]>
Commit | Line | Data |
---|---|---|
037ee48d | 1 | diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c |
2 | --- linux-2.4.20.org/drivers/char/mem.c Sat Feb 1 11:29:04 2003 | |
3 | +++ linux-2.4.20/drivers/char/mem.c Sat Feb 1 11:44:42 2003 | |
4 | @@ -115,10 +115,10 @@ | |
5 | unsigned long p = *ppos; | |
6 | unsigned long end_mem; | |
7 | ||
8 | -#ifdef CONFIG_GRKERNSEC_KMEM | |
9 | +if(grsec_secure_kmem){ | |
10 | gr_handle_mem_write(); | |
11 | return -EPERM; | |
12 | -#endif | |
13 | +} | |
14 | ||
15 | end_mem = __pa(high_memory); | |
16 | if (p >= end_mem) | |
17 | @@ -192,10 +192,10 @@ | |
18 | { | |
19 | unsigned long offset = vma->vm_pgoff << PAGE_SHIFT; | |
20 | ||
21 | -#ifdef CONFIG_GRKERNSEC_KMEM | |
22 | +if (grsec_secure_kmem){ | |
23 | if (gr_handle_mem_mmap(offset, vma)) | |
24 | return -EPERM; | |
25 | -#endif | |
26 | +} | |
27 | ||
28 | ||
29 | /* | |
30 | @@ -297,10 +297,10 @@ | |
31 | ssize_t virtr = 0; | |
32 | char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ | |
33 | ||
34 | -#ifdef CONFIG_GRKERNSEC_KMEM | |
35 | +if(grsec_secure_kmem){ | |
36 | gr_handle_kmem_write(); | |
37 | return -EPERM; | |
38 | -#endif | |
39 | +} | |
40 | ||
41 | if (p < (unsigned long) high_memory) { | |
42 | wrote = count; | |
43 | @@ -534,10 +534,10 @@ | |
44 | ||
45 | static int open_port(struct inode * inode, struct file * filp) | |
46 | { | |
47 | -#ifdef CONFIG_GRKERNSEC_KMEM | |
48 | +if(grsec_secure_kmem){ | |
49 | gr_handle_open_port(); | |
50 | return -EPERM; | |
51 | -#endif | |
52 | +} | |
53 | return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
54 | } | |
55 | ||
56 | diff -Nur linux-2.4.20.org/grsecurity/grsecurity.c linux-2.4.20/grsecurity/grsecurity.c | |
57 | --- linux-2.4.20.org/grsecurity/grsecurity.c Sat Feb 1 11:29:04 2003 | |
58 | +++ linux-2.4.20/grsecurity/grsecurity.c Sat Feb 1 11:40:46 2003 | |
59 | @@ -56,6 +56,7 @@ | |
60 | int grsec_socket_client_gid; | |
61 | int grsec_enable_socket_server; | |
62 | int grsec_socket_server_gid; | |
63 | +int grsec_secure_kmem; | |
64 | int grsec_lock; | |
65 | ||
66 | /* | |
67 | @@ -174,6 +175,9 @@ | |
68 | grsec_enable_socket_server = 1; | |
69 | grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID; | |
70 | #endif | |
71 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
72 | +grsec_secure_kmem = 1; | |
73 | +#endif | |
74 | #endif | |
75 | ||
76 | return; | |
77 | diff -Nur linux-2.4.20.org/include/linux/grinternal.h linux-2.4.20/include/linux/grinternal.h | |
78 | --- linux-2.4.20.org/include/linux/grinternal.h Sat Feb 1 11:29:04 2003 | |
79 | +++ linux-2.4.20/include/linux/grinternal.h Sat Feb 1 11:39:19 2003 | |
80 | @@ -63,6 +63,7 @@ | |
81 | extern int grsec_enable_audit_ipc; | |
82 | extern int grsec_enable_mount; | |
83 | extern int grsec_enable_chdir; | |
84 | +extern int grsec_secure_kmem; | |
85 | extern int grsec_lock; | |
86 | ||
87 | extern struct task_struct *child_reaper; | |
88 | diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c | |
89 | --- linux-2.4.20.org/kernel/sysctl.c Sat Feb 1 11:29:04 2003 | |
90 | +++ linux-2.4.20/kernel/sysctl.c Sat Feb 1 11:40:06 2003 | |
91 | @@ -281,7 +281,7 @@ | |
92 | GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, | |
93 | GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, | |
94 | GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, | |
95 | -GS_FINDTASK, GS_LOCK}; | |
96 | +GS_FINDTASK, GS_LOCK, GS_KMEM}; | |
97 | ||
98 | static ctl_table grsecurity_table[] = { | |
99 | {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler}, | |
100 | @@ -443,6 +443,10 @@ | |
101 | {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, | |
102 | sizeof (int), 0600, NULL, &proc_dointvec}, | |
103 | #endif | |
104 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
105 | + {GS_FINDTASK, "kmem", &grsec_secure_kmem, | |
106 | + sizeof (int), 0600, NULL, &proc_dointvec}, | |
107 | +#endif | |
108 | {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL, | |
109 | &proc_dointvec}, | |
110 | #endif |