--- linux-2.4.19/kernel/sysctl.c.org Thu Sep 26 19:41:20 2002 +++ linux-2.4.19/kernel/sysctl.c Mon Sep 30 14:21:12 2002 @@ -285,7 +285,8 @@ GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, -GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK}; +GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_PAXNOEXEC, GS_PAXPAGEEXEC, GS_PAXSEGMEXEC, +GS_PAXEMUTRAMP, GS_PAXMPROTECT, GS_PAXASLR, GS_PAXRANDEXEC, GS_LOCK}; static ctl_table grsecurity_table[] = { {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler}, @@ -439,6 +440,34 @@ {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, sizeof (int), 0600, NULL, &proc_dointvec}, #endif +#ifdef CONFIG_GRKERNSEC_PAX_NOEXEC + {GS_PAXNOEXEC, "pax_noexec", &grsec_pax_noexec, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif +#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC + {GS_PAXPAGEEXEC, "pax_pageexec", &grsec_pax_pageexec, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif +#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC + {GS_PAXSEGMEXEC, "pax_segmexec", &grsec_pax_segmexec, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP + {GS_PAXEMUTRAMP, "pax_emutramp", &grsec_pax_emutramp, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT + {GS_PAXMPROTECT, "pax_mprotect", &grsec_pax_mprotect, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif +#ifdef CONFIG_GRKERNSEC_PAX_ASLR + {GS_PAXASLR, "pax_aslr", &grsec_pax_aslr, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif +#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC + {GS_PAXRANDEXEC, "pax_randexec", &grsec_pax_randexec, + sizeof (int), 0600, NULL, &proc_dointvec}, +#endif {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL, &proc_dointvec}, #endif --- linux-2.4.19/grsecurity/grsecurity.c.org Thu Sep 26 19:41:20 2002 +++ linux-2.4.19/grsecurity/grsecurity.c Mon Sep 30 14:10:09 2002 @@ -53,6 +53,13 @@ int grsec_enable_socket_server = 0; int grsec_socket_server_gid = 0; int grsec_lock = 0; +int grsec_pax_noexec = 0; +int grsec_pax_pageexec = 0; +int grsec_pax_segmexec = 0; +int grsec_pax_emutramp = 0; +int grsec_pax_mprotect = 0; +int grsec_pax_aslr = 0; +int grsec_pax_randexec = 0; /* handle the variables if parts of grsecurity are configured without sysctl @@ -167,6 +172,27 @@ grsec_enable_socket_server = 1; grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID; #endif +#ifdef CONFIG_GRKERNSEC_PAX_NOEXEC +grsec_pax_noexec = 1; +#endif +#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +grsec_pax_pageexec = 1; +#endif +#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +grsec_pax_segmexec = 1; +#endif +#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +grsec_pax_emutramp = 1; +#endif +#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +grsec_pax_mprotect = 1; +#endif +#ifdef CONFIG_GRKERNSEC_PAX_ASLR +grsec_pax_aslr = 1; +#endif +#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +grsec_pax_randexec = 1; +#endif #endif return; --- linux-2.4.19/include/linux/grsecurity.h.org Fri Sep 27 03:42:07 2002 +++ linux-2.4.19/include/linux/grsecurity.h Mon Sep 30 14:27:55 2002 @@ -99,6 +99,13 @@ extern int grsec_enable_audit_ipc; extern int grsec_enable_mount; extern int grsec_enable_chdir; +extern int grsec_pax_noexec; +extern int grsec_pax_pageexec; +extern int grsec_pax_segmexec; +extern int grsec_pax_emutramp; +extern int grsec_pax_mprotect; +extern int grsec_pax_aslr; +extern int grsec_pax_randexec; extern int grsec_lock; extern struct task_struct *child_reaper; --- linux-2.4.19/fs/exec.c.org Tue Oct 1 08:24:12 2002 +++ linux-2.4.19/fs/exec.c Wed Oct 2 09:11:51 2002 @@ -281,11 +281,10 @@ lru_cache_add(page); flush_dcache_page(page); flush_page_to_ram(page); -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC - if (tsk->flags & PF_PAX_PAGEEXEC) +if(grsec_pax_pageexec) + {if (tsk->flags & PF_PAX_PAGEEXEC) set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY_NOEXEC)))); - else -#endif + } set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY)))); tsk->mm->rss++; spin_unlock(&tsk->mm->page_table_lock); @@ -323,11 +322,10 @@ mpnt->vm_end = STACK_TOP; mpnt->vm_flags = VM_STACK_FLAGS; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC - if (!