[packages/kernel.git] / linux-2.4.20-grsecurity-1.9.9c-kmem.patch

diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
--- linux-2.4.20.org/drivers/char/mem.c	Mon Feb 17 10:01:43 2003
+++ linux-2.4.20/drivers/char/mem.c	Mon Feb 17 10:04:57 2003
@@ -115,8 +115,10 @@
 	unsigned long end_mem;
 
 #ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_enable_kmem){
 	gr_handle_mem_write();
 	return -EPERM;
+}
 #endif
 
 	end_mem = __pa(high_memory);
@@ -192,8 +192,10 @@
 	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
 
 #ifdef CONFIG_GRKERNSEC_KMEM
+if (grsec_enable_kmem){
 	if (gr_handle_mem_mmap(offset, vma))
 		return -EPERM;
+}
 #endif
 
 
@@ -297,8 +297,10 @@
 	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
 
 #ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_enable_kmem){
 	gr_handle_kmem_write();
 	return -EPERM;
+}
 #endif
 
 	if (p < (unsigned long) high_memory) {
@@ -534,8 +534,10 @@
 static int open_port(struct inode * inode, struct file * filp)
 {
 #ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_enable_kmem){
 	gr_handle_open_port();
 	return -EPERM;
+}
 #endif
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }
diff -Nur linux-2.4.20.org/grsecurity/grsec_init.c linux-2.4.20/grsecurity/grsec_init.c
--- linux-2.4.20.org/grsecurity/grsec_init.c	Mon Feb 17 10:01:44 2003
+++ linux-2.4.20/grsecurity/grsec_init.c	Mon Feb 17 10:05:54 2003
@@ -45,6 +45,7 @@
 int grsec_socket_client_gid;
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
+int grsec_enable_kmem;
 int grsec_lock;
 
 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
@@ -194,6 +195,9 @@
 grsec_enable_socket_server = 1;
 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+grsec_enable_kmem = 1;
+#endif
 #endif
 
 return;
diff -Nur linux-2.4.20.org/include/linux/grsecurity.h linux-2.4.20/include/linux/grsecurity.h
--- linux-2.4.20.org/include/linux/grsecurity.h	Mon Feb 17 10:01:44 2003
+++ linux-2.4.20/include/linux/grsecurity.h	Mon Feb 17 10:12:15 2003
@@ -161,6 +161,7 @@
 extern int grsec_enable_randsrc;
 extern int grsec_enable_randping;
 extern int grsec_enable_randrpc;
+extern int grsec_enable_kmem;
 #endif
 
 #endif
diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
--- linux-2.4.20.org/kernel/sysctl.c	Mon Feb 17 10:01:44 2003
+++ linux-2.4.20/kernel/sysctl.c	Mon Feb 17 10:11:13 2003
@@ -283,7 +283,7 @@
 GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_FINDTASK, GS_LOCK};
+GS_FINDTASK, GS_LOCK, GS_KMEM};
 
 static ctl_table grsecurity_table[] = {
 	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
@@ -453,6 +453,10 @@
 	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
 	 sizeof (int), 0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+	{GS_FINDTASK, "kmem", &grsec_enable_kmem, 
+	 sizeof (int), 0600, NULL, &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 #endif
Commit	Line	Data
3839c557	1	diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
	2	--- linux-2.4.20.org/drivers/char/mem.c Mon Feb 17 10:01:43 2003
	3	+++ linux-2.4.20/drivers/char/mem.c Mon Feb 17 10:04:57 2003
02ec6ab1	4	@@ -115,8 +115,10 @@
3839c557	5	unsigned long end_mem;
3839c557	6
02ec6ab1	7	#ifdef CONFIG_GRKERNSEC_KMEM
3839c557	8	+if(grsec_enable_kmem){
	9	gr_handle_mem_write();
	10	return -EPERM;
3839c557	11	+}
2d9da621	12	#endif
3839c557	13
3839c557	14	end_mem = __pa(high_memory);
02ec6ab1	15	@@ -192,8 +192,10 @@
3839c557	16	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
3839c557	17
02ec6ab1	18	#ifdef CONFIG_GRKERNSEC_KMEM
3839c557	19	+if (grsec_enable_kmem){
	20	if (gr_handle_mem_mmap(offset, vma))
	21	return -EPERM;
3839c557	22	+}
02ec6ab1	23	#endif
3839c557	24
3839c557	25
02ec6ab1	26	@@ -297,8 +297,10 @@
3839c557	27	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
3839c557	28
02ec6ab1	29	#ifdef CONFIG_GRKERNSEC_KMEM
3839c557	30	+if(grsec_enable_kmem){
	31	gr_handle_kmem_write();
	32	return -EPERM;
3839c557	33	+}
02ec6ab1	34	#endif
3839c557	35
3839c557	36	if (p < (unsigned long) high_memory) {
02ec6ab1	37	@@ -534,8 +534,10 @@
3839c557	38	static int open_port(struct inode * inode, struct file * filp)
3839c557	39	{
02ec6ab1	40	#ifdef CONFIG_GRKERNSEC_KMEM
3839c557	41	+if(grsec_enable_kmem){
	42	gr_handle_open_port();
	43	return -EPERM;
3839c557	44	+}
02ec6ab1	45	#endif
3839c557	46	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
3839c557	47	}
3839c557	48	diff -Nur linux-2.4.20.org/grsecurity/grsec_init.c linux-2.4.20/grsecurity/grsec_init.c
	49	--- linux-2.4.20.org/grsecurity/grsec_init.c Mon Feb 17 10:01:44 2003
	50	+++ linux-2.4.20/grsecurity/grsec_init.c Mon Feb 17 10:05:54 2003
	51	@@ -45,6 +45,7 @@
	52	int grsec_socket_client_gid;
	53	int grsec_enable_socket_server;
	54	int grsec_socket_server_gid;
	55	+int grsec_enable_kmem;
	56	int grsec_lock;
	57
	58	spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
	59	@@ -194,6 +195,9 @@
	60	grsec_enable_socket_server = 1;
	61	grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
	62	#endif
	63	+#ifdef CONFIG_GRKERNSEC_KMEM
	64	+grsec_enable_kmem = 1;
	65	+#endif
	66	#endif
	67
	68	return;
	69	diff -Nur linux-2.4.20.org/include/linux/grsecurity.h linux-2.4.20/include/linux/grsecurity.h
	70	--- linux-2.4.20.org/include/linux/grsecurity.h Mon Feb 17 10:01:44 2003
	71	+++ linux-2.4.20/include/linux/grsecurity.h Mon Feb 17 10:12:15 2003
	72	@@ -161,6 +161,7 @@
	73	extern int grsec_enable_randsrc;
	74	extern int grsec_enable_randping;
	75	extern int grsec_enable_randrpc;
	76	+extern int grsec_enable_kmem;
	77	#endif
	78
	79	#endif
	80	diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
	81	--- linux-2.4.20.org/kernel/sysctl.c Mon Feb 17 10:01:44 2003
	82	+++ linux-2.4.20/kernel/sysctl.c Mon Feb 17 10:11:13 2003
	83	@@ -283,7 +283,7 @@
	84	GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
	85	GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
	86	GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
	87	-GS_FINDTASK, GS_LOCK};
	88	+GS_FINDTASK, GS_LOCK, GS_KMEM};
	89
	90	static ctl_table grsecurity_table[] = {
	91	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
	92	@@ -453,6 +453,10 @@
	93	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
	94	sizeof (int), 0600, NULL, &proc_dointvec},
	95	#endif
	96	+#ifdef CONFIG_GRKERNSEC_KMEM
	97	+ {GS_FINDTASK, "kmem", &grsec_enable_kmem,
	98	+ sizeof (int), 0600, NULL, &proc_dointvec},
	99	+#endif
	100	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
	101	&proc_dointvec},
	102	#endif