1 diff -urP linux-2.2.20-ow1/Documentation/Configure.help linux-2.2.20-hap-2/Documentation/Configure.help
2 --- linux-2.2.20-ow1/Documentation/Configure.help Sat Nov 3 13:14:57 2001
3 +++ linux-2.2.20-hap-2/Documentation/Configure.help Fri Nov 9 19:16:17 2001
4 @@ -15291,6 +15291,17 @@
5 same as that of the directory or the FIFO is opened without the
8 +Allow links/pipes in non-world-writable +t dirs
9 +CONFIG_SECURE_NOTSOMUCH
10 + This makes the checks that CONFIG_SECURE_LINK and CONFIG_SECURE_PIPE
11 + perform a little less restrictive. Namely, links/pipes will work
12 + again in +t directories if the directory is not world-writable. Most
13 + sticky directories (such as /tmp) *are* world-writable, but you may
14 + have other +t directories which are not (to make safe group-writable
15 + shared upload directories, for instance). Say Y only if you have had
16 + problems using the CONFIG_SECURE_LINK or CONFIG_SECURE_PIPE options
17 + and you think you need this.
21 This option restricts the permissions on directories in /proc so
22 @@ -15302,6 +15313,13 @@
23 disables dmesg(8) for the users. You might want to use this on an ISP
24 shell server where privacy is an issue.
28 + Currently this fixes the following bug:
29 + * stracing an unreadable binary (ie mode 111). Note that there
30 + are still ways to get around this at least on x86.
31 + Say Y here unless you know you shouldn't.
33 Special handling of fd 0, 1, and 2
34 CONFIG_SECURE_FD_0_1_2
35 File descriptors 0, 1, and 2 have a special meaning for the C library
36 @@ -15343,6 +15361,102 @@
37 Note that this feature will do you no good unless you also configure
38 your resource limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most
39 systems don't need this.
41 +Extra logging of unusual events
42 +CONFIG_SECURE_LOGGING
43 + This turns on some extra kernel logging. Right now this includes:
44 + * some extra verbosity in the network layer (reporting about arp cache
45 + changes, and complaining if someone tries to route through us and
47 + * also causes some packets that used to be dropped silently to get
49 + * logs of who/what/when the system time changes
50 + * logs when/why forks fail
51 + * logs certain "lethal" signals: SIGSEGV, SIGBUS, SIGABRT, SIGILL
52 + This is of limited use, and has some extra overhead, but isn't likely
53 + to cause any problems.
56 +CONFIG_SECURE_NETWORK
57 + This turns on some extra paranoia in tcp and udp net code.
58 + Currently it does (or tries to):
59 + * warns on packets to unserved UDP ports
60 + * warns on packets to unserved TCP ports
61 + * optionally, denies such packets (CONFIG_SECURE_NET_SBD)
62 + * warns & denies TCP packets with invalid combinations of flags
63 + * adds extra info to all IPFW log lines:
64 + * length of TCP & data / UDP as well as IP length
65 + * print TCP ACK and SEQ numbers in addition to IP ids
66 + * prints all TCP flags set (Syn, Ack, Fin, Urg, etc)
67 + It also hopefully banishes a longstanding bug with IPFW/IPchains
68 + log printing when under heavy IO, where different printk'ed lines
69 + step on each other/get truncated, etc.
70 + Say Y unless you think it's breaking stuff (or you don't want the
71 + log volume, which will be high on a busy server).
74 +CONFIG_SECURE_NET_SBD
75 + When CONFIG_SECURE_NETWORK is enabled, this disables the usual
76 + behavior of responding to unsolicited/"unserved" TCP packets with
77 + a TCP RST, and to unserved UDP packets with an ICMP port-unreach.
78 + Note that the UDP behavior is superfluous (can be easily done with
79 + ipchains rules) but there's no convenient, desirable way to block
80 + the RSTs other than this. This is recommended for personal systems
81 + and low-volume servers. However, it is rude and breaks RFCs, so
82 + it should be left off (the default behavior) for most systems,
83 + unless you are *really* paranoid.
87 + This causes chroot processes to be a bit more restricted. Processes
88 + which are already in a chroot(2)ed jail now cannot:
90 + * mknod(2) a character or block device
91 + * mount(2) new/remounted filesystems
92 + * ptrace(2) processes outside their jail
93 + * kill(2) processes outside their jail (except sending SIGCHLD to parent)
94 + These are a _few_ of the ways that a root-priv'ed process can break
95 + out of a chrooted jail. They are not all of them. Basically, if
96 + someone has root in a chrooted jail, no can defend -- they've got you.
97 + But, this may help you detect the most common things such an intruder
98 + would do. The only way to win is not to play, however -- don't let
99 + anything in a chrooted jail get root! Simple, right? ;)
100 + This may break systems that use initrd, as that implies an original
101 + chroot. Or not -- the "is this process chrooted" test compares the
102 + root of the current process to that of init; this may not break under
103 + initrd (I have no initrd'd boxes on which to test).
107 + When enabled this disables system call tracing (ptrace) entirely for
108 + non-root users. It also prevents tracing syscalls the kernel itself
109 + makes, which can confuse some programs such as strace. When this
110 + option is set, CONFIG_SECURE_TRACE_USERGROUP can be used to enable
111 + ptrace/strace for only certain users.
112 + This option will also cause the logging of any *allowed* ptrace calls.
114 +Restricted ptrace usergroup
115 +CONFIG_SECURE_TRACE_USERGROUP
116 + Use this option to allow tracing by a special group (defaults to 0).
117 + Users in this group (or processes with this group as egid) can use
118 + the ptrace system call--but only against their own processes, unless
119 + they are root. The allowed group can be changed at runtime when
120 + CONFIG_SECURE_SYSCTL is enabled, by
121 + echo XX > /proc/sys/kernel/security/trace_gid
122 + For a number of boring reasons, the recommended way to use this is to
123 + create a dedicated 'ptrace' group, put only trusted users in it, and
124 + chgrp ptrace /usr/bin/strace; chmod 2110 /usr/bin/strace
125 + (And do the same for other ptrace-using apps they need to run.)
128 +CONFIG_SECURE_SYSCTL
129 + If you say Y here, you will be able to change security options that
130 + without having to recompile your kernel. You can echo values to
131 + files in /proc/sys/kernel/security to enable (1) or disable (0) various
132 + features or change runtime configurables like the ptrace-allow group.
133 + All features are enabled by default (and default to root-only).
134 + Please note that this option could reduce the effectiveness of the
135 + added security policy.
138 # A couple of things I keep forgetting:
139 diff -urP linux-2.2.20-ow1/arch/alpha/defconfig linux-2.2.20-hap-2/arch/alpha/defconfig
140 --- linux-2.2.20-ow1/arch/alpha/defconfig Sat Nov 3 13:14:57 2001
141 +++ linux-2.2.20-hap-2/arch/alpha/defconfig Fri Nov 9 19:16:17 2001
142 @@ -333,10 +333,15 @@
146 -# CONFIG_SECURE_PROC is not set
147 +CONFIG_SECURE_NOTSOMUCH=y
148 +CONFIG_SECURE_PROC=y
149 CONFIG_SECURE_FD_0_1_2=y
150 CONFIG_SECURE_RLIMIT_NPROC=y
151 # CONFIG_SECURE_SHM is not set
152 +CONFIG_SECURE_LOGGING=y
153 +CONFIG_SECURE_NETWORK=y
154 +# CONFIG_SECURE_NET_SBD is not set
155 +CONFIG_SECURE_CHROOT=y
159 diff -urP linux-2.2.20-ow1/arch/alpha/kernel/ptrace.c linux-2.2.20-hap-2/arch/alpha/kernel/ptrace.c
160 --- linux-2.2.20-ow1/arch/alpha/kernel/ptrace.c Fri Nov 2 11:39:05 2001
161 +++ linux-2.2.20-hap-2/arch/alpha/kernel/ptrace.c Fri Nov 9 19:16:17 2001
163 sys_ptrace(long request, long pid, long addr, long data,
164 int a4, int a5, struct pt_regs regs)
166 +#ifdef CONFIG_SECURE_TRACE
167 + extern int sysctl_security_trace, sysctl_security_trace_gid;
169 struct task_struct *child;
173 /* the same process cannot be attached many times */
174 if (child->ptrace & PT_PTRACED)
176 +#ifdef CONFIG_SECURE_CHROOT
177 + if (!(hap_same_root_as_init(current)) &&
178 + !(hap_same_root(current, child)) ) {
180 + * This process is chrooted; don't let it ptrace
181 + * any process not in the same jail with it
183 + security_alert("denied ptrace of %s[%d] within chrooted "
184 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
185 + "ptraces from a chrooted process",
186 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
187 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
188 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
189 + current->p_pptr->uid, current->p_pptr->euid );
193 +#ifdef CONFIG_SECURE_TRACE
194 + if (sysctl_security_trace && current->uid
195 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
196 + && current->egid != sysctl_security_trace_gid
199 + security_alert("denied ptrace of %s[%d] by %s[%d], "
200 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
201 + "UID/EUID %d/%d, GID/EGID %d/%d",
203 + child->comm, child->pid, current->comm,
204 + current->pid, current->uid,
205 + current->euid, current->gid,
206 + current->egid, current->p_pptr->comm,
207 + current->p_pptr->pid, current->p_pptr->uid,
208 + current->p_pptr->euid, current->p_pptr->gid,
209 + current->p_pptr->egid );
212 + security_alert("ptrace of %s[%d] by %s[%d], "
213 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
214 + "UID/EUID %d/%d, GID/EGID %d/%d",
216 + child->comm, child->pid, current->comm,
217 + current->pid, current->uid,
218 + current->euid, current->gid,
219 + current->egid, current->p_pptr->comm,
220 + current->p_pptr->pid, current->p_pptr->uid,
221 + current->p_pptr->euid, current->p_pptr->gid,
222 + current->p_pptr->egid );
224 child->ptrace |= PT_PTRACED;
225 if (child->p_pptr != current) {
227 @@ -684,11 +735,18 @@
232 +syscall_trace(int unused)
234 +#ifdef CONFIG_SECURE_TRACE
235 + struct pt_regs *regs = (struct pt_regs *) &unused;
237 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
238 != (PT_PTRACED|PT_TRACESYS))
240 +#ifdef CONFIG_SECURE_TRACE
241 + if (!user_mode(regs))
242 + return; /* Don't trace the kernel's syscalls */
244 current->exit_code = SIGTRAP;
245 current->state = TASK_STOPPED;
246 notify_parent(current, SIGCHLD);
247 diff -urP linux-2.2.20-ow1/arch/arm/defconfig linux-2.2.20-hap-2/arch/arm/defconfig
248 --- linux-2.2.20-ow1/arch/arm/defconfig Sat Nov 3 13:14:57 2001
249 +++ linux-2.2.20-hap-2/arch/arm/defconfig Fri Nov 9 19:16:17 2001
250 @@ -488,10 +488,16 @@
254 -# CONFIG_SECURE_PROC is not set
255 +CONFIG_SECURE_NOTSOMUCH=y
256 +CONFIG_SECURE_PROC=y
257 CONFIG_SECURE_FD_0_1_2=y
258 CONFIG_SECURE_RLIMIT_NPROC=y
259 # CONFIG_SECURE_SHM is not set
260 +CONFIG_SECURE_BUGFIX=y
261 +CONFIG_SECURE_LOGGING=y
262 +CONFIG_SECURE_NETWORK=y
263 +# CONFIG_SECURE_NET_SBD is not set
264 +CONFIG_SECURE_CHROOT=y
268 diff -urP linux-2.2.20-ow1/arch/arm/kernel/ptrace.c linux-2.2.20-hap-2/arch/arm/kernel/ptrace.c
269 --- linux-2.2.20-ow1/arch/arm/kernel/ptrace.c Fri Nov 2 11:39:05 2001
270 +++ linux-2.2.20-hap-2/arch/arm/kernel/ptrace.c Fri Nov 9 19:16:17 2001
273 asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
275 +#ifdef CONFIG_SECURE_TRACE
276 + extern int sysctl_security_trace, sysctl_security_trace_gid;
278 struct task_struct *child;
282 /* the same process cannot be attached many times */
283 if (child->ptrace & PT_PTRACED)
285 +#ifdef CONFIG_SECURE_CHROOT
286 + if (!(hap_same_root_as_init(current)) &&
287 + !(hap_same_root(current, child)) ) {
289 + * This process is chrooted; don't let it ptrace
290 + * any process not in the same jail with it
292 + security_alert("denied ptrace of %s[%d] within chrooted "
293 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
294 + "ptraces from a chrooted process",
295 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
296 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
297 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
298 + current->p_pptr->uid, current->p_pptr->euid );
302 +#ifdef CONFIG_SECURE_TRACE
303 + if (sysctl_security_trace && current->uid
304 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
305 + && current->egid != sysctl_security_trace_gid
308 + security_alert("denied ptrace of %s[%d] by %s[%d], "
309 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
310 + "UID/EUID %d/%d, GID/EGID %d/%d",
312 + child->comm, child->pid, current->comm,
313 + current->pid, current->uid,
314 + current->euid, current->gid,
315 + current->egid, current->p_pptr->comm,
316 + current->p_pptr->pid, current->p_pptr->uid,
317 + current->p_pptr->euid, current->p_pptr->gid,
318 + current->p_pptr->egid );
321 + security_alert("ptrace of %s[%d] by %s[%d], "
322 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
323 + "UID/EUID %d/%d, GID/EGID %d/%d",
325 + child->comm, child->pid, current->comm,
326 + current->pid, current->uid,
327 + current->euid, current->gid,
328 + current->egid, current->p_pptr->comm,
329 + current->p_pptr->pid, current->p_pptr->uid,
330 + current->p_pptr->euid, current->p_pptr->gid,
331 + current->p_pptr->egid );
333 child->ptrace |= PT_PTRACED;
335 if (child->p_pptr != current) {
336 @@ -855,12 +906,19 @@
340 -asmlinkage void syscall_trace(void)
341 +asmlinkage void syscall_trace(int unused)
343 +#ifdef CONFIG_SECURE_TRACE
344 + struct pt_regs *regs = (struct pt_regs *) &unused;
346 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
347 != (PT_PTRACED|PT_TRACESYS))
349 current->exit_code = SIGTRAP;
350 +#ifdef CONFIG_SECURE_TRACE
351 + if (!user_mode(regs))
352 + return; /* Don't trace the kernel's syscalls */
354 current->state = TASK_STOPPED;
355 notify_parent(current, SIGCHLD);
357 diff -urP linux-2.2.20-ow1/arch/i386/defconfig linux-2.2.20-hap-2/arch/i386/defconfig
358 --- linux-2.2.20-ow1/arch/i386/defconfig Sat Nov 3 13:14:57 2001
359 +++ linux-2.2.20-hap-2/arch/i386/defconfig Fri Nov 9 19:16:17 2001
360 @@ -427,11 +427,17 @@
361 CONFIG_SECURE_STACK_SMART=y
364 -# CONFIG_SECURE_PROC is not set
365 +CONFIG_SECURE_NOTSOMUCH=y
366 +CONFIG_SECURE_PROC=y
367 CONFIG_SECURE_FD_0_1_2=y
368 CONFIG_SECURE_RLIMIT_NPROC=y
369 # CONFIG_SECURE_SHM is not set
371 +CONFIG_SECURE_BUGFIX=y
372 +CONFIG_SECURE_LOGGING=y
373 +CONFIG_SECURE_NETWORK=y
374 +# CONFIG_SECURE_NET_SBD is not set
375 +CONFIG_SECURE_CHROOT=y
376 +CONFIG_SECURE_TRACE=y
380 diff -urP linux-2.2.20-ow1/arch/i386/kernel/ptrace.c linux-2.2.20-hap-2/arch/i386/kernel/ptrace.c
381 --- linux-2.2.20-ow1/arch/i386/kernel/ptrace.c Fri Nov 2 11:39:05 2001
382 +++ linux-2.2.20-hap-2/arch/i386/kernel/ptrace.c Fri Nov 9 19:16:17 2001
385 asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
387 +#ifdef CONFIG_SECURE_TRACE
388 + extern int sysctl_security_trace, sysctl_security_trace_gid;
390 struct task_struct *child;
391 struct user * dummy = NULL;
394 /* the same process cannot be attached many times */
395 if (child->ptrace & PT_PTRACED)
397 +#ifdef CONFIG_SECURE_CHROOT
398 + if (!(hap_same_root_as_init(current)) &&
399 + !(hap_same_root(current, child)) ) {
401 + * This process is chrooted; don't let it ptrace
402 + * any process not in the same jail with it
404 + security_alert("denied ptrace of %s[%d] within chrooted "
405 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
406 + "ptraces from a chrooted process",
407 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
408 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
409 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
410 + current->p_pptr->uid, current->p_pptr->euid );
414 +#ifdef CONFIG_SECURE_TRACE
415 + if (sysctl_security_trace && current->uid
416 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
417 + && current->egid != sysctl_security_trace_gid
420 + security_alert("denied ptrace of %s[%d] by %s[%d], "
421 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
422 + "UID/EUID %d/%d, GID/EGID %d/%d",
424 + child->comm, child->pid, current->comm,
425 + current->pid, current->uid,
426 + current->euid, current->gid,
427 + current->egid, current->p_pptr->comm,
428 + current->p_pptr->pid, current->p_pptr->uid,
429 + current->p_pptr->euid, current->p_pptr->gid,
430 + current->p_pptr->egid );
433 + security_alert("ptrace of %s[%d] by %s[%d], "
434 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
435 + "UID/EUID %d/%d, GID/EGID %d/%d",
437 + child->comm, child->pid, current->comm,
438 + current->pid, current->uid,
439 + current->euid, current->gid,
440 + current->egid, current->p_pptr->comm,
441 + current->p_pptr->pid, current->p_pptr->uid,
442 + current->p_pptr->euid, current->p_pptr->gid,
443 + current->p_pptr->egid );
445 child->ptrace |= PT_PTRACED;
447 write_lock_irqsave(&tasklist_lock, flags);
448 @@ -708,11 +759,18 @@
452 -asmlinkage void syscall_trace(void)
453 +asmlinkage void syscall_trace(int unused)
455 +#ifdef CONFIG_SECURE_TRACE
456 + struct pt_regs *regs = (struct pt_regs *) &unused;
458 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
459 != (PT_PTRACED|PT_TRACESYS))
461 +#ifdef CONFIG_SECURE_TRACE
462 + if (!user_mode(regs))
463 + return; /* Don't trace the kernel's syscalls */
465 current->exit_code = SIGTRAP;
466 current->state = TASK_STOPPED;
467 notify_parent(current, SIGCHLD);
468 diff -urP linux-2.2.20-ow1/arch/i386/kernel/traps.c linux-2.2.20-hap-2/arch/i386/kernel/traps.c
469 --- linux-2.2.20-ow1/arch/i386/kernel/traps.c Sat Nov 3 13:14:57 2001
470 +++ linux-2.2.20-hap-2/arch/i386/kernel/traps.c Fri Nov 9 19:16:17 2001
471 @@ -401,11 +401,13 @@
473 if ((addr & 0xFF800000) == 0xBF800000 ||
474 (addr >= PAGE_OFFSET - _STK_LIM && addr < PAGE_OFFSET))
475 - security_alert("return onto stack running as "
476 - "UID %d, EUID %d, process %s:%d",
477 + security_alert("return onto stack by %s[%d], UID %d, "
478 + "EUID %d, parent %s[%d], UID %d, EUID %d",
479 "returns onto stack",
480 - current->uid, current->euid,
481 - current->comm, current->pid);
482 + current->comm, current->pid, current->uid,
483 + current->euid, current->p_pptr->comm,
484 + current->p_pptr->pid, current->p_pptr->uid,
485 + current->p_pptr->euid);
488 #ifdef CONFIG_SECURE_STACK_SMART
489 diff -urP linux-2.2.20-ow1/arch/m68k/defconfig linux-2.2.20-hap-2/arch/m68k/defconfig
490 --- linux-2.2.20-ow1/arch/m68k/defconfig Sat Nov 3 13:14:57 2001
491 +++ linux-2.2.20-hap-2/arch/m68k/defconfig Fri Nov 9 19:16:17 2001
492 @@ -243,10 +243,15 @@
496 -# CONFIG_SECURE_PROC is not set
497 +CONFIG_SECURE_NOTSOMUCH=y
498 +CONFIG_SECURE_PROC=y
499 CONFIG_SECURE_FD_0_1_2=y
500 CONFIG_SECURE_RLIMIT_NPROC=y
501 # CONFIG_SECURE_SHM is not set
502 +CONFIG_SECURE_LOGGING=y
503 +CONFIG_SECURE_NETWORK=y
504 +# CONFIG_SECURE_NET_SBD is not set
505 +CONFIG_SECURE_CHROOT=y
509 diff -urP linux-2.2.20-ow1/arch/m68k/kernel/ptrace.c linux-2.2.20-hap-2/arch/m68k/kernel/ptrace.c
510 --- linux-2.2.20-ow1/arch/m68k/kernel/ptrace.c Fri Nov 2 11:39:05 2001
511 +++ linux-2.2.20-hap-2/arch/m68k/kernel/ptrace.c Fri Nov 9 19:16:17 2001
514 asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
516 +#ifdef CONFIG_SECURE_TRACE
517 + extern int sysctl_security_trace, sysctl_security_trace_gid;
519 struct task_struct *child;
523 /* the same process cannot be attached many times */
524 if (child->ptrace & PT_PTRACED)
526 +#ifdef CONFIG_SECURE_CHROOT
527 + if (!(hap_same_root_as_init(current)) &&
528 + !(hap_same_root(current, child)) ) {
530 + * This process is chrooted; don't let it ptrace
531 + * any process not in the same jail with it
533 + security_alert("denied ptrace of %s[%d] within chrooted "
534 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
535 + "ptraces from a chrooted process",
536 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
537 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
538 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
539 + current->p_pptr->uid, current->p_pptr->euid );
543 +#ifdef CONFIG_SECURE_TRACE
544 + if (sysctl_security_trace && current->uid
545 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
546 + && current->egid != sysctl_security_trace_gid
549 + security_alert("denied ptrace of %s[%d] by %s[%d], "
550 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
551 + "UID/EUID %d/%d, GID/EGID %d/%d",
553 + child->comm, child->pid, current->comm,
554 + current->pid, current->uid,
555 + current->euid, current->gid,
556 + current->egid, current->p_pptr->comm,
557 + current->p_pptr->pid, current->p_pptr->uid,
558 + current->p_pptr->euid, current->p_pptr->gid,
559 + current->p_pptr->egid );
562 + security_alert("ptrace of %s[%d] by %s[%d], "
563 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
564 + "UID/EUID %d/%d, GID/EGID %d/%d",
566 + child->comm, child->pid, current->comm,
567 + current->pid, current->uid,
568 + current->euid, current->gid,
569 + current->egid, current->p_pptr->comm,
570 + current->p_pptr->pid, current->p_pptr->uid,
571 + current->p_pptr->euid, current->p_pptr->gid,
572 + current->p_pptr->egid );
574 child->ptrace |= PT_PTRACED;
576 write_lock_irqsave(&tasklist_lock, flags);
577 @@ -604,13 +655,20 @@
581 -asmlinkage void syscall_trace(void)
582 +asmlinkage void syscall_trace(int unused)
584 +#ifdef CONFIG_SECURE_TRACE
585 + struct pt_regs *regs = (struct pt_regs *) &unused;
588 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
589 != (PT_PTRACED|PT_TRACESYS))
591 current->exit_code = SIGTRAP;
592 +#ifdef CONFIG_SECURE_TRACE
593 + if (!user_mode(regs))
594 + return; /* Don't trace the kernel's syscalls */
596 current->state = TASK_STOPPED;
597 notify_parent(current, SIGCHLD);
599 diff -urP linux-2.2.20-ow1/arch/mips/defconfig linux-2.2.20-hap-2/arch/mips/defconfig
600 --- linux-2.2.20-ow1/arch/mips/defconfig Sat Nov 3 13:14:57 2001
601 +++ linux-2.2.20-hap-2/arch/mips/defconfig Fri Nov 9 19:16:17 2001
602 @@ -369,10 +369,15 @@
606 -# CONFIG_SECURE_PROC is not set
607 +CONFIG_SECURE_NOTSOMUCH=y
608 +CONFIG_SECURE_PROC=y
609 CONFIG_SECURE_FD_0_1_2=y
610 CONFIG_SECURE_RLIMIT_NPROC=y
611 # CONFIG_SECURE_SHM is not set
612 +CONFIG_SECURE_LOGGING=y
613 +CONFIG_SECURE_NETWORK=y
614 +# CONFIG_SECURE_NET_SBD is not set
615 +CONFIG_SECURE_CHROOT=y
619 diff -urP linux-2.2.20-ow1/arch/mips/kernel/ptrace.c linux-2.2.20-hap-2/arch/mips/kernel/ptrace.c
620 --- linux-2.2.20-ow1/arch/mips/kernel/ptrace.c Fri Nov 2 11:39:05 2001
621 +++ linux-2.2.20-hap-2/arch/mips/kernel/ptrace.c Fri Nov 9 19:16:17 2001
624 asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
626 +#ifdef CONFIG_SECURE_TRACE
627 + extern int sysctl_security_trace, sysctl_security_trace_gid;
629 struct task_struct *child;
633 /* the same process cannot be attached many times */
634 if (child->ptrace & PT_PTRACED)
636 +#ifdef CONFIG_SECURE_CHROOT
637 + if (!(hap_same_root_as_init(current)) &&
638 + !(hap_same_root(current, child)) ) {
640 + * This process is chrooted; don't let it ptrace
641 + * any process not in the same jail with it
643 + security_alert("denied ptrace of %s[%d] within chrooted "
644 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
645 + "ptraces from a chrooted process",
646 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
647 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
648 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
649 + current->p_pptr->uid, current->p_pptr->euid );
653 +#ifdef CONFIG_SECURE_TRACE
654 + if (sysctl_security_trace && current->uid
655 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
656 + && current->egid != sysctl_security_trace_gid
659 + security_alert("denied ptrace of %s[%d] by %s[%d], "
660 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
661 + "UID/EUID %d/%d, GID/EGID %d/%d",
663 + child->comm, child->pid, current->comm,
664 + current->pid, current->uid,
665 + current->euid, current->gid,
666 + current->egid, current->p_pptr->comm,
667 + current->p_pptr->pid, current->p_pptr->uid,
668 + current->p_pptr->euid, current->p_pptr->gid,
669 + current->p_pptr->egid );
672 + security_alert("ptrace of %s[%d] by %s[%d], "
673 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
674 + "UID/EUID %d/%d, GID/EGID %d/%d",
676 + child->comm, child->pid, current->comm,
677 + current->pid, current->uid,
678 + current->euid, current->gid,
679 + current->egid, current->p_pptr->comm,
680 + current->p_pptr->pid, current->p_pptr->uid,
681 + current->p_pptr->euid, current->p_pptr->gid,
682 + current->p_pptr->egid );
684 child->ptrace |= PT_PTRACED;
686 write_lock_irqsave(&tasklist_lock, flags);
687 @@ -520,11 +571,18 @@
691 -asmlinkage void syscall_trace(void)
692 +asmlinkage void syscall_trace(int unused)
694 +#ifdef CONFIG_SECURE_TRACE
695 + struct pt_regs *regs = (struct pt_regs *) &unused;
697 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
698 != (PT_PTRACED|PT_TRACESYS))
700 +#ifdef CONFIG_SECURE_TRACE
701 + if (!user_mode(regs))
702 + return; /* Don't trace the kernel's syscalls */
704 current->exit_code = SIGTRAP;
705 current->state = TASK_STOPPED;
706 notify_parent(current, SIGCHLD);
707 diff -urP linux-2.2.20-ow1/arch/ppc/defconfig linux-2.2.20-hap-2/arch/ppc/defconfig
708 --- linux-2.2.20-ow1/arch/ppc/defconfig Sat Nov 3 13:14:57 2001
709 +++ linux-2.2.20-hap-2/arch/ppc/defconfig Fri Nov 9 19:16:17 2001
710 @@ -499,10 +499,15 @@
714 -# CONFIG_SECURE_PROC is not set
715 +CONFIG_SECURE_NOTSOMUCH=y
716 +CONFIG_SECURE_PROC=y
717 CONFIG_SECURE_FD_0_1_2=y
718 CONFIG_SECURE_RLIMIT_NPROC=y
719 # CONFIG_SECURE_SHM is not set
720 +CONFIG_SECURE_LOGGING=y
721 +CONFIG_SECURE_NETWORK=y
722 +# CONFIG_SECURE_NET_SBD is not set
723 +CONFIG_SECURE_CHROOT=y
727 diff -urP linux-2.2.20-ow1/arch/ppc/kernel/ptrace.c linux-2.2.20-hap-2/arch/ppc/kernel/ptrace.c
728 --- linux-2.2.20-ow1/arch/ppc/kernel/ptrace.c Fri Nov 2 11:39:05 2001
729 +++ linux-2.2.20-hap-2/arch/ppc/kernel/ptrace.c Fri Nov 9 19:16:17 2001
732 asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
734 +#ifdef CONFIG_SECURE_TRACE
735 + extern int sysctl_security_trace, sysctl_security_trace_gid;
737 struct task_struct *child;
741 /* the same process cannot be attached many times */
742 if (child->ptrace & PT_PTRACED)
744 +#ifdef CONFIG_SECURE_CHROOT
745 + if (!(hap_same_root_as_init(current)) &&
746 + !(hap_same_root(current, child)) ) {
748 + * This process is chrooted; don't let it ptrace
749 + * any process not in the same jail with it
751 + security_alert("denied ptrace of %s[%d] within chrooted "
752 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
753 + "ptraces from a chrooted process",
754 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
755 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
756 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
757 + current->p_pptr->uid, current->p_pptr->euid );
761 +#ifdef CONFIG_SECURE_TRACE
762 + if (sysctl_security_trace && current->uid
763 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
764 + && current->egid != sysctl_security_trace_gid
767 + security_alert("denied ptrace of %s[%d] by %s[%d], "
768 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
769 + "UID/EUID %d/%d, GID/EGID %d/%d",
771 + child->comm, child->pid, current->comm,
772 + current->pid, current->uid,
773 + current->euid, current->gid,
774 + current->egid, current->p_pptr->comm,
775 + current->p_pptr->pid, current->p_pptr->uid,
776 + current->p_pptr->euid, current->p_pptr->gid,
777 + current->p_pptr->egid );
780 + security_alert("ptrace of %s[%d] by %s[%d], "
781 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
782 + "UID/EUID %d/%d, GID/EGID %d/%d",
784 + child->comm, child->pid, current->comm,
785 + current->pid, current->uid,
786 + current->euid, current->gid,
787 + current->egid, current->p_pptr->comm,
788 + current->p_pptr->pid, current->p_pptr->uid,
789 + current->p_pptr->euid, current->p_pptr->gid,
790 + current->p_pptr->egid );
792 child->ptrace |= PT_PTRACED;
794 write_lock_irqsave(&tasklist_lock, flags);
795 @@ -539,11 +590,18 @@
799 -asmlinkage void syscall_trace(void)
800 +asmlinkage void syscall_trace(int unused)
802 +#ifdef CONFIG_SECURE_TRACE
803 + struct pt_regs *regs = (struct pt_regs *) &unused;
805 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
806 != (PT_PTRACED|PT_TRACESYS))
808 +#ifdef CONFIG_SECURE_TRACE
809 + if (!user_mode(regs))
810 + return; /* Don't trace the kernel's syscalls */
812 current->exit_code = SIGTRAP;
813 current->state = TASK_STOPPED;
814 notify_parent(current, SIGCHLD);
815 diff -urP linux-2.2.20-ow1/arch/s390/defconfig linux-2.2.20-hap-2/arch/s390/defconfig
816 --- linux-2.2.20-ow1/arch/s390/defconfig Sat Nov 3 13:14:57 2001
817 +++ linux-2.2.20-hap-2/arch/s390/defconfig Fri Nov 9 19:16:17 2001
818 @@ -194,10 +194,15 @@
822 -# CONFIG_SECURE_PROC is not set
823 +CONFIG_SECURE_NOTSOMUCH=y
824 +CONFIG_SECURE_PROC=y
825 CONFIG_SECURE_FD_0_1_2=y
826 CONFIG_SECURE_RLIMIT_NPROC=y
827 # CONFIG_SECURE_SHM is not set
828 +CONFIG_SECURE_LOGGING=y
829 +CONFIG_SECURE_NETWORK=y
830 +# CONFIG_SECURE_NET_SBD is not set
831 +CONFIG_SECURE_CHROOT=y
835 diff -urP linux-2.2.20-ow1/arch/s390/kernel/ptrace.c linux-2.2.20-hap-2/arch/s390/kernel/ptrace.c
836 --- linux-2.2.20-ow1/arch/s390/kernel/ptrace.c Fri Nov 2 11:39:06 2001
837 +++ linux-2.2.20-hap-2/arch/s390/kernel/ptrace.c Fri Nov 9 19:16:17 2001
840 asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
842 +#ifdef CONFIG_SECURE_TRACE
843 + extern int sysctl_security_trace, sysctl_security_trace_gid;
845 struct task_struct *child;
849 /* the same process cannot be attached many times */
850 if (child->ptrace & PT_PTRACED)
852 +#ifdef CONFIG_SECURE_CHROOT
853 + if (!(hap_same_root_as_init(current)) &&
854 + !(hap_same_root(current, child)) ) {
856 + * This process is chrooted; don't let it ptrace
857 + * any process not in the same jail with it
859 + security_alert("denied ptrace of %s[%d] within chrooted "
860 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
861 + "ptraces from a chrooted process",
862 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
863 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
864 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
865 + current->p_pptr->uid, current->p_pptr->euid );
869 +#ifdef CONFIG_SECURE_TRACE
870 + if (sysctl_security_trace && current->uid
871 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
872 + && current->egid != sysctl_security_trace_gid
875 + security_alert("denied ptrace of %s[%d] by %s[%d], "
876 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
877 + "UID/EUID %d/%d, GID/EGID %d/%d",
879 + child->comm, child->pid, current->comm,
880 + current->pid, current->uid,
881 + current->euid, current->gid,
882 + current->egid, current->p_pptr->comm,
883 + current->p_pptr->pid, current->p_pptr->uid,
884 + current->p_pptr->euid, current->p_pptr->gid,
885 + current->p_pptr->egid );
888 + security_alert("ptrace of %s[%d] by %s[%d], "
889 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
890 + "UID/EUID %d/%d, GID/EGID %d/%d",
892 + child->comm, child->pid, current->comm,
893 + current->pid, current->uid,
894 + current->euid, current->gid,
895 + current->egid, current->p_pptr->comm,
896 + current->p_pptr->pid, current->p_pptr->uid,
897 + current->p_pptr->euid, current->p_pptr->gid,
898 + current->p_pptr->egid );
900 child->ptrace |= PT_PTRACED;
901 if (child->p_pptr != current)
903 @@ -590,12 +641,19 @@
907 -asmlinkage void syscall_trace(void)
908 +asmlinkage void syscall_trace(int unused)
910 +#ifdef CONFIG_SECURE_TRACE
911 + struct pt_regs *regs = (struct pt_regs *) &unused;
914 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
915 != (PT_PTRACED|PT_TRACESYS))
917 +#ifdef CONFIG_SECURE_TRACE
918 + if (!user_mode(regs))
919 + return; /* Don't trace the kernel's syscalls */
921 current->exit_code = SIGTRAP;
922 current->state = TASK_STOPPED;
923 notify_parent(current, SIGCHLD);
924 diff -urP linux-2.2.20-ow1/arch/sparc/defconfig linux-2.2.20-hap-2/arch/sparc/defconfig
925 --- linux-2.2.20-ow1/arch/sparc/defconfig Sat Nov 3 13:14:57 2001
926 +++ linux-2.2.20-hap-2/arch/sparc/defconfig Fri Nov 9 19:16:17 2001
927 @@ -340,10 +340,15 @@
931 -# CONFIG_SECURE_PROC is not set
932 +CONFIG_SECURE_NOTSOMUCH=y
933 +CONFIG_SECURE_PROC=y
934 CONFIG_SECURE_FD_0_1_2=y
935 CONFIG_SECURE_RLIMIT_NPROC=y
936 # CONFIG_SECURE_SHM is not set
937 +CONFIG_SECURE_LOGGING=y
938 +CONFIG_SECURE_NETWORK=y
939 +# CONFIG_SECURE_NET_SBD is not set
940 +CONFIG_SECURE_CHROOT=y
944 diff -urP linux-2.2.20-ow1/arch/sparc/kernel/ptrace.c linux-2.2.20-hap-2/arch/sparc/kernel/ptrace.c
945 --- linux-2.2.20-ow1/arch/sparc/kernel/ptrace.c Fri Nov 2 11:39:06 2001