(current->flags & PF_PAX_PAGEEXEC)) +if(grsec_pax_pageexec) + {if (!(current->flags & PF_PAX_PAGEEXEC)) mpnt->vm_page_prot = protection_map[(mpnt->vm_flags | VM_EXEC) & 0x0f]; - else -#endif + } mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x0f]; mpnt->vm_ops = NULL; mpnt->vm_pgoff = 0; @@ -578,29 +576,23 @@ } current->comm[i] = '\0'; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec) current->flags &= ~PF_PAX_PAGEEXEC; -#endif -#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +if(grsec_pax_emutramp) current->flags &= ~PF_PAX_EMUTRAMP; -#endif -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect) current->flags &= ~PF_PAX_MPROTECT; -#endif -#ifdef CONFIG_GRKERNSEC_PAX_ASLR +if(grsec_pax_aslr) current->flags &= ~PF_PAX_RANDMMAP; -#endif -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec) current->flags &= ~PF_PAX_RANDEXEC; -#endif -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec) current->flags &= ~PF_PAX_SEGMEXEC; -#endif flush_thread(); --- linux-2.4.19/fs/binfmt_elf.c.org Tue Oct 1 08:24:12 2002 +++ linux-2.4.19/fs/binfmt_elf.c Wed Oct 2 09:23:08 2002 @@ -447,9 +447,8 @@ struct exec interp_ex; char passed_fileno[6]; -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec) unsigned long load_addr_random = 0UL; -#endif /* Get the exec-header */ elf_ex = *((struct elfhdr *) bprm->buf); @@ -605,30 +604,30 @@ current->mm->end_code = 0; current->mm->mmap = NULL; -#ifdef CONFIG_GRKERNSEC_PAX_ASLR +if(grsec_pax_aslr){ current->mm->delta_mmap = 0UL; current->mm->delta_exec = 0UL; current->mm->delta_stack = 0UL; -#endif +} current->flags &= ~PF_FORKNOEXEC; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if (!(elf_ex.e_flags & EF_PAX_PAGEEXEC)) current->flags |= PF_PAX_PAGEEXEC; -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +if(grsec_pax_emutramp){ if (elf_ex.e_flags & EF_PAX_EMUTRAMP) current->flags |= PF_PAX_EMUTRAMP; -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ if (!(elf_ex.e_flags & EF_PAX_MPROTECT)) current->flags |= PF_PAX_MPROTECT; -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_ASLR +if(grsec_pax_aslr){ if (!(elf_ex.e_flags & EF_PAX_RANDMMAP)) { unsigned long delta; current->flags |= PF_PAX_RANDMMAP; @@ -646,27 +645,27 @@ current->mm->delta_stack = pax_delta_mask(delta, PAGE_SHIFT); #undef pax_delta_mask } -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if (!(elf_ex.e_flags & EF_PAX_SEGMEXEC)) { current->flags &= ~PF_PAX_PAGEEXEC; current->flags |= PF_PAX_SEGMEXEC; -#ifdef CONFIG_GRKERNSEC_PAX_ASLR +if(grsec_pax_aslr){ current->mm->delta_mmap &= 0x07FFFFFFUL; current->mm->delta_exec &= 0x07FFFFFFUL; current->mm->delta_stack &= 0x07FFFFFFUL; -#endif + } } -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if ((elf_ex.e_flags & EF_PAX_RANDEXEC) && (elf_ex.e_type == ET_EXEC) && (current->flags & (PF_PAX_PAGEEXEC | PF_PAX_SEGMEXEC))) current->flags |= PF_PAX_RANDEXEC; -#endif +} elf_entry = (unsigned long) elf_ex.e_entry; @@ -733,7 +732,7 @@ } -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if ((current->flags & PF_PAX_RANDEXEC) && (elf_ex.e_type == ET_EXEC)) { if (current->flags & PF_PAX_PAGEEXEC) error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot & ~PROT_EXEC, elf_flags); @@ -748,7 +747,7 @@ /* PaX: mirror at a randomized base */ down_write(¤t->mm->mmap_sem); -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if (current->flags & PF_PAX_SEGMEXEC) { if (elf_prot & PROT_EXEC) { load_addr_random = do_mmap_pgoff(NULL, 0UL, elf_ppnt->p_memsz, PROT_NONE, MAP_PRIVATE, 0UL); @@ -759,13 +758,13 @@ } else load_addr_random = do_mmap_pgoff(NULL, 0UL, 0UL, elf_prot, MAP_PRIVATE | MAP_MIRROR | MAP_MIRROR2, error); } else -#endif + } load_addr_random = do_mmap_pgoff(NULL, 0UL, 0UL, elf_prot, MAP_PRIVATE | MAP_MIRROR2, error); up_write(¤t->mm->mmap_sem); if (BAD_ADDR(load_addr_random)) continue; } else -#endif +} { error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); if (BAD_ADDR(error)) @@ -781,10 +780,9 @@ load_addr += load_bias; } -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ current->mm->delta_exec = load_addr_random - load_addr; -#endif - +} } k = elf_ppnt->p_vaddr; if (k < start_code) start_code = k; --- linux-2.4.19/fs/binfmt_aout.c.org Tue Oct 1 08:24:12 2002 +++ linux-2.4.19/fs/binfmt_aout.c Wed Oct 2 09:25:46 2002 @@ -315,22 +315,22 @@ compute_creds(bprm); current->flags &= ~PF_FORKNOEXEC; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) { current->flags |= PF_PAX_PAGEEXEC; -#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +if(grsec_pax_emutramp){ if (N_FLAGS(ex) & F_PAX_EMUTRAMP) current->flags |= PF_PAX_EMUTRAMP; -#endif + } -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ if (!(N_FLAGS(ex) & F_PAX_MPROTECT)) current->flags |= PF_PAX_MPROTECT; -#endif +} } -#endif +} #ifdef __sparc__ if (N_MAGIC(ex) == NMAGIC) { --- linux-2.4.19/mm/mprotect.c.org Tue Oct 1 08:24:13 2002 +++ linux-2.4.19/mm/mprotect.c Wed Oct 2 09:30:47 2002 @@ -8,10 +8,10 @@ #include #include -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ #include #include -#endif +} #include #include @@ -252,11 +252,11 @@ return 0; } -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if (!(current->flags & PF_PAX_PAGEEXEC) && (newflags & (VM_READ|VM_WRITE))) newprot = protection_map[(newflags | VM_EXEC) & 0xf]; else -#endif +} newprot = protection_map[newflags & 0xf]; if (start == vma->vm_start) { if (end == vma->vm_end) @@ -275,7 +275,7 @@ return 0; } -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ /* PaX: non-PIC ELF libraries need relocations on their executable segments * therefore we'll grant them VM_MAYWRITE once during their life. * @@ -326,9 +326,9 @@ } while (dyn.d_tag != DT_NULL); return; } -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ static long __sys_mprotect(unsigned long start, size_t len, unsigned long prot); asmlinkage long sys_mprotect(unsigned long start, size_t len, unsigned long prot) @@ -352,9 +352,9 @@ } static long __sys_mprotect(unsigned long start, size_t len, unsigned long prot) -#else +}else asmlinkage long sys_mprotect(unsigned long start, size_t len, unsigned long prot) -#endif + { unsigned long nstart, end, tmp; struct vm_area_struct * vma, * next, * prev; @@ -371,19 +371,19 @@ if (end == start) return 0; -#ifndef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ down_write(¤t->mm->mmap_sem); -#endif +} vma = find_vma_prev(current->mm, start, &prev); error = -ENOMEM; if (!vma || vma->vm_start > start) goto out; -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ if ((current->flags & PF_PAX_MPROTECT) && (prot & PROT_WRITE)) pax_handle_maywrite(vma, start); -#endif +} for (nstart = start ; ; ) { unsigned int newflags; @@ -397,12 +397,12 @@ goto out; } -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */ if ((current->flags & PF_PAX_MPROTECT) && (prot & PROT_WRITE) && (vma->vm_flags & VM_MAYNOTWRITE)) { newflags &= ~VM_MAYWRITE; } -#endif +} if (vma->vm_ops && vma->vm_ops->mprotect) { error = vma->vm_ops->mprotect(vma, newflags); if (error < 0) @@ -441,9 +441,9 @@ } out: -#ifndef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ up_write(¤t->mm->mmap_sem); -#endif +} return error; } --- linux-2.4.19/mm/mmap.c.org Tue Oct 1 08:24:13 2002 +++ linux-2.4.19/mm/mmap.c Wed Oct 2 09:41:32 2002 @@ -209,13 +209,13 @@ _trans(prot, PROT_EXEC, VM_EXEC); flag_bits = -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ _trans(flags, MAP_MIRROR, VM_MIRROR) | -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ _trans(flags, MAP_MIRROR2, VM_MIRROR2) | -#endif +} _trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN) | _trans(flags, MAP_DENYWRITE, VM_DENYWRITE) | @@ -417,13 +417,13 @@ if ( -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ (flags & MAP_MIRROR) || -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ (flags & MAP_MIRROR2) -#else +} 0 #endif ) @@ -437,13 +437,13 @@ if (!vma_m || vma_m->vm_start != pgoff || -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ (vma_m->vm_flags & (VM_MIRROR | VM_MIRRORED)) || -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ (vma_m->vm_flags & (VM_MIRROR2 | VM_MIRRORED2)) || -#endif +} (vma_m->vm_flags & (VM_MIRROR | VM_MIRRORED)) || (!(vma_m->vm_flags & VM_WRITE) && (prot & PROT_WRITE))) @@ -484,47 +484,47 @@ */ vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if (current->flags & PF_PAX_PAGEEXEC) { -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if (!file && !(flags & MAP_MIRROR2)) -#else +} if (!file) -#endif +} vm_flags &= ~VM_EXEC; -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec) if ((current->flags & PF_PAX_MPROTECT) && ((!file && !(flags & MAP_MIRROR2)) || !(prot & PROT_EXEC))) -#else +else if ((current->flags & PF_PAX_MPROTECT) && (!file || !(prot & PROT_EXEC))) -#endif + vm_flags &= ~VM_MAYEXEC; if ((current->flags & PF_PAX_MPROTECT) && file && (prot & PROT_EXEC)) vm_flags &= ~VM_MAYWRITE; -#endif +} } -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if (current->flags & PF_PAX_SEGMEXEC) { if (!file && !(flags & MAP_MIRROR)) vm_flags &= ~VM_EXEC; -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ if ((current->flags & PF_PAX_MPROTECT) && ((!file && !(flags & MAP_MIRROR)) || !(prot & PROT_EXEC))) vm_flags &= ~VM_MAYEXEC; if ((current->flags & PF_PAX_MPROTECT) && file && (prot & PROT_EXEC)) vm_flags &= ~VM_MAYWRITE; -#endif +} } -#endif +} /* mlock MCL_FUTURE? */ if (vm_flags & VM_LOCKED) { @@ -626,11 +626,11 @@ vma->vm_end = addr + len; vma->vm_flags = vm_flags; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if ((file || !(current->flags & PF_PAX_PAGEEXEC)) && (vm_flags & (VM_READ|VM_WRITE))) vma->vm_page_prot = protection_map[(vm_flags | VM_EXEC) & 0x0f]; else -#endif +} vma->vm_page_prot = protection_map[vm_flags & 0x0f]; vma->vm_ops = NULL; @@ -660,15 +660,15 @@ goto free_vma; } -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if (flags & MAP_MIRROR) vma_m->vm_flags |= VM_MIRRORED; -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if (flags & MAP_MIRROR2) vma_m->vm_flags |= VM_MIRRORED2; -#endif +} /* Can addr have changed?? * @@ -741,11 +741,10 @@ { struct vm_area_struct *vma; -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && len > TASK_SIZE/2) return -ENOMEM; - else -#endif +} if (len > TASK_SIZE) return -ENOMEM; @@ -754,10 +753,10 @@ addr = PAGE_ALIGN(addr); vma = find_vma(current->mm, addr); -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && TASK_SIZE/2-len < addr) return -ENOMEM; -#endif +} if (TASK_SIZE - len >= addr && (!vma || addr + len <= vma->vm_start)) @@ -774,11 +773,11 @@ for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) { /* At this point: (!vma || addr < vma->vm_end). */ -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && TASK_SIZE/2-len < addr) return -ENOMEM; else -#endif +} if (TASK_SIZE - len < addr) return -ENOMEM; @@ -1168,21 +1167,21 @@ down_write(&mm->mmap_sem); -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && (len > TASK_SIZE/2 || addr > TASK_SIZE/2-len)) return -EINVAL; -#endif +} ret = do_munmap(mm, addr, len); -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && !ret) { int ret_m = do_munmap(mm, addr + TASK_SIZE/2, len); if (ret_m) ret = ret_m; } -#endif +} up_write(&mm->mmap_sem); return ret; @@ -1244,10 +1243,10 @@ if (current->flags & (PF_PAX_PAGEEXEC | PF_PAX_SEGMEXEC)) flags &= ~VM_EXEC; -#ifdef CONFIG_GRKERNSEC_PAX_MPROTECT +if(grsec_pax_mprotect){ if (current->flags & PF_PAX_MPROTECT) flags &= ~VM_MAYEXEC; -#endif +} #endif /* Can we just expand an old anonymous mapping? */ @@ -1266,11 +1265,10 @@ vma->vm_end = addr + len; vma->vm_flags = flags; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if (!(current->flags & PF_PAX_PAGEEXEC) && (flags & (VM_READ|VM_WRITE))) vma->vm_page_prot = protection_map[(flags | VM_EXEC) & 0x0f]; - else -#endif +} vma->vm_page_prot = protection_map[flags & 0x0f]; vma->vm_ops = NULL; vma->vm_pgoff = 0; --- linux-2.4.19/mm/filemap.c.org Tue Oct 1 08:24:13 2002 +++ linux-2.4.19/mm/filemap.c Wed Oct 2 09:42:41 2002 @@ -2180,10 +2180,10 @@ if (!mapping->a_ops->readpage) return -ENOEXEC; -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ if (current->flags & PF_PAX_PAGEEXEC) vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f]; -#endif +} UPDATE_ATIME(inode); vma->vm_ops = &generic_file_vm_ops; --- linux-2.4.19/arch/i386/mm/fault.c.org Tue Oct 1 08:24:12 2002 +++ linux-2.4.19/arch/i386/mm/fault.c Wed Oct 2 09:49:58 2002 @@ -143,11 +143,11 @@ * bit 1 == 0 means read, 1 means write * bit 2 == 0 means kernel, 1 means user-mode */ -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address) -#else +else asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code) -#endif +} { struct task_struct *tsk; struct mm_struct *mm; @@ -283,21 +283,21 @@ /* User mode accesses just cause a SIGSEGV */ if (error_code & 4) { -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if (current->flags & PF_PAX_SEGMEXEC) { -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if ((error_code == 4) && (regs->eip + TASK_SIZE/2 == address) && pax_handle_read_fault(regs) == 5) return; -#endif +} if (address >= TASK_SIZE/2) { pax_report_fault(regs); do_exit(SIGKILL); } } -#endif +} tsk->thread.cr2 = address; tsk->thread.error_code = error_code; @@ -429,7 +429,7 @@ return; } } -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ /* PaX: called with the page_table_lock spinlock held */ static inline pte_t * pax_get_pte(struct mm_struct *mm, unsigned long address) { @@ -444,7 +444,7 @@ return 0; return pte_offset(pmd, address); } -#endif +} /* * PaX: decide what to do with offenders (regs->eip = fault address) @@ -459,12 +459,12 @@ #if defined(CONFIG_GRKERNSEC_PAX_PAGEEXEC) || defined(CONFIG_GRKERNSEC_PAX_SEGMEXEC) static int pax_handle_read_fault(struct pt_regs *regs) { -#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +if(grsec_pax_emutramp){ static const unsigned char trans[8] = {6, 1, 2, 0, 13, 5, 3, 4}; -#endif +} int err; -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if (current->flags & PF_PAX_RANDEXEC) { unsigned long esp_4; if (regs->eip >= current->mm->start_code && @@ -477,9 +477,9 @@ } } } -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +if(grsec_pax_emutramp){ if (!