]>
Commit | Line | Data |
---|---|---|
2f9addb8 JR |
1 | diff -urPX nopatch linux-2.4.22/Documentation/Configure.help linux-2.4.22-ow1/Documentation/Configure.help |
2 | --- linux-2.4.22/Documentation/Configure.help Mon Aug 25 15:44:39 2003 | |
3 | +++ linux-2.4.22-ow1/Documentation/Configure.help Thu Aug 28 06:23:03 2003 | |
4 | @@ -4200,6 +4200,12 @@ | |
5 | will be called binfmt_elf.o. Saying M or N here is dangerous because | |
6 | some crucial programs on your system might be in ELF format. | |
7 | ||
8 | +ELF binaries with a.out format interpreters or a.out libraries | |
9 | +CONFIG_BINFMT_ELF_AOUT | |
10 | + The kernel may support ELF executables which use an a.out format | |
11 | + interpreter (dynamic linker) and/or a.out shared libraries, in | |
12 | + addition to the usual ELF-ELF setups. You shouldn't need this. | |
13 | + | |
14 | Kernel support for a.out binaries | |
15 | CONFIG_BINFMT_AOUT | |
16 | A.out (Assembler.OUTput) is a set of formats for libraries and | |
17 | @@ -4213,13 +4219,11 @@ | |
18 | warrant removing support. However its removal is a good idea if you | |
19 | wish to ensure that absolutely none of your programs will use this | |
20 | older executable format. If you don't know what to answer at this | |
21 | - point then answer Y. If someone told you "You need a kernel with | |
22 | + point then answer N. If someone told you "You need a kernel with | |
23 | QMAGIC support" then you'll have to say Y here. You may answer M to | |
24 | compile a.out support as a module and later load the module when you | |
25 | want to use a program or library in a.out format. The module will be | |
26 | - called binfmt_aout.o. Saying M or N here is dangerous though, | |
27 | - because some crucial programs on your system might still be in A.OUT | |
28 | - format. | |
29 | + called binfmt_aout.o. | |
30 | ||
31 | OSF/1 v4 readv/writev compatibility | |
32 | CONFIG_OSF4_COMPAT | |
33 | @@ -27486,6 +27490,96 @@ | |
34 | ||
35 | CONFIG_CRYPTO_TEST | |
36 | Quick & dirty crypto test module. | |
37 | + | |
38 | +Non-executable user stack area | |
39 | +CONFIG_HARDEN_STACK | |
40 | + Most buffer overflow exploits are based on overwriting a function's | |
41 | + return address on the stack to point to some arbitrary code, which is | |
42 | + also put onto the stack. If the stack area is non-executable, buffer | |
43 | + overflow vulnerabilities become harder to exploit. However, a few | |
44 | + programs depend on the stack being executable, and might stop working | |
45 | + unless you also enable GCC trampolines autodetection and emulation | |
46 | + below, or enable the stack area execution permission for every such | |
47 | + program separately using chstk.c. If you don't know what all this is | |
48 | + about, or don't care about security that much, say N. | |
49 | + | |
50 | +Autodetect and emulate GCC trampolines | |
51 | +CONFIG_HARDEN_STACK_SMART | |
52 | + GCC generates trampolines on the stack to correctly pass control to | |
53 | + nested functions when calling from outside. Normally, this requires | |
54 | + the stack being executable. When this option is enabled, the kernel | |
55 | + will trap faults resulting from trampoline calls, and will emulate the | |
56 | + trampolines. However, in some cases this autodetection can be fooled | |
57 | + in a buffer overflow exploit, so, if you've got no programs that use | |
58 | + GCC trampolines, it is more secure to disable this option. If you're | |
59 | + too lazy to find that out, answer Y. Note: if you're using glibc 2.0 | |
60 | + (and not libc 5 or glibc 2.1+), you have to say Y here, or the system | |
61 | + won't even boot. | |
62 | + | |
63 | +Restricted links in /tmp | |
64 | +CONFIG_HARDEN_LINK | |
65 | + There's a very common attack that involves a malicious user creating | |
66 | + a symbolic link in /tmp, with a carefully chosen name, pointing at | |
67 | + another user's file. When the victim then writes to that file name, | |
68 | + without the required precautions, they inadvertently write to the | |
69 | + wrong file. Enabling this option reduces the impact of this class of | |
70 | + holes (some get fixed, many others allow for DoS attacks only, most | |
71 | + of the rest become harder to exploit) by preventing a process from | |
72 | + following a link which is in a +t directory, unless the link owner | |
73 | + is trusted (that is, it's the user we're running as or the directory | |
74 | + owner). To prevent from using a hard link in an attack instead, this | |
75 | + option does not allow users to create hard links to files they don't | |
76 | + own, unless they could read and write the file. This might break | |
77 | + things. Say Y if security is more important. | |
78 | + | |
79 | +Restricted FIFOs in /tmp | |
80 | +CONFIG_HARDEN_FIFO | |
81 | + In addition to restricting links, you might also want to restrict | |
82 | + writes into untrusted FIFOs (named pipes), to make data spoofing | |
83 | + attacks harder. Enabling this option disallows writing into FIFOs | |
84 | + not owned by the user in +t directories, unless the owner is the | |
85 | + same as that of the directory or the FIFO is opened without the | |
86 | + O_CREAT flag. | |
87 | + | |
88 | +Restricted /proc | |
89 | +CONFIG_HARDEN_PROC | |
90 | + This option restricts the permissions on directories in /proc so | |
91 | + that non-root users can see their own processes only, and nothing | |
92 | + about active network connections, unless they're in a special group. | |
93 | + This group's id is specified via the gid= mount option, and is 0 by | |
94 | + default. (Note: if you're using identd, you will need to edit the | |
95 | + inetd.conf line to run identd as this special group.) Also, this | |
96 | + disables dmesg(8) for the users. You might want to use this on an ISP | |
97 | + shell server where privacy is an issue. | |
98 | + | |
99 | +Enforce RLIMIT_NPROC on execve(2) | |
100 | +CONFIG_HARDEN_RLIMIT_NPROC | |
101 | + Linux lets you set a limit on how many processes a user can have, via | |
102 | + a setrlimit(2) call with RLIMIT_NPROC. Unfortunately, this limit is | |
103 | + only looked at when a new process is created on fork(2). If a process | |
104 | + changes its UID, it might exceed the limit for its new UID. This is | |
105 | + not a security issue by itself, as changing the UID is a privileged | |
106 | + operation. However, there're privileged programs that want to switch | |
107 | + to a user's context, including setting up some resource limits. The | |
108 | + only fork(2) required (if at all) is done before switching the UID, | |
109 | + and thus doesn't result in a check against RLIMIT_NPROC. Enable this | |
110 | + option to enforce RLIMIT_NPROC on execve(2) calls. | |
111 | + | |
112 | +Destroy shared memory segments not in use | |
113 | +CONFIG_HARDEN_SHM | |
114 | + Linux lets you set resource limits, including on how much memory one | |
115 | + process can consume, via setrlimit(2). Unfortunately, shared memory | |
116 | + segments are allowed to exist without association with any process, | |
117 | + and thus might not be counted against any resource limits. This option | |
118 | + automatically destroys shared memory segments when their attach count | |
119 | + becomes zero after a detach or a process termination. It will also | |
120 | + destroy segments that were created, but never attached to, on exit from | |
121 | + the process. (In case you're curious, the only use left for IPC_RMID is | |
122 | + to immediately destroy an unattached segment.) Of course, this breaks | |
123 | + the way things are defined, so some applications might stop working. | |
124 | + Note that this feature will do you no good unless you also configure | |
125 | + your resource limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most | |
126 | + systems don't need this. | |
127 | ||
128 | # | |
129 | # A couple of things I keep forgetting: | |
130 | diff -urPX nopatch linux-2.4.22/arch/alpha/config.in linux-2.4.22-ow1/arch/alpha/config.in | |
131 | --- linux-2.4.22/arch/alpha/config.in Mon Aug 25 15:44:39 2003 | |
132 | +++ linux-2.4.22-ow1/arch/alpha/config.in Thu Aug 28 06:20:31 2003 | |
133 | @@ -314,6 +314,9 @@ | |
134 | fi | |
135 | ||
136 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
137 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
138 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
139 | +fi | |
140 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
141 | tristate 'Kernel support for Linux/Intel ELF binaries' CONFIG_BINFMT_EM86 | |
142 | source drivers/parport/Config.in | |
143 | @@ -435,6 +438,8 @@ | |
144 | source drivers/usb/Config.in | |
145 | ||
146 | source net/bluetooth/Config.in | |
147 | + | |
148 | +source security/Config.in | |
149 | ||
150 | mainmenu_option next_comment | |
151 | comment 'Kernel hacking' | |
152 | diff -urPX nopatch linux-2.4.22/arch/alpha/defconfig linux-2.4.22-ow1/arch/alpha/defconfig | |
153 | --- linux-2.4.22/arch/alpha/defconfig Fri Jun 13 18:51:29 2003 | |
154 | +++ linux-2.4.22-ow1/arch/alpha/defconfig Thu Aug 28 06:20:31 2003 | |
155 | @@ -72,6 +72,7 @@ | |
156 | # CONFIG_KCORE_AOUT is not set | |
157 | # CONFIG_BINFMT_AOUT is not set | |
158 | CONFIG_BINFMT_ELF=y | |
159 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
160 | # CONFIG_BINFMT_MISC is not set | |
161 | # CONFIG_BINFMT_EM86 is not set | |
162 | ||
163 | @@ -787,6 +788,15 @@ | |
164 | # Bluetooth support | |
165 | # | |
166 | # CONFIG_BLUEZ is not set | |
167 | + | |
168 | +# | |
169 | +# Security | |
170 | +# | |
171 | +CONFIG_HARDEN_LINK=y | |
172 | +CONFIG_HARDEN_FIFO=y | |
173 | +# CONFIG_HARDEN_PROC is not set | |
174 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
175 | +# CONFIG_HARDEN_SHM is not set | |
176 | ||
177 | # | |
178 | # Kernel hacking | |
179 | diff -urPX nopatch linux-2.4.22/arch/arm/config.in linux-2.4.22-ow1/arch/arm/config.in | |
180 | --- linux-2.4.22/arch/arm/config.in Mon Aug 25 15:44:39 2003 | |
181 | +++ linux-2.4.22-ow1/arch/arm/config.in Thu Aug 28 06:25:19 2003 | |
182 | @@ -499,6 +499,9 @@ | |
183 | A.OUT CONFIG_KCORE_AOUT" ELF | |
184 | tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT | |
185 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
186 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
187 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
188 | +fi | |
189 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
190 | dep_bool 'Power Management support (experimental)' CONFIG_PM $CONFIG_EXPERIMENTAL | |
191 | dep_tristate 'RISC OS personality' CONFIG_ARTHUR $CONFIG_CPU_32 | |
192 | @@ -697,6 +700,8 @@ | |
193 | if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then | |
194 | source net/bluetooth/Config.in | |
195 | fi | |
196 | + | |
197 | +source security/Config.in | |
198 | ||
199 | mainmenu_option next_comment | |
200 | comment 'Kernel hacking' | |
201 | diff -urPX nopatch linux-2.4.22/arch/arm/defconfig linux-2.4.22-ow1/arch/arm/defconfig | |
202 | --- linux-2.4.22/arch/arm/defconfig Sun May 20 04:43:05 2001 | |
203 | +++ linux-2.4.22-ow1/arch/arm/defconfig Thu Aug 28 06:20:31 2003 | |
204 | @@ -83,8 +83,9 @@ | |
205 | CONFIG_NWFPE=y | |
206 | CONFIG_KCORE_ELF=y | |
207 | # CONFIG_KCORE_AOUT is not set | |
208 | -CONFIG_BINFMT_AOUT=y | |
209 | +# CONFIG_BINFMT_AOUT is not set | |
210 | CONFIG_BINFMT_ELF=y | |
211 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
212 | # CONFIG_BINFMT_MISC is not set | |
213 | # CONFIG_PM is not set | |
214 | # CONFIG_ARTHUR is not set | |
215 | @@ -499,6 +500,15 @@ | |
216 | # USB support | |
217 | # | |
218 | # CONFIG_USB is not set | |
219 | + | |
220 | +# | |
221 | +# Security | |
222 | +# | |
223 | +CONFIG_HARDEN_LINK=y | |
224 | +CONFIG_HARDEN_FIFO=y | |
225 | +# CONFIG_HARDEN_PROC is not set | |
226 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
227 | +# CONFIG_HARDEN_SHM is not set | |
228 | ||
229 | # | |
230 | # Kernel hacking | |
231 | diff -urPX nopatch linux-2.4.22/arch/cris/config.in linux-2.4.22-ow1/arch/cris/config.in | |
