4 fix from pax patch for 2.6.23+
5 diff -urp a/grsecurity/gracl.c c/grsecurity/gracl.c
6 --- a/grsecurity/gracl.c 2007-12-10 23:52:36.040492750 +0100
7 +++ c/grsecurity/gracl.c 2007-12-11 00:32:38.094611750 +0100
8 @@ -329,7 +329,7 @@ to_gr_audit(const __u32 reqmode)
9 /* masks off auditable permission flags, then shifts them to create
10 auditing flags, and adds the special case of append auditing if
11 we're requesting write */
12 - return (((reqmode & GR_AUDIT_READ) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
13 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
16 struct acl_subject_label *
17 @@ -519,6 +519,35 @@ lookup_name_entry(const char *name)
21 +static struct name_entry *
22 +lookup_name_entry_create(const char *name)
24 + unsigned int len = strlen(name);
25 + unsigned int key = full_name_hash(name, len);
26 + unsigned int index = key % name_set.n_size;
27 + struct name_entry *match;
29 + match = name_set.n_hash[index];
31 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
33 + match = match->next;
35 + if (match && match->deleted)
38 + match = name_set.n_hash[index];
40 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
42 + match = match->next;
44 + if (match && !match->deleted)
50 static struct inodev_entry *
51 lookup_inodev_entry(const ino_t ino, const dev_t dev)
53 @@ -584,7 +613,7 @@ insert_acl_role_label(struct acl_role_la
57 -insert_name_entry(char *name, const ino_t inode, const dev_t device)
58 +insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
60 struct name_entry **curr, *nentry;
61 struct inodev_entry *ientry;
62 @@ -613,6 +642,7 @@ insert_name_entry(char *name, const ino_
63 nentry->inode = inode;
64 nentry->device = device;
66 + nentry->deleted = deleted;
69 curr = &name_set.n_hash[index];
70 @@ -975,7 +1005,7 @@ copy_user_objs(struct acl_object_label *
72 insert_acl_obj_label(o_tmp, subj);
73 if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
75 + o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
78 ret = copy_user_glob(o_tmp);
79 @@ -1270,7 +1300,7 @@ do_copy_user_subj(struct acl_subject_lab
82 if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
84 + s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
85 return ERR_PTR(-ENOMEM);
88 @@ -1969,7 +1999,7 @@ gr_check_create(const struct dentry * ne
91 path = gr_to_filename_rbac(new_dentry, mnt);
92 - match = lookup_name_entry(path);
93 + match = lookup_name_entry_create(path);
97 @@ -2334,7 +2364,7 @@ gr_set_proc_label(const struct dentry *d
101 -do_handle_delete(const ino_t ino, const dev_t dev)
102 +do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
104 struct acl_object_label *matchpo;
105 struct acl_subject_label *matchps;
106 @@ -2355,18 +2385,23 @@ do_handle_delete(const ino_t ino, const
107 matchps->mode |= GR_DELETED;
108 FOR_EACH_ROLE_END(role,i)
110 + inodev->nentry->deleted = 1;
116 gr_handle_delete(const ino_t ino, const dev_t dev)
118 + struct inodev_entry *inodev;
120 if (unlikely(!(gr_status & GR_READY)))
123 write_lock(&gr_inode_lock);
124 - if (unlikely((unsigned long)lookup_inodev_entry(ino, dev)))
125 - do_handle_delete(ino, dev);
126 + inodev = lookup_inodev_entry(ino, dev);
127 + if (inodev != NULL)
128 + do_handle_delete(inodev, ino, dev);
129 write_unlock(&gr_inode_lock);
132 @@ -2460,11 +2495,12 @@ update_inodev_entry(const ino_t oldinode
133 match = inodev_set.i_hash[index];
135 while (match && (match->nentry->inode != oldinode ||
136 - match->nentry->device != olddevice))
137 + match->nentry->device != olddevice || !match->nentry->deleted))
140 if (match && (match->nentry->inode == oldinode)
141 - && (match->nentry->device == olddevice)) {
142 + && (match->nentry->device == olddevice) &&
143 + match->nentry->deleted) {
144 if (match->prev == NULL) {
145 inodev_set.i_hash[index] = match->next;
146 if (match->next != NULL)
147 @@ -2478,6 +2514,7 @@ update_inodev_entry(const ino_t oldinode
149 match->nentry->inode = newinode;
150 match->nentry->device = newdevice;
151 + match->nentry->deleted = 0;
153 insert_inodev_entry(match);
155 @@ -2546,6 +2583,7 @@ gr_handle_rename(struct inode *old_dir,
156 struct vfsmount *mnt, const __u8 replace)
158 struct name_entry *matchn;
159 + struct inodev_entry *inodev;
161 if (unlikely(!(gr_status & GR_READY)))
163 @@ -2559,17 +2597,17 @@ gr_handle_rename(struct inode *old_dir,
165 write_lock(&gr_inode_lock);
166 if (unlikely(replace && new_dentry->d_inode)) {