946 +++ linux-2.2.20-hap-2/arch/sparc/kernel/ptrace.c Fri Nov 9 19:16:17 2001
949 asmlinkage void do_ptrace(struct pt_regs *regs)
951 +#ifdef CONFIG_SECURE_TRACE
952 + extern int sysctl_security_trace, sysctl_security_trace_gid;
954 unsigned long request = regs->u_regs[UREG_I0];
955 unsigned long pid = regs->u_regs[UREG_I1];
956 unsigned long addr = regs->u_regs[UREG_I2];
958 pt_error_return(regs, EPERM);
961 +#ifdef CONFIG_SECURE_CHROOT
962 + if (!(hap_same_root_as_init(current)) &&
963 + !(hap_same_root(current, child)) ) {
965 + * This process is chrooted; don't let it ptrace
966 + * any process not in the same jail with it
968 + security_alert("denied ptrace of %s[%d] within chrooted "
969 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
970 + "ptraces from a chrooted process",
971 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
972 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
973 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
974 + current->p_pptr->uid, current->p_pptr->euid );
975 + pt_error_return(regs, EPERM);
979 +#ifdef CONFIG_SECURE_TRACE
980 + if (sysctl_security_trace && current->uid
981 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
982 + && current->egid != sysctl_security_trace_gid
985 + security_alert("denied ptrace of %s[%d] by %s[%d], "
986 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
987 + "UID/EUID %d/%d, GID/EGID %d/%d",
989 + child->comm, child->pid, current->comm,
990 + current->pid, current->uid,
991 + current->euid, current->gid,
992 + current->egid, current->p_pptr->comm,
993 + current->p_pptr->pid, current->p_pptr->uid,
994 + current->p_pptr->euid, current->p_pptr->gid,
995 + current->p_pptr->egid );
998 + security_alert("ptrace of %s[%d] by %s[%d], "
999 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
1000 + "UID/EUID %d/%d, GID/EGID %d/%d",
1002 + child->comm, child->pid, current->comm,
1003 + current->pid, current->uid,
1004 + current->euid, current->gid,
1005 + current->egid, current->p_pptr->comm,
1006 + current->p_pptr->pid, current->p_pptr->uid,
1007 + current->p_pptr->euid, current->p_pptr->gid,
1008 + current->p_pptr->egid );
1010 child->ptrace |= PT_PTRACED;
1011 write_lock_irqsave(&tasklist_lock, flags);
1012 if(child->p_pptr != current) {
1013 @@ -922,14 +974,21 @@
1017 -asmlinkage void syscall_trace(void)
1018 +asmlinkage void syscall_trace(int unused)
1020 +#ifdef CONFIG_SECURE_TRACE
1021 + struct pt_regs *regs = (struct pt_regs *) &unused;
1024 printk("%s [%d]: syscall_trace\n", current->comm, current->pid);
1026 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
1027 != (PT_PTRACED|PT_TRACESYS))
1029 +#ifdef CONFIG_SECURE_TRACE
1030 + if (!user_mode(regs))
1031 + return; /* Don't trace the kernel's syscalls */
1033 current->exit_code = SIGTRAP;
1034 current->state = TASK_STOPPED;
1035 current->tss.flags ^= MAGIC_CONSTANT;
1036 diff -urP linux-2.2.20-ow1/arch/sparc64/defconfig linux-2.2.20-hap-2/arch/sparc64/defconfig
1037 --- linux-2.2.20-ow1/arch/sparc64/defconfig Sat Nov 3 13:14:57 2001
1038 +++ linux-2.2.20-hap-2/arch/sparc64/defconfig Fri Nov 9 19:16:17 2001
1039 @@ -391,10 +391,15 @@
1041 CONFIG_SECURE_LINK=y
1042 CONFIG_SECURE_FIFO=y
1043 -# CONFIG_SECURE_PROC is not set
1044 +CONFIG_SECURE_NOTSOMUCH=y
1045 +CONFIG_SECURE_PROC=y
1046 CONFIG_SECURE_FD_0_1_2=y
1047 CONFIG_SECURE_RLIMIT_NPROC=y
1048 # CONFIG_SECURE_SHM is not set
1049 +CONFIG_SECURE_LOGGING=y
1050 +CONFIG_SECURE_NETWORK=y
1051 +# CONFIG_SECURE_NET_SBD is not set
1052 +CONFIG_SECURE_CHROOT=y
1056 diff -urP linux-2.2.20-ow1/arch/sparc64/kernel/ptrace.c linux-2.2.20-hap-2/arch/sparc64/kernel/ptrace.c
1057 --- linux-2.2.20-ow1/arch/sparc64/kernel/ptrace.c Fri Nov 2 11:39:06 2001
1058 +++ linux-2.2.20-hap-2/arch/sparc64/kernel/ptrace.c Fri Nov 9 19:16:17 2001
1061 asmlinkage void do_ptrace(struct pt_regs *regs)
1063 +#ifdef CONFIG_SECURE_TRACE
1064 + extern int sysctl_security_trace, sysctl_security_trace_gid;
1066 int request = regs->u_regs[UREG_I0];
1067 pid_t pid = regs->u_regs[UREG_I1];
1068 unsigned long addr = regs->u_regs[UREG_I2];
1069 @@ -620,6 +623,55 @@
1070 pt_error_return(regs, EPERM);
1073 +#ifdef CONFIG_SECURE_CHROOT
1074 + if (!(hap_same_root_as_init(current)) &&
1075 + !(hap_same_root(current, child)) ) {
1077 + * This process is chrooted; don't let it ptrace
1078 + * any process not in the same jail with it
1080 + security_alert("denied ptrace of %s[%d] within chrooted "
1081 + "jail [%s]:%lu by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
1082 + "ptraces from a chrooted process",
1083 + child->comm, child->pid, kdevname(current->fs->root->d_inode->i_dev),
1084 + current->fs->root->d_inode->i_ino, current->comm, current->pid,
1085 + current->uid, current->euid, current->p_pptr->comm, current->p_pptr->pid,
1086 + current->p_pptr->uid, current->p_pptr->euid );
1087 + pt_error_return(regs, EPERM);
1091 +#ifdef CONFIG_SECURE_TRACE
1092 + if (sysctl_security_trace && current->uid
1093 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
1094 + && current->egid != sysctl_security_trace_gid
1097 + security_alert("denied ptrace of %s[%d] by %s[%d], "
1098 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
1099 + "UID/EUID %d/%d, GID/EGID %d/%d",
1100 + "ptrace attempts",
1101 + child->comm, child->pid, current->comm,
1102 + current->pid, current->uid,
1103 + current->euid, current->gid,
1104 + current->egid, current->p_pptr->comm,
1105 + current->p_pptr->pid, current->p_pptr->uid,
1106 + current->p_pptr->euid, current->p_pptr->gid,
1107 + current->p_pptr->egid );
1110 + security_alert("ptrace of %s[%d] by %s[%d], "
1111 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
1112 + "UID/EUID %d/%d, GID/EGID %d/%d",
1114 + child->comm, child->pid, current->comm,
1115 + current->pid, current->uid,
1116 + current->euid, current->gid,
1117 + current->egid, current->p_pptr->comm,
1118 + current->p_pptr->pid, current->p_pptr->uid,
1119 + current->p_pptr->euid, current->p_pptr->gid,
1120 + current->p_pptr->egid );
1122 child->ptrace |= PT_PTRACED;
1123 write_lock_irqsave(&tasklist_lock, flags);
1124 if(child->p_pptr != current) {
1125 @@ -1134,14 +1186,21 @@
1129 -asmlinkage void syscall_trace(void)
1130 +asmlinkage void syscall_trace(int unused)
1132 +#ifdef CONFIG_SECURE_TRACE
1133 + struct pt_regs *regs = (struct pt_regs *) &unused;
1136 printk("%s [%d]: syscall_trace\n", current->comm, current->pid);
1138 if ((current->ptrace & (PT_PTRACED|PT_TRACESYS))
1139 != (PT_PTRACED|PT_TRACESYS))
1141 +#ifdef CONFIG_SECURE_TRACE
1142 + if (!user_mode(regs))
1143 + return; /* Don't trace the kernel's syscalls */
1145 current->exit_code = SIGTRAP;
1146 current->state = TASK_STOPPED;
1147 current->tss.flags ^= MAGIC_CONSTANT;
1148 diff -urP linux-2.2.20-ow1/fs/exec.c linux-2.2.20-hap-2/fs/exec.c
1149 --- linux-2.2.20-ow1/fs/exec.c Sat Nov 3 13:14:57 2001
1150 +++ linux-2.2.20-hap-2/fs/exec.c Sat Nov 10 02:37:07 2001
1153 int prepare_binprm(struct linux_binprm *bprm)
1155 +#ifdef CONFIG_SECURE_TRACE
1156 + extern int sysctl_security_trace, sysctl_security_trace_gid;
1159 int retval,id_change,cap_raised;
1160 struct inode * inode = bprm->dentry->d_inode;
1161 @@ -778,7 +781,55 @@
1166 +/* Total mess of ifdef's follow. */
1167 +#if defined(CONFIG_SECURE_BUGFIX) || defined(CONFIG_SECURE_TRACE)
1168 + /* ptraced executables must be readable */
1169 + if (current->ptrace & PT_PTRACED) {
1170 +#ifdef CONFIG_SECURE_TRACE
1171 + if (sysctl_security_trace && current->uid
1172 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
1173 + && current->egid != sysctl_security_trace_gid
1176 + security_alert("denied ptrace of %s by %s[%d], "
1177 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
1178 + "UID/EUID %d/%d, GID/EGID %d/%d",
1179 + "ptrace attempts",
1180 + bprm->filename, current->comm, current->pid, current->uid,
1181 + current->euid, current->gid, current->egid, current->p_pptr->comm,
1182 + current->p_pptr->pid, current->p_pptr->uid, current->p_pptr->euid,
1183 + current->p_pptr->gid, current->p_pptr->egid);
1186 +#endif /* CONFIG_SECURE_TRACE */
1187 +#ifdef CONFIG_SECURE_BUGFIX
1188 + if ((retval = permission(bprm->dentry->d_inode, MAY_READ)) != 0) {
1189 +#ifdef CONFIG_SECURE_LOGGING
1190 + security_alert("refused ptrace of unreadable executable %s by "
1191 + "%s[%d], UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
1192 + "UID/EUID %d/%d, GID/EGID %d/%d",
1193 + "unreadable executables ptraced",
1194 + bprm->filename, current->comm, current->pid, current->uid,
1195 + current->euid, current->gid, current->egid, current->p_pptr->comm,
1196 + current->p_pptr->pid, current->p_pptr->uid, current->p_pptr->euid,
1197 + current->p_pptr->gid, current->p_pptr->egid);
1198 +#endif /* CONFIG_SECURE_LOGGING */
1201 +#endif /* CONFIG_SECURE_BUGFIX */
1202 +#ifdef CONFIG_SECURE_TRACE
1203 + /* log all permitted ptrace's */
1204 + security_alert("ptrace of %s by %s[%d], "
1205 + "UID/EUID %d/%d, GID/EGID %d/%d, parent %s[%d], "
1206 + "UID/EUID %d/%d, GID/EGID %d/%d",
1208 + bprm->filename, current->comm, current->pid, current->uid,
1209 + current->euid, current->gid, current->egid, current->p_pptr->comm,
1210 + current->p_pptr->pid, current->p_pptr->uid, current->p_pptr->euid,
1211 + current->p_pptr->gid, current->p_pptr->egid);
1212 +#endif /* CONFIG_SECURE_TRACE */
1214 +#endif /* CONFIG_SECURE_BUGFIX || CONFIG_SECURE_TRACE */
1215 memset(bprm->buf,0,sizeof(bprm->buf));
1216 return read_exec(bprm->dentry,0,bprm->buf,128,1);
1218 @@ -946,6 +997,22 @@
1222 +#ifdef CONFIG_SECURE_CHROOT
1223 + if (!(hap_same_root_as_init(current))) {
1225 + * This process is in a chrooted jail; log everything it exec's
1227 + security_alert("exec of %s within chrooted jail [%s]:%lu by "
1228 + "%s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
1229 + "execs from a chrooted process",
1230 + filename, kdevname(current->fs->root->d_inode->i_dev),
1231 + current->fs->root->d_inode->i_ino,current->comm,
1232 + current->pid,current->uid, current->euid,
1233 + current->p_pptr->comm, current->p_pptr->pid,
1234 + current->p_pptr->uid, current->p_pptr->euid );
1236 +#endif /* CONFIG_SECURE_CHROOT */
1238 #ifdef CONFIG_SECURE_RLIMIT_NPROC
1240 * This check is similar to that done in kernel/fork.c, except that we
1241 diff -urP linux-2.2.20-ow1/fs/namei.c linux-2.2.20-hap-2/fs/namei.c
1242 --- linux-2.2.20-ow1/fs/namei.c Sat Nov 3 13:14:57 2001
1243 +++ linux-2.2.20-hap-2/fs/namei.c Fri Nov 9 19:16:17 2001
1244 @@ -306,18 +306,28 @@
1245 if (S_ISLNK(inode->i_mode) &&
1246 (base->d_inode->i_mode & S_ISVTX) &&
1247 inode->i_uid != base->d_inode->i_uid &&
1248 +#ifdef CONFIG_SECURE_NOTSOMUCH
1250 + * Let this happen as long as the +t dir is
1251 + * not world-writable.
1253 + (base->d_inode->i_mode & S_IWOTH) &&
1255 current->fsuid != inode->i_uid) {
1256 - security_alert("not followed symlink of %d.%d "
1257 - "by UID %d, EUID %d, process %s:%d",
1258 + security_alert("not followed symlink of [%s]:%lu "
1259 + "owned by %d.%d by %s[%d], UID %d, "
1260 + "EUID %d, parent %s[%d], UID %d, EUID %d",
1261 "symlinks not followed",
1262 - inode->i_uid, inode->i_gid,
1263 - current->uid, current->euid,
1264 - current->comm, current->pid);
1265 + kdevname(inode->i_dev), inode->i_ino,
1266 + inode->i_uid, inode->i_gid, current->comm,
1267 + current->pid, current->uid, current->euid,
1268 + current->p_pptr->comm, current->p_pptr->pid,
1269 + current->p_pptr->uid, current->p_pptr->euid);
1272 return ERR_PTR(-EACCES);
1275 +#endif /* CONFIG_SECURE_LINK */
1277 if (current->need_resched) {
1278 current->state = TASK_RUNNING;
1279 @@ -756,19 +766,28 @@
1280 if (S_ISFIFO(inode->i_mode) && !(flag & O_EXCL) &&
1281 (dir->d_inode->i_mode & S_ISVTX) &&
1282 inode->i_uid != dir->d_inode->i_uid &&
1283 +#ifdef CONFIG_SECURE_NOTSOMUCH
1285 + * Let this happen as long as the +t dir isn't world-writable
1287 + (dir->d_inode->i_mode & S_IWOTH) &&
1289 current->fsuid != inode->i_uid) {
1290 if (!permission(inode, acc_mode))
1291 - security_alert("denied writing FIFO of %d.%d "
1292 - "by UID %d, EUID %d, process %s:%d",
1293 + security_alert("denied writing FIFO [%s]:%lu owned "
1294 + "by %d.%d by %s[%d], UID %d, EUID %d, parent "
1295 + "%s[%d], UID %d, EUID %d",
1296 "writes into a FIFO denied",
1297 - inode->i_uid, inode->i_gid,
1298 - current->uid, current->euid,
1299 - current->comm, current->pid);
1300 + kdevname(inode->i_dev), inode->i_ino,
1301 + inode->i_uid, inode->i_gid, current->comm,
1302 + current->pid, current->uid, current->euid,
1303 + current->p_pptr->comm, current->p_pptr->pid,
1304 + current->p_pptr->uid, current->p_pptr->euid);
1310 +#endif /* CONFIG_SECURE_FIFO */
1313 * Somebody might have created the file while we
1314 @@ -909,6 +928,10 @@
1318 + struct dentry * dentry;
1319 +#ifdef CONFIG_SECURE_CHROOT
1320 + char hap_dev_mode;
1325 @@ -927,7 +950,41 @@
1326 tmp = getname(filename);
1327 error = PTR_ERR(tmp);
1329 - struct dentry * dentry = do_mknod(tmp,mode,dev);
1330 +#ifdef CONFIG_SECURE_CHROOT
1331 + if (!S_ISFIFO(mode)) {
1332 + if (!(hap_same_root_as_init(current))) {
1334 + * This process is in a chrooted jail; don't let it
1335 + * make a raw device through which to break out (by
1336 + * double-mounting an fs, reading kmem, kybd, etc)
1338 + switch (mode & S_IFMT) {
1339 + case S_IFREG: hap_dev_mode = 'r'; break;
1340 + case S_IFCHR: hap_dev_mode = 'c'; break;
1341 + case S_IFBLK: hap_dev_mode = 'b'; break;
1342 + case S_IFSOCK: hap_dev_mode = 's'; break;
1343 + default: hap_dev_mode = 'u';
1345 + security_alert("refused attempt to mknod %c:[%s] (%s) "
1346 + "from chrooted jail [%s]:%lu owned by %d.%d by "
1347 + "%s[%d], UID %d, EUID %d, parent %s[%d], UID "
1349 + "chrooted mknods denied",
1350 + hap_dev_mode, kdevname(dev), tmp,
1351 + kdevname(current->fs->root->d_inode->i_dev),
1352 + current->fs->root->d_inode->i_ino,
1353 + current->fs->root->d_inode->i_uid,
1354 + current->fs->root->d_inode->i_gid, current->comm,
1355 + current->pid, current->uid, current->euid,
1356 + current->p_pptr->comm, current->p_pptr->pid,
1357 + current->p_pptr->uid, current->p_pptr->euid);
1364 + dentry = do_mknod(tmp,mode,dev);
1366 error = PTR_ERR(dentry);
1367 if (!IS_ERR(dentry)) {
1368 @@ -1258,13 +1315,21 @@
1369 ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
1370 (error = permission(inode, MAY_READ | MAY_WRITE))) &&
1371 !capable(CAP_FOWNER) &&
1372 +#ifdef CONFIG_SECURE_NOTSOMUCH
1374 + * Let users hard link to files in their group.
1376 + current->fsgid != inode->i_gid &&
1379 - security_alert("denied hard link to %d.%d "
1380 - "for UID %d, EUID %d, process %s:%d",
1381 + security_alert("denied hard link to [%s]:%lu owned by %d.%d "
1382 + "by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
1383 "hard links denied",
1384 + kdevname(inode->i_dev), inode->i_ino,
1385 inode->i_uid, inode->i_gid,
1386 - current->uid, current->euid,
1387 - current->comm, current->pid);
1388 + current->comm, current->pid, current->uid, current->euid,
1389 + current->p_pptr->comm, current->p_pptr->pid,
1390 + current->p_pptr->uid, current->p_pptr->euid);
1394 diff -urP linux-2.2.20-ow1/fs/open.c linux-2.2.20-hap-2/fs/open.c
1395 --- linux-2.2.20-ow1/fs/open.c Fri Nov 2 11:39:08 2001
1396 +++ linux-2.2.20-hap-2/fs/open.c Fri Nov 9 19:16:17 2001
1399 struct inode *inode;
1400 struct dentry *dentry, *tmp;
1401 +#ifdef CONFIG_SECURE_CHROOT
1402 + char * hap_new_chroot_path;
1407 @@ -423,11 +426,55 @@
1409 if (!capable(CAP_SYS_CHROOT))
1411 +#ifdef CONFIG_SECURE_CHROOT
1412 + if (!(hap_same_root_as_init(current))) {
1414 + * This process is already in a chrooted jail; don't let it chroot out.
1416 + if (IS_ERR(hap_new_chroot_path = getname(filename)))
1417 + hap_new_chroot_path = "[err]";
1418 + security_alert("refused attempt to chroot from [%s]:%lu to "
1419 + "[%s]:%lu (%s) owned by %d.%d, process %s[%d], UID %d, "
1420 + "EUID %d, parent %s[%d], UID %d, EUID %d",
1421 + "double chroots denied",
1422 + kdevname(current->fs->root->d_inode->i_dev),
1423 + current->fs->root->d_inode->i_ino,
1424 + kdevname(inode->i_dev), inode->i_ino, hap_new_chroot_path,
1425 + inode->i_uid, inode->i_gid,
1426 + current->comm, current->pid, current->uid, current->euid,
1427 + current->p_pptr->comm, current->p_pptr->pid,
1428 + current->p_pptr->uid, current->p_pptr->euid);
1429 + putname(hap_new_chroot_path);
1431 + goto dput_and_out;
1435 /* exchange dentries */
1436 tmp = current->fs->root;
1437 current->fs->root = dentry;
1439 +#ifdef CONFIG_SECURE_CHROOT
1440 + /* drop various dangerous capabilities when chrooting
1441 + * note init is exempt for initrd-type games */
1442 + if (current->pid && current->pid > 1) {
1443 + cap_lower(current->cap_permitted,
1444 + CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &
1445 + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO &
1446 + CAP_SYS_PACCT & CAP_SYS_ADMIN & CAP_SYS_BOOT &
1447 + CAP_SYS_RESOURCE & CAP_SYS_TIME & CAP_SYS_TTY_CONFIG);
1448 + cap_lower(current->cap_inheritable,
1449 + CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &
1450 + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO &
1451 + CAP_SYS_PACCT & CAP_SYS_ADMIN & CAP_SYS_BOOT &
1452 + CAP_SYS_RESOURCE & CAP_SYS_TIME & CAP_SYS_TTY_CONFIG);
1453 + cap_lower(current->cap_effective,
1454 + CAP_FOWNER & CAP_SETPCAP & CAP_LINUX_IMMUTABLE &
1455 + CAP_NET_ADMIN & CAP_SYS_MODULE & CAP_SYS_RAWIO &
1456 + CAP_SYS_PACCT & CAP_SYS_ADMIN & CAP_SYS_BOOT &
1457 + CAP_SYS_RESOURCE & CAP_SYS_TIME & CAP_SYS_TTY_CONFIG);
1463 @@ -464,6 +511,31 @@
1465 if (mode == (mode_t) -1)
1466 mode = inode->i_mode;
1467 +#ifdef CONFIG_SECURE_CHROOT
1468 + if ((mode & S_ISUID) || (mode & S_ISGID)) {
1469 + if (!(hap_same_root_as_init(current))) {
1471 + * This process is chrooted; don't let it turn on the set[ug]id bits.
1473 + security_alert("refused attempt to fchmod +s [%s]:%lu "
1474 + "owned by %d.%d to mode 0%07o from chrooted jail "
1475 + "[%s]:%lu owned by %d.%d by %s[%d], UID %d, EUID "
1476 + "%d, parent %s[%d], UID %d, EUID %d",
1477 + "chrooted fchmod +s's denied",
1478 + kdevname(inode->i_dev), inode->i_ino,
1479 + inode->i_uid, inode->i_gid, mode,
1480 + kdevname(current->fs->root->d_inode->i_dev),
1481 + current->fs->root->d_inode->i_ino,
1482 + current->fs->root->d_inode->i_uid,
1483 + current->fs->root->d_inode->i_gid, current->comm,
1484 + current->pid, current->uid, current->euid,
1485 + current->p_pptr->comm, current->p_pptr->pid,
1486 + current->p_pptr->uid, current->p_pptr->euid);
1492 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
1493 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
1494 err = notify_change(dentry, &newattrs);
1496 struct inode * inode;
1498 struct iattr newattrs;
1499 +#ifdef CONFIG_SECURE_CHROOT
1500 + char * hap_chmod_filename;
1504 dentry = namei(filename);
1505 @@ -500,6 +575,34 @@
1507 if (mode == (mode_t) -1)
1508 mode = inode->i_mode;
1509 +#ifdef CONFIG_SECURE_CHROOT
1510 + if ((mode & S_ISUID) || (mode & S_ISGID)) {
1511 + if (!(hap_same_root_as_init(current))) {
1513 + * This process is chrooted; don't let it turn on the set[gu]id bits.
1515 + if (IS_ERR(hap_chmod_filename = getname(filename)))
1516 + hap_chmod_filename = "[err]";
1517 + security_alert("refused attempt to chmod +s [%s]:%lu "
1518 + "(%s) owned by %d.%d to mode 0%07o from chrooted "
1519 + "jail [%s]:%lu owned by %d.%d by %s[%d], UID %d, "
1520 + "EUID %d, parent %s[%d], UID %d, EUID %d",
1521 + "chrooted chmod +s's denied",
1522 + kdevname(inode->i_dev), inode->i_ino, hap_chmod_filename,
1523 + inode->i_uid, inode->i_gid, mode,
1524 + kdevname(current->fs->root->d_inode->i_dev),
1525 + current->fs->root->d_inode->i_ino,
1526 + current->fs->root->d_inode->i_uid,
1527 + current->fs->root->d_inode->i_gid, current->comm,
1528 + current->pid, current->uid, current->euid,
1529 + current->p_pptr->comm, current->p_pptr->pid,
1530 + current->p_pptr->uid, current->p_pptr->euid);
1531 + putname(hap_chmod_filename);
1533 + goto dput_and_out;
1537 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
1538 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
1539 error = notify_change(dentry, &newattrs);
1540 diff -urP linux-2.2.20-ow1/fs/super.c linux-2.2.20-hap-2/fs/super.c
1541 --- linux-2.2.20-ow1/fs/super.c Fri Nov 2 11:39:08 2001
1542 +++ linux-2.2.20-hap-2/fs/super.c Fri Nov 9 19:16:17 2001
1544 #include <linux/kmod.h>
1547 +#ifdef CONFIG_SECURE_CHROOT
1548 +#include <linux/sched.h>
1552 * We use a semaphore to synchronize all mount/umount
1553 * activity - imagine the mess if we have a race between
1554 @@ -1045,10 +1049,42 @@
1555 unsigned long flags = 0;
1556 unsigned long page = 0;
1557 struct file dummy; /* allows read-write or read-only flag */
1558 +#ifdef CONFIG_SECURE_CHROOT
1559 + char * hap_mount_dev;
1560 + char * hap_mount_path;
1564 if (!capable(CAP_SYS_ADMIN))
1566 +#ifdef CONFIG_SECURE_CHROOT
1567 + if (!(hap_same_root_as_init(current))) {
1569 + * This process is in a chrooted jail; don't let it (re)mount any filesystems.
1571 + if(IS_ERR(hap_mount_dev = getname(dev_name)))
1572 + hap_mount_dev = "nodev";
1573 + if(IS_ERR(hap_mount_path = getname(dir_name)))
1574 + hap_mount_path = "[err]";
1575 + security_alert("refused attempt to mount [%s] as %s "
1576 + "from chrooted jail [%s]:%lu owned by %d.%d by "
1577 + "%s[%d], UID %d, EUID %d, parent %s[%d], UID "
1579 + "chrooted mounts denied",
1580 + hap_mount_dev, hap_mount_path,
1581 + kdevname(current->fs->root->d_inode->i_dev),
1582 + current->fs->root->d_inode->i_ino,
1583 + current->fs->root->d_inode->i_uid,
1584 + current->fs->root->d_inode->i_gid, current->comm, current->pid,
1585 + current->uid, current->euid, current->p_pptr->comm,
1586 + current->p_pptr->pid, current->p_pptr->uid,
1587 + current->p_pptr->euid);
1588 + putname(hap_mount_dev);
1589 + putname(hap_mount_path);
1595 (MS_MGC_MSK | MS_REMOUNT)) == (MS_MGC_VAL | MS_REMOUNT)) {
1596 retval = copy_mount_options (data, &page);
1597 diff -urP linux-2.2.20-ow1/include/linux/kernel.h linux-2.2.20-hap-2/include/linux/kernel.h
1598 --- linux-2.2.20-ow1/include/linux/kernel.h Sat Nov 3 13:14:57 2001
1599 +++ linux-2.2.20-hap-2/include/linux/kernel.h Sat Nov 10 02:20:12 2001
1602 spin_lock(&security_alert_lock); \
1604 -/* Make sure at least one minute passed since the last warning logged */ \
1605 - if (!warning_time || jiffies - warning_time > 60 * HZ) { \
1606 +/* Make sure at least one second passed since the last warning logged */ \
1607 + if (!warning_time || jiffies - warning_time > HZ) { \
1608 warning_time = jiffies; no_flood_yet = 1; \
1609 - printk(KERN_ALERT "Security: " normal_msg "\n", ## args); \
1610 + printk(KERN_WARNING "Security: " normal_msg "\n", ## args); \
1611 } else if (no_flood_yet) { \
1612 warning_time = jiffies; no_flood_yet = 0; \
1613 - printk(KERN_ALERT "Security: more " flood_msg \
1614 - ", logging disabled for a minute\n"); \
1615 + printk(KERN_WARNING "Security: more " flood_msg \
1616 + ", logging disabled for one second\n"); \
1619 spin_unlock(&security_alert_lock); \
1622 +#ifdef CONFIG_SECURE_CHROOT
1623 +#define hap_same_root(haptask1, haptask2) \
1624 + /* if root devices and inodes match, processes share a \
1625 + * common root (neither, or both together, are chrooted) */ \
1626 + ((haptask1->fs->root->d_inode->i_dev == \
1627 + haptask2->fs->root->d_inode->i_dev) && \
1628 + (haptask1->fs->root->d_inode->i_ino == \
1629 + haptask2->fs->root->d_inode->i_ino) )
1631 +#define hap_same_root_as_init(haptask) \
1632 + /* compare the given process to init */ \
1633 + hap_same_root(haptask, \
1634 + (task[smp_num_cpus] ? : task[0])) /* voodoo */
1635 +#endif /* CONFIG_SECURE_CHROOT */
1637 #endif /* __KERNEL__ */
1639 diff -urP linux-2.2.20-ow1/include/linux/sysctl.h linux-2.2.20-hap-2/include/linux/sysctl.h
1640 --- linux-2.2.20-ow1/include/linux/sysctl.h Sun Mar 25 11:37:40 2001
1641 +++ linux-2.2.20-hap-2/include/linux/sysctl.h Fri Nov 9 19:16:17 2001
1643 KERN_SHMALL=41, /* int: maximum size of shared memory */
1644 KERN_SPARC_STOP_A=44, /* int: Sparc Stop-A enable */
1645 KERN_HOTPLUG=49, /* string: path to hotplug policy agent */
1646 - KERN_IEEE_EMULATION_WARNINGS=50 /* int: unimplemented ieee instructions */
1647 + KERN_IEEE_EMULATION_WARNINGS=50, /* int: unimplemented ieee instructions */
1648 + KERN_SECURITY=51 /* Security */
1652 diff -urP linux-2.2.20-ow1/include/linux/tasks.h linux-2.2.20-hap-2/include/linux/tasks.h
1653 --- linux-2.2.20-ow1/include/linux/tasks.h Sun Mar 25 11:31:03 2001
1654 +++ linux-2.2.20-hap-2/include/linux/tasks.h Sat Nov 10 02:20:12 2001
1659 -#define NR_TASKS 4080 /* On x86 Max about 4000 */
1660 +#define NR_TASKS 2048 /* On x86 Max about 4000 */
1662 #define MAX_TASKS_PER_USER 256
1663 #define MIN_TASKS_LEFT_FOR_ROOT 64
1664 diff -urP linux-2.2.20-ow1/include/net/dst.h linux-2.2.20-hap-2/include/net/dst.h
1665 --- linux-2.2.20-ow1/include/net/dst.h Sun Mar 25 11:31:07 2001
1666 +++ linux-2.2.20-hap-2/include/net/dst.h Sat Nov 10 02:21:36 2001
1668 * 1 - rare events and bugs (default)
1671 -#define RT_CACHE_DEBUG 0
1672 +#ifdef CONFIG_SECURE_LOGGING
1673 +#define RT_CACHE_DEBUG 1
1675 +#define RT_CACHE_DEBUG 0
1678 #define DST_GC_MIN (1*HZ)
1679 #define DST_GC_INC (5*HZ)
1680 diff -urP linux-2.2.20-ow1/kernel/fork.c linux-2.2.20-hap-2/kernel/fork.c
1681 --- linux-2.2.20-ow1/kernel/fork.c Sat Nov 3 13:14:57 2001
1682 +++ linux-2.2.20-hap-2/kernel/fork.c Fri Nov 9 19:16:17 2001
1683 @@ -746,6 +746,15 @@
1686 free_task_struct(p);
1687 +#ifdef CONFIG_SECURE_LOGGING
1688 + security_alert("fork failure errno %d by %s[%d], UID %d, EUID %d, "
1689 + "parent %s[%d], UID %d, EUID %d",
1691 + retval, current->comm, current->pid,
1692 + current->uid, current->euid,
1693 + current->p_pptr->comm, current->p_pptr->pid,
1694 + current->p_pptr->uid, current->p_pptr->euid);
1699 diff -urP linux-2.2.20-ow1/kernel/signal.c linux-2.2.20-hap-2/kernel/signal.c
1700 --- linux-2.2.20-ow1/kernel/signal.c Fri Nov 2 11:39:16 2001
1701 +++ linux-2.2.20-hap-2/kernel/signal.c Fri Nov 9 19:16:17 2001
1704 unsigned long flags;
1706 +#ifdef CONFIG_SECURE_CHROOT
1707 + struct task_struct * hap_init_task;
1711 printk("SIG queue (%s:%d): %d ", t->comm, t->pid, sig);
1712 @@ -270,13 +273,67 @@
1713 && (current->uid ^ t->suid) && (current->uid ^ t->uid)
1714 && !capable(CAP_KILL))
1717 - /* The null signal is a permissions and process existance probe.
1718 - No signal is actually delivered. Same goes for zombies.
1719 - We have to grab the spinlock now so that we do not race
1720 + /* We have to grab the spinlock now so that we do not race
1721 with flush_signals. */
1723 spin_lock_irqsave(&t->sigmask_lock, flags);
1725 +#ifdef CONFIG_SECURE_CHROOT
1727 + * chrooted processes can only send signals to other processes in
1728 + * the same jail, with the exception that they can send SIGALRM and
1729 + * SIGIO to any process, and SIGCHLD to their parent, regardless.
1732 + * this is still needed with the hap_same_root macros because we
1733 + * have to check init's task struct to be careful not to deref a
1734 + * null pointer later
1736 + hap_init_task = task[smp_num_cpus] ? : task[0]; /* find task for init */
1737 + if ( /* noop for 'signal zero' */
1740 + /* be careful not to deref a null pointer later */
1741 + t->pid && t->fs && t->fs->root && t->fs->root->d_inode && t->p_pptr &&
1742 + current->pid && current->fs && current->fs->root &&
1743 + current->fs->root->d_inode && current->p_pptr &&
1744 + hap_init_task && hap_init_task->pid && hap_init_task->fs &&
1745 + hap_init_task->fs->root && hap_init_task->fs->root->d_inode &&
1747 + /* real work starting: check if signal is "mostly harmless" */
1748 + !( sig == SIGALRM || sig == SIGIO ||
1750 + /* check if current is not chrooted */
1751 + (hap_same_root_as_init(current)) ||
1753 + /* else check if current && target are under same chroot */
1754 + (hap_same_root(t, current)) ||
1756 + /* else check if child is sending parent SIGCHILD */
1757 + (t->pid == current->p_pptr->pid && sig == SIGCHLD) ) ) {
1759 + /* Note: if target is init, its parent is task 0 */
1760 + security_alert("refused signal %d out of chrooted jail [%s]:%lu "
1761 + "owned by %d.%d by %s[%d], UID %d, EUID %d, parent "
1762 + "%s[%d], UID %d, EUID %d to %s[%d], UID %d, EUID %d with "
1763 + "root [%s]:%lu owned by %d.%d, parent %s[%d], UID %d, EUID %d",
1764 + "refused signals",
1765 + sig, kdevname(current->fs->root->d_inode->i_dev),
1766 + current->fs->root->d_inode->i_ino, current->fs->root->d_inode->i_uid,
1767 + current->fs->root->d_inode->i_gid, current->comm,
1768 + current->pid, current->uid, current->euid, current->p_pptr->comm,
1769 + current->p_pptr->pid, current->p_pptr->uid, current->p_pptr->euid,
1770 + t->comm, t->pid, t->uid, t->euid, kdevname(t->fs->root->d_inode->i_dev),
1771 + t->fs->root->d_inode->i_ino, t->fs->root->d_inode->i_uid,
1772 + t->fs->root->d_inode->i_gid, t->p_pptr->comm, t->p_pptr->pid,
1773 + t->p_pptr->uid, t->p_pptr->euid);
1774 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
1780 + /* The null signal is a permissions and process existance probe.
1781 + No signal is actually delivered. Same goes for zombies. */
1782 if (!sig || !t->sig) {
1783 spin_unlock_irqrestore(&t->sigmask_lock, flags);
1785 @@ -301,6 +358,34 @@
1786 /* Inflict this corner case with recalculations, not mainline */
1787 recalc_sigpending(t);
1789 +#if CONFIG_SECURE_LOGGING
1790 + case SIGSEGV: case SIGILL: case SIGABRT: case SIGBUS:
1792 + security_alert("signal %d (%s addr 0x%08lx) sent to "
1793 + "%s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d, "
1794 + "by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
1795 + "signal warnings",
1796 + sig, (t->tss.error_code & 2) ? "write" : "read or execute",
1798 + t->comm, t->pid, t->uid, t->euid, t->p_pptr->comm,
1799 + t->p_pptr->pid, t->p_pptr->uid, t->p_pptr->euid,
1800 + current->comm, current->pid, current->uid, current->euid,
1801 + current->p_pptr->comm, current->p_pptr->pid,
1802 + current->p_pptr->uid, current->p_pptr->euid);
1804 + security_alert("signal %d sent to "
1805 + "%s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d, "
1806 + "by %s[%d], UID %d, EUID %d, parent %s[%d], UID %d, EUID %d",
1807 + "signal warnings",
1809 + t->comm, t->pid, t->uid, t->euid, t->p_pptr->comm,
1810 + t->p_pptr->pid, t->p_pptr->uid, t->p_pptr->euid,
1811 + current->comm, current->pid, current->uid, current->euid,
1812 + current->p_pptr->comm, current->p_pptr->pid,
1813 + current->p_pptr->uid, current->p_pptr->euid);
1819 /* Optimize away the signal, if it's a signal that can be
1820 diff -urP linux-2.2.20-ow1/kernel/sysctl.c linux-2.2.20-hap-2/kernel/sysctl.c
1821 --- linux-2.2.20-ow1/kernel/sysctl.c Sat Nov 3 13:14:57 2001
1822 +++ linux-2.2.20-hap-2/kernel/sysctl.c Fri Nov 9 19:16:17 2001
1824 static ctl_table fs_table[];
1825 static ctl_table debug_table[];
1826 static ctl_table dev_table[];
1828 +static ctl_table security_table[];
1830 /* /proc declarations: */
1832 #ifdef CONFIG_PROC_FS
1834 +/* Keep these here reguardless if CONFIG_SECURE_SYSCTL is defined or not */
1835 +int sysctl_security = 1;
1836 +int sysctl_security_trace = 1;
1838 +#ifdef CONFIG_SECURE_TRACE
1839 +int sysctl_security_trace_gid = 0;
1842 static ssize_t proc_readsys(struct file *, char *, size_t, loff_t *);
1843 static ssize_t proc_writesys(struct file *, const char *, size_t, loff_t *);
1844 static int proc_sys_permission(struct inode *, int);
1845 @@ -251,6 +259,18 @@
1846 &sysctl_ieee_emulation_warnings,sizeof(int),0644,NULL,&proc_dointvec},
1849 + {KERN_SECURITY, "security", NULL, 0, 0550, security_table},
1853 +enum {SEC_TRACE=1, SEC_TRACE_GID , SEC_SYSCTL};
1854 +static ctl_table security_table[] = {
1855 + {SEC_TRACE, "trace", &sysctl_security_trace, sizeof (int),
1856 + 0640, NULL, &proc_dointvec},
1857 +#ifdef CONFIG_SECURE_TRACE_USERGROUP
1858 + {SEC_TRACE_GID, "trace_gid", &sysctl_security_trace_gid, sizeof (int),
1859 + 0640, NULL, &proc_dointvec},
1864 diff -urP linux-2.2.20-ow1/kernel/time.c linux-2.2.20-hap-2/kernel/time.c
1865 --- linux-2.2.20-ow1/kernel/time.c Sun Mar 25 11:31:02 2001
1866 +++ linux-2.2.20-hap-2/kernel/time.c Fri Nov 9 19:16:17 2001
1867 @@ -108,6 +108,14 @@
1868 time_maxerror = NTP_PHASE_LIMIT;
1869 time_esterror = NTP_PHASE_LIMIT;
1870 write_unlock_irq(&xtime_lock);
1871 +#ifdef CONFIG_SECURE_LOGGING
1872 + security_alert("time set by %s[%d], UID %d, EUID %d, parent %s[%d], "
1873 + "UID %d, EUID %d",
1875 + current->comm, current->pid, current->uid, current->euid,
1876 + current->p_pptr->comm, current->p_pptr->pid,
1877 + current->p_pptr->uid, current->p_pptr->euid);
1882 @@ -184,6 +192,14 @@
1883 * globally block out interrupts when it runs.
1885 do_settimeofday(tv);
1886 +#ifdef CONFIG_SECURE_LOGGING
1887 + security_alert("time set by %s[%d], UID %d, EUID %d, parent %s[%d], "
1888 + "UID %d, EUID %d",
1890 + current->comm, current->pid, current->uid, current->euid,
1891 + current->p_pptr->comm, current->p_pptr->pid,
1892 + current->p_pptr->uid, current->p_pptr->euid);
1897 diff -urP linux-2.2.20-ow1/net/core/utils.c linux-2.2.20-hap-2/net/core/utils.c
1898 --- linux-2.2.20-ow1/net/core/utils.c Sun Mar 25 11:31:12 2001
1899 +++ linux-2.2.20-hap-2/net/core/utils.c Fri Nov 9 19:16:17 2001
1904 +#ifdef CONFIG_SECURE_LOGGING
1905 +int net_msg_cost = HZ;
1907 int net_msg_cost = 5*HZ;
1909 int net_msg_burst = 10*5*HZ;
1912 +#ifdef CONFIG_SECURE_LOGGING
1913 + * This enforces a rate limit: not more than one kernel message
1914 + * every 1secs to make a denial-of-service attack harder.
1916 * This enforces a rate limit: not more than one kernel message
1917 * every 5secs to make a denial-of-service attack impossible.
1920 * All warning printk()s should be guarded by this function.