232 | --- linux-2.4.22/arch/cris/config.in Mon Aug 25 15:44:39 2003 | |
233 | +++ linux-2.4.22-ow1/arch/cris/config.in Thu Aug 28 06:20:31 2003 | |
234 | @@ -31,6 +31,9 @@ | |
235 | bool 'Sysctl support' CONFIG_SYSCTL | |
236 | ||
237 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
238 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
239 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
240 | +fi | |
241 | ||
242 | string 'Kernel command line' CONFIG_ETRAX_CMDLINE "root=/dev/mtdblock3" | |
243 | ||
244 | @@ -262,6 +265,8 @@ | |
245 | endmenu | |
246 | ||
247 | source drivers/usb/Config.in | |
248 | + | |
249 | +source security/Config.in | |
250 | ||
251 | mainmenu_option next_comment | |
252 | comment 'Kernel hacking' | |
253 | diff -urPX nopatch linux-2.4.22/arch/cris/defconfig linux-2.4.22-ow1/arch/cris/defconfig | |
254 | --- linux-2.4.22/arch/cris/defconfig Mon Aug 25 15:44:39 2003 | |
255 | +++ linux-2.4.22-ow1/arch/cris/defconfig Thu Aug 28 06:20:31 2003 | |
256 | @@ -18,6 +18,7 @@ | |
257 | # CONFIG_BSD_PROCESS_ACCT is not set | |
258 | # CONFIG_SYSCTL is not set | |
259 | CONFIG_BINFMT_ELF=y | |
260 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
261 | # CONFIG_ETRAX_KGDB is not set | |
262 | # CONFIG_ETRAX_WATCHDOG is not set | |
263 | ||
264 | @@ -513,6 +514,15 @@ | |
265 | # USB support | |
266 | # | |
267 | # CONFIG_USB is not set | |
268 | + | |
269 | +# | |
270 | +# Security | |
271 | +# | |
272 | +CONFIG_HARDEN_LINK=y | |
273 | +CONFIG_HARDEN_FIFO=y | |
274 | +# CONFIG_HARDEN_PROC is not set | |
275 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
276 | +# CONFIG_HARDEN_SHM is not set | |
277 | ||
278 | # | |
279 | # Kernel hacking | |
280 | diff -urPX nopatch linux-2.4.22/arch/i386/config.in linux-2.4.22-ow1/arch/i386/config.in | |
281 | --- linux-2.4.22/arch/i386/config.in Mon Aug 25 15:44:39 2003 | |
282 | +++ linux-2.4.22-ow1/arch/i386/config.in Thu Aug 28 06:20:31 2003 | |
283 | @@ -322,6 +322,9 @@ | |
284 | fi | |
285 | tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT | |
286 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
287 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
288 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
289 | +fi | |
290 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
291 | ||
292 | bool 'Power Management support' CONFIG_PM | |
293 | @@ -461,6 +464,18 @@ | |
294 | source drivers/usb/Config.in | |
295 | ||
296 | source net/bluetooth/Config.in | |
297 | + | |
298 | +mainmenu_option next_comment | |
299 | +comment 'Security options' | |
300 | + | |
301 | +bool 'Non-executable user stack area' CONFIG_HARDEN_STACK | |
302 | +if [ "$CONFIG_HARDEN_STACK" = "y" ]; then | |
303 | + bool ' Autodetect and emulate GCC trampolines' CONFIG_HARDEN_STACK_SMART | |
304 | +fi | |
305 | + | |
306 | +source security/Common.in | |
307 | + | |
308 | +endmenu | |
309 | ||
310 | mainmenu_option next_comment | |
311 | comment 'Kernel hacking' | |
312 | diff -urPX nopatch linux-2.4.22/arch/i386/defconfig linux-2.4.22-ow1/arch/i386/defconfig | |
313 | --- linux-2.4.22/arch/i386/defconfig Fri Nov 29 02:53:09 2002 | |
314 | +++ linux-2.4.22-ow1/arch/i386/defconfig Thu Aug 28 06:20:31 2003 | |
315 | @@ -104,9 +104,10 @@ | |
316 | CONFIG_SYSCTL=y | |
317 | CONFIG_KCORE_ELF=y | |
318 | # CONFIG_KCORE_AOUT is not set | |
319 | -CONFIG_BINFMT_AOUT=y | |
320 | +# CONFIG_BINFMT_AOUT is not set | |
321 | CONFIG_BINFMT_ELF=y | |
322 | -CONFIG_BINFMT_MISC=y | |
323 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
324 | +# CONFIG_BINFMT_MISC is not set | |
325 | CONFIG_PM=y | |
326 | # CONFIG_APM is not set | |
327 | ||
328 | @@ -874,6 +875,17 @@ | |
329 | # Bluetooth support | |
330 | # | |
331 | # CONFIG_BLUEZ is not set | |
332 | + | |
333 | +# | |
334 | +# Security | |
335 | +# | |
336 | +CONFIG_HARDEN_STACK=y | |
337 | +CONFIG_HARDEN_STACK_SMART=y | |
338 | +CONFIG_HARDEN_LINK=y | |
339 | +CONFIG_HARDEN_FIFO=y | |
340 | +# CONFIG_HARDEN_PROC is not set | |
341 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
342 | +# CONFIG_HARDEN_SHM is not set | |
343 | ||
344 | # | |
345 | # Kernel hacking | |
346 | diff -urPX nopatch linux-2.4.22/arch/i386/kernel/head.S linux-2.4.22-ow1/arch/i386/kernel/head.S | |
347 | --- linux-2.4.22/arch/i386/kernel/head.S Fri Jun 13 18:51:29 2003 | |
348 | +++ linux-2.4.22-ow1/arch/i386/kernel/head.S Thu Aug 28 06:20:31 2003 | |
349 | @@ -433,7 +433,11 @@ | |
350 | .quad 0x0000000000000000 /* not used */ | |
351 | .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */ | |
352 | .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */ | |
353 | +#ifdef CONFIG_HARDEN_STACK | |
354 | + .quad 0x00cbfa000000f7ff /* 0x23 user 3GB-8MB code at 0 */ | |
355 | +#else | |
356 | .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */ | |
357 | +#endif | |
358 | .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */ | |
359 | .quad 0x0000000000000000 /* not used */ | |
360 | .quad 0x0000000000000000 /* not used */ | |
361 | diff -urPX nopatch linux-2.4.22/arch/i386/kernel/signal.c linux-2.4.22-ow1/arch/i386/kernel/signal.c | |
362 | --- linux-2.4.22/arch/i386/kernel/signal.c Sat Aug 3 04:39:42 2002 | |
363 | +++ linux-2.4.22-ow1/arch/i386/kernel/signal.c Thu Aug 28 06:20:31 2003 | |
364 | @@ -421,11 +421,15 @@ | |
365 | if (ka->sa.sa_flags & SA_RESTORER) { | |
366 | err |= __put_user(ka->sa.sa_restorer, &frame->pretcode); | |
367 | } else { | |
368 | +#ifdef CONFIG_HARDEN_STACK | |
369 | + err |= __put_user(MAGIC_SIGRETURN, &frame->pretcode); | |
370 | +#else | |
371 | err |= __put_user(frame->retcode, &frame->pretcode); | |
372 | /* This is popl %eax ; movl $,%eax ; int $0x80 */ | |
373 | err |= __put_user(0xb858, (short *)(frame->retcode+0)); | |
374 | err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2)); | |
375 | err |= __put_user(0x80cd, (short *)(frame->retcode+6)); | |
376 | +#endif | |
377 | } | |
378 | ||
379 | if (err) | |
380 | @@ -496,11 +500,15 @@ | |
381 | if (ka->sa.sa_flags & SA_RESTORER) { | |
382 | err |= __put_user(ka->sa.sa_restorer, &frame->pretcode); | |
383 | } else { | |
384 | +#ifdef CONFIG_HARDEN_STACK | |
385 | + err |= __put_user(MAGIC_RT_SIGRETURN, &frame->pretcode); | |
386 | +#else | |
387 | err |= __put_user(frame->retcode, &frame->pretcode); | |
388 | /* This is movl $,%eax ; int $0x80 */ | |
389 | err |= __put_user(0xb8, (char *)(frame->retcode+0)); | |
390 | err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1)); | |
391 | err |= __put_user(0x80cd, (short *)(frame->retcode+5)); | |
392 | +#endif | |
393 | } | |
394 | ||
395 | if (err) | |
396 | diff -urPX nopatch linux-2.4.22/arch/i386/kernel/traps.c linux-2.4.22-ow1/arch/i386/kernel/traps.c | |
397 | --- linux-2.4.22/arch/i386/kernel/traps.c Fri Nov 29 02:53:09 2002 | |
398 | +++ linux-2.4.22-ow1/arch/i386/kernel/traps.c Thu Aug 28 06:20:31 2003 | |
399 | @@ -397,13 +397,202 @@ | |
400 | DO_ERROR(12, SIGBUS, "stack segment", stack_segment) | |
401 | DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, get_cr2()) | |
402 | ||
403 | +#if defined(CONFIG_HARDEN_STACK) && defined(CONFIG_HARDEN_STACK_SMART) | |
404 | +/* | |
405 | + * These two functions aren't performance critical (trampolines are | |
406 | + * extremely rare and slow even without emulation). | |
407 | + */ | |
408 | +static unsigned long *get_reg(struct pt_regs *regs, unsigned char regnum) | |
409 | +{ | |
410 | + switch (regnum) { | |
411 | + case 0: return ®s->eax; | |
412 | + case 1: return ®s->ecx; | |
413 | + case 2: return ®s->edx; | |
414 | + case 3: return ®s->ebx; | |
415 | + case 4: return ®s->esp; | |
416 | + case 5: return ®s->ebp; | |
417 | + case 6: return ®s->esi; | |
418 | + case 7: return ®s->edi; | |
419 | + } | |
420 | + | |
421 | + return NULL; | |
422 | +} | |
423 | + | |
424 | +static unsigned long get_modrm(struct pt_regs *regs, int *err) | |
425 | +{ | |
426 | + unsigned char modrm, sib; | |
427 | + signed char rel8; | |
428 | + unsigned long rel32; | |
429 | + int size, regnum, scale; | |
430 | + unsigned long index, base, addr, value; | |
431 | + | |
432 | + *err |= __get_user(modrm, (unsigned char *)(regs->eip + 1)); | |
433 | + size = 2; | |
434 | + regnum = modrm & 7; | |
435 | + addr = *get_reg(regs, regnum); | |
436 | + if (regnum == 4 && (modrm & 0xC0) != 0xC0) { | |
437 | + *err |= __get_user(sib, (unsigned char *)(regs->eip + 2)); | |
438 | + size = 3; | |
439 | + scale = sib >> 6; | |
440 | + index = *get_reg(regs, (sib >> 3) & 7); | |
441 | + base = *get_reg(regs, sib & 7); | |
442 | + addr = base + (index << scale); | |
443 | + } | |
444 | + | |
445 | + switch (modrm & 0xC0) { | |
446 | + case 0x00: | |
447 | + if (regnum == 5) { | |
448 | + *err |= __get_user(addr, | |
449 | + (unsigned long *)(regs->eip + 2)); | |
450 | + size = 6; | |
451 | + } | |
452 | + *err |= get_user(value, (unsigned long *)addr); | |
453 | + break; | |
454 | + | |
455 | + case 0x40: | |
456 | + *err |= __get_user(rel8, (signed char *)(regs->eip + size)); | |
457 | + size++; | |
458 | + addr += rel8; | |
459 | + *err |= get_user(value, (unsigned long *)addr); | |
460 | + break; | |
461 | + | |
462 | + case 0x80: | |
463 | + *err |= __get_user(rel32, (unsigned long *)(regs->eip + size)); | |
464 | + size += 4; | |
465 | + addr += rel32; | |
466 | + *err |= get_user(value, (unsigned long *)addr); | |
467 | + break; | |
468 | + | |
469 | + case 0xC0: | |
470 | + default: | |
471 | + value = addr; | |
472 | + } | |
473 | + | |
474 | + if (*err) return 0; | |
475 | + regs->eip += size; | |
476 | + return value; | |
477 | +} | |
478 | +#endif | |
479 | + | |
480 | asmlinkage void do_general_protection(struct pt_regs * regs, long error_code) | |
481 | { | |
482 | +#ifdef CONFIG_HARDEN_STACK | |
483 | + unsigned long addr; | |
484 | + unsigned char insn; | |
485 | +#ifdef CONFIG_HARDEN_STACK_SMART | |
486 | + int err, count; | |
487 | +#endif | |
488 | +#endif | |
489 | + | |
490 | if (regs->eflags & VM_MASK) | |
491 | goto gp_in_vm86; | |
492 | ||
493 | if (!(regs->xcs & 3)) | |
494 | goto gp_in_kernel; | |
495 | + | |
496 | +#ifdef CONFIG_HARDEN_STACK | |
497 | + if ((regs->xcs & 0xFFFF) != __USER_CS || | |
498 | + __get_user(insn, (unsigned char *)regs->eip)) | |
499 | + goto gp_in_user; | |
500 | + | |
501 | +/* Check if it was a return instruction */ | |
502 | + if (insn == 0xC3) { | |
503 | + if (get_user(addr, (unsigned long *)regs->esp)) | |
504 | + goto gp_in_user; | |
505 | + | |
506 | +/* Check if it was return from a signal handler */ | |
507 | + if ((addr & 0xFFFFFFFE) == MAGIC_SIGRETURN) { | |
508 | +/* Call sys_sigreturn() or sys_rt_sigreturn() to restore the context */ | |
509 | + regs->esp += 8; | |
510 | + __asm__("movl %3,%%esi\n\t" | |
511 | + "subl %1,%%esp\n\t" | |
512 | + "movl %2,%%ecx\n\t" | |
513 | + "movl %%esp,%%edi\n\t" | |
514 | + "rep; movsl\n\t" | |
515 | + "testl $1,%4\n\t" | |
516 | + "jnz 1f\n\t" | |
517 | + "call sys_sigreturn\n\t" | |
518 | + "leal %3,%%edi\n\t" | |
519 | + "jmp 2f\n\t" | |
520 | + "1:\n\t" | |
521 | + "call sys_rt_sigreturn\n\t" | |
522 | + "leal %3,%%edi\n\t" | |
523 | + "2:\n\t" | |
524 | + "addl %1,%%edi\n\t" | |
525 | + "movl %%esp,%%esi\n\t" | |
526 | + "movl %2,%%ecx\n\t" | |
527 | + "movl (%%edi),%%edi\n\t" | |
528 | + "rep; movsl\n\t" | |
529 | + "movl %%esi,%%esp" | |
530 | + : | |
531 | +/* %eax is returned separately */ | |
532 | + "=a" (regs->eax) | |
533 | + : | |
534 | + "i" (sizeof(*regs)), | |
535 | + "i" (sizeof(*regs) >> 2), | |
536 | + "m" (regs), | |
537 | + "r" (addr) | |
538 | + : | |
539 | + "cx", "dx", "si", "di", "cc", "memory"); | |
540 | + return; | |
541 | + } | |
542 | + | |
543 | +/* | |
544 | + * Check if we're returning to the stack area, which is only likely to happen | |
545 | + * when attempting to exploit a buffer overflow. | |
546 | + */ | |
547 | + if (addr >= PAGE_OFFSET - _STK_LIM && addr < PAGE_OFFSET) | |
548 | + security_alert("return onto stack running as " | |
549 | + "UID %d, EUID %d, process %s:%d", | |
550 | + "returns onto stack", | |
551 | + current->uid, current->euid, | |
552 | + current->comm, current->pid); | |
553 | + } | |
554 | + | |
555 | +#ifdef CONFIG_HARDEN_STACK_SMART | |
556 | +/* Check if it could have been a trampoline call */ | |
557 | + else | |
558 | + if (insn == 0xFF && | |
559 | + !__get_user(insn, (unsigned char *)(regs->eip + 1)) && | |
560 | + (insn & 0x38) == 0x10 && insn != 0xD4) { /* call mod r/m */ | |
561 | +/* First, emulate the call */ | |
562 | + err = 0; | |
563 | + addr = get_modrm(regs, &err); | |
564 | + if (!err) { | |
565 | + regs->esp -= 4; | |
566 | + err = put_user(regs->eip, (unsigned long *)regs->esp); | |
567 | + regs->eip = addr; | |
568 | + } | |
569 | +/* Then, start emulating the trampoline itself */ | |
570 | + count = 0; | |
571 | + while (!err && !__get_user(insn, (unsigned char *)regs->eip++)) | |
572 | + if ((insn & 0xF8) == 0xB8) { /* movl imm32,%reg */ | |
573 | +/* We only have 8 GP registers, no reason to initialize one twice */ | |
574 | + if (count++ >= 8) break; | |
575 | + err |= __get_user(addr, (unsigned long *)regs->eip); | |
576 | + regs->eip += 4; | |
577 | + *get_reg(regs, insn & 7) = addr; | |
578 | + } else | |
579 | + if (insn == 0xFF) { | |
580 | + err |= __get_user(insn, (unsigned char *)regs->eip); | |
581 | + if ((insn & 0xF8) == 0xE0) { /* jmp *%reg */ | |
582 | + regs->eip = *get_reg(regs, insn & 7); | |
583 | + if (err) break; else return; | |
584 | + } | |
585 | + break; | |
586 | + } else | |
587 | + if (insn == 0xE9) { /* jmp rel32 */ | |
588 | + err |= __get_user(addr, (unsigned long *)regs->eip); | |
589 | + if (err) break; | |
590 | + regs->eip += 4 + addr; | |
591 | + return; | |
592 | + } else | |
593 | + break; | |
594 | + } | |
595 | +#endif | |
596 | + | |
597 | +gp_in_user: | |
598 | +#endif | |
599 | ||
600 | current->thread.error_code = error_code; | |
601 | current->thread.trap_no = 13; | |
602 | diff -urPX nopatch linux-2.4.22/arch/ia64/config.in linux-2.4.22-ow1/arch/ia64/config.in | |
603 | --- linux-2.4.22/arch/ia64/config.in Mon Aug 25 15:44:39 2003 | |
604 | +++ linux-2.4.22-ow1/arch/ia64/config.in Thu Aug 28 06:20:31 2003 | |
605 | @@ -97,6 +97,9 @@ | |
606 | bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT | |
607 | bool 'Sysctl support' CONFIG_SYSCTL | |
608 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
609 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
610 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
611 | +fi | |
612 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
613 | ||
614 | if [ "$CONFIG_IA64_HP_SIM" = "n" ]; then | |
615 | @@ -262,6 +265,7 @@ | |
616 | endmenu | |
617 | fi | |
618 | ||
619 | +source security/Config.in | |
620 | ||
621 | mainmenu_option next_comment | |
622 | comment 'Kernel hacking' | |
623 | diff -urPX nopatch linux-2.4.22/arch/ia64/defconfig linux-2.4.22-ow1/arch/ia64/defconfig | |
624 | --- linux-2.4.22/arch/ia64/defconfig Mon Aug 25 15:44:39 2003 | |
625 | +++ linux-2.4.22-ow1/arch/ia64/defconfig Thu Aug 28 06:20:31 2003 | |
626 | @@ -59,6 +59,7 @@ | |
627 | # CONFIG_BSD_PROCESS_ACCT is not set | |
628 | CONFIG_SYSCTL=y | |
629 | CONFIG_BINFMT_ELF=y | |
630 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
631 | # CONFIG_BINFMT_MISC is not set | |
632 | CONFIG_ACPI=y | |
633 | CONFIG_ACPI_EFI=y | |
634 | @@ -960,6 +961,15 @@ | |
635 | # CONFIG_HP_SIMETH is not set | |
636 | # CONFIG_HP_SIMSERIAL is not set | |
637 | # CONFIG_HP_SIMSCSI is not set | |
638 | + | |
639 | +# | |
640 | +# Security | |
641 | +# | |
642 | +CONFIG_HARDEN_LINK=y | |
643 | +CONFIG_HARDEN_FIFO=y | |
644 | +# CONFIG_HARDEN_PROC is not set | |
645 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
646 | +# CONFIG_HARDEN_SHM is not set | |
647 | ||
648 | # | |
649 | # Kernel hacking | |
650 | diff -urPX nopatch linux-2.4.22/arch/ia64/ia32/sys_ia32.c linux-2.4.22-ow1/arch/ia64/ia32/sys_ia32.c | |
651 | --- linux-2.4.22/arch/ia64/ia32/sys_ia32.c Mon Aug 25 15:44:39 2003 | |
652 | +++ linux-2.4.22-ow1/arch/ia64/ia32/sys_ia32.c Thu Aug 28 06:20:31 2003 | |
653 | @@ -109,6 +109,8 @@ | |
654 | *ap++ = (char *) A(addr); | |
655 | arg += sizeof(unsigned int); | |
656 | n++; | |
657 | + if (n >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *)) | |
658 | + return -E2BIG; | |
659 | } while (addr); | |
660 | return n - 1; | |
661 | } | |
662 | diff -urPX nopatch linux-2.4.22/arch/m68k/config.in linux-2.4.22-ow1/arch/m68k/config.in | |
663 | --- linux-2.4.22/arch/m68k/config.in Mon Aug 25 15:44:39 2003 | |
664 | +++ linux-2.4.22-ow1/arch/m68k/config.in Thu Aug 28 06:20:31 2003 | |
665 | @@ -99,6 +99,9 @@ | |
666 | fi | |
667 | tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT | |
668 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
669 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
670 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
671 | +fi | |
672 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
673 | ||
674 | if [ "$CONFIG_AMIGA" = "y" ]; then | |
675 | @@ -549,6 +552,8 @@ | |
676 | source drivers/video/Config.in | |
677 | endmenu | |
678 | fi | |
679 | + | |
680 | +source security/Config.in | |
681 | ||
682 | mainmenu_option next_comment | |
683 | comment 'Kernel hacking' | |
684 | diff -urPX nopatch linux-2.4.22/arch/m68k/defconfig linux-2.4.22-ow1/arch/m68k/defconfig | |
685 | --- linux-2.4.22/arch/m68k/defconfig Mon Jun 19 23:56:08 2000 | |
686 | +++ linux-2.4.22-ow1/arch/m68k/defconfig Thu Aug 28 06:20:31 2003 | |
687 | @@ -44,8 +44,9 @@ | |
688 | CONFIG_SYSCTL=y | |
689 | CONFIG_KCORE_ELF=y | |
690 | # CONFIG_KCORE_AOUT is not set | |
691 | -CONFIG_BINFMT_AOUT=y | |
692 | +# CONFIG_BINFMT_AOUT is not set | |
693 | CONFIG_BINFMT_ELF=y | |
694 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
695 | # CONFIG_BINFMT_MISC is not set | |
696 | CONFIG_ZORRO=y | |
697 | # CONFIG_AMIGA_PCMCIA is not set | |
698 | @@ -322,6 +323,15 @@ | |
699 | CONFIG_FONT_8x8=y | |
700 | CONFIG_FONT_8x16=y | |
701 | CONFIG_FONT_PEARL_8x8=y | |
702 | + | |
703 | +# | |
704 | +# Security | |
705 | +# | |
706 | +CONFIG_HARDEN_LINK=y | |
707 | +CONFIG_HARDEN_FIFO=y | |
708 | +# CONFIG_HARDEN_PROC is not set | |
709 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
710 | +# CONFIG_HARDEN_SHM is not set | |
711 | ||
712 | # | |
713 | # Kernel hacking | |
714 | diff -urPX nopatch linux-2.4.22/arch/mips/config-shared.in linux-2.4.22-ow1/arch/mips/config-shared.in | |
715 | --- linux-2.4.22/arch/mips/config-shared.in Mon Aug 25 15:44:39 2003 | |
716 | +++ linux-2.4.22-ow1/arch/mips/config-shared.in Thu Aug 28 06:20:31 2003 | |
717 | @@ -874,6 +874,9 @@ | |
718 | define_bool CONFIG_KCORE_AOUT n | |
719 | define_bool CONFIG_BINFMT_AOUT n | |
720 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
721 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
722 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
723 | +fi | |
724 | dep_bool 'Kernel support for Linux/MIPS 32-bit binary compatibility' CONFIG_MIPS32_COMPAT $CONFIG_MIPS64 | |
725 | dep_bool 'Kernel support for o32 binaries' CONFIG_MIPS32_O32 $CONFIG_MIPS32_COMPAT | |
726 | dep_bool 'Kernel support for n32 binaries' CONFIG_MIPS32_N32 $CONFIG_MIPS32_COMPAT | |
727 | @@ -1025,6 +1028,8 @@ | |
728 | source drivers/usb/Config.in | |
729 | ||
730 | source net/bluetooth/Config.in | |
731 | + | |
732 | +source security/Config.in | |
733 | ||
734 | mainmenu_option next_comment | |
735 | comment 'Kernel hacking' | |
736 | diff -urPX nopatch linux-2.4.22/arch/mips/defconfig linux-2.4.22-ow1/arch/mips/defconfig | |
737 | --- linux-2.4.22/arch/mips/defconfig Mon Aug 25 15:44:39 2003 | |
738 | +++ linux-2.4.22-ow1/arch/mips/defconfig Thu Aug 28 06:20:31 2003 | |
739 | @@ -132,6 +132,7 @@ | |
740 | # CONFIG_KCORE_AOUT is not set | |
741 | # CONFIG_BINFMT_AOUT is not set | |
742 | CONFIG_BINFMT_ELF=y | |
743 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
744 | # CONFIG_MIPS32_COMPAT is not set | |
745 | # CONFIG_MIPS32_O32 is not set | |
746 | # CONFIG_MIPS32_N32 is not set | |
747 | @@ -666,6 +667,15 @@ | |
748 | # Bluetooth support | |
749 | # | |
750 | # CONFIG_BLUEZ is not set | |
751 | + | |
752 | +# | |
753 | +# Security | |
754 | +# | |
755 | +CONFIG_HARDEN_LINK=y | |
756 | +CONFIG_HARDEN_FIFO=y | |
757 | +# CONFIG_HARDEN_PROC is not set | |
758 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
759 | +# CONFIG_HARDEN_SHM is not set | |
760 | ||
761 | # | |
762 | # Kernel hacking | |
763 | diff -urPX nopatch linux-2.4.22/arch/mips/kernel/irixelf.c linux-2.4.22-ow1/arch/mips/kernel/irixelf.c | |
764 | --- linux-2.4.22/arch/mips/kernel/irixelf.c Mon Aug 25 15:44:40 2003 | |
765 | +++ linux-2.4.22-ow1/arch/mips/kernel/irixelf.c Thu Aug 28 06:20:31 2003 | |
766 | @@ -8,6 +8,7 @@ | |
767 | * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com). | |
768 | */ | |
769 | ||
770 | +#include <linux/config.h> | |
771 | #include <linux/module.h> | |
772 | ||
773 | #include <linux/fs.h> | |
774 | @@ -48,7 +49,12 @@ | |
775 | extern int dump_fpu (elf_fpregset_t *); | |
776 | ||
777 | static struct linux_binfmt irix_format = { | |
778 | - NULL, THIS_MODULE, load_irix_binary, load_irix_library, | |
779 | + NULL, THIS_MODULE, load_irix_binary, | |
780 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
781 | + load_irix_library, | |
782 | +#else | |
783 | + NULL, | |
784 | +#endif | |
785 | irix_core_dump, PAGE_SIZE | |
786 | }; | |
787 | ||
788 | @@ -787,6 +793,7 @@ | |
789 | goto out; | |
790 | } | |
791 | ||
792 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
793 | /* This is really simpleminded and specialized - we are loading an | |
794 | * a.out library that is given an ELF header. | |
795 | */ | |
796 | @@ -863,6 +870,7 @@ | |
797 | kfree(elf_phdata); | |
798 | return 0; | |
799 | } | |
800 | +#endif | |
801 | ||
802 | /* Called through irix_syssgi() to map an elf image given an FD, | |
803 | * a phdr ptr USER_PHDRP in userspace, and a count CNT telling how many | |
804 | diff -urPX nopatch linux-2.4.22/arch/mips64/defconfig linux-2.4.22-ow1/arch/mips64/defconfig | |
805 | --- linux-2.4.22/arch/mips64/defconfig Mon Aug 25 15:44:40 2003 | |
806 | +++ linux-2.4.22-ow1/arch/mips64/defconfig Thu Aug 28 06:20:31 2003 | |
807 | @@ -132,6 +132,7 @@ | |
808 | # CONFIG_KCORE_AOUT is not set | |
809 | # CONFIG_BINFMT_AOUT is not set | |
810 | CONFIG_BINFMT_ELF=y | |
811 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
812 | CONFIG_MIPS32_COMPAT=y | |
813 | CONFIG_MIPS32_O32=y | |
814 | # CONFIG_MIPS32_N32 is not set | |
815 | @@ -591,6 +592,15 @@ | |
816 | # Bluetooth support | |
817 | # | |
818 | # CONFIG_BLUEZ is not set | |
819 | + | |
820 | +# | |
821 | +# Security | |
822 | +# | |
823 | +CONFIG_HARDEN_LINK=y | |
824 | +CONFIG_HARDEN_FIFO=y | |
825 | +# CONFIG_HARDEN_PROC is not set | |
826 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
827 | +# CONFIG_HARDEN_SHM is not set | |
828 | ||
829 | # | |
830 | # Kernel hacking | |
831 | diff -urPX nopatch linux-2.4.22/arch/mips64/kernel/linux32.c linux-2.4.22-ow1/arch/mips64/kernel/linux32.c | |
832 | --- linux-2.4.22/arch/mips64/kernel/linux32.c Mon Aug 25 15:44:40 2003 | |
833 | +++ linux-2.4.22-ow1/arch/mips64/kernel/linux32.c Thu Aug 28 06:32:24 2003 | |
834 | @@ -366,6 +366,22 @@ | |
835 | if (IS_ERR(dentry)) | |
836 | return retval; | |
837 | ||
838 | +#ifdef CONFIG_HARDEN_RLIMIT_NPROC | |
839 | +/* | |
840 | + * This check is similar to that done in kernel/fork.c, except that we | |
841 | + * are not going to allocate a new task slot here. | |
842 | + * | |
843 | + * Note that we can only exceed the limit if our UID has changed. | |
844 | + */ | |
845 | + if (current->user) | |
846 | + if (atomic_read(¤t->user->processes) > | |
847 | + current->rlim[RLIMIT_NPROC].rlim_cur && | |
848 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
849 | + dput(dentry); | |
850 | + return -EAGAIN; | |
851 | + } | |
852 | +#endif | |
853 | + | |
854 | bprm.dentry = dentry; | |
855 | bprm.filename = filename; | |
856 | bprm.sh_bang = 0; | |
857 | @@ -455,6 +471,8 @@ | |
858 | *ap++ = (char *) A(addr); | |
859 | arg += sizeof(unsigned int); | |
860 | n++; | |
861 | + if (n >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *)) | |
862 | + return -E2BIG; | |
863 | } while (addr); | |
864 | return n - 1; | |
865 | } | |
866 | diff -urPX nopatch linux-2.4.22/arch/parisc/config.in linux-2.4.22-ow1/arch/parisc/config.in | |
867 | --- linux-2.4.22/arch/parisc/config.in Mon Aug 25 15:44:40 2003 | |
868 | +++ linux-2.4.22-ow1/arch/parisc/config.in Thu Aug 28 06:20:31 2003 | |
869 | @@ -85,6 +85,9 @@ | |
870 | bool 'Sysctl support' CONFIG_SYSCTL | |
871 | define_bool CONFIG_KCORE_ELF y | |
872 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
873 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
874 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
875 | +fi | |
876 | tristate 'Kernel support for SOM binaries' CONFIG_BINFMT_SOM | |
877 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
878 | ||
879 | @@ -188,6 +191,8 @@ | |
880 | if [ "$CONFIG_SUPERIO" = "y" ]; then | |
881 | source drivers/usb/Config.in | |
882 | fi | |
883 | + | |
884 | +source security/Config.in | |
885 | ||
886 | mainmenu_option next_comment | |
887 | comment 'Kernel hacking' | |
888 | diff -urPX nopatch linux-2.4.22/arch/parisc/defconfig linux-2.4.22-ow1/arch/parisc/defconfig | |
889 | --- linux-2.4.22/arch/parisc/defconfig Fri Jun 13 18:51:31 2003 | |
890 | +++ linux-2.4.22-ow1/arch/parisc/defconfig Thu Aug 28 06:20:31 2003 | |
891 | @@ -56,6 +56,7 @@ | |
892 | CONFIG_SYSCTL=y | |
893 | CONFIG_KCORE_ELF=y | |
894 | CONFIG_BINFMT_ELF=y | |
895 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
896 | CONFIG_BINFMT_SOM=y | |
897 | # CONFIG_BINFMT_MISC is not set | |
898 | # CONFIG_PM is not set | |
899 | @@ -782,6 +783,15 @@ | |
900 | # USB support | |
901 | # | |
902 | # CONFIG_USB is not set | |
903 | + | |
904 | +# | |
905 | +# Security | |
906 | +# | |
907 | +CONFIG_HARDEN_LINK=y | |
908 | +CONFIG_HARDEN_FIFO=y | |
909 | +# CONFIG_HARDEN_PROC is not set | |
910 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
911 | +# CONFIG_HARDEN_SHM is not set | |
912 | ||
913 | # | |
914 | # Kernel hacking | |
915 | diff -urPX nopatch linux-2.4.22/arch/parisc/kernel/sys_parisc32.c linux-2.4.22-ow1/arch/parisc/kernel/sys_parisc32.c | |
916 | --- linux-2.4.22/arch/parisc/kernel/sys_parisc32.c Fri Jun 13 18:51:31 2003 | |
917 | +++ linux-2.4.22-ow1/arch/parisc/kernel/sys_parisc32.c Thu Aug 28 06:20:31 2003 | |
918 | @@ -189,6 +189,23 @@ | |
919 | ||
920 | DBG(("do_execve32(%s, %p, %p, %p)\n", filename, argv, envp, regs)); | |
921 | ||
922 | +#ifdef CONFIG_HARDEN_RLIMIT_NPROC | |
923 | +/* | |
924 | + * This check is similar to that done in kernel/fork.c, except that we | |
925 | + * are not going to allocate a new task slot here. | |
926 | + * | |
927 | + * Note that we can only exceed the limit if our UID has changed. | |
928 | + */ | |
929 | + if (current->user) | |
930 | + if (atomic_read(¤t->user->processes) > | |
931 | + current->rlim[RLIMIT_NPROC].rlim_cur && | |
932 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
933 | + allow_write_access(file); | |
934 | + fput(file); | |
935 | + return -EAGAIN; | |
936 | + } | |
937 | +#endif | |
938 | + | |
939 | bprm.file = file; | |
940 | bprm.filename = filename; | |
941 | bprm.sh_bang = 0; | |
942 | diff -urPX nopatch linux-2.4.22/arch/ppc/config.in linux-2.4.22-ow1/arch/ppc/config.in | |
943 | --- linux-2.4.22/arch/ppc/config.in Mon Aug 25 15:44:40 2003 | |
944 | +++ linux-2.4.22-ow1/arch/ppc/config.in Thu Aug 28 06:20:31 2003 | |
945 | @@ -208,6 +208,7 @@ | |
946 | fi | |
947 | define_bool CONFIG_BINFMT_ELF y | |
948 | define_bool CONFIG_KERNEL_ELF y | |
949 | +bool 'ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
950 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
951 | ||
952 | source drivers/pci/Config.in | |
953 | @@ -439,6 +440,8 @@ | |
954 | ||
955 | source crypto/Config.in | |
956 | source lib/Config.in | |
957 | + | |
958 | +source security/Config.in | |
959 | ||
960 | mainmenu_option next_comment | |
961 | comment 'Kernel hacking' | |
962 | diff -urPX nopatch linux-2.4.22/arch/ppc/defconfig linux-2.4.22-ow1/arch/ppc/defconfig | |
963 | --- linux-2.4.22/arch/ppc/defconfig Fri Jun 13 18:51:31 2003 | |
964 | +++ linux-2.4.22-ow1/arch/ppc/defconfig Thu Aug 28 06:20:31 2003 | |
965 | @@ -58,8 +58,9 @@ | |
966 | # CONFIG_BSD_PROCESS_ACCT is not set | |
967 | CONFIG_KCORE_ELF=y | |
968 | CONFIG_BINFMT_ELF=y | |
969 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
970 | CONFIG_KERNEL_ELF=y | |
971 | -CONFIG_BINFMT_MISC=m | |
972 | +# CONFIG_BINFMT_MISC is not set | |
973 | CONFIG_PCI_NAMES=y | |
974 | CONFIG_HOTPLUG=y | |
975 | ||
976 | @@ -1051,6 +1052,15 @@ | |
977 | # | |
978 | CONFIG_ZLIB_INFLATE=y | |
979 | CONFIG_ZLIB_DEFLATE=y | |
980 | + | |
981 | +# | |
982 | +# Security | |
983 | +# | |
984 | +CONFIG_HARDEN_LINK=y | |
985 | +CONFIG_HARDEN_FIFO=y | |
986 | +# CONFIG_HARDEN_PROC is not set | |
987 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
988 | +# CONFIG_HARDEN_SHM is not set | |
989 | ||
990 | # | |
991 | # Kernel hacking | |
992 | diff -urPX nopatch linux-2.4.22/arch/ppc64/config.in linux-2.4.22-ow1/arch/ppc64/config.in | |
993 | --- linux-2.4.22/arch/ppc64/config.in Mon Aug 25 15:44:40 2003 | |
994 | +++ linux-2.4.22-ow1/arch/ppc64/config.in Thu Aug 28 06:34:13 2003 | |
995 | @@ -79,6 +79,9 @@ | |
996 | fi | |
997 | ||
998 | bool 'Kernel support for 64 bit ELF binaries' CONFIG_BINFMT_ELF | |
999 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1000 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1001 | +fi | |
1002 | ||
1003 | tristate 'Kernel support for 32 bit ELF binaries' CONFIG_BINFMT_ELF32 | |
1004 | ||
1005 | @@ -237,6 +240,8 @@ | |
1006 | source lib/Config.in | |
1007 | ||
1008 | source crypto/Config.in | |
1009 | + | |
1010 | +source security/Config.in | |
1011 | ||
1012 | mainmenu_option next_comment | |
1013 | comment 'Kernel hacking' | |
1014 | diff -urPX nopatch linux-2.4.22/arch/ppc64/defconfig linux-2.4.22-ow1/arch/ppc64/defconfig | |
1015 | --- linux-2.4.22/arch/ppc64/defconfig Mon Aug 25 15:44:40 2003 | |
1016 | +++ linux-2.4.22-ow1/arch/ppc64/defconfig Thu Aug 28 06:20:31 2003 | |
1017 | @@ -53,6 +53,7 @@ | |
1018 | # CONFIG_BSD_PROCESS_ACCT is not set | |
1019 | CONFIG_KCORE_ELF=y | |
1020 | CONFIG_BINFMT_ELF=y | |
1021 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1022 | CONFIG_BINFMT_ELF32=y | |
1023 | # CONFIG_BINFMT_MISC is not set | |
1024 | CONFIG_PCI_NAMES=y | |
1025 | @@ -725,6 +726,15 @@ | |
1026 | # | |
1027 | # CONFIG_ZLIB_INFLATE is not set | |
1028 | # CONFIG_ZLIB_DEFLATE is not set | |
1029 | + | |
1030 | +# | |
1031 | +# Security | |
1032 | +# | |
1033 | +CONFIG_HARDEN_LINK=y | |
1034 | +CONFIG_HARDEN_FIFO=y | |
1035 | +# CONFIG_HARDEN_PROC is not set | |
1036 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1037 | +# CONFIG_HARDEN_SHM is not set | |
1038 | ||
1039 | # | |
1040 | # Kernel hacking | |
1041 | diff -urPX nopatch linux-2.4.22/arch/ppc64/kernel/sys_ppc32.c linux-2.4.22-ow1/arch/ppc64/kernel/sys_ppc32.c | |
1042 | --- linux-2.4.22/arch/ppc64/kernel/sys_ppc32.c Mon Aug 25 15:44:40 2003 | |
1043 | +++ linux-2.4.22-ow1/arch/ppc64/kernel/sys_ppc32.c Thu Aug 28 06:20:31 2003 | |
1044 | @@ -3902,6 +3902,23 @@ | |
1045 | if (IS_ERR(file)) | |
1046 | return retval; | |
1047 | ||
1048 | +#ifdef CONFIG_HARDEN_RLIMIT_NPROC | |
1049 | +/* | |
1050 | + * This check is similar to that done in kernel/fork.c, except that we | |
1051 | + * are not going to allocate a new task slot here. | |
1052 | + * | |
1053 | + * Note that we can only exceed the limit if our UID has changed. | |
1054 | + */ | |
1055 | + if (current->user) | |
1056 | + if (atomic_read(¤t->user->processes) > | |
1057 | + current->rlim[RLIMIT_NPROC].rlim_cur && | |
1058 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
1059 | + allow_write_access(file); | |
1060 | + fput(file); | |
1061 | + return -EAGAIN; | |
1062 | + } | |
1063 | +#endif | |
1064 | + | |
1065 | bprm.file = file; | |
1066 | bprm.filename = filename; | |
1067 | bprm.sh_bang = 0; | |
1068 | diff -urPX nopatch linux-2.4.22/arch/s390/config.in linux-2.4.22-ow1/arch/s390/config.in | |
1069 | --- linux-2.4.22/arch/s390/config.in Mon Aug 25 15:44:40 2003 | |
1070 | +++ linux-2.4.22-ow1/arch/s390/config.in Thu Aug 28 06:20:31 2003 | |
1071 | @@ -55,6 +55,9 @@ | |
1072 | bool 'Sysctl support' CONFIG_SYSCTL | |
1073 | define_bool CONFIG_KCORE_ELF y | |
1074 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
1075 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1076 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1077 | +fi | |
1078 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
1079 | bool 'Show crashed user process info' CONFIG_PROCESS_DEBUG | |
1080 | bool 'Pseudo page fault support' CONFIG_PFAULT | |
1081 | @@ -68,6 +71,8 @@ | |
1082 | fi | |
1083 | ||
1084 | source fs/Config.in | |
1085 | + | |
1086 | +source security/Config.in | |
1087 | ||
1088 | mainmenu_option next_comment | |
1089 | comment 'Kernel hacking' | |
1090 | diff -urPX nopatch linux-2.4.22/arch/s390/defconfig linux-2.4.22-ow1/arch/s390/defconfig | |
1091 | --- linux-2.4.22/arch/s390/defconfig Mon Aug 25 15:44:40 2003 | |
1092 | +++ linux-2.4.22-ow1/arch/s390/defconfig Thu Aug 28 06:38:24 2003 | |
1093 | @@ -43,6 +43,7 @@ | |
1094 | CONFIG_SYSCTL=y | |
1095 | CONFIG_KCORE_ELF=y | |
1096 | CONFIG_BINFMT_ELF=y | |
1097 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1098 | # CONFIG_BINFMT_MISC is not set | |
1099 | # CONFIG_PROCESS_DEBUG is not set | |
1100 | CONFIG_PFAULT=y | |
1101 | @@ -408,6 +409,15 @@ | |
1102 | # CONFIG_NLS_KOI8_R is not set | |
1103 | # CONFIG_NLS_KOI8_U is not set | |
1104 | # CONFIG_NLS_UTF8 is not set | |
1105 | + | |
1106 | +# | |
1107 | +# Security | |
1108 | +# | |
1109 | +CONFIG_HARDEN_LINK=y | |
1110 | +CONFIG_HARDEN_FIFO=y | |
1111 | +# CONFIG_HARDEN_PROC is not set | |
1112 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1113 | +# CONFIG_HARDEN_SHM is not set | |
1114 | ||
1115 | # | |
1116 | # Kernel hacking | |
1117 | diff -urPX nopatch linux-2.4.22/arch/s390x/config.in linux-2.4.22-ow1/arch/s390x/config.in | |
1118 | --- linux-2.4.22/arch/s390x/config.in Mon Aug 25 15:44:40 2003 | |
1119 | +++ linux-2.4.22-ow1/arch/s390x/config.in Thu Aug 28 06:20:31 2003 | |
1120 | @@ -58,6 +58,9 @@ | |
1121 | bool 'Sysctl support' CONFIG_SYSCTL | |
1122 | define_bool CONFIG_KCORE_ELF y | |
1123 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
1124 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1125 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1126 | +fi | |
1127 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
1128 | bool 'Show crashed user process info' CONFIG_PROCESS_DEBUG | |
1129 | bool 'Pseudo page fault support' CONFIG_PFAULT | |
1130 | @@ -72,6 +75,8 @@ | |
1131 | fi | |
1132 | ||
1133 | source fs/Config.in | |
1134 | + | |
1135 | +source security/Config.in | |
1136 | ||
1137 | mainmenu_option next_comment | |
1138 | comment 'Kernel hacking' | |
1139 | diff -urPX nopatch linux-2.4.22/arch/s390x/defconfig linux-2.4.22-ow1/arch/s390x/defconfig | |
1140 | --- linux-2.4.22/arch/s390x/defconfig Mon Aug 25 15:44:40 2003 | |
1141 | +++ linux-2.4.22-ow1/arch/s390x/defconfig Thu Aug 28 06:39:39 2003 | |
1142 | @@ -44,6 +44,7 @@ | |
1143 | CONFIG_SYSCTL=y | |
1144 | CONFIG_KCORE_ELF=y | |
1145 | CONFIG_BINFMT_ELF=y | |
1146 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1147 | # CONFIG_BINFMT_MISC is not set | |
1148 | # CONFIG_PROCESS_DEBUG is not set | |
1149 | CONFIG_PFAULT=y | |
1150 | @@ -352,6 +353,15 @@ | |
1151 | # CONFIG_NLS_KOI8_R is not set | |
1152 | # CONFIG_NLS_KOI8_U is not set | |
1153 | # CONFIG_NLS_UTF8 is not set | |
1154 | + | |
1155 | +# | |
1156 | +# Security | |
1157 | +# | |
1158 | +CONFIG_HARDEN_LINK=y | |
1159 | +CONFIG_HARDEN_FIFO=y | |
1160 | +# CONFIG_HARDEN_PROC is not set | |
1161 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1162 | +# CONFIG_HARDEN_SHM is not set | |
1163 | ||
1164 | # | |
1165 | # Kernel hacking | |
1166 | diff -urPX nopatch linux-2.4.22/arch/s390x/kernel/linux32.c linux-2.4.22-ow1/arch/s390x/kernel/linux32.c | |
1167 | --- linux-2.4.22/arch/s390x/kernel/linux32.c Mon Aug 25 15:44:40 2003 | |
1168 | +++ linux-2.4.22-ow1/arch/s390x/kernel/linux32.c Thu Aug 28 06:20:31 2003 | |
1169 | @@ -3218,6 +3218,23 @@ | |
1170 | if (IS_ERR(file)) | |
1171 | return retval; | |
1172 | ||
1173 | +#ifdef CONFIG_HARDEN_RLIMIT_NPROC | |
1174 | +/* | |
1175 | + * This check is similar to that done in kernel/fork.c, except that we | |
1176 | + * are not going to allocate a new task slot here. | |
1177 | + * | |
1178 | + * Note that we can only exceed the limit if our UID has changed. | |
1179 | + */ | |
1180 | + if (current->user) | |
1181 | + if (atomic_read(¤t->user->processes) > | |
1182 | + current->rlim[RLIMIT_NPROC].rlim_cur && | |
1183 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
1184 | + allow_write_access(file); | |
1185 | + fput(file); | |
1186 | + return -EAGAIN; | |
1187 | + } | |
1188 | +#endif | |
1189 | + | |
1190 | bprm.file = file; | |
1191 | bprm.filename = filename; | |
1192 | bprm.sh_bang = 0; | |
1193 | diff -urPX nopatch linux-2.4.22/arch/sh/config.in linux-2.4.22-ow1/arch/sh/config.in | |
1194 | --- linux-2.4.22/arch/sh/config.in Mon Aug 25 15:44:40 2003 | |
1195 | +++ linux-2.4.22-ow1/arch/sh/config.in Thu Aug 28 06:20:31 2003 | |
1196 | @@ -263,6 +263,9 @@ | |
1197 | A.OUT CONFIG_KCORE_AOUT" ELF | |
1198 | fi | |
1199 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
1200 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1201 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1202 | +fi | |
1203 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
1204 | ||
1205 | source drivers/parport/Config.in | |
1206 | @@ -429,6 +432,8 @@ | |
1207 | source drivers/sound/Config.in | |
1208 | fi | |
1209 | endmenu | |
1210 | + | |
1211 | +source security/Config.in | |
1212 | ||
1213 | mainmenu_option next_comment | |
1214 | comment 'Kernel hacking' | |
1215 | diff -urPX nopatch linux-2.4.22/arch/sh/defconfig linux-2.4.22-ow1/arch/sh/defconfig | |
1216 | --- linux-2.4.22/arch/sh/defconfig Tue Oct 16 00:36:48 2001 | |
1217 | +++ linux-2.4.22-ow1/arch/sh/defconfig Thu Aug 28 06:20:31 2003 | |
1218 | @@ -48,6 +48,7 @@ | |
1219 | CONFIG_KCORE_ELF=y | |
1220 | # CONFIG_KCORE_AOUT is not set | |
1221 | CONFIG_BINFMT_ELF=y | |
1222 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1223 | # CONFIG_BINFMT_MISC is not set | |
1224 | ||
1225 | # | |
1226 | @@ -195,6 +196,15 @@ | |
1227 | # Sound | |
1228 | # | |
1229 | # CONFIG_SOUND is not set | |
1230 | + | |
1231 | +# | |
1232 | +# Security | |
1233 | +# | |
1234 | +CONFIG_HARDEN_LINK=y | |
1235 | +CONFIG_HARDEN_FIFO=y | |
1236 | +# CONFIG_HARDEN_PROC is not set | |
1237 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1238 | +# CONFIG_HARDEN_SHM is not set | |
1239 | ||
1240 | # | |
1241 | # Kernel hacking | |
1242 | diff -urPX nopatch linux-2.4.22/arch/sparc/config.in linux-2.4.22-ow1/arch/sparc/config.in | |
1243 | --- linux-2.4.22/arch/sparc/config.in Mon Aug 25 15:44:40 2003 | |
1244 | +++ linux-2.4.22-ow1/arch/sparc/config.in Thu Aug 28 06:20:31 2003 | |
1245 | @@ -70,6 +70,9 @@ | |
1246 | fi | |
1247 | tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT | |
1248 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
1249 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1250 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1251 | +fi | |
1252 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
1253 | bool 'SunOS binary emulation' CONFIG_SUNOS_EMUL | |
1254 | source drivers/parport/Config.in | |
1255 | @@ -260,6 +263,8 @@ | |
1256 | ||
1257 | tristate 'Software watchdog' CONFIG_SOFT_WATCHDOG | |
1258 | endmenu | |
1259 | + | |
1260 | +source security/Config.in | |
1261 | ||
1262 | mainmenu_option next_comment | |
1263 | comment 'Kernel hacking' | |
1264 | diff -urPX nopatch linux-2.4.22/arch/sparc/defconfig linux-2.4.22-ow1/arch/sparc/defconfig | |
1265 | --- linux-2.4.22/arch/sparc/defconfig Sat Aug 3 04:39:43 2002 | |
1266 | +++ linux-2.4.22-ow1/arch/sparc/defconfig Thu Aug 28 06:20:31 2003 | |
1267 | @@ -49,9 +49,10 @@ | |
1268 | # CONFIG_BSD_PROCESS_ACCT is not set | |
1269 | CONFIG_SYSCTL=y | |
1270 | CONFIG_KCORE_ELF=y | |
1271 | -CONFIG_BINFMT_AOUT=y | |
1272 | +# CONFIG_BINFMT_AOUT is not set | |
1273 | CONFIG_BINFMT_ELF=y | |
1274 | -CONFIG_BINFMT_MISC=m | |
1275 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1276 | +# CONFIG_BINFMT_MISC is not set | |
1277 | CONFIG_SUNOS_EMUL=y | |
1278 | ||
1279 | # | |
1280 | @@ -411,6 +412,15 @@ | |
1281 | # Watchdog | |
1282 | # | |
1283 | # CONFIG_SOFT_WATCHDOG is not set | |
1284 | + | |
1285 | +# | |
1286 | +# Security | |
1287 | +# | |
1288 | +CONFIG_HARDEN_LINK=y | |
1289 | +CONFIG_HARDEN_FIFO=y | |
1290 | +# CONFIG_HARDEN_PROC is not set | |
1291 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1292 | +# CONFIG_HARDEN_SHM is not set | |
1293 | ||
1294 | # | |
1295 | # Kernel hacking | |
1296 | diff -urPX nopatch linux-2.4.22/arch/sparc64/config.in linux-2.4.22-ow1/arch/sparc64/config.in | |
1297 | --- linux-2.4.22/arch/sparc64/config.in Mon Aug 25 15:44:40 2003 | |
1298 | +++ linux-2.4.22-ow1/arch/sparc64/config.in Thu Aug 28 06:20:31 2003 | |
1299 | @@ -73,6 +73,9 @@ | |
1300 | bool ' Kernel support for 32-bit (ie. SunOS) a.out binaries' CONFIG_BINFMT_AOUT32 | |
1301 | fi | |
1302 | tristate 'Kernel support for 64-bit ELF binaries' CONFIG_BINFMT_ELF | |
1303 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1304 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1305 | +fi | |
1306 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
1307 | bool 'SunOS binary emulation' CONFIG_SUNOS_EMUL | |
1308 | if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then | |
1309 | @@ -290,6 +293,8 @@ | |
1310 | ||
1311 | tristate 'Software watchdog' CONFIG_SOFT_WATCHDOG | |
1312 | endmenu | |
1313 | + | |
1314 | +source security/Config.in | |
1315 | ||
1316 | mainmenu_option next_comment | |
1317 | comment 'Kernel hacking' | |
1318 | diff -urPX nopatch linux-2.4.22/arch/sparc64/defconfig linux-2.4.22-ow1/arch/sparc64/defconfig | |
1319 | --- linux-2.4.22/arch/sparc64/defconfig Mon Aug 25 15:44:40 2003 | |
1320 | +++ linux-2.4.22-ow1/arch/sparc64/defconfig Thu Aug 28 06:20:31 2003 | |
1321 | @@ -55,7 +55,8 @@ | |
1322 | CONFIG_BINFMT_ELF32=y | |
1323 | # CONFIG_BINFMT_AOUT32 is not set | |
1324 | CONFIG_BINFMT_ELF=y | |
1325 | -CONFIG_BINFMT_MISC=m | |
1326 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1327 | +# CONFIG_BINFMT_MISC is not set | |
1328 | # CONFIG_SUNOS_EMUL is not set | |
1329 | CONFIG_SOLARIS_EMUL=m | |
1330 | ||
1331 | @@ -1018,6 +1019,15 @@ | |
1332 | # Watchdog | |
1333 | # | |
1334 | # CONFIG_SOFT_WATCHDOG is not set | |
1335 | + | |
1336 | +# | |
1337 | +# Security | |
1338 | +# | |
1339 | +CONFIG_HARDEN_LINK=y | |
1340 | +CONFIG_HARDEN_FIFO=y | |
1341 | +# CONFIG_HARDEN_PROC is not set | |
1342 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1343 | +# CONFIG_HARDEN_SHM is not set | |
1344 | ||
1345 | # | |
1346 | # Kernel hacking | |
1347 | diff -urPX nopatch linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c linux-2.4.22-ow1/arch/sparc64/kernel/sys_sparc32.c | |
1348 | --- linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c Mon Aug 25 15:44:40 2003 | |
1349 | +++ linux-2.4.22-ow1/arch/sparc64/kernel/sys_sparc32.c Thu Aug 28 06:20:31 2003 | |
1350 | @@ -3243,6 +3243,23 @@ | |
1351 | if (IS_ERR(file)) | |
1352 | return retval; | |
1353 | ||
1354 | +#ifdef CONFIG_HARDEN_RLIMIT_NPROC | |
1355 | +/* | |
1356 | + * This check is similar to that done in kernel/fork.c, except that we | |
1357 | + * are not going to allocate a new task slot here. | |
1358 | + * | |
1359 | + * Note that we can only exceed the limit if our UID has changed. | |
1360 | + */ | |
1361 | + if (current->user) | |
1362 | + if (atomic_read(¤t->user->processes) > | |
1363 | + current->rlim[RLIMIT_NPROC].rlim_cur && | |
1364 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
1365 | + allow_write_access(file); | |
1366 | + fput(file); | |
1367 | + return -EAGAIN; | |
1368 | + } | |
1369 | +#endif | |
1370 | + | |
1371 | bprm.file = file; | |
1372 | bprm.filename = filename; | |
1373 | bprm.sh_bang = 0; | |
1374 | diff -urPX nopatch linux-2.4.22/arch/x86_64/config.in linux-2.4.22-ow1/arch/x86_64/config.in | |
1375 | --- linux-2.4.22/arch/x86_64/config.in Mon Aug 25 15:44:40 2003 | |
1376 | +++ linux-2.4.22-ow1/arch/x86_64/config.in Thu Aug 28 06:41:49 2003 | |
1377 | @@ -106,6 +106,9 @@ | |
1378 | fi | |
1379 | #tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT | |
1380 | tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF | |
1381 | +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then | |
1382 | + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT | |
1383 | +fi | |
1384 | tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC | |
1385 | ||
1386 | bool 'Power Management support' CONFIG_PM | |
1387 | @@ -228,6 +231,8 @@ | |
1388 | source net/bluetooth/Config.in | |
1389 | ||
1390 | source crypto/Config.in | |
1391 | + | |
1392 | +source security/Config.in | |
1393 | ||
1394 | mainmenu_option next_comment | |
1395 | comment 'Kernel hacking' | |
1396 | diff -urPX nopatch linux-2.4.22/arch/x86_64/defconfig linux-2.4.22-ow1/arch/x86_64/defconfig | |
1397 | --- linux-2.4.22/arch/x86_64/defconfig Mon Aug 25 15:44:40 2003 | |
1398 | +++ linux-2.4.22-ow1/arch/x86_64/defconfig Thu Aug 28 06:20:31 2003 | |
1399 | @@ -62,6 +62,7 @@ | |
1400 | CONFIG_SYSCTL=y | |
1401 | CONFIG_KCORE_ELF=y | |
1402 | CONFIG_BINFMT_ELF=y | |
1403 | +# CONFIG_BINFMT_ELF_AOUT is not set | |
1404 | # CONFIG_BINFMT_MISC is not set | |
1405 | CONFIG_PM=y | |
1406 | CONFIG_IA32_EMULATION=y | |
1407 | @@ -701,6 +702,15 @@ | |
1408 | # Bluetooth support | |
1409 | # | |
1410 | # CONFIG_BLUEZ is not set | |
1411 | + | |
1412 | +# | |
1413 | +# Security | |
1414 | +# | |
1415 | +CONFIG_HARDEN_LINK=y | |
1416 | +CONFIG_HARDEN_FIFO=y | |
1417 | +# CONFIG_HARDEN_PROC is not set | |
1418 | +CONFIG_HARDEN_RLIMIT_NPROC=y | |
1419 | +# CONFIG_HARDEN_SHM is not set | |
1420 | ||
1421 | # | |
1422 | # Kernel hacking | |
1423 | diff -urPX nopatch linux-2.4.22/arch/x86_64/ia32/sys_ia32.c linux-2.4.22-ow1/arch/x86_64/ia32/sys_ia32.c | |
1424 | --- linux-2.4.22/arch/x86_64/ia32/sys_ia32.c Mon Aug 25 15:44:40 2003 | |
1425 | +++ linux-2.4.22-ow1/arch/x86_64/ia32/sys_ia32.c Thu Aug 28 06:20:31 2003 | |
1426 | @@ -2135,7 +2135,7 @@ | |
1427 | dst[cnt] = (char *)(u64)val; | |
1428 | cnt++; | |
1429 | src += 4; | |
1430 | - if (cnt >= (MAX_ARG_PAGES*PAGE_SIZE)/sizeof(void*)) | |
1431 | + if (cnt >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *)) | |
1432 | return -E2BIG; | |
1433 | } while(val); | |
1434 | if (dst) | |
1435 | diff -urPX nopatch linux-2.4.22/drivers/scsi/st.c linux-2.4.22-ow1/drivers/scsi/st.c | |
1436 | --- linux-2.4.22/drivers/scsi/st.c Mon Aug 25 15:44:42 2003 | |
1437 | +++ linux-2.4.22-ow1/drivers/scsi/st.c Thu Aug 28 06:44:05 2003 | |
1438 | @@ -1639,7 +1639,7 @@ | |
1439 | if (STps->drv_block >= 0) | |
1440 | STps->drv_block += 1; | |
1441 | (STp->buffer)->buffer_bytes = 0; | |
1442 | - return (-ENOMEM); | |
1443 | + return (-EIO); | |
1444 | } | |
1445 | (STp->buffer)->buffer_bytes = bytes - transfer; | |
1446 | } else { | |
1447 | diff -urPX nopatch linux-2.4.22/fs/binfmt_aout.c linux-2.4.22-ow1/fs/binfmt_aout.c | |
1448 | --- linux-2.4.22/fs/binfmt_aout.c Sat Nov 3 04:39:20 2001 | |
1449 | +++ linux-2.4.22-ow1/fs/binfmt_aout.c Thu Aug 28 06:20:52 2003 | |
1450 | @@ -4,6 +4,7 @@ | |
1451 | * Copyright (C) 1991, 1992, 1996 Linus Torvalds | |
1452 | */ | |
1453 | ||
1454 | +#include <linux/config.h> | |
1455 | #include <linux/module.h> | |
1456 | ||
1457 | #include <linux/sched.h> | |
1458 | @@ -307,6 +308,9 @@ | |
1459 | current->mm->mmap = NULL; | |
1460 | compute_creds(bprm); | |
1461 | current->flags &= ~PF_FORKNOEXEC; | |
1462 | +#ifdef CONFIG_HARDEN_STACK | |
1463 | + if (N_FLAGS(ex) & F_STACKEXEC) current->flags |= PF_STACKEXEC; | |
1464 | +#endif | |
1465 | #ifdef __sparc__ | |
1466 | if (N_MAGIC(ex) == NMAGIC) { | |
1467 | loff_t pos = fd_offset; | |
1468 | diff -urPX nopatch linux-2.4.22/fs/binfmt_elf.c linux-2.4.22-ow1/fs/binfmt_elf.c | |
1469 | --- linux-2.4.22/fs/binfmt_elf.c Mon Aug 25 15:44:43 2003 | |
1470 | +++ linux-2.4.22-ow1/fs/binfmt_elf.c Thu Aug 28 06:46:34 2003 | |
1471 | @@ -9,6 +9,7 @@ | |
1472 | * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com). | |
1473 | */ | |
1474 | ||
1475 | +#include <linux/config.h> | |
1476 | #include <linux/module.h> | |
1477 | ||
1478 | #include <linux/fs.h> | |
1479 | @@ -43,7 +44,9 @@ | |
1480 | #include <linux/elf.h> | |
1481 | ||
1482 | static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs); | |
1483 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1484 | static int load_elf_library(struct file*); | |
1485 | +#endif | |
1486 | static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int); | |
1487 | extern int dump_fpu (struct pt_regs *, elf_fpregset_t *); | |
1488 | extern void dump_thread(struct pt_regs *, struct user *); | |
1489 | @@ -73,8 +76,17 @@ | |
1490 | #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1)) | |
1491 | #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1)) | |
1492 | ||
1493 | -static struct linux_binfmt elf_format = { | |
1494 | - NULL, THIS_MODULE, load_elf_binary, load_elf_library, elf_core_dump, ELF_EXEC_PAGESIZE | |
1495 | +#ifndef CONFIG_HARDEN_STACK | |
1496 | +static | |
1497 | +#endif | |
1498 | +struct linux_binfmt elf_format = { | |
1499 | + NULL, THIS_MODULE, load_elf_binary, | |
1500 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1501 | + load_elf_library, | |
1502 | +#else | |
1503 | + NULL, | |
1504 | +#endif | |
1505 | + elf_core_dump, ELF_EXEC_PAGESIZE | |
1506 | }; | |
1507 | ||
1508 | #define BAD_ADDR(x) ((unsigned long)(x) > TASK_SIZE) | |
1509 | @@ -369,6 +381,7 @@ | |
1510 | return error; | |
1511 | } | |
1512 | ||
1513 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1514 | static unsigned long load_aout_interp(struct exec * interp_ex, | |
1515 | struct file * interpreter) | |
1516 | { | |
1517 | @@ -413,6 +426,7 @@ | |
1518 | out: | |
1519 | return elf_entry; | |
1520 | } | |
1521 | +#endif | |
1522 | ||
1523 | /* | |
1524 | * These are the functions used to load ELF style executables and shared | |
1525 | @@ -420,7 +434,9 @@ | |
1526 | */ | |
1527 | ||
1528 | #define INTERPRETER_NONE 0 | |
1529 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1530 | #define INTERPRETER_AOUT 1 | |
1531 | +#endif | |
1532 | #define INTERPRETER_ELF 2 | |
1533 | ||
1534 | ||
1535 | @@ -443,7 +459,9 @@ | |
1536 | struct elfhdr elf_ex; | |
1537 | struct elfhdr interp_elf_ex; | |
1538 | struct exec interp_ex; | |
1539 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1540 | char passed_fileno[6]; | |
1541 | +#endif | |
1542 | struct files_struct *files; | |
1543 | ||
1544 | /* Get the exec-header */ | |
1545 | @@ -554,6 +572,7 @@ | |
1546 | ||
1547 | /* Some simple consistency checks for the interpreter */ | |
1548 | if (elf_interpreter) { | |
1549 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1550 | interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT; | |
1551 | ||
1552 | /* Now figure out which format our binary is */ | |
1553 | @@ -561,6 +580,9 @@ | |
1554 | (N_MAGIC(interp_ex) != ZMAGIC) && | |
1555 | (N_MAGIC(interp_ex) != QMAGIC)) | |
1556 | interpreter_type = INTERPRETER_ELF; | |
1557 | +#else | |
1558 | + interpreter_type = INTERPRETER_ELF; | |
1559 | +#endif | |
1560 | ||
1561 | if (memcmp(interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0) | |
1562 | interpreter_type &= ~INTERPRETER_ELF; | |
1563 | @@ -569,6 +591,7 @@ | |
1564 | if (!interpreter_type) | |
1565 | goto out_free_dentry; | |
1566 | ||
1567 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1568 | /* Make sure only one type was selected */ | |
1569 | if ((interpreter_type & INTERPRETER_ELF) && | |
1570 | interpreter_type != INTERPRETER_ELF) { | |
1571 | @@ -576,6 +599,7 @@ | |
1572 | // printk(KERN_WARNING "ELF: Ambiguous type, using ELF\n"); | |
1573 | interpreter_type = INTERPRETER_ELF; | |
1574 | } | |
1575 | +#endif | |
1576 | } else { | |
1577 | /* Executables without an interpreter also need a personality */ | |
1578 | SET_PERSONALITY(elf_ex, ibcs2_interpreter); | |
1579 | @@ -584,6 +608,7 @@ | |
1580 | /* OK, we are done with that, now set up the arg stuff, | |
1581 | and then start this sucker up */ | |
1582 | ||
1583 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1584 | if (!bprm->sh_bang) { | |
1585 | char * passed_p; | |
1586 | ||
1587 | @@ -599,6 +624,7 @@ | |
1588 | } | |
1589 | } | |
1590 | } | |
1591 | +#endif | |
1592 | ||
1593 | /* Flush all traces of the currently running executable */ | |
1594 | retval = flush_old_exec(bprm); | |
1595 | @@ -618,6 +644,9 @@ | |
1596 | current->mm->end_code = 0; | |
1597 | current->mm->mmap = NULL; | |
1598 | current->flags &= ~PF_FORKNOEXEC; | |
1599 | +#ifdef CONFIG_HARDEN_STACK | |
1600 | + if (elf_ex.e_flags & EF_STACKEXEC) current->flags |= PF_STACKEXEC; | |
1601 | +#endif | |
1602 | elf_entry = (unsigned long) elf_ex.e_entry; | |
1603 | ||
1604 | /* Do this so that we can load the interpreter, if need be. We will | |
1605 | @@ -714,10 +743,12 @@ | |
1606 | end_data += load_bias; | |
1607 | ||
1608 | if (elf_interpreter) { | |
1609 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1610 | if (interpreter_type == INTERPRETER_AOUT) | |
1611 | elf_entry = load_aout_interp(&interp_ex, | |
1612 | interpreter); | |
1613 | else | |
1614 | +#endif | |
1615 | elf_entry = load_elf_interp(&interp_elf_ex, | |
1616 | interpreter, | |
1617 | &interp_load_addr); | |
1618 | @@ -735,7 +766,9 @@ | |
1619 | ||
1620 | kfree(elf_phdata); | |
1621 | ||
1622 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1623 | if (interpreter_type != INTERPRETER_AOUT) | |
1624 | +#endif | |
1625 | sys_close(elf_exec_fileno); | |
1626 | ||
1627 | set_binfmt(&elf_format); | |
1628 | @@ -749,10 +782,14 @@ | |
1629 | &elf_ex, | |
1630 | load_addr, load_bias, | |
1631 | interp_load_addr, | |
1632 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1633 | (interpreter_type == INTERPRETER_AOUT ? 0 : 1)); | |
1634 | /* N.B. passed_fileno might not be initialized? */ | |
1635 | if (interpreter_type == INTERPRETER_AOUT) | |
1636 | current->mm->arg_start += strlen(passed_fileno) + 1; | |
1637 | +#else | |
1638 | + 1); | |
1639 | +#endif | |
1640 | current->mm->start_brk = current->mm->brk = elf_brk; | |
1641 | current->mm->end_code = end_code; | |
1642 | current->mm->start_code = start_code; | |
1643 | @@ -825,9 +862,9 @@ | |
1644 | goto out; | |
1645 | } | |
1646 | ||
1647 | +#ifdef CONFIG_BINFMT_ELF_AOUT | |
1648 | /* This is really simpleminded and specialized - we are loading an | |
1649 | a.out library that is given an ELF header. */ | |
1650 | - | |
1651 | static int load_elf_library(struct file *file) | |
1652 | { | |
1653 | struct elf_phdr *elf_phdata; | |
1654 | @@ -898,6 +935,7 @@ | |
1655 | out: | |
1656 | return error; | |
1657 | } | |
1658 | +#endif | |
1659 | ||
1660 | /* | |
1661 | * Note that some platforms still use traditional core dumps and not | |
1662 | diff -urPX nopatch linux-2.4.22/fs/exec.c linux-2.4.22-ow1/fs/exec.c | |
1663 | --- linux-2.4.22/fs/exec.c Mon Aug 25 15:44:43 2003 | |
1664 | +++ linux-2.4.22-ow1/fs/exec.c Thu Aug 28 06:20:52 2003 | |
1665 | @@ -108,6 +108,7 @@ | |
1666 | */ | |
1667 | asmlinkage long sys_uselib(const char * library) | |
1668 | { | |
1669 | +#if defined(CONFIG_BINFMT_AOUT) || defined(CONFIG_BINFMT_ELF_AOUT) | |
1670 | struct file * file; | |
1671 | struct nameidata nd; | |
1672 | int error; | |
1673 | @@ -154,6 +155,9 @@ | |
1674 | exit: | |
1675 | path_release(&nd); | |
1676 | goto out; | |
1677 | +#else | |
1678 | + return -ENOSYS; | |
1679 | +#endif | |
1680 | } | |
1681 | ||
1682 | /* | |
1683 | @@ -610,6 +614,10 @@ | |
1684 | } | |
1685 | current->comm[i] = '\0'; | |
1686 | ||
1687 | +#ifdef CONFIG_HARDEN_STACK | |
1688 | + current->flags &= ~PF_STACKEXEC; | |
1689 | +#endif | |
1690 | + | |
1691 | flush_thread(); | |
1692 | ||
1693 | de_thread(current); | |
1694 | @@ -747,6 +755,8 @@ | |
1695 | || atomic_read(¤t->fs->count) > 1 | |
1696 | || atomic_read(¤t->files->count) > 1 | |
1697 | || atomic_read(¤t->sig->count) > 1) { | |
1698 | + /* XXX: should fail rather than execute with no raised | |
1699 | + * effective privileges */ | |
1700 | if(!capable(CAP_SETUID)) { | |
1701 | bprm->e_uid = current->uid; | |
1702 | bprm->e_gid = current->gid; | |
1703 | @@ -913,6 +923,23 @@ | |
1704 | retval = PTR_ERR(file); | |
1705 | if (IS_ERR(file)) | |
1706 | return retval; | |
1707 | + | |
1708 | +#ifdef CONFIG_HARDEN_RLIMIT_NPROC | |
1709 | +/* | |
1710 | + * This check is similar to that done in kernel/fork.c, except that we | |
1711 | + * are not going to allocate a new task slot here. | |
1712 | + * | |
1713 | + * Note that we can only exceed the limit if our UID has changed. | |
1714 | + */ | |
1715 | + if (current->user) | |
1716 | + if (atomic_read(¤t->user->processes) > | |
1717 | + current->rlim[RLIMIT_NPROC].rlim_cur && | |
1718 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
1719 | + allow_write_access(file); | |
1720 | + fput(file); | |
1721 | + return -EAGAIN; | |
1722 | + } | |
1723 | +#endif | |
1724 | ||
1725 | bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); | |
1726 | memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0])); | |
1727 | diff -urPX nopatch linux-2.4.22/fs/namei.c linux-2.4.22-ow1/fs/namei.c | |
1728 | --- linux-2.4.22/fs/namei.c Mon Aug 25 15:44:43 2003 | |
1729 | +++ linux-2.4.22-ow1/fs/namei.c Thu Aug 28 06:20:52 2003 | |
1730 | @@ -14,6 +14,7 @@ | |
1731 | /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture. | |
1732 | */ | |
1733 | ||
1734 | +#include <linux/config.h> | |
1735 | #include <linux/init.h> | |
1736 | #include <linux/slab.h> | |
1737 | #include <linux/fs.h> | |
1738 | @@ -325,6 +326,40 @@ | |
1739 | return result; | |
1740 | } | |
1741 | ||
1742 | +#ifdef CONFIG_HARDEN_LINK | |
1743 | +/* Keep this code separately (non-inline) */ | |
1744 | +static void security_alert_symlink(struct inode *inode) | |
1745 | +{ | |
1746 | + security_alert("not followed symlink of %d.%d " | |
1747 | + "by UID %d, EUID %d, process %s:%d", | |
1748 | + "symlinks not followed", | |
1749 | + inode->i_uid, inode->i_gid, | |
1750 | + current->uid, current->euid, current->comm, current->pid); | |
1751 | +} | |
1752 | + | |
1753 | +static inline int check_link(struct dentry *dentry) | |
1754 | +{ | |
1755 | + struct inode *inode, *dir; | |
1756 | + | |
1757 | + inode = dentry->d_inode; | |
1758 | + /* XXX: no locking, races possible */ | |
1759 | + dir = dentry->d_parent->d_inode; | |
1760 | + | |
1761 | + /* | |
1762 | + * Don't follow links that we don't own in +t directories, | |
1763 | + * unless the link is owned by the owner of the directory. | |
1764 | + */ | |
1765 | + if ((dir->i_mode & S_ISVTX) && | |
1766 | + inode->i_uid != dir->i_uid && | |
1767 | + current->fsuid != inode->i_uid) { | |
1768 | + security_alert_symlink(inode); | |
1769 | + return -EACCES; | |
1770 | + } | |
1771 | + | |
1772 | + return 0; | |
1773 | +} | |
1774 | +#endif | |
1775 | + | |
1776 | /* | |
1777 | * This limits recursive symlink follows to 8, while | |
1778 | * limiting consecutive symlinks to 40. | |
1779 | @@ -335,10 +370,15 @@ | |
1780 | static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) | |
1781 | { | |
1782 | int err; | |
1783 | - if (current->link_count >= 5) | |
1784 | + if (current->link_count >= 8) | |
1785 | goto loop; | |
1786 | if (current->total_link_count >= 40) | |
1787 | goto loop; | |
1788 | +#ifdef CONFIG_HARDEN_LINK | |
1789 | + err = check_link(dentry); | |
1790 | + if (err) | |
1791 | + goto out; | |
1792 | +#endif | |
1793 | if (current->need_resched) { | |
1794 | current->state = TASK_RUNNING; | |
1795 | schedule(); | |
1796 | @@ -350,8 +390,10 @@ | |
1797 | current->link_count--; | |
1798 | return err; | |
1799 | loop: | |
1800 | + err = -ELOOP; | |
1801 | +out: | |
1802 | path_release(nd); | |
1803 | - return -ELOOP; | |
1804 | + return err; | |
1805 | } | |
1806 | ||
1807 | static inline int __follow_up(struct vfsmount **mnt, struct dentry **base) | |
1808 | @@ -1064,6 +1106,32 @@ | |
1809 | /* | |
1810 | * It already exists. | |
1811 | */ | |
1812 | + | |
1813 | +#ifdef CONFIG_HARDEN_FIFO | |
1814 | + /* | |
1815 | + * Don't write to FIFOs that we don't own in +t directories, | |
1816 | + * unless the FIFO is owned by the owner of the directory. | |
1817 | + * | |
1818 | + * Do this check early while we hold the directory. | |
1819 | + */ | |
1820 | + inode = dentry->d_inode; | |
1821 | + if (S_ISFIFO(inode->i_mode) && !(flag & O_EXCL) && | |
1822 | + (dir->d_inode->i_mode & S_ISVTX) && | |
1823 | + inode->i_uid != dir->d_inode->i_uid && | |
1824 | + current->fsuid != inode->i_uid) { | |
1825 | + up(&dir->d_inode->i_sem); | |
1826 | + if (!permission(inode, acc_mode)) | |
1827 | + security_alert("denied writing FIFO of %d.%d " | |
1828 | + "by UID %d, EUID %d, process %s:%d", | |
1829 | + "writes into a FIFO denied", | |
1830 | + inode->i_uid, inode->i_gid, | |
1831 | + current->uid, current->euid, | |
1832 | + current->comm, current->pid); | |
1833 | + error = -EACCES; | |
1834 | + goto exit_dput; | |
1835 | + } | |
1836 | +#endif | |
1837 | + | |
1838 | up(&dir->d_inode->i_sem); | |
1839 | ||
1840 | error = -EEXIST; | |
1841 | @@ -1184,6 +1252,11 @@ | |
1842 | * stored in nd->last.name and we will have to putname() it when we | |
1843 | * are done. Procfs-like symlinks just set LAST_BIND. | |
1844 | */ | |
1845 | +#ifdef CONFIG_HARDEN_LINK | |
1846 | + error = check_link(dentry); | |
1847 | + if (error) | |
1848 | + goto exit_dput; | |
1849 | +#endif | |
1850 | UPDATE_ATIME(dentry->d_inode); | |
1851 | error = dentry->d_inode->i_op->follow_link(dentry, nd); | |
1852 | dput(dentry); | |
1853 | @@ -1605,6 +1678,32 @@ | |
1854 | inode = old_dentry->d_inode; | |
1855 | if (!inode) | |
1856 | goto exit_lock; | |
1857 | + | |
1858 | +#ifdef CONFIG_HARDEN_LINK | |
1859 | + /* | |
1860 | + * Don't allow users to create hard links to files they don't own, | |
1861 | + * unless they could read and write the file or have CAP_FOWNER. | |
1862 | + * | |
1863 | + * The real UID check is here as a workaround for atd(8) only, to | |
1864 | + * be removed one day. | |
1865 | + */ | |
1866 | + error = -EPERM; | |
1867 | + if (current->fsuid != inode->i_uid && | |
1868 | + (!S_ISREG(inode->i_mode) || | |
1869 | + (inode->i_mode & S_ISUID) || | |
1870 | + ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) || | |
1871 | + (error = permission(inode, MAY_READ | MAY_WRITE))) && | |
1872 | + !capable(CAP_FOWNER) && | |
1873 | + current->uid) { | |
1874 | + security_alert("denied hard link to %d.%d " | |
1875 | + "for UID %d, EUID %d, process %s:%d", | |
1876 | + "hard links denied", | |
1877 | + inode->i_uid, inode->i_gid, | |
1878 | + current->uid, current->euid, | |
1879 | + current->comm, current->pid); | |
1880 | + goto exit_lock; | |
1881 | + } | |
1882 | +#endif | |
1883 | ||
1884 | error = may_create(dir, new_dentry); | |
1885 | if (error) | |
1886 | diff -urPX nopatch linux-2.4.22/fs/proc/base.c linux-2.4.22-ow1/fs/proc/base.c | |
1887 | --- linux-2.4.22/fs/proc/base.c Mon Aug 25 15:44:43 2003 | |
1888 | +++ linux-2.4.22-ow1/fs/proc/base.c Thu Aug 28 07:10:20 2003 | |
1889 | @@ -167,15 +167,16 @@ | |
1890 | if (mm) | |
1891 | atomic_inc(&mm->mm_users); | |
1892 | task_unlock(task); | |
1893 | - if (mm) { | |
1894 | - unsigned int len = mm->env_end - mm->env_start; | |
1895 | + if (mm && mm->env_start && mm->env_start < mm->env_end) { | |
1896 | + unsigned long len = mm->env_end - mm->env_start; | |
1897 | if (len > PAGE_SIZE) | |
1898 | len = PAGE_SIZE; | |
1899 | res = access_process_vm(task, mm->env_start, buffer, len, 0); | |
1900 | - if (!may_ptrace_attach(task)) | |
1901 | + if (res >= 0 && !may_ptrace_attach(task)) | |
1902 | res = -ESRCH; | |
1903 | - mmput(mm); | |
1904 | } | |
1905 | + if (mm) | |
1906 | + mmput(mm); | |
1907 | return res; | |
1908 | } | |
1909 | ||
1910 | @@ -188,31 +189,30 @@ | |
1911 | if (mm) | |
1912 | atomic_inc(&mm->mm_users); | |
1913 | task_unlock(task); | |
1914 | - if (mm) { | |
1915 | - int len = mm->arg_end - mm->arg_start; | |
1916 | + if (mm && mm->arg_start && mm->arg_start < mm->arg_end) { | |
1917 | + unsigned long len = mm->arg_end - mm->arg_start; | |
1918 | if (len > PAGE_SIZE) | |
1919 | len = PAGE_SIZE; | |
1920 | res = access_process_vm(task, mm->arg_start, buffer, len, 0); | |
1921 | - // If the nul at the end of args has been overwritten, then | |
1922 | - // assume application is using setproctitle(3). | |
1923 | - if ( res > 0 && buffer[res-1] != '\0' ) | |
1924 | - { | |
1925 | - len = strnlen( buffer, res ); | |
1926 | - if ( len < res ) | |
1927 | - { | |
1928 | - res = len; | |
1929 | - } | |
1930 | - else | |
1931 | - { | |
1932 | + /* If the nul at the end of args has been overwritten, then | |
1933 | + assume application is using setproctitle(3). */ | |
1934 | + if (res > 0 && buffer[res - 1] != '\0') { | |
1935 | + len = strnlen(buffer, res); | |
1936 | + if (len < res) { | |
1937 | + res = len; | |
1938 | + } else | |
1939 | + if (mm->env_start < mm->env_end && res <= PAGE_SIZE) { | |
1940 | len = mm->env_end - mm->env_start; | |
1941 | if (len > PAGE_SIZE - res) | |
1942 | len = PAGE_SIZE - res; | |
1943 | res += access_process_vm(task, mm->env_start, buffer+res, len, 0); | |
1944 | - res = strnlen( buffer, res ); | |
1945 | - } | |
1946 | + res = strnlen(buffer, res); | |
1947 | + } else | |
1948 | + res = 0; | |
1949 | } | |
1950 | - mmput(mm); | |
1951 | } | |
1952 | + if (mm) | |
1953 | + mmput(mm); | |
1954 | return res; | |
1955 | } | |
1956 | ||
1957 | @@ -750,7 +750,12 @@ | |
1958 | inode->i_gid = 0; | |
1959 | if (ino == PROC_PID_INO || task_dumpable(task)) { | |
1960 | inode->i_uid = task->euid; | |
1961 | +#ifdef CONFIG_HARDEN_PROC | |
1962 | + if (inode->i_sb->s_root) | |
1963 | + inode->i_gid = inode->i_sb->s_root->d_inode->i_gid; | |
1964 | +#else | |
1965 | inode->i_gid = task->egid; | |
1966 | +#endif | |
1967 | } | |
1968 | ||
1969 | out: | |
1970 | @@ -1062,7 +1067,11 @@ | |
1971 | ||
1972 | if (!inode) | |
1973 | goto out; | |
1974 | +#ifdef CONFIG_HARDEN_PROC | |
1975 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP; | |
1976 | +#else | |
1977 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | |
1978 | +#endif | |
1979 | inode->i_op = &proc_base_inode_operations; | |
1980 | inode->i_fop = &proc_base_operations; | |
1981 | inode->i_nlink = 3; | |
1982 | diff -urPX nopatch linux-2.4.22/fs/proc/generic.c linux-2.4.22-ow1/fs/proc/generic.c | |
1983 | --- linux-2.4.22/fs/proc/generic.c Fri Jun 13 18:51:37 2003 | |
1984 | +++ linux-2.4.22-ow1/fs/proc/generic.c Thu Aug 28 06:20:52 2003 | |
1985 | @@ -391,7 +391,9 @@ | |
1986 | static void proc_kill_inodes(struct proc_dir_entry *de) | |
1987 | { | |
1988 | struct list_head *p; | |
1989 | - struct super_block *sb = proc_mnt->mnt_sb; | |
1990 | + struct super_block *sb = proc_super; | |
1991 | + | |
1992 | + if (!sb) return; | |
1993 | ||
1994 | /* | |
1995 | * Actually it's a partial revoke(). | |
1996 | @@ -485,12 +487,12 @@ | |
1997 | return ent; | |
1998 | } | |
1999 | ||
2000 | -struct proc_dir_entry *proc_mkdir(const char *name, struct proc_dir_entry *parent) | |
2001 | +struct proc_dir_entry *proc_mkdir_mode(const char *name, mode_t mode, | |
2002 | + struct proc_dir_entry *parent) | |
2003 | { | |
2004 | struct proc_dir_entry *ent; | |
2005 | ||
2006 | - ent = proc_create(&parent,name, | |
2007 | - (S_IFDIR | S_IRUGO | S_IXUGO),2); | |
2008 | + ent = proc_create(&parent, name, S_IFDIR | mode, 2); | |
2009 | if (ent) { | |
2010 | ent->proc_fops = &proc_dir_operations; | |
2011 | ent->proc_iops = &proc_dir_inode_operations; | |
2012 | @@ -501,6 +503,12 @@ | |
2013 | } | |
2014 | } | |
2015 | return ent; | |
2016 | +} | |
2017 | + | |
2018 | +struct proc_dir_entry *proc_mkdir(const char *name, | |
2019 | + struct proc_dir_entry *parent) | |
2020 | +{ | |
2021 | + return proc_mkdir_mode(name, S_IRUGO | S_IXUGO, parent); | |
2022 | } | |
2023 | ||
2024 | struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode, | |
2025 | diff -urPX nopatch linux-2.4.22/fs/proc/inode.c linux-2.4.22-ow1/fs/proc/inode.c | |
2026 | --- linux-2.4.22/fs/proc/inode.c Fri Jun 13 18:51:37 2003 | |
2027 | +++ linux-2.4.22-ow1/fs/proc/inode.c Thu Aug 28 06:21:10 2003 | |
2028 | @@ -4,6 +4,7 @@ | |
2029 | * Copyright (C) 1991, 1992 Linus Torvalds | |
2030 | */ | |
2031 | ||
2032 | +#include <linux/config.h> | |
2033 | #include <linux/sched.h> | |
2034 | #include <linux/proc_fs.h> | |
2035 | #include <linux/kernel.h> | |
2036 | @@ -73,8 +74,6 @@ | |
2037 | } | |
2038 | } | |
2039 | ||
2040 | -struct vfsmount *proc_mnt; | |
2041 | - | |
2042 | static void proc_read_inode(struct inode * inode) | |
2043 | { | |
2044 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; | |
2045 | @@ -153,6 +152,10 @@ | |
2046 | inode->i_mode = de->mode; | |
2047 | inode->i_uid = de->uid; | |
2048 | inode->i_gid = de->gid; | |
2049 | +#ifdef CONFIG_HARDEN_PROC | |
2050 | + if (sb->s_root) | |
2051 | + inode->i_gid = sb->s_root->d_inode->i_gid; | |
2052 | +#endif | |
2053 | } | |
2054 | if (de->size) | |
2055 | inode->i_size = de->size; | |
2056 | @@ -176,6 +179,8 @@ | |
2057 | goto out; | |
2058 | } | |
2059 | ||
2060 | +struct super_block *proc_super = NULL; | |
2061 | + | |
2062 | struct super_block *proc_read_super(struct super_block *s,void *data, | |
2063 | int silent) | |
2064 | { | |
2065 | @@ -200,6 +205,10 @@ | |
2066 | if (!s->s_root) | |
2067 | goto out_no_root; | |
2068 | parse_options(data, &root_inode->i_uid, &root_inode->i_gid); | |
2069 | + if (!proc_super) { | |
2070 | + s->s_count++; | |
2071 | + proc_super = s; | |
2072 | + } | |
2073 | return s; | |
2074 | ||
2075 | out_no_root: | |
2076 | diff -urPX nopatch linux-2.4.22/fs/proc/proc_tty.c linux-2.4.22-ow1/fs/proc/proc_tty.c | |
2077 | --- linux-2.4.22/fs/proc/proc_tty.c Sat Apr 22 02:17:57 2000 | |
2078 | +++ linux-2.4.22-ow1/fs/proc/proc_tty.c Thu Aug 28 06:20:52 2003 | |
2079 | @@ -128,7 +128,7 @@ | |
2080 | } | |
2081 | ||
2082 | /* | |
2083 | - * Thsi function is called by register_tty_driver() to handle | |
2084 | + * This function is called by tty_register_driver() to handle | |
2085 | * registering the driver's /proc handler into /proc/tty/driver/<foo> | |
2086 | */ | |
2087 | void proc_tty_register_driver(struct tty_driver *driver) | |
2088 | @@ -151,7 +151,7 @@ | |
2089 | } | |
2090 | ||
2091 | /* | |
2092 | - * This function is called by unregister_tty_driver() | |
2093 | + * This function is called by tty_unregister_driver() | |
2094 | */ | |
2095 | void proc_tty_unregister_driver(struct tty_driver *driver) | |
2096 | { | |
2097 | @@ -174,7 +174,13 @@ | |
2098 | if (!proc_mkdir("tty", 0)) | |
2099 | return; | |
2100 | proc_tty_ldisc = proc_mkdir("tty/ldisc", 0); | |
2101 | - proc_tty_driver = proc_mkdir("tty/driver", 0); | |
2102 | + /* | |
2103 | + * /proc/tty/driver/serial reveals the exact character counts for | |
2104 | + * serial links which is just too easy to abuse for inferring | |
2105 | + * password lengths and inter-keystroke timings during password | |
2106 | + * entry. | |
2107 | + */ | |
2108 | + proc_tty_driver = proc_mkdir_mode("tty/driver", S_IRUSR | S_IXUSR, 0); | |
2109 | ||
2110 | create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL); | |
2111 | create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL); | |
2112 | diff -urPX nopatch linux-2.4.22/fs/proc/root.c linux-2.4.22-ow1/fs/proc/root.c | |
2113 | --- linux-2.4.22/fs/proc/root.c Sat Aug 3 04:39:45 2002 | |
2114 | +++ linux-2.4.22-ow1/fs/proc/root.c Thu Aug 28 06:20:52 2003 | |
2115 | @@ -8,6 +8,7 @@ | |
2116 | ||
2117 | #include <asm/uaccess.h> | |
2118 | ||
2119 | +#include <linux/config.h> | |
2120 | #include <linux/errno.h> | |
2121 | #include <linux/sched.h> | |