167 - if (unlikely(lookup_inodev_entry(new_dentry->d_inode->i_ino,
168 - new_dentry->d_inode->i_sb->s_dev) &&
169 - (old_dentry->d_inode->i_nlink <= 1)))
170 - do_handle_delete(new_dentry->d_inode->i_ino,
171 + inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino,
172 + new_dentry->d_inode->i_sb->s_dev);
173 + if (inodev != NULL && (new_dentry->d_inode->i_nlink<= 1))
174 + do_handle_delete(inodev, new_dentry->d_inode->i_ino,
175 new_dentry->d_inode->i_sb->s_dev);
178 - if (unlikely(lookup_inodev_entry(old_dentry->d_inode->i_ino,
179 - old_dentry->d_inode->i_sb->s_dev) &&
180 - (old_dentry->d_inode->i_nlink <= 1)))
181 - do_handle_delete(old_dentry->d_inode->i_ino,
182 + inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino,
183 + old_dentry->d_inode->i_sb->s_dev);
184 + if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
185 + do_handle_delete(inodev, old_dentry->d_inode->i_ino,
186 old_dentry->d_inode->i_sb->s_dev);
188 if (unlikely((unsigned long)matchn))
189 diff -urp a/include/linux/gracl.h c/include/linux/gracl.h
190 --- a/include/linux/gracl.h 2007-12-10 23:52:36.116497500 +0100
191 +++ c/include/linux/gracl.h 2007-12-11 00:31:52.947790250 +0100
192 @@ -52,6 +52,7 @@ struct name_entry {
197 struct name_entry *prev;
198 struct name_entry *next;
200 diff -upr a/grsecurity/gracl_cap.c c/grsecurity/gracl_cap.c
201 --- a/grsecurity/gracl_cap.c 2007-12-01 00:54:57.312774500 +0000
202 +++ c/grsecurity/gracl_cap.c 2007-12-01 01:09:34.923621750 +0000
203 @@ -111,3 +111,10 @@ gr_is_capable_nolog(const int cap)
208 +gr_log_cap_x(const int cap)
210 + if (gr_acl_is_enabled())
211 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, current, captab_log[cap]);
214 diff -upr a/grsecurity/grsec_sock.c c/grsecurity/grsec_sock.c
215 --- a/grsecurity/grsec_sock.c 2007-12-01 00:54:57.316774750 +0000
216 +++ c/grsecurity/grsec_sock.c 2007-12-01 01:09:34.923621750 +0000
217 @@ -251,13 +251,24 @@ __u32
218 gr_cap_rtnetlink(void)
220 #ifdef CONFIG_GRKERNSEC
221 + struct acl_subject_label *curracl;
222 + __u32 cap_drop = 0, cap_mask = 0;
224 if (!gr_acl_is_enabled())
225 return current->cap_effective;
226 - else if (cap_raised(current->cap_effective, CAP_NET_ADMIN) &&
227 - gr_task_is_capable(current, CAP_NET_ADMIN))
228 - return current->cap_effective;
232 + curracl = current->acl;
234 + cap_drop = curracl->cap_lower;
235 + cap_mask = curracl->cap_mask;
237 + while ((curracl = curracl->parent_subject)) {
238 + cap_drop |= curracl->cap_lower & \
239 + (cap_mask & ~curracl->cap_mask);
240 + cap_mask |= curracl->cap_mask;
242 + return (current->cap_effective & ~(cap_drop & cap_mask));
245 return current->cap_effective;
247 diff -upr a/include/linux/grsecurity.h c/include/linux/grsecurity.h
248 --- a/include/linux/grsecurity.h 2007-12-01 00:54:57.224769000 +0000
249 +++ c/include/linux/grsecurity.h 2007-12-01 01:09:34.923621750 +0000
250 @@ -62,6 +62,7 @@ void gr_log_semrm(const uid_t uid, const
251 void gr_log_shmget(const int err, const int shmflg, const size_t size);
252 void gr_log_shmrm(const uid_t uid, const uid_t cuid);
253 void gr_log_textrel(struct vm_area_struct *vma);
254 +void gr_log_cap_x(const int cap);
256 int gr_handle_follow_link(const struct inode *parent,
257 const struct inode *inode,
258 diff -upr a/security/commoncap.c c/security/commoncap.c
259 --- a/security/commoncap.c 2007-12-01 00:54:57.300773750 +0000
260 +++ c/security/commoncap.c 2007-12-01 01:09:34.923621750 +0000
263 int cap_netlink_recv(struct sk_buff *skb, int cap)
265 - if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))
266 + if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) {
267 +#ifdef CONFIG_GRKERNSEC
275 --- linux/include/asm-x86_64/processor.h 2008-01-24 23:58:37.000000000 +0100
276 +++ linux-pax/include/asm-x86_64/processor.h 2008-01-25 15:28:01.000000000 +0100
277 @@ -142,7 +142,7 @@ static inline void clear_in_cr4 (unsigne
278 /* This decides where the kernel will search for a free chunk of vm
279 * space during mmap's.
281 -#define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? 0xc0000000 : 0xFFFFe000)
282 +#define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? 0xc0000000 : 0xFFFFf000)
284 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? IA32_PAGE_OFFSET : TASK_SIZE64)
285 #define TASK_SIZE_OF(child) ((test_tsk_thread_flag(child, TIF_IA32)) ? IA32_PAGE_OFFSET : TASK_SIZE64)