diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
--- linux-2.4.20.org/drivers/char/mem.c	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/drivers/char/mem.c	Sat Feb  1 11:44:42 2003
@@ -115,10 +115,10 @@
 	unsigned long p = *ppos;
 	unsigned long end_mem;
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_secure_kmem){
 	gr_handle_mem_write();
 	return -EPERM;
-#endif
+}
 
 	end_mem = __pa(high_memory);
 	if (p >= end_mem)
@@ -192,10 +192,10 @@
 {
 	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+if (grsec_secure_kmem){
 	if (gr_handle_mem_mmap(offset, vma))
 		return -EPERM;
-#endif
+}
 
 
 	/*
@@ -297,10 +297,10 @@
 	ssize_t virtr = 0;
 	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_secure_kmem){
 	gr_handle_kmem_write();
 	return -EPERM;
-#endif
+}
 
 	if (p < (unsigned long) high_memory) {
 		wrote = count;
@@ -534,10 +534,10 @@
 
 static int open_port(struct inode * inode, struct file * filp)
 {
-#ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_secure_kmem){
 	gr_handle_open_port();
 	return -EPERM;
-#endif
+}
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }
 
diff -Nur linux-2.4.20.org/grsecurity/grsecurity.c linux-2.4.20/grsecurity/grsecurity.c
--- linux-2.4.20.org/grsecurity/grsecurity.c	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/grsecurity/grsecurity.c	Sat Feb  1 11:40:46 2003
@@ -56,6 +56,7 @@
 int grsec_socket_client_gid;
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
+int grsec_secure_kmem;
 int grsec_lock;
 
 /* 
@@ -174,6 +175,9 @@
 grsec_enable_socket_server = 1;
 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+grsec_secure_kmem = 1;
+#endif
 #endif
 
 return;
diff -Nur linux-2.4.20.org/include/linux/grinternal.h linux-2.4.20/include/linux/grinternal.h
--- linux-2.4.20.org/include/linux/grinternal.h	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/include/linux/grinternal.h	Sat Feb  1 11:39:19 2003
@@ -63,6 +63,7 @@
 extern int grsec_enable_audit_ipc;
 extern int grsec_enable_mount;
 extern int grsec_enable_chdir;
+extern int grsec_secure_kmem;
 extern int grsec_lock;
 
 extern struct task_struct *child_reaper;
diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
--- linux-2.4.20.org/kernel/sysctl.c	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/kernel/sysctl.c	Sat Feb  1 11:40:06 2003
@@ -281,7 +281,7 @@
 GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_FINDTASK, GS_LOCK};
+GS_FINDTASK, GS_LOCK, GS_KMEM};
 
 static ctl_table grsecurity_table[] = {
 	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
@@ -443,6 +443,10 @@
 	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
 	 sizeof (int), 0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+	{GS_FINDTASK, "kmem", &grsec_secure_kmem, 
+	 sizeof (int), 0600, NULL, &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 #endif