(current->flags & PF_PAX_EMUTRAMP)) return 1; @@ -589,7 +589,7 @@ } } } -#endif +} return 1; /* PaX in action */ } @@ -634,7 +634,7 @@ } #endif -#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC +if(grsec_pax_pageexec){ /* * PaX: handle the extra page faults or pass it down to the original handler * @@ -670,19 +670,19 @@ /* instruction fetch attempt from a protected page in user mode */ ret = pax_handle_read_fault(regs); switch (ret) { -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ case 5: return 0; -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_EMUTRAMP +if(grsec_pax_emutramp){ case 0: break; case 4: return 0; case 3: case 2: return 1; -#endif +} case 1: default: pax_report_fault(regs); @@ -738,4 +738,4 @@ spin_unlock(&mm->page_table_lock); return 0; } -#endif +} --- linux-2.4.19/kernel/ptrace.c.org Tue Oct 1 08:24:13 2002 +++ linux-2.4.19/kernel/ptrace.c Wed Oct 2 09:52:40 2002 @@ -129,10 +129,10 @@ if (!mm) return 0; -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((tsk->flags & PF_PAX_SEGMEXEC) && (addr >= TASK_SIZE/2)) return 0; -#endif +} down_read(&mm->mmap_sem); /* ignore errors, just check how much was sucessfully transfered */ --- linux-2.4.19/mm/memory.c.org Tue Oct 1 08:24:23 2002 +++ linux-2.4.19/mm/memory.c Wed Oct 2 09:57:25 2002 @@ -1374,43 +1374,43 @@ struct vm_area_struct * vma_m = NULL; #endif -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if (vma->vm_flags & VM_MIRRORED) { address_m = address; vma_m = vma; -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if (vma->vm_flags & VM_MIRRORED2) { address += mm->delta_exec; if (vma->vm_flags & VM_EXEC) address += TASK_SIZE/2; } else -#endif +} address += TASK_SIZE/2; vma = find_vma(mm, address); } else if (vma->vm_flags & VM_MIRROR) { address_m = address; -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if (vma->vm_flags & VM_MIRROR2) { address_m -= mm->delta_exec; if (vma->vm_flags & VM_EXEC) address_m -= TASK_SIZE/2; } else -#endif +} address_m -= TASK_SIZE/2; vma_m = find_vma(mm, address_m); } -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ if (vma && (vma->vm_flags & (VM_MIRROR2 | VM_MIRRORED2)) -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ && !(vma->vm_flags & (VM_MIRROR | VM_MIRRORED)) -#endif +} ) { @@ -1424,19 +1424,19 @@ vma_m = find_vma(mm, address_m); } } -#endif +} /* PaX: sanity checks, to be removed when proved to be stable */ #if defined(CONFIG_GRKERNSEC_PAX_SEGMEXEC) || defined(CONFIG_GRKERNSEC_PAX_RANDEXEC) if (!vma -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ || (vma->vm_flags & VM_MIRROR) -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ || (vma->vm_flags & VM_MIRROR2) -#endif +} ) { if (!vma || !vma_m) { @@ -1445,17 +1445,17 @@ return 0; } else if ( -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ (!(vma_m->vm_flags & VM_MIRRORED) && -#else +else (1 && -#endif +} -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ !(vma_m->vm_flags & VM_MIRRORED2)) || -#else +else 1) || -#endif +} vma->vm_start > address || vma_m->vm_start > address_m || @@ -1483,17 +1483,17 @@ #if defined(CONFIG_GRKERNSEC_PAX_SEGMEXEC) || defined(CONFIG_GRKERNSEC_PAX_RANDEXEC) if (pte -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ -#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC +if(grsec_pax_randexec){ && (vma->vm_flags & (VM_MIRROR | VM_MIRROR2)) -#else +else && (vma->vm_flags & VM_MIRROR) -#endif +} -#else +else && (vma->vm_flags & VM_MIRROR2) -#endif +} ) { pgd_t *pgd_m; --- linux-2.4.19/mm/mremap.c.org Tue Oct 1 08:24:13 2002 +++ linux-2.4.19/mm/mremap.c Wed Oct 2 09:58:45 2002 @@ -227,11 +227,11 @@ old_len = PAGE_ALIGN(old_len); new_len = PAGE_ALIGN(new_len); -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && (flags & MREMAP_FIXED) && (new_len > TASK_SIZE/2 || new_addr > TASK_SIZE/2-new_len)) goto out; -#endif +} /* new_addr is only valid if MREMAP_FIXED is specified */ if (flags & MREMAP_FIXED) { @@ -274,10 +274,10 @@ if (!vma || vma->vm_start > addr) goto out; -#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +if(grsec_pax_segmexec){ if ((current->flags & PF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MIRRORED)) return -EINVAL; -#endif +} /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr)