 --- linux/fs/proc/root.c Sat Oct 20 22:14:42 2001
3923 +++ linux/fs/proc/root.c Sun Dec 23 19:13:16 2001
3928 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3929 + proc_net = proc_priv_mkdir("net", S_IFDIR|S_IRUSR|S_IXUSR, 0);
3930 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3931 + proc_net = proc_priv_mkdir("net", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);
3933 proc_net = proc_mkdir("net", 0);
3935 #ifdef CONFIG_SYSVIPC
3936 proc_mkdir("sysvipc", 0);
3938 #ifdef CONFIG_SYSCTL
3939 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3940 + proc_sys_root = proc_priv_mkdir("sys", S_IFDIR|S_IRUSR|S_IXUSR, 0);
3941 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3942 + proc_sys_root = proc_priv_mkdir("sys", S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);
3944 proc_sys_root = proc_mkdir("sys", 0);
3947 #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE)
3948 proc_mkdir("sys/fs", 0);
3949 proc_mkdir("sys/fs/binfmt_misc", 0);
3951 EXPORT_SYMBOL(proc_symlink);
3952 EXPORT_SYMBOL(proc_mknod);
3953 EXPORT_SYMBOL(proc_mkdir);
3954 +#ifdef CONFIG_GRKERNSEC_PROC
3955 +EXPORT_SYMBOL(proc_priv_mkdir);
3957 EXPORT_SYMBOL(create_proc_entry);
3958 EXPORT_SYMBOL(remove_proc_entry);
3959 EXPORT_SYMBOL(proc_root);
3960 diff -urN linux/fs/readdir.c linux/fs/readdir.c
3961 --- linux/fs/readdir.c Sun Aug 12 17:59:08 2001
3962 +++ linux/fs/readdir.c Sun Dec 23 19:13:16 2001
3965 #include <asm/uaccess.h>
3967 +#ifdef CONFIG_GRKERNSEC_ACL
3968 +#include <linux/grsecurity.h>
3971 int vfs_readdir(struct file *file, filldir_t filler, void *buf)
3973 struct inode *inode = file->f_dentry->d_inode;
3974 @@ -120,6 +124,10 @@
3975 struct readdir_callback {
3976 struct old_linux_dirent * dirent;
3978 +#ifdef CONFIG_GRKERNSEC_ACL
3979 + struct dentry *dentry;
3980 + struct vfsmount *mnt;
3984 static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset,
3985 @@ -127,9 +135,27 @@
3987 struct readdir_callback * buf = (struct readdir_callback *) __buf;
3988 struct old_linux_dirent * dirent;
3989 +#ifdef CONFIG_GRKERNSEC_ACL
3995 +#ifdef CONFIG_GRKERNSEC_ACL
3996 + if(buf->dentry && buf->dentry->d_inode) {
3997 + old_ino = buf->dentry->d_inode->i_ino;
3998 + buf->dentry->d_inode->i_ino = ino;
3999 +#ifdef CONFIG_GR_DEBUG
4000 + printk("Guess what: %ld %d is about to get a readdir check\n",buf->dentry->d_inode->i_ino,buf->dentry->d_inode->i_dev);
4002 + if( gr_check_hidden(buf->dentry,buf->mnt) == GR_DENY) {
4003 + buf->dentry->d_inode->i_ino = old_ino;
4006 + buf->dentry->d_inode->i_ino = ino;
4011 dirent = buf->dirent;
4012 put_user(ino, &dirent->d_ino);
4013 @@ -153,6 +179,10 @@
4016 buf.dirent = dirent;
4017 +#ifdef CONFIG_GRKERNSEC_ACL
4018 + buf.dentry = file->f_dentry;
4019 + buf.mnt = file->f_vfsmnt;
4022 error = vfs_readdir(file, fillonedir, &buf);
4024 @@ -181,6 +211,10 @@
4025 struct linux_dirent * previous;
4028 +#ifdef CONFIG_GRKERNSEC_ACL
4029 + struct dentry *dentry;
4030 + struct vfsmount *mnt;
4034 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
4035 @@ -189,10 +223,27 @@
4036 struct linux_dirent * dirent;
4037 struct getdents_callback * buf = (struct getdents_callback *) __buf;
4038 int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 1);
4039 +#ifdef CONFIG_GRKERNSEC_ACL
4043 buf->error = -EINVAL; /* only used if we fail.. */
4044 if (reclen > buf->count)
4046 +#ifdef CONFIG_GRKERNSEC_ACL
4047 + if(buf->dentry && buf->dentry->d_inode) {
4048 + old_ino = buf->dentry->d_inode->i_ino;
4049 + buf->dentry->d_inode->i_ino = ino;
4050 +#ifdef CONFIG_GR_DEBUG
4051 + printk("Guess what: %ld %d is about to get a readdir check\n",buf->dentry->d_inode->i_ino,buf->dentry->d_inode->i_dev);
4053 + if( gr_check_hidden(buf->dentry,buf->mnt) == GR_DENY) {
4054 + buf->dentry->d_inode->i_ino = old_ino;
4057 + buf->dentry->d_inode->i_ino = old_ino;
4060 dirent = buf->previous;
4062 put_user(offset, &dirent->d_off);
4063 @@ -224,6 +275,10 @@
4064 buf.previous = NULL;
4067 +#ifdef CONFIG_GRKERNSEC_ACL
4068 + buf.dentry = file->f_dentry;
4069 + buf.mnt = file->f_vfsmnt;
4072 error = vfs_readdir(file, filldir, &buf);
4074 @@ -259,6 +314,10 @@
4075 struct linux_dirent64 * previous;
4078 +#ifdef CONFIG_GRKERNSEC_ACL
4079 + struct dentry *dentry;
4080 + struct vfsmount *mnt;
4084 static int filldir64(void * __buf, const char * name, int namlen, loff_t offset,
4085 @@ -268,9 +327,26 @@
4086 struct getdents_callback64 * buf = (struct getdents_callback64 *) __buf;
4087 int reclen = ROUND_UP64(NAME_OFFSET(dirent) + namlen + 1);
4089 +#ifdef CONFIG_GRKERNSEC_ACL
4092 buf->error = -EINVAL; /* only used if we fail.. */
4093 if (reclen > buf->count)
4095 +#ifdef CONFIG_GRKERNSEC_ACL
4096 + if(buf->dentry && buf->dentry->d_inode) {
4097 + old_ino = buf->dentry->d_inode->i_ino;
4098 + buf->dentry->d_inode->i_ino = ino;
4099 + if((gr_check_hidden(buf->dentry,buf->mnt)) == GR_DENY) {
4100 + buf->dentry->d_inode->i_ino = old_ino;
4103 + buf->dentry->d_inode->i_ino = old_ino;
4109 dirent = buf->previous;
4112 @@ -307,6 +383,11 @@
4113 buf.previous = NULL;
4116 +#ifdef CONFIG_GRKERNSEC_ACL
4117 + buf.mnt = file->f_vfsmnt;
4118 + buf.dentry = file->f_dentry;
4122 error = vfs_readdir(file, filldir64, &buf);
4124 diff -urN linux/grsecurity/Config.in linux/grsecurity/Config.in
4125 --- linux/grsecurity/Config.in Wed Dec 31 19:00:00 1969
4126 +++ linux/grsecurity/Config.in Sun Dec 23 19:13:16 2001
4128 +mainmenu_option next_comment
4129 +comment 'Buffer Overflow Protection'
4130 +if [ "$CONFIG_X86" != "n" ]; then
4131 +if [ "$CONFIG_GRKERNSEC_PAX" != "y" ]; then
4132 +bool 'Openwall non-executable stack' CONFIG_GRKERNSEC_STACK
4133 +if [ "$CONFIG_GRKERNSEC_STACK" != "n" ]; then
4134 +bool ' Gcc trampoline support' CONFIG_GRKERNSEC_STACK_GCC
4137 +if [ "$CONFIG_GRKERNSEC_STACK" != "y" ]; then
4138 +bool 'PaX protection' CONFIG_GRKERNSEC_PAX
4139 +if [ "$CONFIG_GRKERNSEC_PAX" = "y" ]; then
4140 + bool ' Emulate trampolines' CONFIG_GRKERNSEC_PAX_EMUTRAMP
4141 + bool ' Restrict mprotect()' CONFIG_GRKERNSEC_PAX_MPROTECT
4143 + bool 'Randomize mmap() base' CONFIG_GRKERNSEC_PAX_RANDMMAP
4147 +mainmenu_option next_comment
4148 +comment 'Access Control Lists'
4149 +bool 'Enable grsecurity ACL system' CONFIG_GRKERNSEC_ACL
4150 +if [ "$CONFIG_GRKERNSEC_ACL" = "y" ]; then
4151 + int 'Maximum Number of Rulesets for Files, Processes' CONFIG_GR_MAX_RULESET 256
4152 + int 'Seconds in between log messages(minimum)' CONFIG_GR_FLOODTIME 3
4153 + choice 'Default ruleset for programs without acls' \
4154 + "Deny CONFIG_GR_DEF_DENY \
4155 + Allow CONFIG_GR_DEF_ALLOW \
4156 + Deny_if_running_as_root CONFIG_GR_DEF_DENY_ROOT " Allow
4157 + bool 'Enable ACL Debugging Messages' CONFIG_GR_DEBUG
4158 + string 'Path to gradm' CONFIG_GRADM_PATH "/sbin/gradm"
4159 + int 'Maximum tries before password lockout' CONFIG_GR_MAXTRIES 3
4160 + int 'Time to wait after max password tries, in seconds' CONFIG_GR_TIMEOUT 30
4163 +mainmenu_option next_comment
4164 +comment 'Filesystem Protections'
4165 +bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC
4166 +if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then
4167 +bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER
4168 +if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then
4169 +bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP
4170 +if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
4171 +int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001
4175 +bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK
4176 +bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO
4177 +bool 'Secure file descriptors' CONFIG_GRKERNSEC_FD
4178 +bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT
4179 +if [ "$CONFIG_GRKERNSEC_CHROOT" != "n" ]; then
4180 +bool ' Restricted signals' CONFIG_GRKERNSEC_CHROOT_SIG
4181 +bool ' Deny mounts' CONFIG_GRKERNSEC_CHROOT_MOUNT
4182 +bool ' Deny double-chroots' CONFIG_GRKERNSEC_CHROOT_DOUBLE
4183 +bool ' Enforce chdir("/") on all chroots' CONFIG_GRKERNSEC_CHROOT_CHDIR
4184 +bool ' Deny (f)chmod +s' CONFIG_GRKERNSEC_CHROOT_CHMOD
4185 +bool ' Deny mknod' CONFIG_GRKERNSEC_CHROOT_MKNOD
4186 +bool ' Deny ptraces' CONFIG_GRKERNSEC_CHROOT_PTRACE
4187 +bool ' Restrict priority changes' CONFIG_GRKERNSEC_CHROOT_NICE
4189 +bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG
4190 +bool 'Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS
4191 +bool 'Secure keymap loading' CONFIG_GRKERNSEC_KBMAP
4193 +mainmenu_option next_comment
4194 +comment 'Security Logging'
4195 +if [ "$CONFIG_GRKERNSEC_EXECLOG_GROUP" != "y" ]; then
4196 +bool 'Exec logging for all users' CONFIG_GRKERNSEC_EXECLOG
4198 +if [ "$CONFIG_GRKERNSEC_EXECLOG" != "y" ]; then
4199 +bool 'Exec logging for a single group' CONFIG_GRKERNSEC_EXECLOG_GROUP
4200 +if [ "$CONFIG_GRKERNSEC_EXECLOG_GROUP" != "n" ]; then
4201 +int ' GID of logged execs' CONFIG_GRKERNSEC_EXECLOG_GID 1007
4204 +if [ "$CONFIG_GRKERNSEC_SUID_ROOT" != "y" ]; then
4205 +bool 'Set*id logging for all users' CONFIG_GRKERNSEC_SUID
4207 +if [ "$CONFIG_GRKERNSEC_SUID" != "y" ]; then
4208 +bool 'Set*id logging for root' CONFIG_GRKERNSEC_SUID_ROOT
4210 +bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL
4211 +bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL
4212 +bool 'Time change logging' CONFIG_GRKERNSEC_TIME
4214 +mainmenu_option next_comment
4215 +comment 'Executable Protections'
4216 +bool 'Exec process limiting' CONFIG_GRKERNSEC_EXECVE
4217 +bool 'Randomized PIDs' CONFIG_GRKERNSEC_RANDPID
4218 +bool 'Altered default IPC permissions' CONFIG_GRKERNSEC_IPC
4219 +bool 'Limit uid/gid changes to root' CONFIG_GRKERNSEC_TTYROOT
4220 +if [ "$CONFIG_GRKERNSEC_TTYROOT" != "n" ]; then
4221 +bool ' Deny physical consoles (tty)' CONFIG_GRKERNSEC_TTYROOT_PHYS
4222 +bool ' Deny serial consoles (ttyS)' CONFIG_GRKERNSEC_TTYROOT_SERIAL
4223 +bool ' Deny pseudo consoles (pty)' CONFIG_GRKERNSEC_TTYROOT_PSEUDO
4225 +bool 'Fork-bomb protection' CONFIG_GRKERNSEC_FORKBOMB
4226 +if [ "$CONFIG_GRKERNSEC_FORKBOMB" != "n" ]; then
4227 +int ' GID for restricted users' CONFIG_GRKERNSEC_FORKBOMB_GID 1006
4228 +int ' Forks allowed per second' CONFIG_GRKERNSEC_FORKBOMB_SEC 40
4229 +int ' Maximum processes allowed' CONFIG_GRKERNSEC_FORKBOMB_MAX 20
4231 +bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE
4232 +if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then
4233 +bool ' Glibc protection' CONFIG_GRKERNSEC_TPE_GLIBC
4234 +bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL
4235 +int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005
4237 +if [ "$CONFIG_X86" != "n" ]; then
4238 +bool 'Restricted ptrace' CONFIG_GRKERNSEC_PTRACE
4239 +if [ "$CONFIG_GRKERNSEC_PTRACE" != "n" ]; then
4240 +bool ' Allow ptrace for group' CONFIG_GRKERNSEC_PTRACE_GROUP
4241 +if [ "$CONFIG_GRKERNSEC_PTRACE_GROUP" != "n" ]; then
4242 +int ' GID for ptrace' CONFIG_GRKERNSEC_PTRACE_GID 1008
4247 +mainmenu_option next_comment
4248 +comment 'Network Protections'
4249 +bool 'Randomized IP IDs' CONFIG_GRKERNSEC_RANDID
4250 +bool 'Randomized TCP source ports' CONFIG_GRKERNSEC_RANDSRC
4251 +bool 'Altered Ping IDs' CONFIG_GRKERNSEC_RANDPING
4252 +bool 'Randomized TTL' CONFIG_GRKERNSEC_RANDTTL
4253 +if [ "$CONFIG_GRKERNSEC_RANDTTL" != "n" ]; then
4254 +int ' TTL starting point:' CONFIG_GRKERNSEC_RANDTTL_THRESH 64
4256 +bool 'Enhanced network randomness' CONFIG_GRKERNSEC_RANDNET
4257 +bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET
4258 +if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then
4259 +bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL
4260 +if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then
4261 +int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004
4263 +bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT
4264 +if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then
4265 +int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003
4267 +bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER
4268 +if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then
4269 +int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002
4272 +bool 'Stealth networking' CONFIG_GRKERNSEC_STEALTH
4273 +if [ "$CONFIG_GRKERNSEC_STEALTH" != "n" ]; then
4274 +bool ' Do not send RSTs on unserved TCP' CONFIG_GRKERNSEC_STEALTH_RST
4275 +bool ' Do not reply to UDP with ICMP unreachables' CONFIG_GRKERNSEC_STEALTH_UDP
4276 +bool ' Do not process ICMP packets' CONFIG_GRKERNSEC_STEALTH_ICMP
4277 +bool ' Do not reply to IGMP requests' CONFIG_GRKERNSEC_STEALTH_IGMP
4278 +bool ' Drop packets with illegitimate flags' CONFIG_GRKERNSEC_STEALTH_FLAGS
4281 +mainmenu_option next_comment
4282 +comment 'Network Logging'
4283 +bool 'Log requests to unserved TCP ports' CONFIG_GRKERNSEC_STEALTH_RST_LOG
4284 +bool 'Log requests to unserved UDP ports' CONFIG_GRKERNSEC_STEALTH_UDP_LOG
4285 +bool 'Log ICMP packets' CONFIG_GRKERNSEC_STEALTH_ICMP_LOG
4286 +bool 'Log packets with illegitimate flags' CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG
4288 +if [ "$CONFIG_SYSCTL" != "n" ]; then
4289 +mainmenu_option next_comment
4290 +comment 'Sysctl support'
4291 +bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL
4294 +mainmenu_option next_comment
4295 +comment 'Miscellaneous Enhancements'
4296 +bool 'BSD-style coredumps' CONFIG_GRKERNSEC_COREDUMP
4298 diff -urN linux/include/asm-i386/a.out.h linux/include/asm-i386/a.out.h
4299 --- linux/include/asm-i386/a.out.h Fri Jun 16 14:33:06 1995
4300 +++ linux/include/asm-i386/a.out.h Sun Dec 23 19:13:16 2001
4305 +#ifdef CONFIG_GRKERNSEC_STACK
4306 +#define STACK_TOP ((current->flags & PF_STACKEXEC) ? TASK_SIZE - _STK_LIM : TASK_SIZE)
4308 #define STACK_TOP TASK_SIZE
4313 #endif /* __A_OUT_GNU_H__ */
4314 diff -urN linux/include/asm-i386/pgtable.h linux/include/asm-i386/pgtable.h
4315 --- linux/include/asm-i386/pgtable.h Thu Nov 22 14:46:19 2001
4316 +++ linux/include/asm-i386/pgtable.h Sun Dec 23 19:13:16 2001
4317 @@ -192,9 +192,26 @@
4318 #define _PAGE_CHG_MASK (PTE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY)
4320 #define PAGE_NONE __pgprot(_PAGE_PROTNONE | _PAGE_ACCESSED)
4322 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4323 +#define PAGE_SHARED_EXEC __pgprot(_PAGE_PRESENT | _PAGE_RW |_PAGE_USER |_PAGE_ACCESSED)
4324 +#define PAGE_COPY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
4325 +#define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
4327 #define PAGE_SHARED __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | _PAGE_ACCESSED)
4328 #define PAGE_COPY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
4329 #define PAGE_READONLY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
4332 +#ifdef CONFIG_GRKERNSEC_PAX
4333 +#define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED)
4334 +#define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)
4335 +#define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)
4337 +#define PAGE_SHARED_NOEXEC PAGE_SHARED_EXEC
4338 +#define PAGE_COPY_NOEXEC PAGE_COPY_EXEC
4339 +#define PAGE_READONLY_NOEXEC PAGE_READONLY_EXEC
4342 #define __PAGE_KERNEL \
4343 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED)
4344 @@ -228,6 +245,15 @@
4345 * This is the closest we can get..
4347 #define __P000 PAGE_NONE
4348 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4349 +#define __P001 PAGE_READONLY_NOEXEC
4350 +#define __P010 PAGE_COPY_NOEXEC
4351 +#define __P011 PAGE_COPY_NOEXEC
4352 +#define __P100 PAGE_READONLY_EXEC
4353 +#define __P101 PAGE_READONLY_EXEC
4354 +#define __P110 PAGE_COPY_EXEC
4355 +#define __P111 PAGE_COPY_EXEC
4357 #define __P001 PAGE_READONLY
4358 #define __P010 PAGE_COPY
4359 #define __P011 PAGE_COPY
4360 @@ -235,8 +261,18 @@
4361 #define __P101 PAGE_READONLY
4362 #define __P110 PAGE_COPY
4363 #define __P111 PAGE_COPY
4366 #define __S000 PAGE_NONE
4367 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4368 +#define __S001 PAGE_READONLY_NOEXEC
4369 +#define __S010 PAGE_SHARED_NOEXEC
4370 +#define __S011 PAGE_SHARED_NOEXEC
4371 +#define __S100 PAGE_READONLY_EXEC
4372 +#define __S101 PAGE_READONLY_EXEC
4373 +#define __S110 PAGE_SHARED_EXEC
4374 +#define __S111 PAGE_SHARED_EXEC
4376 #define __S001 PAGE_READONLY
4377 #define __S010 PAGE_SHARED
4378 #define __S011 PAGE_SHARED
4380 #define __S101 PAGE_READONLY
4381 #define __S110 PAGE_SHARED
4382 #define __S111 PAGE_SHARED
4386 * Define this if things work differently on an i386 and an i486:
4387 diff -urN linux/include/asm-i386/processor.h linux/include/asm-i386/processor.h
4388 --- linux/include/asm-i386/processor.h Thu Nov 22 14:46:19 2001
4389 +++ linux/include/asm-i386/processor.h Sun Dec 23 19:13:16 2001
4390 @@ -267,11 +267,25 @@
4392 #define TASK_SIZE (PAGE_OFFSET)
4394 +#ifdef CONFIG_GRKERNSEC_STACK
4395 +#define MAGIC_SIGRETURN (PAGE_OFFSET + 0xDE0000)
4396 +#define MAGIC_RT_SIGRETURN (PAGE_OFFSET + 0xDE0001)
4398 /* This decides where the kernel will search for a free chunk of vm
4399 * space during mmap's.
4401 +#ifdef CONFIG_GRKERNSEC_STACK
4402 +extern struct linux_binfmt elf_format;
4403 +#define TASK_UNMAPPED_BASE(size) ( \
4404 + current->binfmt == &elf_format && \
4405 + !(current->flags & PF_STACKEXEC) && \
4406 + (size) < 0x00ef0000UL \
4410 #define TASK_UNMAPPED_BASE (TASK_SIZE / 3)
4414 * Size of io_bitmap in longwords: 32 is ports 0-0x3ff.
4416 @@ -362,6 +376,14 @@
4417 unsigned long __cacheline_filler[5];
4420 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4421 +struct pax_fault_info {
4422 + unsigned long eip;
4423 + unsigned long addresses[4];
4424 + unsigned long count;
4428 struct thread_struct {
4431 @@ -372,6 +394,11 @@
4432 unsigned long debugreg[8]; /* %%db0-7 debug registers */
4434 unsigned long cr2, trap_no, error_code;
4435 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4436 +/* PaX fault info */
4437 + struct pax_fault_info pax_faults;
4440 /* floating point info */
4441 union i387_union i387;
4442 /* virtual 86 mode info */
4443 diff -urN linux/include/linux/a.out.h linux/include/linux/a.out.h
4444 --- linux/include/linux/a.out.h Thu Nov 22 14:46:18 2001
4445 +++ linux/include/linux/a.out.h Sun Dec 23 19:13:16 2001
4447 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
4450 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4451 +/* Constants for the N_FLAGS field */
4452 +#define F_PAX_PAGEEXEC 1 /* Enforce PAGE_EXEC */
4453 +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
4454 +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
4455 +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
4458 #if !defined (N_MAGIC)
4459 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
4463 ((exec).a_info&0x00ffffff) | (((flags) & 0xff) << 24))
4465 +#ifdef CONFIG_GRKERNSEC_STACK
4466 +#define F_STACKEXEC 1
4468 /* Code indicating object file or impure executable. */
4470 /* Code indicating pure executable. */
4471 diff -urN linux/include/linux/binfmts.h linux/include/linux/binfmts.h
4472 --- linux/include/linux/binfmts.h Thu Nov 22 14:46:19 2001
4473 +++ linux/include/linux/binfmts.h Sun Dec 23 19:13:16 2001
4475 #ifndef _LINUX_BINFMTS_H
4476 #define _LINUX_BINFMTS_H
4478 +#include <linux/config.h>
4479 #include <linux/ptrace.h>
4480 #include <linux/capability.h>
4484 char * filename; /* Name of binary */
4485 unsigned long loader, exec;
4486 +#ifdef CONFIG_GRKERNSEC_FD
4488 + int tweak_fd_mask;
4489 + struct file *tweak_fd_null;
4494 diff -urN linux/include/linux/elf.h linux/include/linux/elf.h
4495 --- linux/include/linux/elf.h Thu Nov 22 14:48:29 2001
4496 +++ linux/include/linux/elf.h Sun Dec 23 19:13:16 2001
4499 #define EM_ALPHA 0x9026
4501 +#ifdef CONFIG_GRKERNSEC_STACK
4502 +#define EF_STACKEXEC 1
4505 * This is the old interim value for S/390 architecture
4507 @@ -255,6 +258,13 @@
4508 #define R_MIPS_LOVENDOR 100
4509 #define R_MIPS_HIVENDOR 127
4511 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4512 +/* Constants for the e_flags field */
4513 +#define EF_PAX_PAGEEXEC 1 /* 0: Enforce PAGE_EXEC */
4514 +#define EF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */
4515 +#define EF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */
4516 +#define EF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */
4520 * Sparc ELF relocation types
4521 diff -urN linux/include/linux/fs.h linux/include/linux/fs.h
4522 --- linux/include/linux/fs.h Fri Dec 21 12:42:03 2001
4523 +++ linux/include/linux/fs.h Sun Dec 23 19:13:16 2001
4524 @@ -1047,7 +1047,11 @@
4526 asmlinkage long sys_open(const char *, int, int);
4527 asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */
4528 +#ifdef CONFIG_GRKERNSEC_ACL
4529 +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);
4531 extern int do_truncate(struct dentry *, loff_t start);
4534 extern struct file *filp_open(const char *, int, int);
4535 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
4536 diff -urN linux/include/linux/gracl.h linux/include/linux/gracl.h
4537 --- linux/include/linux/gracl.h Wed Dec 31 19:00:00 1969
4538 +++ linux/include/linux/gracl.h Sun Dec 23 19:13:16 2001
4543 +#include <linux/grsecurity.h>
4544 +#include <linux/grdefs.h>
4547 +/* * * * * * * * * * * * * * * * * * * * *
4548 + * Oblivion kernel Modification
4549 + * Main header file
4550 + * Purpose: define most Oblivion data structures
4551 + * * * * * * * * * * * * * * * * * * * * */
4553 +#define GR_VERSION "grsecurity 2.0"
4561 +#define GR_SET_INHERIT 0
4562 +#define GR_SET_AUTH 1
4563 +#define GR_SET_PROC 2
4564 +/* required headers: <linux/kdev_t.h>, <linux/types.h> */
4566 +/* I need to include linux/fs.h in oblivion.c and it would be
4567 + * overkill to include kdev_t.h twice(once here and once in fs.h)
4568 + * so I just did the other necessary header inclusion before including oblivion.h*/
4572 +#define GR_PW_LEN 129
4573 +#define GR_SHA_SIZE 20
4574 +#define GR_EXTRA_LEN 1025
4576 +/* Begin Data Structures */
4578 + char pw[GR_PW_LEN];
4579 + char extra[GR_EXTRA_LEN];
4580 + __u8 sum[GR_SHA_SIZE]; /* 160-bit SHA hash of the password*/
4581 + __u8 mode; /* On/Off/Restart(Restart is not ready yet..*/
4590 +/* When sorting/searching, we can effectively search obv_file_acl and obv_acl structures since their identifying information(inodes/devs) are the same name and their size, due to the above padding, is also the same*/
4593 + struct file_acl *db;
4598 +/* information about r/w/x info for a file by a process */
4599 +/* Uses a (balanced )binary tree for its implementation...ideas are welcome for
4600 + * a more efficient way however=)*/
4605 + /* to do rules like /tmp * set the dir /tmp rw .. best solution I can find*/
4607 + /* you may consider the file inode, file_dev, and mode to(combined) be the key */
4608 + struct proc_acl *left;
4609 + struct proc_acl *right;
4610 + __u16 height; /* used for avl rebalancing*/
4615 +/* information about a process */
4616 +struct acl_subject {
4620 + kernel_cap_t file_caps; /* capability set*/
4621 + struct proc_acl *tree;
4624 +/* database - contains process ACLs */
4626 + struct acl_subject *db;
4630 +/* Temporary storage--see kernel/oblivion.c */
4636 +/* Begin Capabilities subsection */
4638 +#define CONFIG_GR_MAX_CAP 30
4642 + kernel_cap_t capval;
4646 + struct cap_entry table[CONFIG_GR_MAX_CAP];
4648 +/* End Capabilities subsection */
4649 +/* End Data Structures */
4651 +/* Begin SHA hash section */
4652 +#define SHA1HANDSOFF /* Copies data before messing with it. */
4655 + unsigned long state[5];
4656 + unsigned long count[2];
4657 + unsigned char buffer[64];
4660 +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
4662 +/* blk0() and blk() perform the initial expand. */
4663 +/* I got the idea of expanding during the round function from SSLeay */
4664 +#ifdef __LITTLE_ENDIAN
4665 +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
4666 + |(rol(block->l[i],8)&0x00FF00FF))
4668 +#define blk0(i) block->l[i]
4669 +#endif /* __LITTLE_ENDIAN */
4670 +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
4671 + ^block->l[(i+2)&15]^block->l[i&15],1))
4673 + /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
4674 +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
4675 +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
4676 +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
4677 +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
4678 +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
4679 +/* End SHA hash section */
4680 diff -urN linux/include/linux/grdefs.h linux/include/linux/grdefs.h
4681 --- linux/include/linux/grdefs.h Wed Dec 31 19:00:00 1969
4682 +++ linux/include/linux/grdefs.h Sun Dec 23 19:13:16 2001
4685 +/* Begin Status/Return value declarations */
4688 +#define GR_NOTFOUND -1
4691 +#define GR_LOADING 0x01
4692 +#define GR_DISABLED 0x02
4693 +#define GR_READY 0x04
4694 +#define GR_1ST 0x08
4695 +/* Debugging mode*/
4696 +#define GR_TESTING 0x080
4698 +#ifdef CONFIG_GR_DEF_DENY
4699 +#define GR_DEFAULT GR_DENY
4701 +#ifdef CONFIG_GR_DEF_DENY_ROOT
4702 +#define GR_DEFAULT !(current->euid) ? GR_DENY : GR_ALLOW;
4704 +#ifdef CONFIG_GR_DEF_ALLOW
4705 +#define GR_DEFAULT GR_ALLOW
4708 +/* End Status declarations */
4713 +/* Begin ACL declarations */
4714 +#define GR_READ 0x01
4715 +#define GR_APPEND 0x02
4716 +#define GR_WRITE 0x04
4717 +#define GR_EXEC 0x08
4718 +#define GR_HIDDEN 0x10
4719 +#define GR_OVERRIDE 0x20 /* Override File ACL, useful for proc only*/
4720 +#define GR_PROTECTED 0x40
4721 +#define GR_NONEXISTANT 0x40000000 /* File does not exist, check parent. Done when *checking* for a file's ACL */
4724 +/* Standard stuff done, on to File ACL stuff */
4726 +#define GR_FILE_READ GR_READ
4727 +#define GR_FILE_APPEND GR_APPEND
4728 +#define GR_FILE_WRITE (GR_WRITE | GR_APPEND)
4729 +#define GR_FILE_EXEC GR_EXEC
4730 +#define GR_FILE_HIDDEN GR_HIDDEN
4733 +#define GR_PROC_READ GR_READ
4734 +#define GR_PROC_APPEND GR_APPEND
4735 +#define GR_PROC_WRITE (GR_WRITE|GR_APPEND); /* write access implies append access*/
4736 +#define GR_PROC_EXEC GR_EXEC
4737 +#define GR_PROC_ACCESS GR_HIDDEN
4738 +#define GR_PROC_OVERRIDE GR_OVERRIDE
4739 +#define GR_PROC_HIDDEN GR_HIDDEN /* Hidden, unkillable(except by init) process. Good for hiding your IDSes / logging daemons:)*/
4740 +#define GR_PROC_PROTECTED GR_PROTECTED
4743 +#define GR_REQSUM 0x200 /* Require program to have SHAsum in database*/
4744 +#define GR_INHERIT 0x400 /* Children inherit parent's process acls*/
4745 +#define GR_AUTH 0x100 /* Require secondary authentication before execution*/
4746 +#define GR_AUTH_IF_ROOT 0x800 /* Require secondary authentication IF the user has root priveleges */
4748 +#define GR_FILE_REQSUM GR_REQSUM
4749 +#define GR_FILE_AUTH GR_AUTH
4750 +#define GR_PROC_REQSUM GR_REQSUM
4751 +#define GR_PROC_INHERIT GR_INHERIT
4752 +#define GR_PROC_AUTH GR_AUTH
4753 +#define GR_PROC_AUTH_IF_ROOT GR_AUTH_IF_ROOT
4756 +#define GR_PROC_EXTRA (GR_PROC_OVERRIDE|GR_PROC_REQSUM|GR_PROC_INHERIT|GR_PROC_AUTH)
4757 +/* Extra things that must be checked after a search*/
4759 +#define GR_FILE_EXTRA (GR_FILE_REQSUM|GR_FILE_AUTH)
4760 +#define GR_RW (GR_READ|GR_WRITE)
4761 +#define GR_RX (GR_READ|GR_EXEC)
4762 +#define GR_RWX (GR_READ|GR_WRITE|GR_EXEC)
4764 +/* End ACL Declarations */
4766 diff -urN linux/include/linux/grext.h linux/include/linux/grext.h
4767 --- linux/include/linux/grext.h Wed Dec 31 19:00:00 1969
4768 +++ linux/include/linux/grext.h Sun Dec 23 19:13:16 2001
4770 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
4771 + * Oblivion external header
4772 + * Used for sections of the kernel that must access oblivion
4773 + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4775 +#include <linux/dcache.h>
4776 +#include <linux/sysctl.h>
4777 +#include <linux/grdefs.h>
4779 +extern int gr_status;
4780 +extern int gr_disable;
4781 +extern int gr_check_hidden(struct dentry *dentry, struct vfsmount *mnt);
4782 +extern int gr_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt);
4783 +extern int gr_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt);
4784 +extern int gr_check_hidden_proc(struct task_struct *tsk);
4785 +extern int gr_check_protected(struct task_struct *tsk);
4786 +extern int gr_copy_acl(struct task_struct *tsk);
4787 +extern int gr_proc_handler(ctl_table *table,int write, struct file *filp, void *buffer, size_t *lenp);
4788 diff -urN linux/include/linux/grhash.h linux/include/linux/grhash.h
4789 --- linux/include/linux/grhash.h Wed Dec 31 19:00:00 1969
4790 +++ linux/include/linux/grhash.h Sun Dec 23 19:13:16 2001
4792 +extern void SHA1Init(struct SHA1_CTX *context);
4793 +extern void SHA1Update(struct SHA1_CTX *context, unsigned char *data,unsigned int len);
4794 +extern void SHA1Final(unsigned char digest[20],struct SHA1_CTX *context);
4795 +extern int chkpw(struct admin_pw *entry);
4796 diff -urN linux/include/linux/grsecurity.h linux/include/linux/grsecurity.h
4797 --- linux/include/linux/grsecurity.h Wed Dec 31 19:00:00 1969
4798 +++ linux/include/linux/grsecurity.h Sun Dec 23 19:13:16 2001
4801 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
4802 + * Oblivion external header
4803 + * Used for sections of the kernel that must access oblivion
4804 + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4806 +#include <linux/dcache.h>
4807 +#include <linux/sysctl.h>
4808 +#include <linux/grdefs.h>
4810 +extern int gr_status;
4811 +extern int gr_disable;
4812 +extern int gr_check_hidden(struct dentry *dentry, struct vfsmount *mnt);
4813 +extern int gr_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt);
4814 +extern int gr_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt);
4815 +extern int gr_check_hidden_proc(struct task_struct *tsk);
4816 +extern int gr_check_protected(struct task_struct *tsk);
4817 +extern int gr_copy_acl(struct task_struct *tsk);
4818 +extern int gr_proc_handler(ctl_table *table,int write, struct file *filp, void *buffer, size_t *lenp);
4821 +extern int grsec_enable_link;
4822 +extern int grsec_enable_fifo;
4823 +extern int grsec_enable_fd;
4824 +extern int grsec_enable_execve;
4825 +extern int grsec_enable_forkbomb;
4826 +extern int grsec_forkbomb_gid;
4827 +extern int grsec_forkbomb_sec;
4828 +extern int grsec_forkbomb_max;
4829 +extern int grsec_enable_execlog;
4830 +extern int grsec_enable_execlog_group;
4831 +extern int grsec_execlog_gid;
4832 +extern int grsec_enable_suid;
4833 +extern int grsec_enable_suid_root;
4834 +extern int grsec_enable_signal;
4835 +extern int grsec_enable_coredump;
4836 +extern int grsec_enable_forkfail;
4837 +extern int grsec_enable_time;
4838 +extern int grsec_enable_kbmap;
4839 +extern int grsec_enable_randnet;
4840 +extern int grsec_enable_chroot_sig;
4841 +extern int grsec_enable_chroot_mount;
4842 +extern int grsec_enable_chroot_double;
4843 +extern int grsec_enable_chroot_chdir;
4844 +extern int grsec_enable_chroot_chmod;
4845 +extern int grsec_enable_chroot_mknod;
4846 +extern int grsec_enable_chroot_ptrace;
4847 +extern int grsec_enable_chroot_nice;
4848 +extern int grsec_enable_chroot_execlog;
4849 +extern int grsec_enable_chroot_caps;
4850 +extern int grsec_enable_tpe;
4851 +extern int grsec_tpe_gid;
4852 +extern int grsec_enable_tpe_glibc;
4853 +extern int grsec_enable_tpe_all;
4854 +extern int grsec_enable_ptrace;
4855 +extern int grsec_enable_ptrace_group;
4856 +extern int grsec_ptrace_gid;
4857 +extern int grsec_enable_sidcaps;
4858 +extern int grsec_enable_randpid;
4859 +extern int grsec_enable_randid;
4860 +extern int grsec_enable_randsrc;
4861 +extern int grsec_enable_randping;
4862 +extern int grsec_enable_randttl;
4863 +extern int grsec_randttl_thresh;
4864 +extern int grsec_enable_socket_all;
4865 +extern int grsec_socket_all_gid;
4866 +extern int grsec_enable_socket_client;
4867 +extern int grsec_socket_client_gid;
4868 +extern int grsec_enable_socket_server;
4869 +extern int grsec_socket_server_gid;
4870 +extern int grsec_enable_stealth_rst;
4871 +extern int grsec_enable_stealth_udp;
4872 +extern int grsec_enable_stealth_icmp;
4873 +extern int grsec_enable_stealth_igmp;
4874 +extern int grsec_enable_stealth_flags;
4875 +extern int grsec_enable_stealth_rst_log;
4876 +extern int grsec_enable_stealth_udp_log;
4877 +extern int grsec_enable_stealth_icmp_log;
4878 +extern int grsec_enable_stealth_flags_log;
4879 +extern int grsec_enable_serial_deny;
4880 +extern int grsec_enable_phys_deny;
4881 +extern int grsec_enable_pseudo_deny;
4882 +extern int grsec_enable_ipc;
4883 +extern int grsec_lock;
4885 +extern struct task_struct *child_reaper;
4887 +#define proc_is_chrooted(tsk_a) ((tsk_a->fs->root->d_inode->i_dev != \
4888 + child_reaper->fs->root->d_inode->i_dev) || \
4889 + (tsk_a->fs->root->d_inode->i_ino != \
4890 + child_reaper->fs->root->d_inode->i_ino))
4892 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_dev == \
4893 + tsk_b->fs->root->d_inode->i_dev) && \
4894 + (tsk_a->fs->root->d_inode->i_ino == \
4895 + tsk_b->fs->root->d_inode->i_ino))
4897 +#define DEFAULTSECMSG "(%.16s:%d) UID(%d) EUID(%d), parent (%.16s:%d) " \
4898 + "UID(%d) EUID(%d)"
4900 +#define DEFAULTSECARGS current->comm, current->pid, current->uid, \
4901 + current->euid, current->p_pptr->comm, \
4902 + current->p_pptr->pid, current->p_pptr->uid, \
4903 + current->p_pptr->euid
4905 +#define CHROOTLONGCHECK t->pid && t->fs && t->fs->root && \
4906 + t->fs->root->d_inode && t->p_pptr && \
4907 + current->pid && current->fs && current->fs->root && \
4908 + current->fs->root->d_inode && \
4909 + current->p_pptr && child_reaper && child_reaper->pid && \
4910 + child_reaper->fs && child_reaper->fs->root && \
4911 + child_reaper->fs->root->d_inode && \
4912 + grsec_enable_chroot_sig
4914 +#define is_tty_allowed_for_setid(t_uid,t_uid2,t_uid3,f_name) \
4915 + if(current->tty && (!t_uid || !t_uid2 || !t_uid3) && \
4916 + ((grsec_enable_serial_deny && \
4917 + (current->tty->driver.type == TTY_DRIVER_TYPE_SERIAL)) || \
4918 + (grsec_enable_pseudo_deny && \
4919 + (current->tty->driver.type == TTY_DRIVER_TYPE_PTY)) || \
4920 + (grsec_enable_phys_deny && \
4921 + (current->tty->driver.type == TTY_DRIVER_TYPE_CONSOLE))) \
4923 + security_alert("attempted " f_name " root on " \
4924 + "illegal console by " DEFAULTSECMSG, \
4925 + "attempted " f_name " roots", \
4926 + DEFAULTSECARGS); \
4930 diff -urN linux/include/linux/kernel.h linux/include/linux/kernel.h
4931 --- linux/include/linux/kernel.h Thu Nov 22 14:46:18 2001
4932 +++ linux/include/linux/kernel.h Sun Dec 23 19:13:16 2001
4933 @@ -122,6 +122,29 @@
4934 ((unsigned char *)&addr)[2], \
4935 ((unsigned char *)&addr)[3]
4937 +#ifndef CONFIG_GR_DEBUG
4938 +#define security_alert(normal_msg,flood_msg,args...) \
4940 + static unsigned long warning_time = 0, no_flood_yet = 0; \
4941 + static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED; \
4943 + spin_lock(&security_alert_lock); \
4944 + if(!warning_time || jiffies - warning_time > 30 * HZ) { \
4945 + warning_time = jiffies; no_flood_yet = 1; \
4946 + printk(KERN_ALERT "grsec: " normal_msg "\n", ## args); \
4947 + } else if (no_flood_yet) { \
4948 + warning_time = jiffies; no_flood_yet = 0; \
4949 + printk(KERN_ALERT "grsec: more " flood_msg \
4950 + ", logging disabled for 30 seconds\n"); \
4953 + spin_unlock(&security_alert_lock); \
4956 +#define security_alert(normal_msg, flood_msg, args...) \
4957 +printk(KERN_INFO normal_msg "\n", ## args)
4960 #define HIPQUAD(addr) \
4961 ((unsigned char *)&addr)[3], \
4962 ((unsigned char *)&addr)[2], \
4963 diff -urN linux/include/linux/mm.h linux/include/linux/mm.h
4964 --- linux/include/linux/mm.h Fri Dec 21 12:42:03 2001
4965 +++ linux/include/linux/mm.h Sun Dec 23 19:13:16 2001
4966 @@ -103,7 +103,11 @@
4967 #define VM_DONTEXPAND 0x00040000 /* Cannot expand with mremap() */
4968 #define VM_RESERVED 0x00080000 /* Don't unmap it from swap_out */
4970 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
4971 +#define VM_STACK_FLAGS 0x00000133
4973 #define VM_STACK_FLAGS 0x00000177
4976 #define VM_READHINTMASK (VM_SEQ_READ | VM_RAND_READ)
4977 #define VM_ClearReadHint(v) (v)->vm_flags &= ~VM_READHINTMASK
4978 diff -urN linux/include/linux/proc_fs.h linux/include/linux/proc_fs.h
4979 --- linux/include/linux/proc_fs.h Thu Nov 22 14:46:23 2001
4980 +++ linux/include/linux/proc_fs.h Sun Dec 23 19:13:16 2001
4982 extern struct proc_dir_entry *proc_mknod(const char *,mode_t,
4983 struct proc_dir_entry *,kdev_t);
4984 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);
4985 +#ifdef CONFIG_GRKERNSEC_PROC
4986 +extern struct proc_dir_entry *proc_priv_mkdir(const char *, mode_t mode, struct proc_dir_entry *);
4989 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
4990 mode_t mode, struct proc_dir_entry *base,
4991 diff -urN linux/include/linux/sched.h linux/include/linux/sched.h
4992 --- linux/include/linux/sched.h Fri Dec 21 12:42:03 2001
4993 +++ linux/include/linux/sched.h Sun Dec 23 19:13:16 2001
5002 @@ -225,6 +226,12 @@
5003 unsigned long cpu_vm_mask;
5004 unsigned long swap_address;
5006 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
5007 + unsigned long delta_mmap; /* PaX: randomized offset */
5008 + unsigned long delta_exec; /* PaX: randomized offset */
5009 + unsigned long delta_stack; /* PaX: randomized offset */
5012 unsigned dumpable:1;
5014 /* Architecture-specific MM context */
5015 @@ -401,6 +408,10 @@
5016 int (*notifier)(void *priv);
5017 void *notifier_data;
5018 sigset_t *notifier_mask;
5020 +#ifdef CONFIG_GRKERNSEC_ACL
5024 /* Thread group tracking */
5026 @@ -430,6 +441,13 @@
5028 #define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */
5030 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
5031 +#define PF_PAX_PAGEEXEC 0x01000000 /* PaX: Enforce PAGE_EXEC */
5032 +#define PF_PAX_EMUTRAMP 0x02000000 /* PaX: Emulate trampolines */
5033 +#define PF_PAX_MPROTECT 0x04000000 /* PaX: Restrict mprotect() */
5034 +#define PF_PAX_RANDMMAP 0x08000000 /* PaX: Randomize mmap() base */
5040 @@ -437,8 +455,18 @@
5041 #define PT_PTRACED 0x00000001
5042 #define PT_TRACESYS 0x00000002
5043 #define PT_DTRACE 0x00000004 /* delayed trace (used on m68k, i386) */
5044 +#ifdef CONFIG_GRKERNSEC_STACK
5045 +#define PF_STACKEXEC 0x01000000
5047 #define PT_TRACESYSGOOD 0x00000008
5048 #define PT_PTRACE_CAP 0x00000010 /* ptracer can follow suid-exec */
5050 +#if defined(CONFIG_GRKERNSEC_PAX) || defined(CONFIG_GRKERNSEC_PAX_RANDMMAP)
5051 +/* PaX: for handling DTLB trashing */
5052 +#define PT_PAX_TRACE 0x00000020
5053 +#define PT_PAX_KEEPTF 0x00000040
5054 +#define PT_PAX_OLDTF 0x00000080
5058 * Limit the stack by to some sane default: root can always
5059 diff -urN linux/include/linux/sysctl.h linux/include/linux/sysctl.h
5060 --- linux/include/linux/sysctl.h Mon Nov 26 08:29:17 2001
5061 +++ linux/include/linux/sysctl.h Sun Dec 23 19:13:16 2001
5064 KERN_KDB=55, /* int: mdb on/off */
5065 #endif /* CONFIG_KDB */
5066 + KERN_GRSECURITY=68, /* grsecurity */
5067 + KERN_OBV = 69 /* struct obv_pw, controls oblivion*/
5071 diff -urN linux/include/net/inetpeer.h linux/include/net/inetpeer.h
5072 --- linux/include/net/inetpeer.h Thu Nov 22 14:47:11 2001
5073 +++ linux/include/net/inetpeer.h Sun Dec 23 19:13:16 2001
5075 #include <linux/sched.h>
5076 #include <linux/spinlock.h>
5077 #include <asm/atomic.h>
5078 +#include <linux/config.h>
5079 +#ifdef CONFIG_GRKERNSEC_RANDID
5080 +#include <linux/grsecurity.h>
5081 +extern __u16 ip_randomid(void);
5089 spin_lock_bh(&inet_peer_idlock);
5090 +#ifdef CONFIG_GRKERNSEC_RANDID
5091 + if(grsec_enable_randid)
5092 + id = htons(ip_randomid());
5095 id = p->ip_id_count++;
5096 spin_unlock_bh(&inet_peer_idlock);
5098 diff -urN linux/include/net/ip.h linux/include/net/ip.h
5099 --- linux/include/net/ip.h Thu Nov 22 14:47:15 2001
5100 +++ linux/include/net/ip.h Sun Dec 23 19:13:16 2001
5103 #include <net/sock.h> /* struct sock */
5105 +#ifdef CONFIG_GRKERNSEC_RANDID
5106 +#include <linux/grsecurity.h>
5107 +extern __u16 ip_randomid(void);
5110 struct inet_skb_parm
5112 struct ip_options opt; /* Compiled IP options */
5113 @@ -196,6 +201,11 @@
5114 * does not change, they drop every other packet in
5115 * a TCP stream using header compression.
5117 +#ifdef CONFIG_GRKERNSEC_RANDID
5118 + if(grsec_enable_randid)
5119 + iph->id = htons(ip_randomid());
5122 iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
5124 __ip_select_ident(iph, dst);
5125 diff -urN linux/init/main.c linux/init/main.c
5126 --- linux/init/main.c Fri Dec 21 12:42:04 2001
5127 +++ linux/init/main.c Sun Dec 23 19:13:16 2001
5129 #include <asm/smp.h>
5132 +#ifdef CONFIG_GRKERNSEC_ACL
5133 +#include <linux/grsecurity.h>
5139 * Versions of gcc older than that listed below may actually compile
5140 * and link okay, but the end product can have subtle run time bugs.
5141 @@ -107,6 +113,12 @@
5142 extern void ipc_init(void);
5145 +#ifdef CONFIG_GRKERNSEC_ACL
5146 +static __init int gr_setup(char *line);
5152 * Boot command-line arguments
5154 @@ -307,6 +319,19 @@
5157 __setup("root=", root_dev_setup);
5159 +#ifdef CONFIG_GRKERNSEC_ACL
5160 +static int __init gr_setup(char *str)
5162 +#ifdef CONFIG_GR_DEBUG
5163 + security_alert("Grsecurity: got %.3s at startup","",str);
5165 + if(*str == '0') gr_disable = 1;
5168 +__setup("oblivion=",gr_setup);
5172 static int __init checksetup(char *line)
5174 diff -urN linux/ipc/msg.c linux/ipc/msg.c
5175 --- linux/ipc/msg.c Fri Sep 14 17:17:00 2001
5176 +++ linux/ipc/msg.c Sun Dec 23 19:13:16 2001
5178 #include <linux/proc_fs.h>
5179 #include <linux/list.h>
5180 #include <asm/uaccess.h>
5181 +#ifdef CONFIG_GRKERNSEC_IPC
5182 +#include <linux/grsecurity.h>
5187 @@ -127,7 +130,14 @@
5191 +#ifdef CONFIG_GRKERNSEC_IPC
5192 + if(grsec_enable_ipc)
5193 + msq->q_perm.mode = (msgflg & ~current->fs->umask);
5195 + msq->q_perm.mode = (msgflg & S_IRWXUGO);
5197 msq->q_perm.mode = (msgflg & S_IRWXUGO);
5199 msq->q_perm.key = key;
5201 msq->q_stime = msq->q_rtime = 0;
5202 @@ -545,8 +555,17 @@
5204 ipcp->uid = setbuf.uid;
5205 ipcp->gid = setbuf.gid;
5206 +#ifdef CONFIG_GRKERNSEC_IPC
5207 + if(grsec_enable_ipc)
5208 + ipcp->mode = (ipcp->mode & ~current->fs->umask) |
5209 + (~current->fs->umask & setbuf.mode);
5211 + ipcp->mode = (ipcp->mode & ~S_IRWXUGO) |
5212 + (S_IRWXUGO & setbuf.mode);
5214 ipcp->mode = (ipcp->mode & ~S_IRWXUGO) |
5215 (S_IRWXUGO & setbuf.mode);
5217 msq->q_ctime = CURRENT_TIME;
5218 /* sleeping receivers might be excluded by
5219 * stricter permissions.
5220 diff -urN linux/ipc/sem.c linux/ipc/sem.c
5221 --- linux/ipc/sem.c Sun Sep 30 15:26:42 2001
5222 +++ linux/ipc/sem.c Sun Dec 23 19:13:16 2001
5224 #include <linux/init.h>
5225 #include <linux/proc_fs.h>
5226 #include <asm/uaccess.h>
5227 +#ifdef CONFIG_GRKERNSEC_IPC
5228 +#include <linux/grsecurity.h>
5233 @@ -135,7 +138,14 @@
5237 +#ifdef CONFIG_GRKERNSEC_IPC
5238 + if(grsec_enable_ipc)
5239 + sma->sem_perm.mode = (semflg & ~current->fs->umask);
5241 + sma->sem_perm.mode = (semflg & S_IRWXUGO);
5243 sma->sem_perm.mode = (semflg & S_IRWXUGO);
5245 sma->sem_perm.key = key;
5247 sma->sem_base = (struct sem *) &sma[1];
5248 @@ -733,8 +743,17 @@
5250 ipcp->uid = setbuf.uid;
5251 ipcp->gid = setbuf.gid;
5252 +#ifdef CONFIG_GRKERNSEC_IPC
5253 + if(grsec_enable_ipc)
5254 + ipcp->mode = (ipcp->mode & ~current->fs->umask)
5255 + | (setbuf.mode & ~current->fs->umask);
5257 + ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
5258 + | (setbuf.mode & S_IRWXUGO);
5260 ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
5261 | (setbuf.mode & S_IRWXUGO);
5263 sma->sem_ctime = CURRENT_TIME;
5266 diff -urN linux/ipc/shm.c linux/ipc/shm.c
5267 --- linux/ipc/shm.c Fri Dec 21 12:42:04 2001
5268 +++ linux/ipc/shm.c Sun Dec 23 19:13:16 2001
5270 #include <linux/mman.h>
5271 #include <linux/proc_fs.h>
5272 #include <asm/uaccess.h>
5273 +#ifdef CONFIG_GRKERNSEC_IPC
5274 +#include <linux/grsecurity.h>
5279 @@ -202,7 +205,14 @@
5282 shp->shm_perm.key = key;
5283 +#ifdef CONFIG_GRKERNSEC_IPC
5284 + if(grsec_enable_ipc)
5285 + shp->shm_flags = (shmflg & ~current->fs->umask);
5287 + shp->shm_flags = (shmflg & S_IRWXUGO);
5289 shp->shm_flags = (shmflg & S_IRWXUGO);
5291 shp->shm_cprid = current->pid;
5293 shp->shm_atim = shp->shm_dtim = 0;
5294 @@ -541,8 +551,17 @@
5296 shp->shm_perm.uid = setbuf.uid;
5297 shp->shm_perm.gid = setbuf.gid;
5298 +#ifdef CONFIG_GRKERNSEC_IPC
5299 + if(grsec_enable_ipc)
5300 + shp->shm_flags = (shp->shm_flags & ~current->fs->umask)
5301 + | (setbuf.mode & ~current->fs->umask);
5303 + shp->shm_flags = (shp->shm_flags & ~S_IRWXUGO)
5304 + | (setbuf.mode & S_IRWXUGO);
5306 shp->shm_flags = (shp->shm_flags & ~S_IRWXUGO)
5307 | (setbuf.mode & S_IRWXUGO);
5309 shp->shm_ctim = CURRENT_TIME;
5312 diff -urN linux/kernel/Makefile linux/kernel/Makefile
5313 --- linux/kernel/Makefile Mon Sep 17 00:22:40 2001
5314 +++ linux/kernel/Makefile Sun Dec 23 19:13:16 2001
5316 obj-y = sched.o dma.o fork.o exec_domain.o panic.o printk.o \
5317 module.o exit.o itimer.o info.o time.o softirq.o resource.o \
5318 sysctl.o acct.o capability.o ptrace.o timer.o user.o \
5319 - signal.o sys.o kmod.o context.o syscall_ksyms.o
5320 + signal.o sys.o grsecurity.o kmod.o context.o syscall_ksyms.o
5322 obj-$(CONFIG_UID16) += uid16.o
5323 obj-$(CONFIG_MODULES) += ksyms.o
5324 obj-$(CONFIG_PM) += pm.o
5325 +obj-$(CONFIG_GRKERNSEC_ACL) += gracl.o grsort.o grhash.o
5326 obj-$(CONFIG_KALLSYMS) += kallsyms.o
5328 ifneq ($(CONFIG_IA64),y)
5329 diff -urN linux/kernel/exit.c linux/kernel/exit.c
5330 --- linux/kernel/exit.c Wed Nov 21 17:42:27 2001
5331 +++ linux/kernel/exit.c Sun Dec 23 19:13:16 2001
5333 #include <asm/pgtable.h>
5334 #include <asm/mmu_context.h>
5336 +#ifdef CONFIG_GRKERNSEC_RANDPID
5337 +#include <linux/grsecurity.h>
5340 extern void sem_exit (void);
5341 extern struct task_struct *child_reaper;
5343 @@ -416,6 +420,10 @@
5344 write_unlock_irq(&tasklist_lock);
5347 +#ifdef CONFIG_GRKERNSEC_RANDPID
5348 +pid_t last_pids[64];
5351 NORET_TYPE void do_exit(long code)
5353 struct task_struct *tsk = current;
5354 @@ -436,6 +444,12 @@
5358 +#ifdef CONFIG_GRKERNSEC_RANDPID
5359 + if(grsec_enable_randpid){
5360 + last_pids[cur_n_pids++] = tsk -> pid;
5367 diff -urN linux/kernel/fork.c linux/kernel/fork.c
5368 --- linux/kernel/fork.c Wed Nov 21 13:18:42 2001
5369 +++ linux/kernel/fork.c Sun Dec 23 19:13:16 2001
5371 #include <linux/vmalloc.h>
5372 #include <linux/completion.h>
5373 #include <linux/personality.h>
5374 +#ifdef CONFIG_GRKERNSEC_RANDPID
5375 +#include <linux/random.h>
5378 +#if defined(CONFIG_GRKERNSEC_FORKFAIL)||defined(CONFIG_GRKERNSEC_RANDPID) \
5379 + || defined(CONFIG_GRKERNSEC_FORKBOMB) || defined(CONFIG_GRKERNSEC_ACL)
5380 +#include <linux/grsecurity.h>
5383 #include <asm/pgtable.h>
5384 #include <asm/pgalloc.h>
5385 #include <asm/uaccess.h>
5386 #include <asm/mmu_context.h>
5388 +#ifdef CONFIG_GRKERNSEC_RANDPID
5389 +extern struct entropy_store *random_state;
5390 +extern struct entropy_store *sec_random_state;
5393 /* The idle threads do not count.. */
5397 /* Protects next_safe and last_pid. */
5398 spinlock_t lastpid_lock = SPIN_LOCK_UNLOCKED;
5400 +#ifdef CONFIG_GRKERNSEC_RANDPID
5401 +extern pid_t last_pids[64];
5402 +extern int cur_n_pids;
5405 static int get_pid(unsigned long flags)
5407 static int next_safe = PID_MAX;
5408 +#ifdef CONFIG_GRKERNSEC_RANDPID
5412 struct task_struct *p;
5414 if (flags & CLONE_PID)
5415 @@ -91,32 +113,72 @@
5417 spin_lock(&lastpid_lock);
5418 if((++last_pid) & 0xffff8000) {
5419 +#ifdef CONFIG_GRKERNSEC_RANDPID
5420 + if(!grsec_enable_randpid || (current->p_pptr->pid < 1))
5422 last_pid = 300; /* Skip daemons etc. */
5425 - if(last_pid >= next_safe) {
5427 +#ifdef CONFIG_GRKERNSEC_RANDPID
5428 + (grsec_enable_randpid && (current->p_pptr->pid >= 1))?2:
5432 +#ifdef CONFIG_GRKERNSEC_RANDPID
5433 + if(!grsec_enable_randpid || (current->p_pptr->pid < 1))
5435 next_safe = PID_MAX;
5436 read_lock(&tasklist_lock);
5438 +#ifdef CONFIG_GRKERNSEC_RANDPID
5439 + if (grsec_enable_randpid && (current->p_pptr->pid >= 1)) {
5440 + if((random_state) || (sec_random_state)){
5442 + get_random_bytes(&last_pid, sizeof(last_pid));
5443 + last_pid %= PID_MAX;
5445 + last_pid = -1 * last_pid;
5446 + } while (last_pid <= 1);
5448 + last_pid = 1+((xtime.tv_usec * total_forks) % PID_MAX);
5449 + for(loops=0;loops<64;loops++){
5450 + if(last_pids[loops] == last_pid)
5457 if(p->pid == last_pid ||
5458 p->pgrp == last_pid ||
5459 p->tgid == last_pid ||
5460 p->session == last_pid) {
5461 - if(++last_pid >= next_safe) {
5463 +#ifdef CONFIG_GRKERNSEC_RANDPID
5464 + (!grsec_enable_randpid ||
5465 + (current->p_pptr->pid < 1)) &&
5467 + ++last_pid >= next_safe) {
5468 if(last_pid & 0xffff8000)
5470 next_safe = PID_MAX;
5474 +#ifdef CONFIG_GRKERNSEC_RANDPID
5475 + if(!grsec_enable_randpid ||
5476 + (current->p_pptr->pid < 1)){
5478 if(p->pid > last_pid && next_safe > p->pid)
5480 if(p->pgrp > last_pid && next_safe > p->pgrp)
5481 next_safe = p->pgrp;
5482 if(p->session > last_pid && next_safe > p->session)
5483 next_safe = p->session;
5484 +#ifdef CONFIG_GRKERNSEC_RANDPID
5488 read_unlock(&tasklist_lock);
5490 @@ -565,6 +627,39 @@
5492 struct task_struct *p;
5493 struct completion vfork;
5494 +#ifdef CONFIG_GRKERNSEC_FORKBOMB
5496 + int sec_forks = 0;
5497 + int user_tasks = 0;
5498 + unsigned long curr_time = jiffies;
5500 +fork_user = current->uid;
5501 +if(grsec_enable_forkbomb) {
5502 +if(in_group_p(grsec_forkbomb_gid) && fork_user){
5503 + read_lock(&tasklist_lock);
5506 + if ((p->uid) == fork_user)
5509 + if ( (curr_time - (p->start_time)) <= 100)
5513 + read_unlock(&tasklist_lock);
5515 + if (user_tasks >= grsec_forkbomb_max){
5516 + security_alert("max process limit reached with "
5517 + DEFAULTSECMSG,"max proc limits reached",DEFAULTSECARGS);
5518 + return(kill_pg(current->pgrp,SIGKILL,0));
5519 + } else if (sec_forks >= grsec_forkbomb_sec){
5520 + security_alert("fork rate-limit reached with "
5521 + DEFAULTSECMSG,"fork rate-limits reached", DEFAULTSECARGS);
5522 + return(kill_pg(current->pgrp,SIGKILL,0));
5530 @@ -661,6 +756,11 @@
5531 goto bad_fork_cleanup_fs;
5532 if (copy_mm(clone_flags, p))
5533 goto bad_fork_cleanup_sighand;
5534 +#ifdef CONFIG_GRKERNSEC_ACL
5535 + if (gr_copy_acl(p))
5536 + goto bad_fork_cleanup_sighand;
5539 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
5541 goto bad_fork_cleanup_mm;
5542 @@ -747,6 +847,11 @@
5545 free_task_struct(p);
5546 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
5547 + if(grsec_enable_forkfail)
5548 + security_alert("failed fork with errno %d by " DEFAULTSECMSG,
5549 + "failed forks",retval, DEFAULTSECARGS);
5554 diff -urN linux/kernel/gracl.c linux/kernel/gracl.c
5555 --- linux/kernel/gracl.c Wed Dec 31 19:00:00 1969
5556 +++ linux/kernel/gracl.c Sun Dec 23 19:13:16 2001
5558 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
5559 + * Oblivion: A Security-Enhancing Linux Kernel Modification
5560 + * Author: Michael Dalton
5561 + * E-Mail: michael@linux.com
5562 + * Information: This modification is designed to give
5563 + * fine-tuned control over processes, to prevent
5564 + * the damage of buffer overflows by disallowing them to run or
5565 + * write to anything that is abnormal. It also protects files from
5566 + * access by unauthorized programs(read only/append only/hidden modes)
5567 + * and has capability management features.
5570 + * 4-20-2001 - Began development of OPM .3
5571 + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5573 +/* Access Layers */
5576 + * file database -> file info
5580 + * process database -> process entry (and capabilities) -> process file access rights
5583 +#include <linux/kernel.h>
5584 +#include <linux/mm.h>
5585 +#include <linux/ctype.h>
5586 +#include <asm/uaccess.h>
5587 +#include <asm/errno.h>
5588 +#include <linux/file.h>
5589 +#include <linux/fs.h>
5590 +#include <linux/slab.h>
5591 +#include <linux/types.h>
5592 +#include <linux/capability.h>
5593 +#include <linux/sched.h>
5594 +#include <linux/gracl.h>
5595 +#include <linux/grhash.h>
5596 +#include <linux/sysctl.h>
5599 +#define SET_INHERIT 2
5602 +#define PROC_CONF "/etc/grsec/proc.acl"
5603 +#define FILE_CONF "/etc/grsec/file.acl"
5604 +#define PW_CONF "/etc/grsec/pw"
5605 +#define GRADM_ACL CONFIG_GRADM_PATH ## " fx"
5606 +#define GODMODE_ACL "/ frwxoi"
5607 +/* i.e. this would become "/sbin/gradm x" for executable access only to
5608 + * /sbin/gradm (and find it if its hidden) */
5610 +#define empty_tree (struct proc_acl *) NULL
5612 +#define heightof(tree) ( (tree == empty_tree) ? 0 : (tree->height) )
5614 +#define INIT_CAP_TABLE(table) \
5615 +table[0].capname = "CAP_CHOWN";\
5616 +table[0].capval = CAP_CHOWN; \
5617 +table[1].capname = "CAP_DAC_OVERRIDE"; \
5618 +table[1].capval = CAP_DAC_OVERRIDE; \
5619 +table[2].capname = "CAP_DAC_READ_SEARCH"; \
5620 +table[2].capval = CAP_DAC_READ_SEARCH; \
5621 +table[3].capname = "CAP_FOWNER"; \
5622 +table[3].capval = CAP_FOWNER; \
5623 +table[4].capname = "CAP_FSETID"; \
5624 +table[4].capval = CAP_FSETID; \
5625 +table[5].capname = "CAP_FS_MASK"; \
5626 +table[5].capval = CAP_FS_MASK; \
5627 +table[6].capname = "CAP_KILL"; \
5628 +table[6].capval = CAP_KILL; \
5629 +table[7].capname = "CAP_SETGID"; \
5630 +table[7].capval = CAP_SETGID; \
5631 +table[8].capname = "CAP_SETUID"; \
5632 +table[8].capval = CAP_SETUID; \
5633 +table[9].capname = "CAP_SETPCAP"; \
5634 +table[9].capval = CAP_SETPCAP; \
5635 +table[10].capname = "CAP_LINUX_IMMUTABLE"; \
5636 +table[10].capval = CAP_LINUX_IMMUTABLE; \
5637 +table[11].capname = "CAP_NET_BIND_SERVICE"; \
5638 +table[11].capval = CAP_NET_BIND_SERVICE; \
5639 +table[12].capname = "CAP_NET_BROADCAST"; \
5640 +table[12].capval = CAP_NET_BROADCAST;\
5641 +table[13].capname = "CAP_NET_ADMIN"; \
5642 +table[13].capval = CAP_NET_ADMIN; \
5643 +table[14].capname = "CAP_NET_RAW"; \
5644 +table[14].capval = CAP_NET_RAW; \
5645 +table[15].capname = "CAP_IPC_LOCK"; \
5646 +table[15].capval = CAP_IPC_LOCK; \
5647 +table[16].capname = "CAP_IPC_OWNER"; \
5648 +table[16].capval = CAP_IPC_OWNER; \
5649 +table[17].capname = "CAP_SYS_MODULE"; \
5650 +table[17].capval = CAP_SYS_MODULE; \
5651 +table[18].capname = "CAP_SYS_RAWIO"; \
5652 +table[18].capval = CAP_SYS_RAWIO; \
5653 +table[19].capname = "CAP_SYS_CHROOT"; \
5654 +table[19].capval = CAP_SYS_CHROOT; \
5655 +table[20].capname = "CAP_SYS_PTRACE"; \
5656 +table[20].capval = CAP_SYS_PTRACE; \
5657 +table[21].capname = "CAP_SYS_PACCT"; \
5658 +table[21].capval = CAP_SYS_PACCT; \
5659 +table[22].capname = "CAP_SYS_ADMIN"; \
5660 +table[22].capval = CAP_SYS_ADMIN; \
5661 +table[23].capname = "CAP_SYS_BOOT"; \
5662 +table[23].capval = CAP_SYS_BOOT; \
5663 +table[24].capname = "CAP_SYS_NICE"; \
5664 +table[24].capval = CAP_SYS_NICE; \
5665 +table[25].capname = "CAP_SYS_RESOURCE"; \
5666 +table[25].capval = CAP_SYS_RESOURCE; \
5667 +table[26].capname = "CAP_SYS_TIME"; \
5668 +table[26].capval = CAP_SYS_TIME; \
5669 +table[27].capname = "CAP_SYS_TTY_CONFIG"; \
5670 +table[27].capval = CAP_SYS_TTY_CONFIG; \
5671 +table[28].capname = "CAP_MKNOD"; \
5672 +table[28].capval = CAP_MKNOD; \
5673 +table[29].capname = "CAP_LEASE"; \
5674 +table[29].capval = CAP_LEASE;
5676 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
5677 + * Global variables
5678 + * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * */
5680 +int _enable_acl_load = 0;
5681 +int gr_disable = 0; /* handles boot time disabling of oblivion*/
5682 +static struct proc_db procdb;
5683 +static struct file_db filedb;
5684 +/* Main variables for holding the rulesets*/
5685 +static spinlock_t gr_lock = SPIN_LOCK_UNLOCKED;
5686 +__u8 gr_status = (GR_1ST | GR_DISABLED);
5687 +struct admin_pw pwent;
5688 +struct capset * caplist;
5689 +struct acl_subject god = { 0,0,0,~0,empty_tree};
5690 +/* iddqd style god mode;) Full caps/access rights*/
5691 +extern kdev_t ROOT_DEV;
5692 +struct acl_subject auth = { 0,0,(__u8)GR_PROC_AUTH,CAP_INIT_EFF_SET,empty_tree };
5693 +/* acl for authentication mode */
5695 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
5696 + * Sorting Routines
5697 + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5701 +static __inline__ int procacl_less(const struct acl_temp *a, const struct proc_acl *b)
5703 + return ( (a->inode < b->inode) || ( (a->inode == b->inode) && (a->device < b->device) ) ) ? 1 : 0;
5706 +static __inline__ int procacl_eq(const struct acl_temp *a, const struct proc_acl *b)
5708 + return ( (a->inode == b->inode) && (a->device == b->device) ) ? 1:0;
5712 +static __inline__ int acl_eq(const struct acl_subject *a, const struct acl_subject *b)
5714 + return ( (a->inode == b->inode) && (a->device == b->device)) ? 1 : 0;
5717 +extern void qsort(void *const pbase,size_t total_elems,size_t size,int (*cmp) (const void *, const void *));
5719 +static __inline__ int file_acl_cmp(const void *va, const void *vb)
5721 + struct file_acl *a = (struct file_acl *) va;
5722 + struct file_acl *b = (struct file_acl *) vb;
5723 + if (a->inode < b->inode)
5725 + else if(a->inode == b->inode) {
5726 + if(a->device < b->device)
5728 + else if(a->device == b->device)
5734 +static __inline__ int fileacl_less(const struct file_acl *f1, const struct acl_temp *f2) {
5735 + return ( ((f1->inode < f2->inode)) || (f1->inode == f2->inode && f1->device < f2->device) ) ? 1 : 0;
5738 +static __inline__ int fileacl_eq(const struct file_acl *f1, const struct acl_temp *f2) {
5739 + return ( (f1->inode == f2->inode) && (f1->device == f2->device)) ? 1 : 0;
5741 +static __inline__ int acl_cmp(const void *va, const void *vb)
5743 + struct acl_subject *a = (struct acl_subject *) va;
5744 + struct acl_subject *b = (struct acl_subject *) vb;
5745 + if (a->inode < b->inode)
5748 + else if(a->inode == b->inode) {
5749 + if(a->device < b->device)
5751 + else if(a->device == b->device)
5756 +#define acl_less(a,b) (((acl_cmp((const void *)a,(const void *)b)) < 0))
5758 +static struct proc_acl * avl_rotl(struct proc_acl *tree)
5760 + struct proc_acl *tmp = tree->right;
5761 + tree->right = tmp->left;
5763 + if(heightof(tree->left) >= heightof(tree->right))
5764 + tree->height = heightof(tree->left) +1;
5766 + tree->height = heightof(tree->right) + 1;
5767 + if(heightof(tmp->left) >= heightof(tmp->right))
5768 + tmp->height = heightof(tmp->left) + 1;
5770 + tmp->height = heightof(tmp->right) + 1;
5774 +static struct proc_acl * avl_rotr(struct proc_acl *tree)
5776 + struct proc_acl *tmp = tree->left;
5777 + tree->left = tmp->right;
5778 + tmp->right = tree;
5779 + if(heightof(tree->left) >= heightof(tree->right))
5780 + tree->height=heightof(tree->left) + 1;
5782 + tree->height = heightof(tree->right) + 1;
5783 + if(heightof(tmp->left) >= heightof(tmp->right))
5784 + tmp->height = heightof(tmp->left) + 1;
5786 + tmp->height = heightof(tmp->right) + 1;
5790 +static struct proc_acl * avl_drlr(struct proc_acl *tree) {
5791 + tree->right = avl_rotr(tree->right);
5792 + return avl_rotl(tree);
5795 +static struct proc_acl * avl_dlrr(struct proc_acl *tree) {
5796 + tree->left = avl_rotl(tree->left);
5797 + return avl_rotr(tree);
5801 +static void acl_sort(void)
5803 + qsort((void *)procdb.db,procdb.max_ref,sizeof(struct acl_subject),acl_cmp);
5804 + qsort((void *)filedb.db,filedb.max_ref,sizeof(struct file_acl),file_acl_cmp);
5807 +#ifdef CONFIG_GR_SUPERDEBUG
5808 +static void list_file_acls(void)
5811 + for(i=0;i<filedb.max_ref;i++) {
5812 + security_alert("File ACL pos %d has inode %ld dev %d mode %x","",
5813 + i,filedb.db[i].inode,filedb.db[i].device,
5814 + filedb.db[i].mode);
5818 +static void traverse(struct proc_acl *head)
5823 + security_alert("Tree: %ld %d %x","",head->inode,head->device,
5825 + if(head->left != empty_tree) {
5826 + security_alert("Doing left proc acl","");
5827 + traverse(head->left);
5829 + if(head->right != empty_tree) {
5830 + security_alert("Doing right proc acl","");
5831 + traverse(head->right);
5835 +static void obv_list_proc_acls(void)
5838 + for(i=0;i<procdb.max_ref;i++) {
5839 + security_alert("ACL pos %d has inode %ld dev %d","",i,
5840 + procdb.db[i].inode,procdb.db[i].device);
5841 + security_alert("ACL tree is..","");
5842 + traverse(procdb.db[i].tree);
5847 +/* * * * * * * * * * * * * * * * * * * * * * * * * * *
5848 + * Config file management
5849 + * Yikes! If anyone has cleanup ideas I'd love to hear em
5850 + * * * * * * * * * * * * * * * * * * * * * * * * * * */
5855 +static int add_pw_conf(void)
5857 + struct file *filp;
5859 + mm_segment_t old_fs = get_fs();
5860 + filp = filp_open(PW_CONF, O_RDONLY, O_RDONLY);
5861 + if( ( IS_ERR(filp) ) || (filp == NULL) || (!(filp->f_op->read)) ) {
5862 + security_alert("Could not open config file %.1024s",
5863 + "config file open errors",
5868 + set_fs(KERNEL_DS);
5869 + retval = filp->f_op->read(filp,pwent.sum,sizeof(pwent.sum)/sizeof(pwent.sum[0]),&filp->f_pos);
5871 + if(retval != sizeof(pwent.sum)/sizeof(pwent.sum[0])) {
5872 + security_alert("Invalid pw entry detected, got %d wanted %d",
5873 + "password file errors",
5874 + retval,sizeof(pwent.sum));
5876 + } else retval = 0;
5877 + filp_close(filp,NULL);
5884 +static int add_file_acl(char *line)
5887 + struct nameidata filedata;
5889 + struct file_acl *curr;
5891 + if( (p = memscan(line,'/',strlen(line))) == line + strlen(line) ) {
5894 + else curr = &(filedb.db[filedb.max_ref]);
5896 + if( (q = memscan(p,' ',strlen(p))) == p + strlen(p))
5899 + if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&filedata))
5900 + if(path_walk(p,&filedata)) {
5901 + security_alert("Unable to locate file %.1024s","",p);
5905 + if( !(filedata.dentry) || IS_ERR(filedata.dentry) ) {
5906 + security_alert("Error adding file acl for file %.1024s",
5907 + "acl add errors",p);
5911 + curr->inode = filedata.dentry->d_inode->i_ino;
5912 + curr->device = filedata.dentry->d_inode->i_dev;
5915 + while(*q == ' ') q++;
5919 + curr->mode |= GR_FILE_READ;
5923 + curr->mode |= GR_FILE_HIDDEN;
5927 + curr->mode |= GR_FILE_APPEND;
5931 + curr->mode |= GR_FILE_WRITE;
5935 + curr->mode |= GR_FILE_EXEC;
5938 + /* Note: 's' and 'a' only come into play when something is executed*/
5940 + filedb.db[filedb.max_ref].mode |= GR_FILE_REQSUM;
5944 + filedb.db[filedb.max_ref].mode |= GR_FILE_AUTH;
5947 + default: /* if anything else, the '\0' at the end of the line will hit here and cause us to terminate, so it won't go on indefinately and start accessing memory it shouldn't*/
5952 +#ifdef CONFIG_GR_DEBUG
5953 + security_alert("Added File ACL for inode %ld dev %d with mode %x and max_ref %d", "",
5954 + curr->inode,curr->device,curr->mode,filedb.max_ref);
5957 + path_release(&filedata);
5962 +static __inline__ struct proc_acl * avl_set(struct acl_temp *data, struct proc_acl *left, struct proc_acl *right,__u16 height)
5964 + struct proc_acl *dest = kmalloc(sizeof(struct proc_acl),GFP_KERNEL);
5965 + if(dest == NULL) {
5966 + security_alert("Memory allocation failure for %s, Oblivion panicking",
5967 + "memory allocation failures",GR_VERSION);
5968 + return procdb.db[procdb.max_ref].tree;
5970 + dest->inode = data->inode;
5971 + dest->device = data->device;
5972 + dest->mode = data->mode;
5973 + dest->left = left; dest->right = right;
5974 + dest->height = height;
5979 +static struct proc_acl * avl_tree_ins(struct proc_acl *tree, struct acl_temp *entry)
5981 + if(tree == empty_tree) {
5982 + tree = avl_set(entry,empty_tree,empty_tree,0);
5985 + else if(procacl_less(entry,tree)) {
5986 + tree->left = avl_tree_ins(tree->left,entry);
5987 + if(heightof(tree->left) > heightof(tree->right) + 1) {
5988 + if(procacl_less(entry,tree->left))
5989 + tree = avl_rotr(tree);
5991 + tree = avl_dlrr(tree);
5994 + else /* assuming no duplicate entries*/ {
5995 + tree->right = avl_tree_ins(tree->right,entry);
5996 + if(heightof(tree->right) > heightof(tree->left) + 1) {
5997 + if(procacl_less(entry,tree->right))
5998 + tree = avl_drlr(tree);
6000 + tree = avl_rotl(tree);
6003 + if(heightof(tree->left) >= heightof(tree->right))
6004 + tree->height = heightof(tree->left) + 1;
6006 + tree->height = heightof(tree->right) + 1;
6010 +static kernel_cap_t cap_conv(char *p)
6016 + if(!p) return cap;
6017 + if( (q = memscan(p,'\n',strlen(p))) != p + strlen(p))
6020 + while(*p == ' ') p++;
6021 + if( (strncmp(p,"CAP",3)) != 0)
6023 + for(i=0;i<CONFIG_GR_MAX_CAP;i++) {
6024 + if(!(strcmp(p,caplist->table[i].capname))) {
6025 + cap_t(cap) = CAP_TO_MASK(caplist->table[i].capval);
6034 +static int add_proc_acl(char *line,struct acl_subject *obv)
6037 + struct nameidata nd;
6039 + struct acl_temp curr;
6040 + if( (p = memscan(line,'+',strlen(line)) ) != line + strlen(line) ) {
6041 + cap_t(obv->file_caps) |= cap_t(cap_conv(++p));
6044 + else if ( (p = memscan(line,'-',strlen(line)) ) != line + strlen(line) ) {
6045 + cap_t(obv->file_caps) &= ~cap_t(cap_conv(++p));
6050 + if( (p = memscan(line,'/',strlen(line))) == line + strlen(line)) {
6051 + security_alert("Line %.1024s missing a /","",line);
6054 + if ( (q = memscan(p,' ',strlen(p))) == p + strlen(p)) {
6055 + security_alert("Missing a space in obv proc acl entry,
6056 + line %.1024s","",line);
6060 + if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&nd))
6061 + if(path_walk(p,&nd)) {
6062 + security_alert("Unable to locate file %.1024s","",p);
6065 + if( (!nd.dentry) || (IS_ERR(nd.dentry)) || (!(nd.dentry->d_inode)) ) {
6067 + path_release(&nd);
6068 + security_alert("Unable to locate file %.1024s","",p);
6071 + curr.inode = nd.dentry->d_inode->i_ino;
6072 + curr.device = nd.dentry->d_inode->i_dev;
6075 + while(*q == ' ') q++;
6079 + curr.mode |= GR_PROC_READ;
6083 + curr.mode |= GR_PROC_WRITE;
6087 + curr.mode |= GR_PROC_EXEC;
6091 + curr.mode |= GR_PROC_APPEND;
6095 + curr.mode |= GR_PROC_ACCESS;
6099 + curr.mode |= GR_PROC_OVERRIDE;
6103 + curr.mode |= GR_PROC_AUTH;
6107 + curr.mode |= GR_PROC_AUTH_IF_ROOT;
6111 + curr.mode |= GR_PROC_INHERIT;
6115 + curr.mode |= GR_PROC_REQSUM;
6123 +#ifdef CONFIG_GR_DEBUG
6124 + security_alert("About to insert %ld %d %.1024s mode %x", "",
6125 + curr.inode,curr.device,line,curr.mode);
6127 + obv->tree = avl_tree_ins(obv->tree,&curr);
6128 + path_release(&nd);
6131 + return 1; /* we should never make it here*/
6134 +static int add_pw(char *pw)
6136 + struct SHA1_CTX context;
6137 + SHA1Init(&context);
6138 + SHA1Update(&context,pw,strlen(pw));
6139 + SHA1Final(pwent.sum,&context);
6143 +static int add_line(char *line, int type)
6145 + static int mode = 0;
6147 + struct dentry *file;
6148 + struct nameidata filed;
6149 + static struct acl_subject *curr;
6151 + /* mode = 0 : we are ready for a new program acl
6152 + * mode = 1 : we are in the middle of reading a program acl*/
6154 + case 2 : return add_pw(line);
6155 + case 1 : return add_file_acl(line);
6156 + case 0 : break; /* handled below*/
6157 + default: security_alert("Unknown type %d passed", "",type);
6163 + if(procdb.max_ref >= CONFIG_GR_MAX_RULESET) return 1;
6164 + if( (p = memscan (line,'/',strlen(line))) == (line+strlen(line)) ) {
6165 + security_alert("Could not find a '/' in line %.1024s","",line);
6168 + else curr = &(procdb.db[procdb.max_ref]);
6171 + if( (q = memscan(p,' ',strlen(p)) ) != p + strlen(p) )
6174 + if(path_init(p,LOOKUP_FOLLOW|LOOKUP_POSITIVE,&filed) )
6175 + if(path_walk(p,&filed)) {
6176 + security_alert("Add file error for file %.1024s"
6180 + file = filed.dentry;
6181 + if (IS_ERR(file) || !file || !(file->d_inode)) {
6183 + path_release(&filed);
6184 + security_alert("Could not lookup file on line %.1024s",
6188 + curr->inode = file->d_inode->i_ino;
6189 + curr->device = file->d_inode->i_dev;
6190 + while(*q == ' ') q++;
6196 + curr->mode |= GR_PROC_PROTECTED;
6200 + curr->mode |= GR_PROC_HIDDEN;
6207 + curr->file_caps = cap_bset;
6209 +#ifdef CONFIG_GR_DEBUG
6210 + security_alert("Added program (full entry) with inode %ld dev %d
6211 + mode %x line %.1024s", "",
6212 + curr->inode,curr->device,curr->mode,line);
6214 + path_release(&filed);
6215 + curr->tree = empty_tree;
6218 + else if( (p=memscan(line,'}',strlen(line))) != (line + strlen(line)) ) {
6223 + return add_proc_acl(line,curr);
6227 +static int init_variables(void)
6229 + caplist = kmalloc(sizeof(struct capset),GFP_KERNEL);
6231 + INIT_CAP_TABLE(caplist->table)
6234 + procdb.db = kmalloc(sizeof(struct acl_subject) * CONFIG_GR_MAX_RULESET,GFP_KERNEL);
6235 + filedb.db = kmalloc(sizeof(struct file_acl) * CONFIG_GR_MAX_RULESET,GFP_KERNEL);
6236 + procdb.max_ref = filedb.max_ref = 0;
6238 + if( (add_proc_acl(GRADM_ACL,&auth)) )
6240 + else if( (add_proc_acl(GODMODE_ACL,&god)) )
6242 + else if( (add_proc_acl("/etc r",&auth)) )
6244 + else if( (add_proc_acl("/lib r",&auth)) )
6247 + return procdb.db && filedb.db && caplist ? 0 : 1;
6251 +static int conf_parse(const char *conffile,const int type)
6253 + /* Purpose: open and read from oblivion config file */
6254 + struct file *filp;
6255 + int bytes_read = 0, end = 0, obv_fatal = 0;
6256 + char buffer[1024];
6257 + char *filepos = NULL,*memscanp = NULL;
6258 + mm_segment_t old_fs = get_fs();
6260 + filp = filp_open(conffile, O_RDONLY, O_RDONLY);
6261 + if( ( IS_ERR(filp) ) || (filp == NULL) ) {
6262 + security_alert("Could not open config file %.1024s","",conffile);
6266 + } else if ( filp->f_op->read == NULL ) {
6272 + /* end error checking, now for the real work */
6275 + /* if current task isn't from the kernel, we'll
6276 + have a current->addr_limit.seg that isn't 0xFFFFFFFF
6278 + and we can't have that */
6279 + set_fs(KERNEL_DS);
6280 + bytes_read = filp->f_op->read (filp,buffer,(sizeof(buffer)/sizeof(buffer[0])),&filp->f_pos);
6281 + filp->f_pos -= bytes_read;
6283 + if(bytes_read < (sizeof(buffer)/sizeof(buffer[0])) ) {
6285 + filepos[bytes_read++] = '\n'; /* make sure it ends on a '\n' */
6288 + while ( bytes_read > 0 && ( memscanp = memscan(filepos,'\n',bytes_read) ) != filepos + bytes_read ) {
6289 + *memscanp++ = '\0' ;
6290 + filp->f_pos += (int) (memscanp - filepos);
6291 + bytes_read -= (int) (memscanp - filepos);
6292 + /* necessary for later strlen()'s...*/
6293 + if( (*filepos != '#') )
6294 + if(add_line(filepos,type))
6296 + filepos = memscanp; /* next area to search .. */
6299 + filp_close(filp,NULL);
6303 +static int grsecurity_init(void)
6306 + spin_lock(&gr_lock);
6307 + gr_status &= ~GR_DISABLED;
6308 + gr_status |= GR_LOADING;
6309 + if(init_variables() )
6311 + else if(add_pw_conf())
6313 + else if (conf_parse(PROC_CONF,0))
6315 + else if(conf_parse(FILE_CONF,1))
6318 +#ifdef CONFIG_GR_SUPERDEBUG
6323 + gr_status |= GR_READY; /* locked, cocked, and ready to rock*/
6325 + gr_status |= GR_DISABLED;
6326 + security_alert("Error loading %s, trying to run kernel with oblivion disabled. To disable oblivion at startup use <kernel image name> oblivion=off from your boot loader","errors loading Oblivion",GR_VERSION);
6328 + gr_status &= ~GR_LOADING;
6329 + spin_unlock(&gr_lock);
6333 +/* * * * * * * * * * * * * * * * * * * * * * *
6334 + * Begin Misc Section
6335 + * * * * * * * * * * * * * * * * * * * * * * */
6337 +/* Searching stuff, program exit cleanup, and sysctl parsing */
6339 +/* Nonrecursive binary sort, idea from libc, implementation is slightly different but the inspirationw as found there=) */
6341 +static __inline__ int do_file_acl_search(struct acl_temp *curr)
6344 + struct file_acl *pos;
6345 + high = filedb.max_ref;
6347 + while(low < high) {
6348 + pos = &filedb.db[((low+high)/2)];
6349 + if(fileacl_less(pos,curr))
6350 + low = (( (low + high) / 2) + 1 );
6351 + else if(fileacl_eq(pos,curr)) {
6352 + if(pos->mode & curr->mode) {
6353 +#ifdef CONFIG_GR_DEBUG
6354 + security_alert("File ACL allow, req %x allowed %x\n source: %ld %d dest %ld %d", "",
6355 + curr->mode,pos->mode,pos->inode,pos->device,curr->inode,curr->device);
6360 +#ifdef CONFIG_GR_DEBUG
6361 + if(!(curr->mode & GR_FILE_HIDDEN))
6362 + security_alert("File ACL deny, req %x allowed %x\n source %ld %d dest %ld %d", "",
6363 + curr->mode,pos->mode,pos->inode,pos->device,curr->inode,curr->device);
6368 + else high = ( (low + high) / 2);
6370 + return GR_NOTFOUND;
6373 +static __inline__ int do_proc_acl_search(struct acl_subject *proc,struct proc_acl *root,struct acl_temp *curr)
6375 + /* Nonrecursively search down the Red-Black tree to see if we have an acl for this file*/
6376 + struct proc_acl *pos = root;
6377 + if(proc == NULL || pos == NULL) /* no entry*/ {
6378 + return GR_DEFAULT;
6380 + // security_alert("Got called...and there's an entry (curr is %ld %d)","",curr->inode,curr->device);
6381 + while(pos != empty_tree) {
6382 + if(procacl_eq(curr,pos)) {
6383 + if(curr->mode & pos->mode) {
6385 +#ifdef CONFIG_GR_DEBUG
6386 + security_alert("Process %ld %d allowed for file %ld %d tried for mode %x allowed mode %x", "",
6387 + proc->inode,proc->device,curr->inode,curr->device,curr->mode,pos->mode);
6389 + tmp = pos->mode & GR_PROC_EXTRA;
6390 + curr->mode |= tmp; /* Store any "extra" access rights like
6391 + inherit or override*/
6394 +#ifdef CONFIG_GR_DEBUG
6395 + security_alert("Process %ld %d denied for file %ld %d tried for mode %x allowed mode %x", "",
6396 + proc->inode,proc->device,curr->inode,curr->device,curr->mode,pos->mode);
6401 + else if(procacl_less(curr,pos))
6407 + return GR_NOTFOUND;
6410 +static __inline__ int chk_proc_acls(struct dentry * dentry, struct acl_temp *searchval, struct vfsmount *mnt)
6412 + struct dentry *curr = dentry;
6413 + int retval = GR_NOTFOUND;
6414 + struct nameidata tmp = {NULL, NULL};
6415 + struct vfsmount *parent;
6416 + struct acl_subject *curracl = (struct acl_subject *) current->acl;
6420 + if(!curr || !curr->d_inode) break;
6421 + searchval->inode = curr->d_inode->i_ino;
6422 + searchval->device = curr->d_inode->i_dev;
6423 + retval = do_proc_acl_search(curracl,curracl->tree,searchval);
6424 + if(curr->d_inode == curr->d_parent->d_inode) break;
6425 + curr = curr->d_parent;
6426 + } while( (curr) && (retval == GR_NOTFOUND) );
6427 + if(retval == GR_NOTFOUND && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV ) {
6429 + if(tmp.mnt == tmp.mnt->mnt_parent) goto exit;
6431 + else if(mnt == mnt->mnt_parent) goto exit;
6435 + tmp.mnt = mnt->mnt_parent;
6436 + tmp.dentry = dget(mnt->mnt_mountpoint);
6441 + parent = tmp.mnt->mnt_parent;
6443 + tmp.dentry = dget(tmp.mnt->mnt_mountpoint);
6448 + curr = tmp.dentry;
6452 + if(tmp.mnt) mntput(tmp.mnt);
6453 + if(tmp.dentry) dput(tmp.dentry);
6456 + return retval == GR_NOTFOUND ? GR_DENY : retval;
6457 + /* if its not in a program's ACL list it should be denied */
6461 +static __inline__ int chk_file_acls(struct dentry * dentry, struct acl_temp *searchval, struct vfsmount *mnt)
6463 + struct dentry *curr = dentry;
6464 + int retval = GR_NOTFOUND;
6465 + struct vfsmount *parent;
6466 + struct nameidata tmp = {NULL,NULL};
6469 + if(!curr || !curr->d_inode) break;
6470 + searchval->inode = curr->d_inode->i_ino;
6471 + searchval->device = curr->d_inode->i_dev;
6472 + retval = do_file_acl_search(searchval);
6473 + if(curr->d_inode == curr->d_parent->d_inode) break;
6474 + curr = curr->d_parent;
6475 + } while( (curr) && (retval == GR_NOTFOUND) );
6477 + if(retval == GR_NOTFOUND && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV ) {
6479 + if(tmp.mnt == tmp.mnt->mnt_parent) goto exit;
6481 + else if(mnt == mnt->mnt_parent) goto exit;
6483 + tmp.mnt = mnt->mnt_parent;
6484 + tmp.dentry = dget(mnt->mnt_mountpoint);
6489 + parent = tmp.mnt->mnt_parent;
6491 + tmp.dentry = dget(tmp.mnt->mnt_mountpoint);
6496 + curr = tmp.dentry;
6500 + if(tmp.mnt) mntput(tmp.mnt);
6501 + if(tmp.dentry) dput(tmp.dentry);
6509 +int gr_check_hidden(struct dentry *dentry, struct vfsmount *mnt) {
6510 + /* This has to be done a little differently than a normal search.
6511 + * If a file "allows" hidden access it is hidden, and thus requires
6512 + * a process that has hidden file access capabilities to access it.
6513 + * If the file acl denies hidden access/has no acl then no proc acl
6514 + * check is needed*/
6515 + struct acl_temp searchval;
6516 + struct acl_subject *acl = (struct acl_subject *)current->acl;
6517 + searchval.mode = GR_HIDDEN;
6518 + if(!dentry) return GR_ALLOW;
6519 + if(gr_status & GR_READY) {
6520 + if( (chk_file_acls(dentry,&searchval,mnt)) == GR_ALLOW) {
6521 + if(acl && acl->tree)
6522 + return chk_proc_acls(dentry,&searchval,mnt);
6523 + else return GR_DENY;
6529 +int gr_check_hidden_proc(struct acl_subject * acl)
6531 + if((gr_status & GR_READY) && acl) {
6532 + if( acl->mode & GR_PROC_HIDDEN)
6533 + return 1; /* next release adds processes allowed to view hidden ones*/
6538 +int gr_check_protected(struct task_struct *tsk)
6540 + if(gr_status & GR_READY && tsk) {
6541 + struct acl_subject *curracl = (struct acl_subject *) tsk->acl;
6543 + if(curracl->mode & GR_PROC_PROTECTED)
6550 +int gr_search(struct dentry *dentry, __u16 mode, struct vfsmount *mnt)
6552 + int proc_retval = GR_NOTFOUND, file_retval = GR_NOTFOUND;
6553 + int retval = GR_DEFAULT;
6554 + if(dentry && dentry->d_inode && mnt) {
6555 + if(gr_status & GR_READY) {
6556 + struct acl_subject *acl = (struct acl_subject *) current->acl;
6557 + struct acl_temp searchval;
6558 + searchval.mode = mode;
6559 + if(acl && acl->tree) {
6560 + if( ( proc_retval = chk_proc_acls(dentry,&searchval,mnt) ) == GR_DENY) {
6561 + if( (acl->mode & GR_AUTH) && (S_ISCHR(dentry->d_inode->i_mode)))
6562 + retval = GR_NOTFOUND;
6563 + /* Okay. This process is under
6564 + * authentication mode. Let it
6565 + * read/write to the tty (and pass it on
6566 + * to the file acls just in case
6567 + * Does anyone know how to gain the ino$
6568 + * from current->tty? It seems only the
6569 + * device num(major/minor) is stored*/
6579 + if( (proc_retval == GR_ALLOW) && (searchval.mode & GR_PROC_OVERRIDE)){
6580 + retval = GR_ALLOW;
6584 + if( (file_retval = chk_file_acls(dentry,&searchval,mnt)) == GR_DENY) {
6589 + if( (proc_retval != file_retval) || (proc_retval == GR_ALLOW)) {
6590 + /* The choice to check for proc_retval being GR_ALLOW was
6591 + * random. If proc_retval and file_retval are equal and
6592 + * either one is the value GR_ALLOW then both are GR_ALLOW
6594 + retval = GR_ALLOW;
6597 + } else retval = GR_ALLOW; /* we aren't loaded, must be early in bootup*/
6601 +return retval; /* Else both returned GR_NOTFOUND..must be the default*/
6605 + __inline__ int gr_copy_acl(struct task_struct *tsk) {
6606 + struct acl_subject * curracl = (struct acl_subject *) current->acl;
6607 + tsk->acl = (void *) curracl;
6613 +static __inline__ struct acl_subject * do_find_proc(struct acl_subject *curr)
6616 + struct acl_subject *pos;
6618 + high = procdb.max_ref;
6619 + while(low < high) {
6620 + pos = &procdb.db[((low+high)/2)];
6621 + if(acl_less(pos,curr))
6622 + low = ( ( (low + high) / 2) +1 );
6623 + else if(acl_eq(pos,curr))
6626 + high = ( (high + low) / 2);
6631 +static int __inline__ chk_inherit(struct dentry *dentry, struct vfsmount *mnt)
6633 + struct acl_temp temp;
6634 + temp.mode = GR_PROC_INHERIT;
6635 + if( (chk_proc_acls(dentry,&temp,mnt)) == GR_ALLOW)
6640 +static int __inline__ chk_auth(struct dentry *dentry, struct vfsmount *mnt)
6642 + struct acl_temp temp;
6643 + temp.mode = GR_PROC_AUTH;
6644 + if( (chk_proc_acls(dentry,&temp,mnt)) == GR_ALLOW)
6646 + else if(!current->uid || !current->gid || !current->euid || !current->egid || !current->suid || !current->sgid || !current->fsuid || !current->fsgid)
6648 + temp.mode = GR_PROC_AUTH_IF_ROOT;
6649 + if( (chk_proc_acls(dentry,&temp,mnt)) == GR_ALLOW)
6657 +static int do_auth(void)
6659 +#define GR_AUTH_MSG "Authorize yourself to Oblivion please\n"
6661 + char *p = GR_AUTH_MSG;
6662 + if(!(current->tty) || (!current->tty->driver.write)) return 1;
6663 + current->tty->driver.write(current->tty,0,p,strlen(p));
6664 + current->acl = (void *)&auth;
6668 +static int do_set_proc_acl(struct dentry *dentry, struct vfsmount *mnt, int mode)
6670 + struct vfsmount *parent;
6671 + struct nameidata tmp = {NULL, NULL};
6672 + struct acl_subject curracl, *retval = NULL;
6673 + struct dentry *curr = dentry;
6678 + return chk_auth(dentry,mnt);
6680 + case GR_SET_INHERIT:
6681 + return chk_inherit(dentry,mnt);
6686 + security_alert("BUG! Received unknown mode %d for set_proc_acl","",mode);
6687 + return (unsigned long)NULL;
6690 + /* Okay now we handle GR_SET_PROC */
6694 + if(!curr || !curr->d_inode) break;
6695 + curracl.inode = curr->d_inode->i_ino;
6696 + curracl.device = curr->d_inode->i_dev;
6697 + retval = do_find_proc(&curracl);
6698 + if(curr->d_inode == curr->d_parent->d_inode) break;
6699 + curr = curr->d_parent;
6700 + } while( (curr) && (!retval) );
6701 + if(!retval && curr->d_inode && curr->d_inode->i_dev != ROOT_DEV) {
6703 + if(tmp.mnt == tmp.mnt->mnt_parent)
6706 + else if(mnt == mnt->mnt_parent)
6710 + tmp.mnt = mnt->mnt_parent;
6711 + tmp.dentry = dget(mnt->mnt_mountpoint);
6716 + parent = tmp.mnt->mnt_parent;
6718 + tmp.dentry = dget(tmp.mnt->mnt_mountpoint);
6723 + curr = tmp.dentry;
6727 + if(tmp.mnt) mntput(tmp.mnt);
6728 + if(tmp.dentry) dput(tmp.dentry);
6730 + return (unsigned long)retval;
6734 +static int do_inherit(void)
6737 + /* Note: for copying due to fork() we use the code the oblivin code in
6738 + * kernel/fork.c. If we're inheriting then our current ACL
6739 + * (that of the program calling execve) is the ACL we inherit,
6740 + * so no work needs to be done. Just return success
6745 +int gr_set_proc_acl(struct dentry *dentry,struct task_struct *tsk,char *filename, struct vfsmount *mnt)
6747 + struct acl_subject *temp = NULL;
6748 + if(gr_status & GR_READY) {
6749 + struct acl_subject *curracl = (struct acl_subject *) current->acl;
6751 + if(do_set_proc_acl(dentry,mnt,GR_SET_INHERIT))
6752 + return do_inherit();
6754 + else if(do_set_proc_acl(dentry,mnt,GR_SET_AUTH))
6757 + temp = (struct acl_subject *)do_set_proc_acl(dentry,mnt,GR_SET_PROC);
6759 + tsk->acl = (void *)temp;
6762 + temp = (struct acl_subject *) tsk->acl;
6763 + tsk->cap_permitted = tsk->cap_effective = temp->file_caps;
6769 +static int chcaps(struct admin_pw *entry)
6771 + char *p = entry->extra;
6774 + p[GR_EXTRA_LEN-1] = '\0'; /* take no chances*/
6775 + while( (q = memscan(p,'\n',strlen(p))) != p + strlen(p)) {
6780 + cap_bset |= cap_t(cap_conv(p));
6783 + cap_bset &= ~cap_t(cap_conv(p));
6790 +#ifdef CONFIG_GR_DEBUG
6791 + security_alert("cap bset is now %x","",cap_bset);
6796 +/* The following variables are needed for timer manipulation */
6797 +static struct timer_list gr_badpw;
6798 +static int failures = 0;
6799 +static int during_wait = 0;
6801 +static void gr_timer(unsigned long ignored)
6805 + del_timer(&gr_badpw);
6808 +int gr_proc_handler(ctl_table *table, int write, struct file *filp, void *buffer, size_t *lenp)
6810 + /* This is the main todo. simply I allow disabling oblivion only
6811 + * at bootup(after its turned on). I don't have time today to
6812 + * impelement a good pw scheme. The first thing I do when I get back is to do that.
6814 + struct admin_pw *usermode = (struct admin_pw *) buffer;
6815 + int error = sizeof(struct admin_pw);
6816 + if(*lenp != sizeof(struct admin_pw)){
6817 + security_alert("Proc handler: being fed garbage %d byte send %d required","more garbage",*lenp,sizeof(struct admin_pw));
6820 + if(during_wait) return -EPERM;
6821 + switch (usermode->mode){
6823 + if(gr_status & GR_READY) {
6824 + if(!(chkpw(usermode))) {
6825 + security_alert("shutdown auth success for "
6826 + DEFAULTSECMSG,"shutdown successes",DEFAULTSECARGS);
6827 + spin_lock(&gr_lock);
6828 + gr_status &= ~GR_READY;
6829 + gr_status |= GR_DISABLED;
6830 + spin_unlock(&gr_lock);
6838 + security_alert("%s at boot time, ignoring load request","attempts to load oblivion when disabled on boot time",GR_VERSION);
6841 + else if(gr_status & GR_1ST) {
6842 + security_alert("Loading %.32s","",GR_VERSION);
6843 + grsecurity_init();
6844 + spin_lock(&gr_lock);
6845 + gr_status &= ~GR_1ST;
6846 + spin_unlock(&gr_lock);
6850 + security_alert("%.32s already loaded, re-enabling","",GR_VERSION);
6851 + spin_lock(&gr_lock);
6852 + gr_status &= ~GR_DISABLED;
6853 + gr_status |= GR_READY;
6854 + spin_unlock(&gr_lock);
6859 + if(gr_status & GR_1ST) {
6860 + grsecurity_init();
6862 + if(gr_status & GR_1ST ||( gr_status & GR_READY && !(chkpw(usermode)))) {
6863 + if(!(chcaps(usermode))) {
6864 + security_alert("successful capability change by "
6865 + DEFAULTSECMSG, "cap changes",
6868 + gr_status &= ~GR_1ST;
6874 + if(gr_status & GR_READY) {
6875 + if(!(chkpw(usermode))) {
6876 + security_alert("successful change to admin mode by "
6879 + if(current->p_pptr)
6880 + current->p_pptr->acl = (void *)&god;
6887 + if(gr_status & GR_READY) {
6888 + if(!(chkpw(usermode)) ) {
6889 + security_alert("successful authentication by "
6890 + DEFAULTSECMSG, "",
6892 + if(current->p_pptr)
6893 + current->p_pptr->acl = NULL;
6894 + /* The parent invoked obvadm, it is the
6895 + * task that we must deal with */
6903 + security_alert("Invalid value %d by " DEFAULTSECMSG, "",
6904 + usermode->mode, DEFAULTSECARGS);
6910 + if(failures > CONFIG_GR_MAXTRIES) {
6911 + security_alert("Maximum pw attempts reached (%d), locking "
6912 + "password authentication","password attempt failed",CONFIG_GR_MAXTRIES);
6913 + init_timer(&gr_badpw);
6914 + gr_badpw.data = 0;
6915 + gr_badpw.function = gr_timer;
6916 + gr_badpw.expires = jiffies + CONFIG_GR_TIMEOUT*HZ;
6917 + add_timer(&gr_badpw);
6924 diff -urN linux/kernel/grhash.c linux/kernel/grhash.c
6925 --- linux/kernel/grhash.c Wed Dec 31 19:00:00 1969
6926 +++ linux/kernel/grhash.c Sun Dec 23 19:13:16 2001
6928 +#include <linux/kernel.h>
6929 +#include <linux/types.h>
6930 +#include <linux/fs.h>
6931 +#include <linux/capability.h>
6932 +#include <linux/gracl.h>
6935 +Modified for use in OPM by Michael Dalton <michael@linux.com>
6936 +Modified for kerneli by Andrew McDonald <andrew@mcdonald.org.uk>
6940 +By Steve Reid <steve@edmweb.com>
6943 +ftp://ftp.zedz.net/pub/crypto/crypto/HASH/sha/sha1.c
6945 +Test Vectors (from FIPS PUB 180-1)
6947 + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
6948 +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
6949 + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
6950 +A million repetitions of "a"
6951 + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
6955 +extern struct admin_pw pwent;
6957 +void SHA1Transform(unsigned long state[5], unsigned char buffer[64])
6959 + unsigned long a, b, c, d, e;
6961 + unsigned char c[64];
6962 + unsigned long l[16];
6964 + CHAR64LONG16* block;
6965 +#ifdef SHA1HANDSOFF
6966 + static unsigned char workspace[64];
6967 + block = (CHAR64LONG16*)workspace;
6968 + memcpy(block, buffer, 64);
6970 + block = (CHAR64LONG16*)buffer;
6972 + /* Copy context->state[] to working vars */
6978 + /* 4 rounds of 20 operations each. Loop unrolled. */
6979 + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
6980 + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
6981 + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
6982 + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
6983 + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
6984 + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
6985 + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
6986 + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
6987 + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
6988 + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
6989 + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
6990 + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
6991 + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
6992 + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
6993 + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
6994 + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
6995 + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
6996 + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
6997 + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
6998 + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
6999 + /* Add the working vars back into context.state[] */
7005 + /* Wipe variables */
7006 + a = b = c = d = e = 0;
7010 +/* SHA1Init - Initialize new context */
7012 +void SHA1Init(struct SHA1_CTX* context)
7014 + /* SHA1 initialization constants */
7015 + context->state[0] = 0x67452301;
7016 + context->state[1] = 0xEFCDAB89;
7017 + context->state[2] = 0x98BADCFE;
7018 + context->state[3] = 0x10325476;
7019 + context->state[4] = 0xC3D2E1F0;
7020 + context->count[0] = context->count[1] = 0;
7024 +/* Run your data through this. */
7026 +void SHA1Update(struct SHA1_CTX* context, unsigned char* data, unsigned int len)
7028 + unsigned int i, j;
7030 + j = (context->count[0] >> 3) & 63;
7031 + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
7032 + context->count[1] += (len >> 29);
7033 + if ((j + len) > 63) {
7034 + memcpy(&context->buffer[j], data, (i = 64-j));
7035 + SHA1Transform(context->state, context->buffer);
7036 + for ( ; i + 63 < len; i += 64) {
7037 + SHA1Transform(context->state, &data[i]);
7042 + memcpy(&context->buffer[j], &data[i], len - i);
7046 +/* Add padding and return the message digest. */
7048 +void SHA1Final(unsigned char digest[20], struct SHA1_CTX* context)
7050 + unsigned long i, j;
7051 + unsigned char finalcount[8];
7053 + for (i = 0; i < 8; i++) {
7054 + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
7055 + >> ((3-(i & 3)) * 8) ) & 255);
7056 + /* Endian independent */
7058 + SHA1Update(context, (unsigned char *)"\200", 1);
7059 + while ((context->count[0] & 504) != 448) {
7060 + SHA1Update(context, (unsigned char *)"\0", 1);
7062 + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
7063 + for (i = 0; i < 20; i++) {
7064 + digest[i] = (unsigned char)
7065 + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
7067 + /* Wipe variables */
7069 + memset(context->buffer, 0, 64);
7070 + memset(context->state, 0, 20);
7071 + memset(context->count, 0, 8);
7072 + memset(&finalcount, 0, 8);
7073 +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
7074 + SHA1Transform(context->state, context->buffer);
7078 +int chkpw(struct admin_pw *entry)
7080 + struct SHA1_CTX context;
7081 + char *pos = memscan(entry->pw,'\n',strlen(entry->pw));
7082 + if(pos != entry->pw + strlen(entry->pw)) *pos = '\0';
7083 + SHA1Init(&context);
7084 + SHA1Update(&context,entry->pw,strlen(entry->pw));
7085 + SHA1Final(entry->sum,&context);
7086 + return memcmp(pwent.sum,entry->sum,GR_SHA_SIZE);
7088 diff -urN linux/kernel/grsecurity.c linux/kernel/grsecurity.c
7089 --- linux/kernel/grsecurity.c Wed Dec 31 19:00:00 1969
7090 +++ linux/kernel/grsecurity.c Sun Dec 23 19:13:16 2001
7092 +#include <linux/config.h>
7094 +#ifdef CONFIG_GRKERNSEC_SYSCTL
7095 +#ifdef CONFIG_GRKERNSEC_LINK
7096 +int grsec_enable_link = 0;
7098 +#ifdef CONFIG_GRKERNSEC_FIFO
7099 +int grsec_enable_fifo = 0;
7101 +#ifdef CONFIG_GRKERNSEC_FD
7102 +int grsec_enable_fd = 0;
7104 +#ifdef CONFIG_GRKERNSEC_EXECVE
7105 +int grsec_enable_execve = 0;
7107 +#ifdef CONFIG_GRKERNSEC_FORKBOMB
7108 +int grsec_enable_forkbomb = 0;
7109 +int grsec_forkbomb_gid = 0;
7110 +int grsec_forkbomb_sec = 0;
7111 +int grsec_forkbomb_max = 0;
7113 +#ifdef CONFIG_GRKERNSEC_EXECLOG
7114 +int grsec_enable_execlog = 0;
7116 +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP
7117 +int grsec_enable_execlog_group = 0;
7118 +int grsec_execlog_gid = 0;
7120 +#ifdef CONFIG_GRKERNSEC_IPC
7121 +int grsec_enable_ipc = 0;
7123 +#ifdef CONFIG_GRKERNSEC_SUID
7124 +int grsec_enable_suid = 0;
7126 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7127 +int grsec_enable_suid_root = 0;
7129 +#ifdef CONFIG_GRKERNSEC_SIGNAL
7130 +int grsec_enable_signal = 0;
7132 +#ifdef CONFIG_GRKERNSEC_COREDUMP
7133 +int grsec_enable_coredump = 0;
7135 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
7136 +int grsec_enable_forkfail = 0;
7138 +#ifdef CONFIG_GRKERNSEC_TIME
7139 +int grsec_enable_time = 0;
7141 +#ifdef CONFIG_GRKERNSEC_KBMAP
7142 +int grsec_enable_kbmap = 0;
7144 +#ifdef CONFIG_GRKERNSEC_RANDNET
7145 +int grsec_enable_randnet = 0;
7147 +#ifdef CONFIG_GRKERNSEC_CHROOT_SIG
7148 +int grsec_enable_chroot_sig = 0;
7150 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
7151 +int grsec_enable_chroot_mount = 0;
7153 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
7154 +int grsec_enable_chroot_double = 0;
7156 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
7157 +int grsec_enable_chroot_chdir = 0;
7159 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
7160 +int grsec_enable_chroot_chmod = 0;
7162 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
7163 +int grsec_enable_chroot_mknod = 0;
7165 +#ifdef CONFIG_GRKERNSEC_CHROOT_PTRACE
7166 +int grsec_enable_chroot_ptrace = 0;
7168 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7169 +int grsec_enable_chroot_nice = 0;
7171 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
7172 +int grsec_enable_chroot_execlog = 0;
7174 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7175 +int grsec_enable_chroot_caps = 0;
7177 +#ifdef CONFIG_GRKERNSEC_TPE
7178 +int grsec_enable_tpe = 0;
7179 +int grsec_tpe_gid = 0;
7180 +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC
7181 +int grsec_enable_tpe_glibc = 0;
7183 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
7184 +int grsec_enable_tpe_all = 0;
7187 +#ifdef CONFIG_GRKERNSEC_PTRACE
7188 +int grsec_enable_ptrace = 0;
7189 +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP
7190 +int grsec_enable_ptrace_group = 0;
7191 +int grsec_ptrace_gid = 0;
7194 +#ifdef CONFIG_GRKERNSEC_RANDPID
7195 +int grsec_enable_randpid = 0;
7197 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7198 +int grsec_enable_phys_deny = 0;
7199 +int grsec_enable_pseudo_deny = 0;
7200 +int grsec_enable_serial_deny = 0;
7202 +#ifdef CONFIG_GRKERNSEC_RANDID
7203 +int grsec_enable_randid = 0;
7205 +#ifdef CONFIG_GRKERNSEC_RANDSRC
7206 +int grsec_enable_randsrc = 0;
7208 +#ifdef CONFIG_GRKERNSEC_RANDPING
7209 +int grsec_enable_randping = 0;
7211 +#ifdef CONFIG_GRKERNSEC_RANDTTL
7212 +int grsec_enable_randttl = 0;
7213 +int grsec_randttl_thresh = 0;
7215 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
7216 +int grsec_enable_socket_all = 0;
7217 +int grsec_socket_all_gid = 0;
7219 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
7220 +int grsec_enable_socket_client = 0;
7221 +int grsec_socket_client_gid = 0;
7223 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
7224 +int grsec_enable_socket_server = 0;
7225 +int grsec_socket_server_gid = 0;
7227 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST
7228 +int grsec_enable_stealth_rst = 0;
7230 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP
7231 +int grsec_enable_stealth_udp = 0;
7233 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP
7234 +int grsec_enable_stealth_icmp = 0;
7236 +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP
7237 +int grsec_enable_stealth_igmp = 0;
7239 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS
7240 +int grsec_enable_stealth_flags = 0;
7242 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG
7243 +int grsec_enable_stealth_flags_log = 0;
7245 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG
7246 +int grsec_enable_stealth_udp_log = 0;
7248 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG
7249 +int grsec_enable_stealth_rst_log = 0;
7251 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG
7252 +int grsec_enable_stealth_icmp_log = 0;
7254 +int grsec_lock = 0;
7256 +#ifdef CONFIG_GRKERNSEC_LINK
7257 +int grsec_enable_link = 1;
7259 +#ifdef CONFIG_GRKERNSEC_FIFO
7260 +int grsec_enable_fifo = 1;
7262 +#ifdef CONFIG_GRKERNSEC_FD
7263 +int grsec_enable_fd = 1;
7265 +#ifdef CONFIG_GRKERNSEC_EXECVE
7266 +int grsec_enable_execve = 1;
7268 +#ifdef CONFIG_GRKERNSEC_FORKBOMB
7269 +int grsec_enable_forkbomb = 1;
7270 +int grsec_forkbomb_gid = CONFIG_GRKERNSEC_FORKBOMB_GID;
7271 +int grsec_forkbomb_sec = CONFIG_GRKERNSEC_FORKBOMB_SEC;
7272 +int grsec_forkbomb_max = CONFIG_GRKERNSEC_FORKBOMB_MAX;
7274 +#ifdef CONFIG_GRKERNSEC_EXECLOG
7275 +int grsec_enable_execlog = 1;
7277 +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP
7278 +int grsec_enable_execlog_group = 1;
7279 +int grsec_execlog_gid= CONFIG_GRKERNSEC_EXECLOG_GID;
7281 +#ifdef CONFIG_GRKERNSEC_IPC
7282 +int grsec_enable_ipc = 1;
7284 +#ifdef CONFIG_GRKERNSEC_SUID
7285 +int grsec_enable_suid = 1;
7287 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7288 +int grsec_enable_suid_root = 1;
7290 +#ifdef CONFIG_GRKERNSEC_SIGNAL
7291 +int grsec_enable_signal = 1;
7293 +#ifdef CONFIG_GRKERNSEC_COREDUMP
7294 +int grsec_enable_coredump = 1;
7296 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
7297 +int grsec_enable_forkfail = 1;
7299 +#ifdef CONFIG_GRKERNSEC_TIME
7300 +int grsec_enable_time = 1;
7302 +#ifdef CONFIG_GRKERNSEC_KBMAP
7303 +int grsec_enable_kbmap = 1;
7305 +#ifdef CONFIG_GRKERNSEC_RANDNET
7306 +int grsec_enable_randnet = 1;
7308 +#ifdef CONFIG_GRKERNSEC_CHROOT_SIG
7309 +int grsec_enable_chroot_sig = 1;
7311 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
7312 +int grsec_enable_chroot_mount = 1;
7314 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
7315 +int grsec_enable_chroot_double = 1;
7317 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
7318 +int grsec_enable_chroot_chdir = 1;
7320 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
7321 +int grsec_enable_chroot_chmod = 1;
7323 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
7324 +int grsec_enable_chroot_mknod = 1;
7326 +#ifdef CONFIG_GRKERNSEC_CHROOT_PTRACE
7327 +int grsec_enable_chroot_ptrace = 1;
7329 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7330 +int grsec_enable_chroot_nice = 1;
7332 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
7333 +int grsec_enable_chroot_execlog = 1;
7335 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7336 +int grsec_enable_chroot_caps = 1;
7338 +#ifdef CONFIG_GRKERNSEC_TPE
7339 +int grsec_enable_tpe = 1;
7340 +int grsec_tpe_gid= CONFIG_GRKERNSEC_TPE_GID;
7341 +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC
7342 +int grsec_enable_tpe_glibc = 1;
7344 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
7345 +int grsec_enable_tpe_all = 1;
7348 +#ifdef CONFIG_GRKERNSEC_PTRACE
7349 +int grsec_enable_ptrace = 1;
7350 +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP
7351 +int grsec_enable_ptrace_group = 1;
7352 +int grsec_ptrace_gid = CONFIG_GRKERNSEC_PTRACE_GID;
7355 +#ifdef CONFIG_GRKERNSEC_RANDPID
7356 +int grsec_enable_randpid = 1;
7358 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7359 +#ifdef CONFIG_GRKERNSEC_TTYROOT_SERIAL
7360 +int grsec_enable_serial_deny = 1;
7362 +int grsec_enable_serial_deny = 0;
7364 +#ifdef CONFIG_GRKERNSEC_TTYROOT_PHYS
7365 +int grsec_enable_phys_deny = 1;
7367 +int grsec_enable_phys_deny = 0;
7369 +#ifdef CONFIG_GRKERNSEC_TTYROOT_PSEUDO
7370 +int grsec_enable_pseudo_deny = 1;
7372 +int grsec_enable_pseudo_deny = 0;
7375 +#ifdef CONFIG_GRKERNSEC_RANDID
7376 +int grsec_enable_randid = 1;
7378 +#ifdef CONFIG_GRKERNSEC_RANDSRC
7379 +int grsec_enable_randsrc = 1;
7381 +#ifdef CONFIG_GRKERNSEC_RANDPING
7382 +int grsec_enable_randping = 1;
7384 +#ifdef CONFIG_GRKERNSEC_RANDTTL
7385 +int grsec_enable_randttl = 1;
7386 +int grsec_randttl_thresh= CONFIG_GRKERNSEC_RANDTTL_THRESH;
7388 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
7389 +int grsec_enable_socket_all = 1;
7390 +int grsec_socket_all_gid= CONFIG_GRKERNSEC_SOCKET_ALL_GID;
7392 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
7393 +int grsec_enable_socket_client = 1;
7394 +int grsec_socket_client_gid= CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
7396 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
7397 +int grsec_enable_socket_server = 1;
7398 +int grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
7400 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST
7401 +int grsec_enable_stealth_rst = 1;
7403 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP
7404 +int grsec_enable_stealth_udp = 1;
7406 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP
7407 +int grsec_enable_stealth_icmp = 1;
7409 +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP
7410 +int grsec_enable_stealth_igmp = 1;
7412 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS
7413 +int grsec_enable_stealth_flags = 1;
7415 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG
7416 +int grsec_enable_stealth_flags_log = 1;
7418 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG
7419 +int grsec_enable_stealth_udp_log = 1;
7421 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG
7422 +int grsec_enable_stealth_rst_log = 1;
7424 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG
7425 +int grsec_enable_stealth_icmp_log = 1;
7428 diff -urN linux/kernel/grsort.c linux/kernel/grsort.c
7429 --- linux/kernel/grsort.c Wed Dec 31 19:00:00 1969
7430 +++ linux/kernel/grsort.c Sun Dec 23 19:13:16 2001
7432 +/* * * * * * * * * * * * * * * * * * * * * * * * *
7433 + * The following code is a slightly modified qsort found in glibc
7434 + * The best implementation for a non-recursive qsort around
7435 + * that I could find, and probably
7436 + * better than what I would have come up with=)
7437 + * * * * * * * * * * * * * * * * * * * * * * * * */
7438 +#include <linux/kernel.h>
7439 +#include <linux/types.h>
7440 +#include <linux/slab.h>
7444 +/* Byte-wise swap two items of size SIZE. */
7445 +#define SWAP(a, b, size) \
7448 + register size_t __size = (size); \
7449 + register char *__a = (a), *__b = (b); \
7452 + char __tmp = *__a; \
7455 + } while (--__size > 0); \
7458 +/* Discontinue quicksort algorithm when partition gets below this size.
7459 + This particular magic number was chosen to work best on a Sun 4/260. */
7460 +#define MAX_THRESH 4
7462 +/* Stack node declarations used to store unfulfilled partition obligations. */
7469 +/* The next 4 #defines implement a very fast in-line stack abstraction. */
7470 +#define STACK_SIZE (8 * sizeof(unsigned long int))
7471 +#define PUSH(low, high) ((void) ((top->lo = (low)), (top->hi = (high)), ++top))
7472 +#define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi)))
7473 +#define STACK_NOT_EMPTY (stack < top)
7476 +/* Order size using quicksort. This implementation incorporates
7477 + four optimizations discussed in Sedgewick:
7479 + 1. Non-recursive, using an explicit stack of pointer that store the
7480 + next array partition to sort. To save time, this maximum amount
7481 + of space required to store an array of MAX_INT is allocated on the
7482 + stack. Assuming a 32-bit integer, this needs only 32 *
7483 + sizeof(stack_node) == 136 bits. Pretty cheap, actually.
7485 + 2. Chose the pivot element using a median-of-three decision tree.
7486 + This reduces the probability of selecting a bad pivot value and
7487 + eliminates certain extraneous comparisons.
7489 + 3. Only quicksorts TOTAL_ELEMS / MAX_THRESH partitions, leaving
7490 + insertion sort to order the MAX_THRESH items within each partition.
7491 + This is a big win, since insertion sort is faster for small, mostly
7492 + sorted array segments.
7494 + 4. The larger of the two sub-partitions is always pushed onto the
7495 + stack first, with the algorithm then concentrating on the
7496 + smaller partition. This *guarantees* no more than log (n)
7497 + stack size is needed (actually O(1) in this case)! */
7500 +void qsort (void *pbase, size_t total_elems, size_t size, int (*cmp) (const void *, const void*))
7502 + register char *base_ptr = (char *) pbase;
7504 + /* Allocating SIZE bytes for a pivot buffer facilitates a better
7505 + algorithm below since we can do comparisons directly on the pivot. */
7506 + char *pivot_buffer = (char *) kmalloc(size,GFP_KERNEL);
7507 + const size_t max_thresh = MAX_THRESH * size;
7509 + if (total_elems == 0 || !pivot_buffer)
7510 + /* Avoid lossage with unsigned arithmetic below. */
7513 + if (total_elems > MAX_THRESH)
7515 + char *lo = base_ptr;
7516 + char *hi = &lo[size * (total_elems - 1)];
7517 + /* Largest size needed for 32-bit int!!! */
7518 + stack_node stack[STACK_SIZE];
7519 + stack_node *top = stack + 1;
7521 + while (STACK_NOT_EMPTY)
7526 + char *pivot = pivot_buffer;
7528 + /* Select median value from among LO, MID, and HI. Rearrange
7529 + LO and HI so the three values are sorted. This lowers the
7530 + probability of picking a pathological pivot value and
7531 + skips a comparison for both the LEFT_PTR and RIGHT_PTR. */
7533 + char *mid = lo + size * ((hi - lo) / size >> 1);
7535 + if ((*cmp) ((void *) mid, (void *) lo) < 0)
7536 + SWAP (mid, lo, size);
7537 + if ((*cmp) ((void *) hi, (void *) mid) < 0)
7538 + SWAP (mid, hi, size);
7541 + if ((*cmp) ((void *) mid, (void *) lo) < 0)
7542 + SWAP (mid, lo, size);
7544 + memcpy (pivot, mid, size);
7545 + pivot = pivot_buffer;
7547 + left_ptr = lo + size;
7548 + right_ptr = hi - size;
7550 + /* Here's the famous ``collapse the walls'' section of quicksort.
7551 + Gotta like those tight inner loops! They are the main reason
7552 + that this algorithm runs much faster than others. */
7555 + while ((*cmp) ((void *) left_ptr, (void *) pivot) < 0)
7558 + while ((*cmp) ((void *) pivot, (void *) right_ptr) < 0)
7559 + right_ptr -= size;
7561 + if (left_ptr < right_ptr)
7563 + SWAP (left_ptr, right_ptr, size);
7565 + right_ptr -= size;
7567 + else if (left_ptr == right_ptr)
7570 + right_ptr -= size;
7574 + while (left_ptr <= right_ptr);
7576 + /* Set up pointers for next iteration. First determine whether
7577 + left and right partitions are below the threshold size. If so,
7578 + ignore one or both. Otherwise, push the larger partition's
7579 + bounds on the stack and continue sorting the smaller one. */
7581 + if ((size_t) (right_ptr - lo) <= max_thresh)
7583 + if ((size_t) (hi - left_ptr) <= max_thresh)
7584 + /* Ignore both small partitions. */
7587 + /* Ignore small left partition. */
7590 + else if ((size_t) (hi - left_ptr) <= max_thresh)
7591 + /* Ignore small right partition. */
7593 + else if ((right_ptr - lo) > (hi - left_ptr))
7595 + /* Push larger left partition indices. */
7596 + PUSH (lo, right_ptr);
7601 + /* Push larger right partition indices. */
7602 + PUSH (left_ptr, hi);
7607 + kfree(pivot_buffer);
7609 + /* Once the BASE_PTR array is partially sorted by quicksort the rest
7610 + is completely sorted using insertion sort, since this is efficient
7611 + for partitions below MAX_THRESH size. BASE_PTR points to the beginning
7612 + of the array to sort, and END_PTR points at the very last element in
7613 + the array (*not* one beyond it!). */
7617 + char *const end_ptr = &base_ptr[size * (total_elems - 1)];
7618 + char *tmp_ptr = base_ptr;
7619 + char *thresh = min(end_ptr, base_ptr + max_thresh);
7620 + register char *run_ptr;
7622 + /* Find smallest element in first threshold and place it at the
7623 + array's beginning. This is the smallest array element,
7624 + and the operation speeds up insertion sort's inner loop. */
7626 + for (run_ptr = tmp_ptr + size; run_ptr <= thresh; run_ptr += size)
7627 + if ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0)
7628 + tmp_ptr = run_ptr;
7630 + if (tmp_ptr != base_ptr)
7631 + SWAP (tmp_ptr, base_ptr, size);
7633 + /* Insertion sort, running from left-hand-side up to right-hand-side. */
7635 + run_ptr = base_ptr + size;
7636 + while ((run_ptr += size) <= end_ptr)
7638 + tmp_ptr = run_ptr - size;
7639 + while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0)
7643 + if (tmp_ptr != run_ptr)
7647 + trav = run_ptr + size;
7648 + while (--trav >= run_ptr)
7653 + for (hi = lo = trav; (lo -= size) >= tmp_ptr; hi = lo)
7661 diff -urN linux/kernel/printk.c linux/kernel/printk.c
7662 --- linux/kernel/printk.c Fri Dec 21 12:42:04 2001
7663 +++ linux/kernel/printk.c Sun Dec 23 19:13:16 2001
7664 @@ -290,7 +290,11 @@
7666 asmlinkage long sys_syslog(int type, char * buf, int len)
7668 +#ifdef CONFIG_GRKERNSEC_PROC
7669 + if (!capable(CAP_SYS_ADMIN))
7671 if ((type != 3) && !capable(CAP_SYS_ADMIN))
7674 return do_syslog(type, buf, len);
7676 diff -urN linux/kernel/sched.c linux/kernel/sched.c
7677 --- linux/kernel/sched.c Fri Dec 21 12:42:04 2001
7678 +++ linux/kernel/sched.c Sun Dec 23 19:13:16 2001
7681 #include <asm/uaccess.h>
7682 #include <asm/mmu_context.h>
7683 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7684 +#include <linux/grsecurity.h>
7687 extern void timer_bh(void);
7688 extern void tqueue_bh(void);
7689 @@ -874,6 +877,14 @@
7691 if (increment < -40)
7693 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7694 + if(grsec_enable_chroot_nice && proc_is_chrooted(current)){
7695 + security_alert("attempted priority change by "
7696 + DEFAULTSECMSG, "attempted priority changes",
7704 diff -urN linux/kernel/signal.c linux/kernel/signal.c
7705 --- linux/kernel/signal.c Wed Nov 21 19:26:27 2001
7706 +++ linux/kernel/signal.c Sun Dec 23 19:13:16 2001
7709 #include <asm/uaccess.h>
7711 +#if defined(CONFIG_GRKERNSEC_SIGNAL) || defined(CONFIG_GRKERNSEC_CHROOT_SIG) \
7712 +|| defined(CONFIG_GRKERNSEC_ACL)
7713 +#include <linux/fs.h>
7714 +#include <linux/grsecurity.h>
7718 * SLAB caches for signal bits.
7720 @@ -526,8 +532,37 @@
7723 spin_lock_irqsave(&t->sigmask_lock, flags);
7724 +#ifdef CONFIG_GRKERNSEC_CHROOT_SIG
7725 + if(CHROOTLONGCHECK &&
7726 + !( sig == SIGALRM || sig == SIGIO || !proc_is_chrooted(current) ||
7727 + have_same_root(current,t) ||
7728 + (t->pid == current->p_pptr->pid && sig == SIGCHLD) ) ) {
7729 + security_alert("denied signal %d out of chroot jail (%.32s:%lu) of %d.%d "
7730 + "by " DEFAULTSECMSG " to " DEFAULTSECMSG,
7731 + "denied signals in chroot",sig,kdevname(current->fs->root->d_inode->i_dev),
7732 + current->fs->root->d_inode->i_ino,current->fs->root->d_inode->i_uid,
7733 + current->fs->root->d_inode->i_gid,DEFAULTSECARGS,
7734 + t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,
7735 + t->p_pptr->pid,t->p_pptr->uid,t->p_pptr->euid);
7739 handle_stop_signal(sig, t);
7741 +#ifdef CONFIG_GRKERNSEC_SIGNAL
7742 + if(grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
7743 + (sig == SIGABRT) || (sig == SIGBUS))) {
7744 + if(t->pid == current->pid) {
7745 + security_alert("signal %d sent to " DEFAULTSECMSG,"signal warnings",sig,
7746 + t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,t->p_pptr->pid,
7747 + t->p_pptr->uid,t->p_pptr->euid);
7749 + security_alert("signal %d sent to " DEFAULTSECMSG " by "
7750 + DEFAULTSECMSG, "signal warnings",
7751 + sig,t->comm,t->pid,t->uid,t->euid,t->p_pptr->comm,t->p_pptr->pid,
7752 + t->p_pptr->uid,t->p_pptr->euid, DEFAULTSECARGS);
7756 /* Optimize away the signal, if it's a signal that can be
7757 handled immediately (ie non-blocked and untraced) and
7758 that is ignored (either explicitly or by default). */
7761 read_lock(&tasklist_lock);
7763 +#ifdef CONFIG_GRKERNSEC_ACL
7764 + if( !(gr_check_protected(p)) || current->pid == 1)
7766 if (p->pgrp == pgrp) {
7767 int err = send_sig_info(sig, info, p);
7771 read_lock(&tasklist_lock);
7773 +#ifdef CONFIG_GRKERNSEC_ACL
7774 + if( !(gr_check_protected(p)) || current->pid == 1)
7776 if (p->leader && p->session == sess) {
7777 int err = send_sig_info(sig, info, p);
7780 p = find_task_by_pid(pid);
7783 +#ifdef CONFIG_GRKERNSEC_ACL
7784 + if( !(gr_check_protected(p)) || current->pid == 1)
7786 error = send_sig_info(sig, info, p);
7787 read_unlock(&tasklist_lock);
7791 read_lock(&tasklist_lock);
7793 +#ifdef CONFIG_GRKERNSEC_ACL
7794 + if(!(gr_check_protected(p) || current->pid == 1))
7796 if (p->pid > 1 && p != current) {
7797 int err = send_sig_info(sig, info, p);
7799 diff -urN linux/kernel/sys.c linux/kernel/sys.c
7800 --- linux/kernel/sys.c Tue Sep 18 17:10:43 2001
7801 +++ linux/kernel/sys.c Sun Dec 23 19:13:16 2001
7803 * Copyright (C) 1991, 1992 Linus Torvalds
7806 +#include <linux/config.h>
7807 #include <linux/module.h>
7808 #include <linux/mm.h>
7809 #include <linux/utsname.h>
7811 #include <asm/uaccess.h>
7814 +#if defined(CONFIG_GRKERNSEC_SUID) ||\
7815 + defined(CONFIG_GRKERNSEC_SUID_ROOT) ||\
7816 + defined(CONFIG_GRKERNSEC_TTYROOT) || defined(CONFIG_GRKERNSEC_CHROOT_NICE)
7817 +#include <linux/grsecurity.h>
7821 * this is where the system-wide overflow UID and GID are defined, for
7822 * architectures that now have 32-bit UID/GID but didn't in the past
7825 if (!proc_sel(p, which, who))
7828 if (p->uid != current->euid &&
7829 p->uid != current->uid && !capable(CAP_SYS_NICE)) {
7831 @@ -220,6 +228,15 @@
7833 if (error == -ESRCH)
7835 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7836 + if(grsec_enable_chroot_nice && (!have_same_root(p,current)
7837 + || (have_same_root(p,current) && (niceval < p->nice) && proc_is_chrooted(current)))) {
7838 + security_alert("attempted priority change of "
7839 + "process (%.16s:%d) by " DEFAULTSECMSG,
7840 + "attempted priority changes",p->comm,p->pid,DEFAULTSECARGS);
7841 + return -ESRCH; /* be stealthy */
7844 if (niceval < p->nice && !capable(CAP_SYS_NICE))
7847 @@ -380,6 +397,20 @@
7848 int new_rgid = old_rgid;
7849 int new_egid = old_egid;
7851 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7852 + is_tty_allowed_for_setid(rgid,egid,1,"setregid");
7855 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7856 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7857 + if(grsec_enable_suid_root && current->uid && (!rgid || !egid))
7859 + if(grsec_enable_suid)
7861 + printk(KERN_INFO "grsec: setregid(rgid=%d/egid=%d) by " DEFAULTSECMSG
7862 + "\n",rgid,egid, DEFAULTSECARGS);
7865 if (rgid != (gid_t) -1) {
7866 if ((old_rgid == rgid) ||
7867 (current->egid==rgid) ||
7868 @@ -421,6 +452,20 @@
7870 int old_egid = current->egid;
7872 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7873 + is_tty_allowed_for_setid(gid,1,1,"setgid");
7876 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7877 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7878 + if(grsec_enable_suid_root && current->uid && !gid)
7880 + if(grsec_enable_suid)
7882 + printk(KERN_INFO "grsec: setgid(%d) by " DEFAULTSECMSG "\n",gid,
7886 if (capable(CAP_SETGID))
7889 @@ -540,6 +585,20 @@
7890 new_euid = old_euid = current->euid;
7891 old_suid = current->suid;
7893 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7894 + is_tty_allowed_for_setid(ruid,euid,1,"setreuid");
7897 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7898 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7899 + if(grsec_enable_suid_root && current->uid && (!ruid || !euid))
7901 + if(grsec_enable_suid)
7903 + printk(KERN_INFO "grsec: setreuid(ruid=%d/euid=%d) by " DEFAULTSECMSG
7904 + "\n",ruid,euid, DEFAULTSECARGS);
7907 if (ruid != (uid_t) -1) {
7909 if ((old_ruid != ruid) &&
7910 @@ -599,7 +658,20 @@
7911 old_ruid = new_ruid = current->uid;
7912 old_suid = current->suid;
7913 new_suid = old_suid;
7916 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7917 + is_tty_allowed_for_setid(uid,1,1,"setuid");
7920 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7921 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7922 + if(grsec_enable_suid_root && current->uid && !uid)
7924 + if(grsec_enable_suid)
7926 + printk(KERN_INFO "grsec: setuid(%d) by " DEFAULTSECMSG "\n", uid,
7929 if (capable(CAP_SETUID)) {
7930 if (uid != old_ruid && set_user(uid, old_euid != uid) < 0)
7932 @@ -633,6 +705,20 @@
7933 int old_euid = current->euid;
7934 int old_suid = current->suid;
7936 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7937 + is_tty_allowed_for_setid(ruid,euid,suid,"setresuid");
7940 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7941 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7942 + if(grsec_enable_suid_root && current->uid && (!ruid || !euid || !suid))
7944 + if(grsec_enable_suid)
7946 + printk(KERN_INFO "grsec: setresuid(ruid=%d/suid=%d/euid=%d) by "
7947 + DEFAULTSECMSG "\n", ruid, suid, euid, DEFAULTSECARGS);
7950 if (!capable(CAP_SETUID)) {
7951 if ((ruid != (uid_t) -1) && (ruid != current->uid) &&
7952 (ruid != current->euid) && (ruid != current->suid))
7953 @@ -683,6 +769,20 @@
7955 asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
7957 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7958 + is_tty_allowed_for_setid(rgid,egid,sgid,"setresgid");
7961 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7962 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7963 + if(grsec_enable_suid_root && current->uid && (!rgid || !egid || !sgid))
7965 + if(grsec_enable_suid)
7967 + printk(KERN_INFO "grsec: setresgid(rgid=%d/sgid=%d/egid=%d) by "
7968 + DEFAULTSECMSG "\n", rgid, sgid, egid, DEFAULTSECARGS);
7971 if (!capable(CAP_SETGID)) {
7972 if ((rgid != (gid_t) -1) && (rgid != current->gid) &&
7973 (rgid != current->egid) && (rgid != current->sgid))
7974 @@ -732,6 +832,20 @@
7978 +#ifdef CONFIG_GRKERNSEC_TTYROOT
7979 + is_tty_allowed_for_setid(uid,1,1,"setfsuid");
7982 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
7983 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
7984 + if(grsec_enable_suid_root && current->uid && !uid)
7986 + if(grsec_enable_suid)
7988 + printk(KERN_INFO "grsec: setfsuid(%d) by " DEFAULTSECMSG "\n", uid,
7992 old_fsuid = current->fsuid;
7993 if (uid == current->uid || uid == current->euid ||
7994 uid == current->suid || uid == current->fsuid ||
7995 @@ -774,6 +888,20 @@
7999 +#ifdef CONFIG_GRKERNSEC_TTYROOT
8000 + is_tty_allowed_for_setid(gid,1,1,"setfsgid");
8003 +#if defined(CONFIG_GRKERNSEC_SUID) || defined(CONFIG_GRKERNSEC_SUID_ROOT)
8004 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
8005 + if(grsec_enable_suid_root && current->uid && !gid)
8007 + if(grsec_enable_suid)
8009 + printk(KERN_INFO "grsec: setfsgid(%d) by " DEFAULTSECMSG "\n", gid,
8013 old_fsgid = current->fsgid;
8014 if (gid == current->gid || gid == current->egid ||
8015 gid == current->sgid || gid == current->fsgid ||
8016 @@ -971,6 +1099,11 @@
8018 if(copy_from_user(current->groups, grouplist, gidsetsize * sizeof(gid_t)))
8021 +#ifdef CONFIG_GRKERNSEC_SUID
8022 + if(grsec_enable_suid)
8023 + printk(KERN_INFO "grsec: setgroups by " DEFAULTSECMSG "\n", DEFAULTSECARGS);
8025 current->ngroups = gidsetsize;
8028 diff -urN linux/kernel/sysctl.c linux/kernel/sysctl.c
8029 --- linux/kernel/sysctl.c Fri Dec 21 12:42:04 2001
8030 +++ linux/kernel/sysctl.c Sun Dec 23 19:13:16 2001
8032 #include <linux/nfs_fs.h>
8035 -#if defined(CONFIG_SYSCTL)
8036 +#ifdef CONFIG_SYSCTL
8037 +#include <linux/grsecurity.h>
8039 /* External variables not in a header file. */
8040 extern int panic_timeout;
8042 static ctl_table debug_table[];
8043 static ctl_table dev_table[];
8044 extern ctl_table random_table[];
8045 +#ifdef CONFIG_GRKERNSEC_SYSCTL
8046 +static ctl_table grsecurity_table[];
8049 /* /proc declarations: */
8051 @@ -256,8 +260,272 @@
8052 {KERN_KDB, "kdb", &kdb_on, sizeof(int),
8053 0644, NULL, &proc_dointvec),
8054 #endif /* CONFIG_KDB */
8055 +#ifdef CONFIG_GRKERNSEC_SYSCTL
8056 + {KERN_GRSECURITY, "grsecurity", NULL, 0, 0550, grsecurity_table},
8058 +#ifdef CONFIG_GRKERNSEC_ACL
8059 + {KERN_OBV,"oblivion",NULL,sizeof(int),0600,NULL,&gr_proc_handler},
8065 +#ifdef CONFIG_GRKERNSEC_SYSCTL
8066 +enum {GS_LINK=1,GS_FIFO, GS_FD, GS_EXECVE, GS_FORK,
8067 +GS_FORK_GID, GS_FORK_SEC, GS_FORK_MAX, GS_EXECLOG, GS_EXECLOG_GID,
8068 +GS_EXECLOG_GRP, GS_SUID, GS_SUID_ROOT, GS_SIGNAL, GS_COREDUMP, GS_FORKFAIL,
8069 +GS_TIME, GS_KBMAP, GS_RANDNET, GS_CHROOT_SIG, GS_CHROOT_MNT,
8070 +GS_CHROOT_DBL, GS_CHROOT_CD, GS_CHROOT_CM, GS_CHROOT_MK, GS_CHROOT_PT,
8071 +GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS, GS_TPE, GS_TPE_GID,
8072 +GS_TPE_GLIBC, GS_TPE_ALL, GS_PTRACE, GS_PTRACE_GRP, GS_PTRACE_GID,
8073 +GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_RANDTTL,
8074 +GS_RANDTTL_THRESH, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
8075 +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID,
8076 +GS_STEALTH_RST, GS_STEALTH_RST_LOG, GS_STEALTH_UDP, GS_STEALTH_UDP_LOG,
8077 +GS_STEALTH_ICMP, GS_STEALTH_ICMP_LOG, GS_STEALTH_IGMP, GS_STEALTH_FLAGS,
8078 +GS_STEALTH_FLAGS_LOG, GS_IPC, GS_TTY, GS_TTYS, GS_PTY, GS_LOCK};
8080 +static ctl_table grsecurity_table[] = {
8081 +#ifdef CONFIG_GRKERNSEC_LINK
8082 + {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),
8083 + 0640, NULL, &proc_dointvec},
8085 +#ifdef CONFIG_GRKERNSEC_FIFO
8086 + {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),
8087 + 0640, NULL, &proc_dointvec},
8089 +#ifdef CONFIG_GRKERNSEC_FD
8090 + {GS_FD, "secure_fds", &grsec_enable_fd, sizeof (int),
8091 + 0640, NULL, &proc_dointvec},
8093 +#ifdef CONFIG_GRKERNSEC_EXECVE
8094 + {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),
8095 + 0640, NULL, &proc_dointvec},
8097 +#ifdef CONFIG_GRKERNSEC_FORKBOMB
8098 + {GS_FORK, "fork_bomb_prot", &grsec_enable_forkbomb, sizeof (int),
8099 + 0640, NULL, &proc_dointvec},
8100 + {GS_FORK_GID, "fork_bomb_gid", &grsec_forkbomb_gid, sizeof (int),
8101 + 0640, NULL, &proc_dointvec},
8102 + {GS_FORK_SEC, "fork_bomb_sec", &grsec_forkbomb_sec, sizeof (int),
8103 + 0640, NULL, &proc_dointvec},
8104 + {GS_FORK_MAX, "fork_bomb_max", &grsec_forkbomb_max, sizeof (int),
8105 + 0640, NULL, &proc_dointvec},
8107 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8108 + {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),
8109 + 0640, NULL, &proc_dointvec},
8111 +#ifdef CONFIG_GRKERNSEC_EXECLOG_GROUP
8112 + {GS_EXECLOG_GRP, "exec_group_logging", &grsec_enable_execlog_group,
8113 + sizeof (int), 0640, NULL, &proc_dointvec},
8114 + {GS_EXECLOG_GID, "exec_logging_gid", &grsec_execlog_gid, sizeof (int),
8115 + 0640, NULL, &proc_dointvec},
8117 +#ifdef CONFIG_GRKERNSEC_SUID
8118 + {GS_SUID, "suid_logging", &grsec_enable_suid, sizeof (int),
8119 + 0640, NULL, &proc_dointvec},
8121 +#ifdef CONFIG_GRKERNSEC_SUID_ROOT
8122 + {GS_SUID_ROOT, "suid_root_logging", &grsec_enable_suid_root, sizeof (int),
8123 + 0640, NULL, &proc_dointvec},
8125 +#ifdef CONFIG_GRKERNSEC_SIGNAL
8126 + {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),
8127 + 0640, NULL, &proc_dointvec},
8129 +#ifdef CONFIG_GRKERNSEC_COREDUMP
8130 + {GS_COREDUMP, "coredump", &grsec_enable_coredump, sizeof (int),
8131 + 0640, NULL, &proc_dointvec},
8133 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8134 + {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),
8135 + 0640, NULL, &proc_dointvec},
8137 +#ifdef CONFIG_GRKERNSEC_TIME
8138 + {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),
8139 + 0640, NULL, &proc_dointvec},
8141 +#ifdef CONFIG_GRKERNSEC_KBMAP
8142 + {GS_KBMAP, "secure_kbmap", &grsec_enable_kbmap, sizeof (int),
8143 + 0640, NULL, &proc_dointvec},
8145 +#ifdef CONFIG_GRKERNSEC_RANDNET
8146 + {GS_RANDNET, "rand_net", &grsec_enable_randnet, sizeof (int),
8147 + 0640, NULL, &proc_dointvec},
8149 +#ifdef CONFIG_GRKERNSEC_CHROOT_SIG
8150 + {GS_CHROOT_SIG, "chroot_restrict_sigs", &grsec_enable_chroot_sig, sizeof (int),
8151 + 0640, NULL, &proc_dointvec},
8153 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
8154 + {GS_CHROOT_MNT, "chroot_deny_mount", &grsec_enable_chroot_mount, sizeof (int),
8155 + 0640, NULL, &proc_dointvec},
8157 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
8158 + {GS_CHROOT_DBL, "chroot_deny_chroot", &grsec_enable_chroot_double, sizeof (int),
8159 + 0640, NULL, &proc_dointvec},
8161 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
8162 + {GS_CHROOT_CD, "chroot_deny_chdir", &grsec_enable_chroot_chdir, sizeof (int),
8163 + 0640, NULL, &proc_dointvec},
8165 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
8166 + {GS_CHROOT_CM, "chroot_deny_chmod", &grsec_enable_chroot_chmod, sizeof (int),
8167 + 0640, NULL, &proc_dointvec},
8169 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
8170 + {GS_CHROOT_MK, "chroot_deny_mknod", &grsec_enable_chroot_mknod, sizeof (int),
8171 + 0640, NULL, &proc_dointvec},
8173 +#ifdef CONFIG_GRKERNSEC_CHROOT_PTRACE
8174 + {GS_CHROOT_PT, "chroot_deny_ptrace", &grsec_enable_chroot_ptrace, sizeof (int),
8175 + 0640, NULL, &proc_dointvec},
8177 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
8178 + {GS_CHROOT_NI, "chroot_restrict_nice", &grsec_enable_chroot_nice, sizeof (int),
8179 + 0640, NULL, &proc_dointvec},
8181 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
8182 + {GS_CHROOT_EXECLOG, "chroot_execlog",
8183 + &grsec_enable_chroot_execlog, sizeof (int),
8184 + 0640, NULL, &proc_dointvec},
8186 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
8187 + {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),
8188 + 0640, NULL, &proc_dointvec},
8190 +#ifdef CONFIG_GRKERNSEC_TPE
8191 + {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),
8192 + 0640, NULL, &proc_dointvec},
8193 + {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),
8194 + 0640, NULL, &proc_dointvec},
8196 +#ifdef CONFIG_GRKERNSEC_TPE_GLIBC
8197 + {GS_TPE_GLIBC, "tpe_glibc", &grsec_enable_tpe_glibc, sizeof (int),
8198 + 0640, NULL, &proc_dointvec},
8200 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
8201 + {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),
8202 + 0640, NULL, &proc_dointvec},
8204 +#ifdef CONFIG_GRKERNSEC_PTRACE
8205 + {GS_PTRACE, "restrict_ptrace", &grsec_enable_ptrace, sizeof (int),
8206 + 0640, NULL, &proc_dointvec},
8208 +#ifdef CONFIG_GRKERNSEC_PTRACE_GROUP
8209 + {GS_PTRACE_GRP, "allow_ptrace_group", &grsec_enable_ptrace_group, sizeof (int),
8210 + 0640, NULL, &proc_dointvec},
8211 + {GS_PTRACE_GID, "ptrace_gid", &grsec_ptrace_gid, sizeof (int),
8212 + 0640, NULL, &proc_dointvec},
8214 +#ifdef CONFIG_GRKERNSEC_RANDPID
8215 + {GS_RANDPID, "rand_pids", &grsec_enable_randpid, sizeof (int),
8216 + 0640, NULL, &proc_dointvec},
8218 +#ifdef CONFIG_GRKERNSEC_RANDID
8219 + {GS_RANDID, "rand_ip_ids", &grsec_enable_randid, sizeof (int),
8220 + 0640, NULL, &proc_dointvec},
8222 +#ifdef CONFIG_GRKERNSEC_RANDSRC
8223 + {GS_RANDSRC, "rand_tcp_src_ports", &grsec_enable_randsrc, sizeof (int),
8224 + 0640, NULL, &proc_dointvec},
8226 +#ifdef CONFIG_GRKERNSEC_RANDPING
8227 + {GS_RANDPING, "altered_pings", &grsec_enable_randping, sizeof (int),
8228 + 0640, NULL, &proc_dointvec},
8230 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8231 + {GS_RANDTTL, "rand_ttl", &grsec_enable_randttl, sizeof (int),
8232 + 0640, NULL, &proc_dointvec},
8233 + {GS_RANDTTL_THRESH, "rand_ttl_thresh",
8234 + &grsec_randttl_thresh, sizeof (int),
8235 + 0640, NULL, &proc_dointvec},
8237 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
8238 + {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),
8239 + 0640, NULL, &proc_dointvec},
8240 + {GS_SOCKET_ALL_GID, "socket_all_gid",
8241 + &grsec_socket_all_gid, sizeof (int),
8242 + 0640, NULL, &proc_dointvec},
8244 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
8245 + {GS_SOCKET_CLIENT, "socket_client",
8246 + &grsec_enable_socket_client, sizeof (int),
8247 + 0640, NULL, &proc_dointvec},
8248 + {GS_SOCKET_CLIENT_GID, "socket_client_gid",
8249 + &grsec_socket_client_gid, sizeof (int),
8250 + 0640, NULL, &proc_dointvec},
8252 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
8253 + {GS_SOCKET_SERVER, "socket_server",
8254 + &grsec_enable_socket_server, sizeof (int),
8255 + 0640, NULL, &proc_dointvec},
8256 + {GS_SOCKET_SERVER_GID, "socket_server_gid",
8257 + &grsec_socket_server_gid, sizeof (int),
8258 + 0640, NULL, &proc_dointvec},
8260 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST
8261 + {GS_STEALTH_RST, "stealth_rst", &grsec_enable_stealth_rst, sizeof (int),
8262 + 0640, NULL, &proc_dointvec},
8264 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG
8265 + {GS_STEALTH_RST_LOG, "stealth_rst_log", &grsec_enable_stealth_rst_log, sizeof (int),
8266 + 0640, NULL, &proc_dointvec},
8268 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP
8269 + {GS_STEALTH_UDP, "stealth_udp", &grsec_enable_stealth_udp, sizeof (int),
8270 + 0640, NULL, &proc_dointvec},
8272 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG
8273 + {GS_STEALTH_UDP_LOG, "stealth_udp_log", &grsec_enable_stealth_udp_log, sizeof (int),
8274 + 0640, NULL, &proc_dointvec},
8276 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP
8277 + {GS_STEALTH_ICMP, "stealth_icmp",
8278 + &grsec_enable_stealth_icmp, sizeof (int),
8279 + 0640, NULL, &proc_dointvec},
8281 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG
8282 + {GS_STEALTH_ICMP_LOG, "stealth_icmp_log",
8283 + &grsec_enable_stealth_icmp_log, sizeof (int),
8284 + 0640, NULL, &proc_dointvec},
8286 +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP
8287 + {GS_STEALTH_IGMP, "stealth_igmp",
8288 + &grsec_enable_stealth_igmp, sizeof (int),
8289 + 0640, NULL, &proc_dointvec},
8291 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS
8292 + {GS_STEALTH_FLAGS, "stealth_flags",
8293 + &grsec_enable_stealth_flags, sizeof (int),
8294 + 0640, NULL, &proc_dointvec},
8296 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG
8297 + {GS_STEALTH_FLAGS_LOG, "stealth_flags_log",
8298 + &grsec_enable_stealth_flags_log, sizeof (int),
8299 + 0640, NULL, &proc_dointvec},
8301 +#ifdef CONFIG_GRKERNSEC_IPC
8302 + {GS_IPC, "alt_ipc_perms", &grsec_enable_ipc, sizeof (int), 0640,
8303 + NULL, &proc_dointvec},
8305 +#ifdef CONFIG_GRKERNSEC_TTYROOT
8306 + {GS_TTY, "deny_phys_root",
8307 + &grsec_enable_phys_deny, sizeof (int),
8308 + 0640, NULL, &proc_dointvec},
8309 + {GS_TTYS, "deny_serial_root",
8310 + &grsec_enable_serial_deny, sizeof (int),
8311 + 0640, NULL, &proc_dointvec},
8312 + {GS_PTY, "deny_pseudo_root",
8313 + &grsec_enable_pseudo_deny, sizeof (int),
8314 + 0640, NULL, &proc_dointvec},
8316 + {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0640, NULL,
8322 static ctl_table vm_table[] = {
8323 {VM_BDFLUSH, "bdflush", &bdf_prm, 9*sizeof(int), 0644, NULL,
8324 @@ -828,6 +1096,17 @@
8327 i = (int *) table->data;
8328 +#ifdef CONFIG_GRKERNSEC_SYSCTL
8329 + if(table->de->parent->name && strlen(table->de->parent->name) == 10) {
8330 + if((!strcmp(table->de->parent->name, "grsecurity")) && grsec_lock && write) {
8331 + security_alert("attempt to modify grsecurity "
8332 + "sysctl value: %.32s by " DEFAULTSECMSG,
8333 + "attempted sysctl changes", table->de->name,
8339 vleft = table->maxlen / sizeof(int);
8342 diff -urN linux/kernel/time.c linux/kernel/time.c
8343 --- linux/kernel/time.c Fri Dec 21 12:42:04 2001
8344 +++ linux/kernel/time.c Sun Dec 23 19:13:16 2001
8346 #include <linux/smp_lock.h>
8348 #include <asm/uaccess.h>
8349 +#ifdef CONFIG_GRKERNSEC_TIME
8350 +#include <linux/grsecurity.h>
8354 * The timezone where the local system is located. Used as a default by some
8355 @@ -105,6 +108,11 @@
8356 time_maxerror = NTP_PHASE_LIMIT;
8357 time_esterror = NTP_PHASE_LIMIT;
8358 write_unlock_irq(&xtime_lock);
8359 +#ifdef CONFIG_GRKERNSEC_TIME
8360 + if(grsec_enable_time)
8361 + security_alert("time set by " DEFAULTSECMSG, "time sets",
8367 @@ -181,6 +189,11 @@
8368 * globally block out interrupts when it runs.
8370 do_settimeofday(tv);
8371 +#ifdef CONFIG_GRKERNSEC_TIME
8372 + if(grsec_enable_time)
8373 + security_alert("time set by " DEFAULTSECMSG, "time sets",
8379 diff -urN linux/mm/mmap.c linux/mm/mmap.c
8380 --- linux/mm/mmap.c Sun Nov 4 13:17:20 2001
8381 +++ linux/mm/mmap.c Sun Dec 23 19:13:16 2001
8383 #include <linux/file.h>
8384 #include <linux/fs.h>
8385 #include <linux/personality.h>
8386 +#include <linux/random.h>
8388 #include <asm/uaccess.h>
8389 #include <asm/pgalloc.h>
8390 @@ -429,6 +430,24 @@
8392 vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
8394 +#ifdef CONFIG_GRKERNSEC_PAX
8395 + if (current->flags & PF_PAX_PAGEEXEC) {
8396 + if (flags & MAP_GROWSDOWN)
8397 + vm_flags &= ~VM_EXEC;
8399 +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT
8400 + if ((current->flags & PF_PAX_MPROTECT) && !(prot & PROT_EXEC))
8401 + vm_flags &= ~VM_MAYEXEC;
8402 + if ((current->flags & PF_PAX_MPROTECT) && (flags & MAP_GROWSDOWN))
8403 + vm_flags &= ~VM_MAYEXEC;
8407 + if (prot & (PROT_READ | PROT_WRITE)) /* they imply PROT_EXEC on IA-32 */
8408 + vm_flags |= VM_EXEC;
8412 /* mlock MCL_FUTURE? */
8413 if (vm_flags & VM_LOCKED) {
8414 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
8415 @@ -601,7 +620,20 @@
8416 (!vma || addr + len <= vma->vm_start))
8419 +#if defined(CONFIG_GRKERNSEC_STACK)
8420 + addr = TASK_UNMAPPED_BASE(len);
8421 + addr = PAGE_ALIGN(TASK_UNMAPPED_BASE(len));
8423 + addr = TASK_UNMAPPED_BASE;
8424 addr = PAGE_ALIGN(TASK_UNMAPPED_BASE);
8428 +#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
8429 + /* PaX: randomize base address if requested */
8430 + if (current->flags & PF_PAX_RANDMMAP)
8431 + addr += current->mm->delta_mmap;
8434 for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {
8435 /* At this point: (!vma || addr < vma->vm_end). */
8436 @@ -1050,6 +1082,18 @@
8437 MAP_FIXED|MAP_PRIVATE) | mm->def_flags;
8439 flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
8441 +#ifdef CONFIG_GRKERNSEC_PAX
8442 + if (current->flags & PF_PAX_PAGEEXEC) {
8443 + flags &= ~VM_EXEC;
8445 +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT
8446 + if (current->flags & PF_PAX_MPROTECT)
8447 + flags &= ~VM_MAYEXEC;
8453 /* Can we just expand an old anonymous mapping? */
8454 if (rb_parent && vma_merge(mm, prev, rb_parent, addr, addr + len, flags))
8455 diff -urN linux/mm/mprotect.c linux/mm/mprotect.c
8456 --- linux/mm/mprotect.c Mon Sep 17 18:30:23 2001
8457 +++ linux/mm/mprotect.c Sun Dec 23 19:13:16 2001
8458 @@ -300,6 +300,12 @@
8461 #endif /* CONFIG_HAVE_XFS_DMAPI */
8462 +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT
8463 + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
8464 + if ((current->flags & PF_PAX_MPROTECT) && (prot & PROT_WRITE) && (vma->vm_flags & VM_MAYEXEC)) {
8465 + newflags &= ~VM_MAYWRITE;
8468 if (vma->vm_end > end) {
8469 error = mprotect_fixup(vma, &prev, nstart, end, newflags);
8471 diff -urN linux/net/core/utils.c linux/net/core/utils.c
8472 --- linux/net/core/utils.c Mon Aug 23 13:01:02 1999
8473 +++ linux/net/core/utils.c Sun Dec 23 19:13:16 2001
8476 static unsigned long net_rand_seed = 152L;
8478 +#ifdef CONFIG_GRKERNSEC_RANDNET
8479 +#include <linux/random.h>
8480 +#include <linux/grsecurity.h>
8482 +#define RNG_N_STORED_WORDS 256
8483 +unsigned long rng_storage[RNG_N_STORED_WORDS];
8487 unsigned long net_random(void)
8489 +#ifdef CONFIG_GRKERNSEC_RANDNET
8490 + if (grsec_enable_randnet) {
8493 + get_random_bytes(rng_storage,sizeof(rng_storage));
8494 + nleft=RNG_N_STORED_WORDS;
8498 + return rng_storage[nleft];
8500 + net_rand_seed=net_rand_seed*69069L+1;
8501 + return net_rand_seed^jiffies;
8504 net_rand_seed=net_rand_seed*69069L+1;
8505 return net_rand_seed^jiffies;
8509 void net_srandom(unsigned long entropy)
8511 +#ifdef CONFIG_GRKERNSEC_RANDNET
8512 + if(grsec_enable_randnet)
8513 + add_mouse_randomness((__u32)entropy);
8515 net_rand_seed ^= entropy;
8519 + net_rand_seed ^= entropy;
8524 int net_msg_cost = 5*HZ;
8526 spin_unlock_irqrestore(&ratelimit_lock, flags);
8530 diff -urN linux/net/ipv4/Makefile linux/net/ipv4/Makefile
8531 --- linux/net/ipv4/Makefile Fri Dec 21 12:42:05 2001
8532 +++ linux/net/ipv4/Makefile Sun Dec 23 19:13:16 2001
8535 obj-y := utils.o route.o inetpeer.o proc.o protocol.o \
8536 ip_input.o ip_fragment.o ip_forward.o ip_options.o \
8537 - ip_output.o ip_sockglue.o \
8538 + ip_id.o ip_output.o ip_sockglue.o \
8539 tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o tcp_minisocks.o \
8540 tcp_diag.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \
8541 sysctl_net_ipv4.o fib_frontend.o fib_semantics.o fib_hash.o
8542 diff -urN linux/net/ipv4/af_inet.c linux/net/ipv4/af_inet.c
8543 --- linux/net/ipv4/af_inet.c Fri Dec 21 12:42:05 2001
8544 +++ linux/net/ipv4/af_inet.c Sun Dec 23 19:13:16 2001
8546 #include <linux/init.h>
8547 #include <linux/poll.h>
8548 #include <linux/netfilter_ipv4.h>
8549 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8550 +#include <linux/random.h>
8551 +#include <linux/grsecurity.h>
8554 #include <asm/uaccess.h>
8555 #include <asm/system.h>
8556 @@ -322,6 +326,10 @@
8557 struct list_head *p;
8558 struct inet_protosw *answer;
8560 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8561 + unsigned long randttl;
8564 sock->state = SS_UNCONNECTED;
8565 sk = sk_alloc(PF_INET, GFP_KERNEL, 1);
8567 @@ -374,7 +382,14 @@
8569 sk->protinfo.af_inet.pmtudisc = IP_PMTUDISC_WANT;
8571 +#ifdef CONFIG_GRKERNSEC_RANDID
8572 + if(grsec_enable_randid)
8573 + sk->protinfo.af_inet.id = htons(ip_randomid());
8575 + sk->protinfo.af_inet.id = 0;
8577 sk->protinfo.af_inet.id = 0;
8580 sock_init_data(sock,sk);
8582 @@ -386,7 +401,16 @@
8584 sk->backlog_rcv = sk->prot->backlog_rcv;
8586 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8587 +if(grsec_enable_randttl){
8588 + get_random_bytes(&randttl,sizeof(randttl));
8589 + sk->protinfo.af_inet.ttl = grsec_randttl_thresh +
8590 + (randttl % (256 - grsec_randttl_thresh));
8592 + sk->protinfo.af_inet.ttl = sysctl_ip_default_ttl;
8594 sk->protinfo.af_inet.ttl = sysctl_ip_default_ttl;
8597 sk->protinfo.af_inet.mc_loop = 1;
8598 sk->protinfo.af_inet.mc_ttl = 1;
8599 diff -urN linux/net/ipv4/icmp.c linux/net/ipv4/icmp.c
8600 --- linux/net/ipv4/icmp.c Wed Nov 7 17:39:36 2001
8601 +++ linux/net/ipv4/icmp.c Sun Dec 23 19:13:16 2001
8603 #include <asm/system.h>
8604 #include <asm/uaccess.h>
8605 #include <net/checksum.h>
8606 +#ifdef CONFIG_GRKERNSEC_RANDPING
8607 +#include <linux/random.h>
8610 +#if defined(CONFIG_GRKERNSEC_RANDPING)||\
8611 + defined(CONFIG_GRKERNSEC_STEALTH_ICMP) ||\
8612 + defined(CONFIG_GRKERNSEC_STEALTH_ICMP_LOG)
8613 +#include <linux/grsecurity.h>
8617 * Build xmit assembly blocks
8618 @@ -738,6 +747,11 @@
8620 icmp_param.data.icmph=*skb->h.icmph;
8621 icmp_param.data.icmph.type=ICMP_ECHOREPLY;
8622 +#ifdef CONFIG_GRKERNSEC_RANDPING
8623 + if(grsec_enable_randping)
8624 + icmp_param.data.icmph.un.echo.id =
8625 + skb->h.icmph->un.echo.id;
8628 icmp_param.offset=0;
8629 icmp_param.data_len=skb->len;
8630 @@ -907,6 +921,19 @@
8632 * Parse the ICMP message
8634 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP_LOG
8635 + if(grsec_enable_stealth_icmp_log && net_ratelimit() && (icmph->type != ICMP_ECHOREPLY)
8636 + && ((strlen(skb->dev->name) != 2) || strcmp(skb->dev->name,"lo")))
8637 + printk(KERN_INFO "grsec: icmp type=%d code=%d on %.8s src=%u.%u.%u.%u "
8638 + "dst=%u.%u.%u.%u\n", icmph->type, icmph->code,
8639 + (skb->dev->name ? skb->dev->name : "unknown"),
8640 + NIPQUAD(skb->nh.iph->saddr), NIPQUAD(skb->nh.iph->daddr));
8642 +#ifdef CONFIG_GRKERNSEC_STEALTH_ICMP
8643 + if(grsec_enable_stealth_icmp && (icmph->type != ICMP_ECHOREPLY) &&
8644 + ((strlen(skb->dev->name) != 2) || strcmp(skb->dev->name,"lo")))
8648 if (rt->rt_flags&(RTCF_BROADCAST|RTCF_MULTICAST)) {
8650 diff -urN linux/net/ipv4/igmp.c linux/net/ipv4/igmp.c
8651 --- linux/net/ipv4/igmp.c Sat Jul 28 15:12:38 2001
8652 +++ linux/net/ipv4/igmp.c Sun Dec 23 19:13:16 2001
8654 #include <linux/mroute.h>
8657 +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP
8658 +#include <linux/grsecurity.h>
8661 #define IP_MAX_MEMBERSHIPS 20
8663 @@ -200,6 +203,10 @@
8667 +#ifdef CONFIG_GRKERNSEC_STEALTH_IGMP
8668 + if(grsec_enable_stealth_igmp)
8671 /* According to IGMPv2 specs, LEAVE messages are
8672 * sent to all-routers group.
8674 diff -urN linux/net/ipv4/ip_gre.c linux/net/ipv4/ip_gre.c
8675 --- linux/net/ipv4/ip_gre.c Tue Oct 30 18:08:12 2001
8676 +++ linux/net/ipv4/ip_gre.c Sun Dec 23 19:13:16 2001
8678 #include <linux/inetdevice.h>
8679 #include <linux/igmp.h>
8680 #include <linux/netfilter_ipv4.h>
8681 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8682 +#include <linux/random.h>
8683 +#include <linux/grsecurity.h>
8686 #include <net/sock.h>
8689 iph->saddr = rt->rt_src;
8691 if ((iph->ttl = tiph->ttl) == 0) {
8692 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8693 + unsigned long randttl;
8695 if (skb->protocol == __constant_htons(ETH_P_IP))
8696 iph->ttl = old_iph->ttl;
8698 @@ -849,6 +856,13 @@
8699 iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit;
8702 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8703 + if(grsec_enable_randttl){
8704 + get_random_bytes(&randttl,sizeof(randttl));
8705 + iph->ttl = grsec_randttl_thresh +
8706 + (randttl % (256 - grsec_randttl_thresh));
8709 iph->ttl = sysctl_ip_default_ttl;
8712 diff -urN linux/net/ipv4/ip_id.c linux/net/ipv4/ip_id.c
8713 --- linux/net/ipv4/ip_id.c Wed Dec 31 19:00:00 1969
8714 +++ linux/net/ipv4/ip_id.c Sun Dec 23 19:13:16 2001
8717 + * This code is based on OpenBSD's ip_id.c, by Niels Provos.
8718 + * Ported to Linux 2.2 by Salvatore Sanfilippo.
8719 + * Ported to Linux 2.4 by Brad Spengler.
8721 + * 26-10-1999: Ported from OpenBSD's ip_id.c version 1.2
8722 + * (previous versions seems to be predictable
8723 + * after David Wagner's auditing)
8724 + * Salvatore Sanfilippo <antirez@invece.org>
8727 + * - Make this code SMP safe
8731 + * Copyright 1998 Niels Provos <provos@citi.umich.edu>
8732 + * All rights reserved.
8733 + * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
8734 + * such a mathematical system to generate more random (yet non-repeating)
8735 + * ids to solve the resolver/named problem. But Niels designed the
8736 + * actual system based on the constraints.
8738 + * Redistribution and use in source and binary forms, with or without
8739 + * modification, are permitted provided that the following conditions
8741 + * 1. Redistributions of source code must retain the above copyright
8742 + * notice, this list of conditions and the following disclaimer,
8743 + * 2. Redistributions in binary form must reproduce the above copyright
8744 + * notice, this list of conditions and the following disclaimer in the
8745 + * documentation and/or other materials provided with the distribution.
8746 + * 3. All advertising materials mentioning features or use of this software
8747 + * must display the following acknowledgement:
8748 + * This product includes software developed by Niels Provos.
8749 + * 4. The name of the author may not be used to endorse or promote products
8750 + * derived from this software without specific prior written permission.
8752 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
8753 + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
8754 + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
8755 + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
8756 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8757 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
8758 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
8759 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
8760 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
8761 + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
8763 +#include <linux/types.h>
8764 +#include <linux/sched.h>
8765 +#include <linux/random.h>
8766 +#include <linux/grsecurity.h>
8769 +#define RU_MAX 30000
8775 +const static __u16 pfacts[PFAC_N] = { 2,3,2729 };
8778 +static __u16 ru_seed, ru_seed2;
8779 +static __u16 ru_a, ru_b;
8781 +static __u16 ru_counter = 0;
8782 +static __u16 ru_msb = 0;
8783 +static __u32 ru_reseed;
8786 +static __u16 pmod(u_int16_t, u_int16_t, u_int16_t);
8787 +static void ip_initid (void);
8788 +__u16 ip_randomip (void);
8790 +static __u16 pmod(__u16 gen, __u16 exp, __u16 mod) {
8806 +static void ip_initid (void) {
8810 + get_random_bytes((void *) &tmp, sizeof(tmp));
8811 + ru_x = (tmp & 0xFFFF) % RU_M;
8812 + ru_seed = (tmp >> 16) & 0x7FFF;
8813 + get_random_bytes((void *) &tmp, sizeof(tmp));
8814 + ru_seed2 = tmp & 0x7FFF;
8816 + get_random_bytes((void *) &tmp, sizeof(tmp));
8818 + ru_b = (tmp & 0xfffe) | 1;
8819 + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);
8820 + while (ru_b % 3 == 0)
8823 + get_random_bytes((void *) &tmp, sizeof(tmp));
8828 + for (i=0; i<PFAC_N; i++)
8829 + if(j%pfacts[i] == 0)
8838 + ru_g = pmod(RU_GEN,j,RU_N);
8840 + ru_reseed = jiffies + (RU_OUT * HZ);
8841 + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;
8844 +__u16 ip_randomid (void) {
8847 + if (ru_counter >= RU_MAX || jiffies > ru_reseed)
8851 + get_random_bytes((void *) &tmp, sizeof(tmp));
8853 + n = tmp & 0x3; tmp = tmp >> 2;
8854 + if (ru_counter + n >= RU_MAX)
8856 + for (i=0; i <= n; i++)
8857 + ru_x = (ru_a*ru_x + ru_b) % RU_M;
8860 + return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x, RU_N)) | ru_msb;
8862 diff -urN linux/net/ipv4/ip_output.c linux/net/ipv4/ip_output.c
8863 --- linux/net/ipv4/ip_output.c Wed Oct 17 17:16:39 2001
8864 +++ linux/net/ipv4/ip_output.c Sun Dec 23 19:13:16 2001
8866 #include <linux/netfilter_ipv4.h>
8867 #include <linux/mroute.h>
8868 #include <linux/netlink.h>
8869 +#ifdef CONFIG_GRKERNSEC_RANDID
8870 +#include <linux/random.h>
8871 +#include <linux/grsecurity.h>
8875 * Shall we try to damage output packets if routing dev changes?
8876 @@ -510,6 +514,12 @@
8877 * Begin outputting the bytes.
8880 +#ifdef CONFIG_GRKERNSEC_RANDID
8881 + if(grsec_enable_randid){
8882 + get_random_bytes(&id,(sizeof(id) / 2));
8883 + sk->protinfo.af_inet.id = id;
8886 id = sk->protinfo.af_inet.id++;
8889 diff -urN linux/net/ipv4/ip_sockglue.c linux/net/ipv4/ip_sockglue.c
8890 --- linux/net/ipv4/ip_sockglue.c Tue Oct 30 18:08:12 2001
8891 +++ linux/net/ipv4/ip_sockglue.c Sun Dec 23 19:13:16 2001
8894 #include <linux/errqueue.h>
8895 #include <asm/uaccess.h>
8896 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8897 +#include <linux/random.h>
8898 +#include <linux/grsecurity.h>
8901 #define IP_CMSG_PKTINFO 1
8902 #define IP_CMSG_TTL 2
8907 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8908 + unsigned long randttl;
8910 if (level != SOL_IP)
8911 return -ENOPROTOOPT;
8913 @@ -492,8 +499,16 @@
8919 +#ifdef CONFIG_GRKERNSEC_RANDTTL
8920 + if(grsec_enable_randttl){
8921 + get_random_bytes(&randttl,sizeof(randttl));
8922 + val = grsec_randttl_thresh +
8923 + (randttl % (256 - grsec_randttl_thresh));
8926 val = sysctl_ip_default_ttl;
8930 sk->protinfo.af_inet.ttl=val;
8931 diff -urN linux/net/ipv4/tcp_ipv4.c linux/net/ipv4/tcp_ipv4.c
8932 --- linux/net/ipv4/tcp_ipv4.c Fri Dec 21 12:42:05 2001
8933 +++ linux/net/ipv4/tcp_ipv4.c Sun Dec 23 19:13:16 2001
8935 #include <linux/stddef.h>
8936 #include <linux/ipsec.h>
8938 +#if defined(CONFIG_GRKERNSEC_RANDID)||defined(CONFIG_GRKERNSEC_RANDSRC)||\
8939 + defined(CONFIG_GRKERNSEC_STEALTH_RST)||\
8940 + defined(CONFIG_GRKERNSEC_STEALTH_FLAGS) ||\
8941 + defined(CONFIG_GRKERNSEC_STEALTH_RST_LOG)||\
8942 + defined(CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG)
8943 +#include <linux/grsecurity.h>
8947 extern int sysctl_ip_dynaddr;
8949 /* Check TCP sequence numbers in ICMP packets. */
8951 struct tcp_bind_hashbucket *head;
8952 struct tcp_bind_bucket *tb;
8954 +#ifdef CONFIG_GRKERNSEC_RANDSRC
8955 + unsigned long longrover;
8960 @@ -211,9 +223,21 @@
8962 spin_lock(&tcp_portalloc_lock);
8963 rover = tcp_port_rover;
8964 +#ifdef CONFIG_GRKERNSEC_RANDSRC
8966 + if(grsec_enable_randsrc) {
8967 + get_random_bytes(&longrover,sizeof(longrover));
8968 + rover = low + (longrover % (high - low));
8971 + if ((rover < low) || (rover > high))
8976 if ((rover < low) || (rover > high))
8979 head = &tcp_bhash[tcp_bhashfn(rover)];
8980 spin_lock(&head->lock);
8981 for (tb = head->chain; tb; tb = tb->next)
8982 @@ -725,6 +749,11 @@
8983 tp->ext_header_len = 0;
8984 if (sk->protinfo.af_inet.opt)
8985 tp->ext_header_len = sk->protinfo.af_inet.opt->optlen;
8986 +#ifdef CONFIG_GRKERNSEC_RANDID
8987 + if(grsec_enable_randid)
8988 + sk->protinfo.af_inet.id = htons(ip_randomid());
8991 sk->protinfo.af_inet.id = tp->write_seq^jiffies;
8993 tp->mss_clamp = 536;
8994 @@ -1450,6 +1479,11 @@
8995 newtp->ext_header_len = 0;
8996 if (newsk->protinfo.af_inet.opt)
8997 newtp->ext_header_len = newsk->protinfo.af_inet.opt->optlen;
8998 +#ifdef CONFIG_GRKERNSEC_RANDID
8999 + if(grsec_enable_randid)
9000 + newsk->protinfo.af_inet.id = htons(ip_randomid());
9003 newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
9005 tcp_sync_mss(newsk, dst->pmtu);
9006 @@ -1566,8 +1600,20 @@
9010 - if (tcp_child_process(sk, nsk, skb))
9011 + if (tcp_child_process(sk, nsk, skb)) {
9012 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG
9013 + if(grsec_enable_stealth_rst_log && net_ratelimit())
9014 + printk(KERN_INFO "grsec: unserved TCP on %.8s "
9015 + "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu\n",
9016 + (skb->dev->name ? skb->dev->name : "unknown"),
9017 + NIPQUAD(skb->nh.iph->saddr), ntohs(skb->h.th->source),
9018 + NIPQUAD(skb->nh.iph->daddr), ntohs(skb->h.th->dest));
9020 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST
9021 + if(grsec_enable_stealth_rst) goto discard;
9028 @@ -1617,6 +1663,32 @@
9030 if (th->doff < sizeof(struct tcphdr)/4)
9033 +#if defined(CONFIG_GRKERNSEC_STEALTH_FLAGS) || defined(CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG)
9034 + if((th->fin && th->syn) ||
9035 + (!(th->ack || th->syn || th->rst) || th->res1) ||
9036 + (th->fin && th->psh && th->urg)) {
9037 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG
9038 + if(grsec_enable_stealth_flags_log && net_ratelimit())
9039 + printk(KERN_INFO "grsec: illegitimate flags on %.8s "
9040 + "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu"
9041 + "%.4s%.4s%.4s%.4s%.4s%.4s\n",
9042 + (skb->dev->name ? skb->dev->name : "unknown"),
9043 + NIPQUAD(skb->nh.iph->saddr), ntohs(th->source),
9044 + NIPQUAD(skb->nh.iph->daddr), ntohs(th->dest),
9045 + th->syn ? " SYN" : "",
9046 + th->fin ? " FIN" : "",
9047 + th->rst ? " RST" : "",
9048 + th->psh ? " PSH" : "",
9049 + th->ack ? " ACK" : "",
9050 + th->urg ? " URG" : "");
9052 +#ifdef CONFIG_GRKERNSEC_STEALTH_FLAGS
9053 + if(grsec_enable_stealth_flags)
9058 if (!pskb_may_pull(skb, th->doff*4))
9061 @@ -1670,6 +1742,17 @@
9063 TCP_INC_STATS_BH(TcpInErrs);
9065 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST_LOG
9066 + if(grsec_enable_stealth_rst_log && net_ratelimit())
9067 + printk(KERN_INFO "grsec: unserved TCP on %.8s "
9068 + "src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu\n",
9069 + (skb->dev->name ? skb->dev->name : "unknown"),
9070 + NIPQUAD(skb->nh.iph->saddr), ntohs(skb->h.th->source),
9071 + NIPQUAD(skb->nh.iph->daddr), ntohs(skb->h.th->dest));
9073 +#ifdef CONFIG_GRKERNSEC_STEALTH_RST
9074 + if(grsec_enable_stealth_rst) goto discard_it;
9076 tcp_v4_send_reset(skb);
9079 diff -urN linux/net/ipv4/udp.c linux/net/ipv4/udp.c
9080 --- linux/net/ipv4/udp.c Wed Oct 17 17:16:39 2001
9081 +++ linux/net/ipv4/udp.c Sun Dec 23 19:13:16 2001
9083 #include <net/inet_common.h>
9084 #include <net/checksum.h>
9086 +#if defined(CONFIG_GRKERNSEC_RANDID) ||\
9087 + defined(CONFIG_GRKERNSEC_STEALTH_UDP) ||\
9088 + defined(CONFIG_GRKERNSEC_STEALTH_UDP_LOG)
9089 +#include <linux/grsecurity.h>
9092 * Snmp MIB for the UDP layer
9094 @@ -738,6 +743,12 @@
9095 sk->daddr = rt->rt_dst;
9096 sk->dport = usin->sin_port;
9097 sk->state = TCP_ESTABLISHED;
9099 +#ifdef CONFIG_GRKERNSEC_RANDID
9100 + if(grsec_enable_randid)
9101 + sk->protinfo.af_inet.id = htons(ip_randomid());
9104 sk->protinfo.af_inet.id = jiffies;
9106 sk_dst_set(sk, &rt->u.dst);
9107 @@ -915,6 +926,18 @@
9110 UDP_INC_STATS_BH(UdpNoPorts);
9111 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP_LOG
9112 + if(grsec_enable_stealth_udp_log && net_ratelimit() &&
9113 + ((strlen(skb->dev->name) != 2) || strcmp(skb->dev->name,"lo")))
9114 + printk(KERN_INFO "grsec: unserved UDP on %.8s src=%u.%u.%u.%u:%hu "
9115 + "dst=%u.%u.%u.%u:%hu\n",
9116 + (skb->dev->name ? skb->dev->name : "unknown"), NIPQUAD(saddr),
9117 + ntohs(uh->source), NIPQUAD(daddr), ntohs(uh->dest));
9119 +#ifdef CONFIG_GRKERNSEC_STEALTH_UDP
9120 + if(!grsec_enable_stealth_udp || ((strlen(skb->dev->name) == 2) &&
9121 + !strcmp(skb->dev->name,"lo")))
9123 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
9126 diff -urN linux/net/netsyms.c linux/net/netsyms.c
9127 --- linux/net/netsyms.c Fri Dec 21 12:42:06 2001
9128 +++ linux/net/netsyms.c Sun Dec 23 19:13:16 2001
9129 @@ -578,4 +578,22 @@
9130 EXPORT_SYMBOL(net_call_rx_atomic);
9131 EXPORT_SYMBOL(softnet_data);
9133 +#if defined(CONFIG_GRKERNSEC_RANDID) || defined(CONFIG_GRKERNSEC_RANDTTL) ||\
9134 + defined(CONFIG_GRKERNSEC_RANDSRC)
9135 +#include <linux/grsecurity.h>
9137 +#if defined(CONFIG_GRKERNSEC_RANDID) || defined(CONFIG_GRKERNSEC_RANDSRC)
9138 +EXPORT_SYMBOL(ip_randomid);
9140 +#ifdef CONFIG_GRKERNSEC_RANDID
9141 +EXPORT_SYMBOL(grsec_enable_randid);
9143 +#ifdef CONFIG_GRKERNSEC_RANDSRC
9144 +EXPORT_SYMBOL(grsec_enable_randsrc);
9146 +#ifdef CONFIG_GRKERNSEC_RANDTTL
9147 +EXPORT_SYMBOL(grsec_enable_randttl);
9148 +EXPORT_SYMBOL(grsec_randttl_thresh);
9151 #endif /* CONFIG_NET */
9152 diff -urN linux/net/socket.c linux/net/socket.c
9153 --- linux/net/socket.c Fri Dec 21 12:42:06 2001
9154 +++ linux/net/socket.c Sun Dec 23 19:13:16 2001
9156 #include <net/scm.h>
9157 #include <linux/netfilter.h>
9159 +#if defined(CONFIG_GRKERNSEC_SOCKET_ALL)||\
9160 + defined(CONFIG_GRKERNSEC_SOCKET_CLIENT)||\
9161 + defined(CONFIG_GRKERNSEC_SOCKET_SERVER)
9162 +#include <linux/grsecurity.h>
9166 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
9167 static loff_t sock_lseek(struct file *file, loff_t offset, int whence);
9168 static ssize_t sock_read(struct file *file, char *buf,
9169 @@ -912,6 +919,16 @@
9171 struct socket *sock;
9173 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
9174 + if(grsec_enable_socket_all &&
9175 + (in_group_p(grsec_socket_all_gid)) && (family != AF_UNIX) && (family != AF_LOCAL)){
9176 + security_alert("attempted socket(%d,%d,%d) by "
9177 + DEFAULTSECMSG,"attempted sockets",family,type,protocol,
9183 retval = sock_create(family, type, protocol, &sock);
9186 @@ -1009,6 +1026,14 @@
9187 char address[MAX_SOCK_ADDR];
9190 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
9191 + if(grsec_enable_socket_server &&
9192 + (in_group_p(grsec_socket_server_gid)) && (umyaddr->sa_family != AF_UNIX) && (umyaddr->sa_family != AF_LOCAL)){
9193 + security_alert("attempted bind() by " DEFAULTSECMSG,
9194 + "attempted binds", DEFAULTSECARGS);
9198 if((sock = sockfd_lookup(fd,&err))!=NULL)
9200 if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
9201 @@ -1117,6 +1142,16 @@
9202 char address[MAX_SOCK_ADDR];
9205 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
9206 + if(grsec_enable_socket_client &&
9207 + (in_group_p(grsec_socket_client_gid)) && (uservaddr->sa_family != AF_UNIX) && (uservaddr->sa_family != AF_LOCAL)){
9208 + security_alert("attempted connect() to fd %d by "
9209 + DEFAULTSECMSG, "attempted connects", fd,
9215 sock = sockfd_lookup(fd, &err);