1922 diff -urP linux-2.2.20-ow1/net/ipv4/ip_fw.c linux-2.2.20-hap-2/net/ipv4/ip_fw.c
1923 --- linux-2.2.20-ow1/net/ipv4/ip_fw.c Sun Mar 25 11:31:12 2001
1924 +++ linux-2.2.20-hap-2/net/ipv4/ip_fw.c Fri Nov 9 19:16:17 2001
1925 @@ -416,34 +416,83 @@
1926 __u32 *opt = (__u32 *) (ip + 1);
1932 +#ifdef CONFIG_SECURE_NETWORK
1933 + /* log any accepted packet at kern.debug instead of kern.info */
1934 + if (f->simplebranch==FW_ACCEPT ||
1935 + f->simplebranch==FW_REDIRECT ||
1936 + f->simplebranch==FW_MASQUERADE)
1937 + printk(KERN_DEBUG "Packet log: %s ",chainlabel);
1940 printk(KERN_INFO "Packet log: %s ",chainlabel);
1942 printk("%s ",branchname(f->branch,f->simplebranch));
1943 if (f->simplebranch==FW_REDIRECT)
1944 printk("%d ",f->ipfw.fw_redirpt);
1947 +#ifdef CONFIG_SECURE_NETWORK
1948 + if (ip->protocol == IPPROTO_TCP
1949 + && !(ip->frag_off & __constant_htons(IP_OFFSET))) {
1950 + struct tcphdr *tcp = (struct tcphdr *)((__u32 *)ip + ip->ihl);
1951 + printk("%s PROTO=TCP %d.%d.%d.%d:%hu %d.%d.%d.%d:%hu "
1952 + "L=%hu:%hu:%hu S=0x%2.2hX I=%hu:%u:%u F=0x%4.4hX "
1953 + "T=%hu %c%c%c%c%c%c",
1955 + NIPQUAD(ip->saddr), src_port,
1956 + NIPQUAD(ip->daddr), dst_port,
1957 + ntohs(ip->tot_len), ntohs(ip->tot_len) - ip->ihl*4,
1958 + ntohs(ip->tot_len) - ip->ihl*4 - tcp->doff*4,
1959 + ip->tos, ntohs(ip->id), ntohl(tcp->seq),
1960 + ntohl(tcp->ack_seq), ip->frag_off, ip->ttl,
1961 + tcp->ack ? 'A' : '.',
1962 + tcp->syn ? 'S' : '.',
1963 + tcp->fin ? 'F' : '.',
1964 + tcp->rst ? 'R' : '.',
1965 + tcp->psh ? 'P' : '.',
1966 + tcp->urg ? 'U' : '.' );
1967 + } else if (ip->protocol == IPPROTO_UDP
1968 + && !(ip->frag_off & __constant_htons(IP_OFFSET))) {
1969 + struct udphdr *udp = (struct udphdr *)((__u32 *)ip + ip->ihl);
1970 + printk("%s PROTO=UDP %d.%d.%d.%d:%hu %d.%d.%d.%d:%hu "
1971 + "L=%hu:%u S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu",
1973 + NIPQUAD(ip->saddr), src_port,
1974 + NIPQUAD(ip->daddr), dst_port,
1975 + ntohs(ip->tot_len), ntohs(udp->len),
1976 + ip->tos, ntohs(ip->id), ip->frag_off, ip->ttl);
1977 + } else if (ip->protocol == IPPROTO_ICMP
1978 + && !(ip->frag_off & __constant_htons(IP_OFFSET))) {
1979 + struct icmphdr *icmp = (struct icmphdr *)((__u32 *)ip + ip->ihl);
1980 + printk("%s PROTO=ICMP/%d:%d %d.%d.%d.%d %d.%d.%d.%d L=%hu "
1981 + "S=0x%2.2hX I=%hu:%hu:%hu F=0x%4.4hX T=%hu",
1982 + ifname, icmp->type, icmp->code,
1983 + NIPQUAD(ip->saddr),
1984 + NIPQUAD(ip->daddr),
1985 + ntohs(ip->tot_len), ip->tos,
1986 + ntohs(ip->id), ntohs(icmp->un.echo.id),
1987 + ntohs(icmp->un.echo.sequence),
1988 + ip->frag_off, ip->ttl);
1991 printk("%s PROTO=%d %d.%d.%d.%d:%hu %d.%d.%d.%d:%hu"
1992 " L=%hu S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu",
1993 ifname, ip->protocol,
1994 - (ntohl(ip->saddr)>>24)&0xFF,
1995 - (ntohl(ip->saddr)>>16)&0xFF,
1996 - (ntohl(ip->saddr)>>8)&0xFF,
1997 - (ntohl(ip->saddr))&0xFF,
1999 - (ntohl(ip->daddr)>>24)&0xFF,
2000 - (ntohl(ip->daddr)>>16)&0xFF,
2001 - (ntohl(ip->daddr)>>8)&0xFF,
2002 - (ntohl(ip->daddr))&0xFF,
2004 + NIPQUAD(ip->saddr), src_port,
2005 + NIPQUAD(ip->daddr), dst_port,
2006 ntohs(ip->tot_len), ip->tos, ntohs(ip->id),
2007 ntohs(ip->frag_off), ip->ttl);
2008 +#ifdef CONFIG_SECURE_NETWORK
2012 for (opti = 0; opti < (ip->ihl - sizeof(struct iphdr) / 4); opti++)
2013 printk(" O=0x%8.8X", *opt++);
2014 +#ifdef CONFIG_SECURE_NETWORK
2015 + printk(" (#%d)\n", count);
2017 printk(" %s(#%d)\n", syn ? "SYN " : /* "PENANCE" */ "", count);
2021 /* function for checking chain labels for user space. */
2022 diff -urP linux-2.2.20-ow1/net/ipv4/route.c linux-2.2.20-hap-2/net/ipv4/route.c
2023 --- linux-2.2.20-ow1/net/ipv4/route.c Fri Nov 2 11:39:16 2001
2024 +++ linux-2.2.20-hap-2/net/ipv4/route.c Fri Nov 9 19:16:17 2001
2025 @@ -715,12 +715,20 @@
2029 +#ifdef CONFIG_SECURE_LOGGING
2030 + security_alert("redirect from %d.%d.%d.%d/%s to %d.%d.%d.%d ignored; "
2031 + "path = %d.%d.%d.%d -> %d.%d.%d.%d, tos %02x\n",
2032 + "redirects ignored",
2033 + NIPQUAD(old_gw), dev->name, NIPQUAD(new_gw),
2034 + NIPQUAD(saddr), NIPQUAD(daddr), tos);
2036 #ifdef CONFIG_IP_ROUTE_VERBOSE
2037 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
2038 printk(KERN_INFO "Redirect from %X/%s to %X ignored."
2039 "Path = %X -> %X, tos %02x\n",
2040 ntohl(old_gw), dev->name, ntohl(new_gw),
2041 ntohl(saddr), ntohl(daddr), tos);
2046 diff -urP linux-2.2.20-ow1/net/ipv4/tcp_ipv4.c linux-2.2.20-hap-2/net/ipv4/tcp_ipv4.c
2047 --- linux-2.2.20-ow1/net/ipv4/tcp_ipv4.c Sun Mar 25 11:37:41 2001
2048 +++ linux-2.2.20-hap-2/net/ipv4/tcp_ipv4.c Fri Nov 9 19:16:17 2001
2049 @@ -1747,6 +1747,14 @@
2050 len < (th->doff * 4))
2053 +#ifdef CONFIG_SECURE_NETWORK
2054 + /* Throw out packets with clearly bogus flags. */
2055 + if ( ! (th->ack || th->syn || th->rst) ||
2056 + (th->fin && (th->syn || th->rst) ) ||
2057 + (th->rst && (th->syn || th->urg) ) ||
2058 + (th->syn && th->urg) )
2059 + goto tcp_bad_flags;
2061 #ifdef CONFIG_IP_TRANSPARENT_PROXY
2062 if (IPCB(skb)->redirport)
2063 sk = tcp_v4_proxy_lookup(th->dest, skb->nh.iph->saddr, th->source,
2064 @@ -1762,7 +1770,11 @@
2068 +#ifdef CONFIG_SECURE_NETWORK
2069 + goto tcp_unserved;
2073 if(!ipsec_sk_policy(sk,skb))
2076 @@ -1780,6 +1792,52 @@
2078 __skb_queue_tail(&sk->back_log, skb);
2080 +#ifdef CONFIG_SECURE_NETWORK
2083 + if(net_ratelimit())
2085 + "Packet log: badflag DENY %s PROTO=TCP %d.%d.%d.%d:%d "
2086 + "%d.%d.%d.%d:%d L=%hu:%u:%u S=0x%2.2hX I=%hu:%u:%u "
2087 + "T=%hu %c%c%c%c%c%c\n",
2088 + skb->dev->name, NIPQUAD(skb->nh.iph->saddr), ntohs(th->source),
2089 + NIPQUAD(skb->nh.iph->daddr), ntohs(th->dest),
2090 + ntohs(skb->nh.iph->tot_len), skb->len, skb->len - th->doff*4,
2091 + skb->nh.iph->tos, ntohs(skb->nh.iph->id), ntohl(th->seq),
2092 + ntohl(th->ack_seq), skb->nh.iph->ttl,
2093 + th->ack ? 'A' : '.',
2094 + th->syn ? 'S' : '.',
2095 + th->fin ? 'F' : '.',
2096 + th->rst ? 'R' : '.',
2097 + th->psh ? 'P' : '.',
2098 + th->urg ? 'U' : '.' );
2100 + * This will cause tcp_send_reset to *not* send.
2103 + goto no_tcp_socket;
2106 + if(net_ratelimit())
2108 + "Packet log: unserved DENY %s PROTO=TCP %d.%d.%d.%d:%d "
2109 + "%d.%d.%d.%d:%d L=%hu:%u:%u S=0x%2.2hX "
2110 + "I=%hu:%u:%u T=%hu %c%c%c%c%c%c\n",
2111 + skb->dev->name, NIPQUAD(skb->nh.iph->saddr), ntohs(th->source),
2112 + NIPQUAD(skb->nh.iph->daddr), ntohs(th->dest),
2113 + ntohs(skb->nh.iph->tot_len), skb->len, skb->len - th->doff*4,
2114 + skb->nh.iph->tos, ntohs(skb->nh.iph->id), ntohl(th->seq),
2115 + ntohl(th->ack_seq), skb->nh.iph->ttl,
2116 + th->ack ? 'A' : '.',
2117 + th->syn ? 'S' : '.',
2118 + th->fin ? 'F' : '.',
2119 + th->rst ? 'R' : '.',
2120 + th->psh ? 'P' : '.',
2121 + th->urg ? 'U' : '.' );
2122 +#ifdef CONFIG_SECURE_NET_SBD
2125 +#endif /* CONFIG_SECURE_NETWORK */
2128 tcp_v4_send_reset(skb);
2129 diff -urP linux-2.2.20-ow1/net/ipv4/udp.c linux-2.2.20-hap-2/net/ipv4/udp.c
2130 --- linux-2.2.20-ow1/net/ipv4/udp.c Sun Mar 25 11:37:41 2001
2131 +++ linux-2.2.20-hap-2/net/ipv4/udp.c Fri Nov 9 19:16:17 2001
2132 @@ -1137,6 +1137,14 @@
2135 udp_statistics.UdpNoPorts++;
2136 +#ifdef CONFIG_SECURE_NETWORK
2138 + * This will cause a message for _every_ UDP packet we didn't
2139 + * ask for, _including_ broadcasts. If you don't care about
2140 + * broadcasts, move the following line inside the if { .. } below.
2142 + goto udp_unserved_port;
2144 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
2147 @@ -1145,9 +1153,29 @@
2153 udp_deliver(sk, skb);
2156 +#ifdef CONFIG_SECURE_NETWORK
2159 + if(net_ratelimit())
2161 + "Packet log: unserved DENY %s PROTO=UDP %d.%d.%d.%d:%d %d.%d.%d.%d:%d "
2162 + "L=%hu:%u S=0x%2.2hX I=%hu T=%hu\n",
2163 + skb->dev->name, NIPQUAD(saddr), ntohs(uh->source),
2164 + NIPQUAD(daddr), ntohs(uh->dest), ntohs(skb->nh.iph->tot_len),
2165 + ntohs(uh->len), skb->nh.iph->tos, ntohs(skb->nh.iph->id),
2166 + skb->nh.iph->ttl);
2167 +#ifndef CONFIG_SECURE_NET_SBD
2168 + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
2173 +#endif /* CONFIG_SECURE_NETWORK */
2177 diff -urP linux-2.2.20-ow1/security/Common.in linux-2.2.20-hap-2/security/Common.in
2178 --- linux-2.2.20-ow1/security/Common.in Sat Nov 3 13:14:57 2001
2179 +++ linux-2.2.20-hap-2/security/Common.in Fri Nov 9 19:16:17 2001
2182 bool 'Restricted links in /tmp' CONFIG_SECURE_LINK
2183 bool 'Restricted FIFOs in /tmp' CONFIG_SECURE_FIFO
2184 +if [ "$CONFIG_SECURE_LINK" = "y" -o "CONFIG_SECURE_FIFO" = "y" ]; then
2185 + bool 'Allow links/fifos in non-world-writable +t dirs' CONFIG_SECURE_NOTSOMUCH
2187 bool 'Restricted /proc' CONFIG_SECURE_PROC
2188 bool 'Special handling of fd 0, 1, and 2' CONFIG_SECURE_FD_0_1_2
2189 bool 'Enforce RLIMIT_NPROC on execve(2)' CONFIG_SECURE_RLIMIT_NPROC
2190 if [ "$CONFIG_SYSVIPC" = "y" ]; then
2191 bool 'Destroy shared memory segments not in use' CONFIG_SECURE_SHM
2193 +bool 'Unofficial bugfixes' CONFIG_SECURE_BUGFIX
2194 +bool 'Extra logging of unusual events' CONFIG_SECURE_LOGGING
2195 +bool 'Paranoid networking' CONFIG_SECURE_NETWORK
2196 +if [ "$CONFIG_SECURE_NETWORK" = "y" ]; then
2197 + bool 'Blackhole networking' CONFIG_SECURE_NET_SBD
2199 +bool 'Restricted chroot' CONFIG_SECURE_CHROOT
2200 +bool 'Restricted ptrace' CONFIG_SECURE_TRACE
2201 +if [ "$CONFIG_SECURE_TRACE" == "y" ]; then
2202 + bool ' Allow special group' CONFIG_SECURE_TRACE_USERGROUP
2204 +if [ "$CONFIG_SYSCTL" == "y" ]; then
2205 + bool 'Security Sysctl Support' CONFIG_SECURE_SYSCTL