2122 | #include <linux/proc_fs.h> | |
2123 | @@ -30,14 +31,12 @@ | |
2124 | int err = register_filesystem(&proc_fs_type); | |
2125 | if (err) | |
2126 | return; | |
2127 | - proc_mnt = kern_mount(&proc_fs_type); | |
2128 | - err = PTR_ERR(proc_mnt); | |
2129 | - if (IS_ERR(proc_mnt)) { | |
2130 | - unregister_filesystem(&proc_fs_type); | |
2131 | - return; | |
2132 | - } | |
2133 | proc_misc_init(); | |
2134 | +#ifdef CONFIG_HARDEN_PROC | |
2135 | + proc_net = proc_mkdir_mode("net", S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0); | |
2136 | +#else | |
2137 | proc_net = proc_mkdir("net", 0); | |
2138 | +#endif | |
2139 | #ifdef CONFIG_SYSVIPC | |
2140 | proc_mkdir("sysvipc", 0); | |
2141 | #endif | |
2142 | diff -urPX nopatch linux-2.4.22/include/asm-i386/a.out.h linux-2.4.22-ow1/include/asm-i386/a.out.h | |
2143 | --- linux-2.4.22/include/asm-i386/a.out.h Fri Jun 16 22:33:06 1995 | |
2144 | +++ linux-2.4.22-ow1/include/asm-i386/a.out.h Thu Aug 28 06:20:52 2003 | |
2145 | @@ -19,7 +19,16 @@ | |
2146 | ||
2147 | #ifdef __KERNEL__ | |
2148 | ||
2149 | +#include <linux/config.h> | |
2150 | + | |
2151 | +#ifdef CONFIG_HARDEN_STACK | |
2152 | +#define STACK_TOP ( \ | |
2153 | + (current->flags & PF_STACKEXEC) \ | |
2154 | + ? TASK_SIZE - _STK_LIM \ | |
2155 | + : TASK_SIZE ) | |
2156 | +#else | |
2157 | #define STACK_TOP TASK_SIZE | |
2158 | +#endif | |
2159 | ||
2160 | #endif | |
2161 | ||
2162 | diff -urPX nopatch linux-2.4.22/include/asm-i386/processor.h linux-2.4.22-ow1/include/asm-i386/processor.h | |
2163 | --- linux-2.4.22/include/asm-i386/processor.h Mon Aug 25 15:44:43 2003 | |
2164 | +++ linux-2.4.22-ow1/include/asm-i386/processor.h Thu Aug 28 06:20:52 2003 | |
2165 | @@ -261,10 +261,28 @@ | |
2166 | */ | |
2167 | #define TASK_SIZE (PAGE_OFFSET) | |
2168 | ||
2169 | +/* | |
2170 | + * Magic addresses to return to the kernel from signal handlers. These two | |
2171 | + * should be beyond user code segment limit, adjacent, and MAGIC_SIGRETURN | |
2172 | + * should be even. | |
2173 | + */ | |
2174 | +#define MAGIC_SIGRETURN (PAGE_OFFSET + 0xDE0000) | |
2175 | +#define MAGIC_RT_SIGRETURN (PAGE_OFFSET + 0xDE0001) | |
2176 | + | |
2177 | /* This decides where the kernel will search for a free chunk of vm | |
2178 | * space during mmap's. | |
2179 | */ | |
2180 | +#if defined(CONFIG_HARDEN_STACK) && defined(CONFIG_BINFMT_ELF) | |
2181 | +extern struct linux_binfmt elf_format; | |
2182 | +#define TASK_UNMAPPED_BASE(size) ( \ | |
2183 | + current->binfmt == &elf_format && \ | |
2184 | + !(current->flags & PF_STACKEXEC) && \ | |
2185 | + (size) < 0x00ef0000UL \ | |
2186 | + ? 0x00110000UL \ | |
2187 | + : TASK_SIZE / 3 ) | |
2188 | +#else | |
2189 | #define TASK_UNMAPPED_BASE (TASK_SIZE / 3) | |
2190 | +#endif | |
2191 | ||
2192 | /* | |
2193 | * Size of io_bitmap in longwords: 32 is ports 0-0x3ff. | |
2194 | diff -urPX nopatch linux-2.4.22/include/linux/a.out.h linux-2.4.22-ow1/include/linux/a.out.h | |
2195 | --- linux-2.4.22/include/linux/a.out.h Thu Nov 22 22:46:18 2001 | |
2196 | +++ linux-2.4.22-ow1/include/linux/a.out.h Thu Aug 28 06:20:52 2003 | |
2197 | @@ -37,6 +37,9 @@ | |
2198 | M_MIPS2 = 152 /* MIPS R6000/R4000 binary */ | |
2199 | }; | |
2200 | ||
2201 | +/* Constants for the N_FLAGS field */ | |
2202 | +#define F_STACKEXEC 1 /* Executable stack area forced */ | |
2203 | + | |
2204 | #if !defined (N_MAGIC) | |
2205 | #define N_MAGIC(exec) ((exec).a_info & 0xffff) | |
2206 | #endif | |
2207 | diff -urPX nopatch linux-2.4.22/include/linux/binfmts.h linux-2.4.22-ow1/include/linux/binfmts.h | |
2208 | --- linux-2.4.22/include/linux/binfmts.h Thu Nov 22 22:46:19 2001 | |
2209 | +++ linux-2.4.22-ow1/include/linux/binfmts.h Thu Aug 28 06:20:52 2003 | |
2210 | @@ -1,6 +1,7 @@ | |
2211 | #ifndef _LINUX_BINFMTS_H | |
2212 | #define _LINUX_BINFMTS_H | |
2213 | ||
2214 | +#include <linux/config.h> | |
2215 | #include <linux/ptrace.h> | |
2216 | #include <linux/capability.h> | |
2217 | ||
2218 | diff -urPX nopatch linux-2.4.22/include/linux/elf.h linux-2.4.22-ow1/include/linux/elf.h | |
2219 | --- linux-2.4.22/include/linux/elf.h Fri Nov 29 02:53:15 2002 | |
2220 | +++ linux-2.4.22-ow1/include/linux/elf.h Thu Aug 28 06:20:52 2003 | |
2221 | @@ -255,6 +255,8 @@ | |
2222 | #define R_MIPS_LOVENDOR 100 | |
2223 | #define R_MIPS_HIVENDOR 127 | |
2224 | ||
2225 | +/* Constants for the e_flags field */ | |
2226 | +#define EF_STACKEXEC 1 /* Executable stack area forced */ | |
2227 | ||
2228 | /* | |
2229 | * Sparc ELF relocation types | |
2230 | diff -urPX nopatch linux-2.4.22/include/linux/kernel.h linux-2.4.22-ow1/include/linux/kernel.h | |
2231 | --- linux-2.4.22/include/linux/kernel.h Fri Nov 29 02:53:15 2002 | |
2232 | +++ linux-2.4.22-ow1/include/linux/kernel.h Thu Aug 28 06:20:52 2003 | |
2233 | @@ -71,14 +71,17 @@ | |
2234 | extern long long simple_strtoll(const char *,char **,unsigned int); | |
2235 | extern int sprintf(char * buf, const char * fmt, ...) | |
2236 | __attribute__ ((format (printf, 2, 3))); | |
2237 | -extern int vsprintf(char *buf, const char *, va_list); | |
2238 | +extern int vsprintf(char *buf, const char *, va_list) | |
2239 | + __attribute__ ((format (printf, 2, 0))); | |
2240 | extern int snprintf(char * buf, size_t size, const char * fmt, ...) | |
2241 | __attribute__ ((format (printf, 3, 4))); | |
2242 | -extern int vsnprintf(char *buf, size_t size, const char *fmt, va_list args); | |
2243 | +extern int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) | |
2244 | + __attribute__ ((format (printf, 3, 0))); | |
2245 | ||
2246 | extern int sscanf(const char *, const char *, ...) | |
2247 | - __attribute__ ((format (scanf,2,3))); | |
2248 | -extern int vsscanf(const char *, const char *, va_list); | |
2249 | + __attribute__ ((format (scanf, 2, 3))); | |
2250 | +extern int vsscanf(const char *, const char *, va_list) | |
2251 | + __attribute__ ((format (scanf, 2, 0))); | |
2252 | ||
2253 | extern int get_option(char **str, int *pint); | |
2254 | extern char *get_options(char *str, int nints, int *ints); | |
2255 | @@ -170,6 +173,26 @@ | |
2256 | ({ type __x = (x); type __y = (y); __x < __y ? __x: __y; }) | |
2257 | #define max_t(type,x,y) \ | |
2258 | ({ type __x = (x); type __y = (y); __x > __y ? __x: __y; }) | |
2259 | + | |
2260 | +#define security_alert(normal_msg, flood_msg, args...) \ | |
2261 | +({ \ | |
2262 | + static unsigned long warning_time = 0, no_flood_yet = 0; \ | |
2263 | + static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED; \ | |
2264 | +\ | |
2265 | + spin_lock(&security_alert_lock); \ | |
2266 | +\ | |
2267 | +/* Make sure at least one minute passed since the last warning logged */ \ | |
2268 | + if (!warning_time || jiffies - warning_time > 60 * HZ) { \ | |
2269 | + warning_time = jiffies; no_flood_yet = 1; \ | |
2270 | + printk(KERN_ALERT "Security: " normal_msg "\n", ## args); \ | |
2271 | + } else if (no_flood_yet) { \ | |
2272 | + warning_time = jiffies; no_flood_yet = 0; \ | |
2273 | + printk(KERN_ALERT "Security: more " flood_msg \ | |
2274 | + ", logging disabled for a minute\n"); \ | |
2275 | + } \ | |
2276 | +\ | |
2277 | + spin_unlock(&security_alert_lock); \ | |
2278 | +}) | |
2279 | ||
2280 | extern void __out_of_line_bug(int line) ATTRIB_NORET; | |
2281 | #define out_of_line_bug() __out_of_line_bug(__LINE__) | |
2282 | diff -urPX nopatch linux-2.4.22/include/linux/proc_fs.h linux-2.4.22-ow1/include/linux/proc_fs.h | |
2283 | --- linux-2.4.22/include/linux/proc_fs.h Sat Aug 3 04:39:45 2002 | |
2284 | +++ linux-2.4.22-ow1/include/linux/proc_fs.h Thu Aug 28 06:20:52 2003 | |
2285 | @@ -94,7 +94,7 @@ | |
2286 | struct proc_dir_entry *parent); | |
2287 | extern void remove_proc_entry(const char *name, struct proc_dir_entry *parent); | |
2288 | ||
2289 | -extern struct vfsmount *proc_mnt; | |
2290 | +extern struct super_block *proc_super; | |
2291 | extern struct super_block *proc_read_super(struct super_block *,void *,int); | |
2292 | extern struct inode * proc_get_inode(struct super_block *, int, struct proc_dir_entry *); | |
2293 | ||
2294 | @@ -142,6 +142,8 @@ | |
2295 | struct proc_dir_entry *, const char *); | |
2296 | extern struct proc_dir_entry *proc_mknod(const char *,mode_t, | |
2297 | struct proc_dir_entry *,kdev_t); | |
2298 | +extern struct proc_dir_entry *proc_mkdir_mode(const char *,mode_t, | |
2299 | + struct proc_dir_entry *); | |
2300 | extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *); | |
2301 | ||
2302 | static inline struct proc_dir_entry *create_proc_read_entry(const char *name, | |
2303 | diff -urPX nopatch linux-2.4.22/include/linux/sched.h linux-2.4.22-ow1/include/linux/sched.h | |
2304 | --- linux-2.4.22/include/linux/sched.h Fri Jun 13 18:51:39 2003 | |
2305 | +++ linux-2.4.22-ow1/include/linux/sched.h Thu Aug 28 06:20:52 2003 | |
2306 | @@ -435,6 +435,8 @@ | |
2307 | ||
2308 | #define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */ | |
2309 | ||
2310 | +#define PF_STACKEXEC 0x01000000 /* Executable stack area forced */ | |
2311 | + | |
2312 | /* | |
2313 | * Ptrace flags | |
2314 | */ | |
2315 | diff -urPX nopatch linux-2.4.22/ipc/shm.c linux-2.4.22-ow1/ipc/shm.c | |
2316 | --- linux-2.4.22/ipc/shm.c Sat Aug 3 04:39:46 2002 | |
2317 | +++ linux-2.4.22-ow1/ipc/shm.c Thu Aug 28 06:20:52 2003 | |
2318 | @@ -149,13 +149,40 @@ | |
2319 | shp->shm_lprid = current->pid; | |
2320 | shp->shm_dtim = CURRENT_TIME; | |
2321 | shp->shm_nattch--; | |
2322 | +#ifdef CONFIG_HARDEN_SHM | |
2323 | + if(shp->shm_nattch == 0) { | |
2324 | + shp->shm_flags |= SHM_DEST; | |
2325 | + shm_destroy (shp); | |
2326 | + } | |
2327 | +#else | |
2328 | if(shp->shm_nattch == 0 && | |
2329 | shp->shm_flags & SHM_DEST) | |
2330 | shm_destroy (shp); | |
2331 | +#endif | |
2332 | else | |
2333 | shm_unlock(id); | |
2334 | up (&shm_ids.sem); | |
2335 | } | |
2336 | + | |
2337 | +#ifdef CONFIG_HARDEN_SHM | |
2338 | +void shm_exit (void) | |
2339 | +{ | |
2340 | + int i; | |
2341 | + struct shmid_kernel *shp; | |
2342 | + | |
2343 | + for (i = 0; i <= shm_ids.max_id; i++) { | |
2344 | + shp = shm_get(i); | |
2345 | + if (!shp) continue; | |
2346 | + | |
2347 | + if (shp->shm_cprid != current->pid) continue; | |
2348 | + | |
2349 | + if (shp->shm_nattch <= 0) { | |
2350 | + shp->shm_flags |= SHM_DEST; | |
2351 | + shm_destroy (shp); | |
2352 | + } | |
2353 | + } | |
2354 | +} | |
2355 | +#endif | |
2356 | ||
2357 | static int shm_mmap(struct file * file, struct vm_area_struct * vma) | |
2358 | { | |
2359 | diff -urPX nopatch linux-2.4.22/ipc/util.c linux-2.4.22-ow1/ipc/util.c | |
2360 | --- linux-2.4.22/ipc/util.c Mon Aug 25 15:44:44 2003 | |
2361 | +++ linux-2.4.22-ow1/ipc/util.c Thu Aug 28 06:20:52 2003 | |
2362 | @@ -346,8 +346,15 @@ | |
2363 | ||
2364 | void sem_exit (void) | |
2365 | { | |
2366 | - return; | |
2367 | + return; | |
2368 | } | |
2369 | + | |
2370 | +#ifdef CONFIG_HARDEN_SHM | |
2371 | +void shm_exit (void) | |
2372 | +{ | |
2373 | + return; | |
2374 | +} | |
2375 | +#endif | |
2376 | ||
2377 | asmlinkage long sys_semget (key_t key, int nsems, int semflg) | |
2378 | { | |
2379 | diff -urPX nopatch linux-2.4.22/kernel/exit.c linux-2.4.22-ow1/kernel/exit.c | |
2380 | --- linux-2.4.22/kernel/exit.c Fri Nov 29 02:53:15 2002 | |
2381 | +++ linux-2.4.22-ow1/kernel/exit.c Thu Aug 28 06:20:52 2003 | |
2382 | @@ -22,6 +22,9 @@ | |
2383 | #include <asm/mmu_context.h> | |
2384 | ||
2385 | extern void sem_exit (void); | |
2386 | +#ifdef CONFIG_HARDEN_SHM | |
2387 | +extern void shm_exit (void); | |
2388 | +#endif | |
2389 | extern struct task_struct *child_reaper; | |
2390 | ||
2391 | int getrusage(struct task_struct *, int, struct rusage *); | |
2392 | @@ -443,6 +446,9 @@ | |
2393 | ||
2394 | lock_kernel(); | |
2395 | sem_exit(); | |
2396 | +#ifdef CONFIG_HARDEN_SHM | |
2397 | + shm_exit(); | |
2398 | +#endif | |
2399 | __exit_files(tsk); | |
2400 | __exit_fs(tsk); | |
2401 | exit_namespace(tsk); | |
2402 | diff -urPX nopatch linux-2.4.22/kernel/printk.c linux-2.4.22-ow1/kernel/printk.c | |
2403 | --- linux-2.4.22/kernel/printk.c Mon Aug 25 15:44:44 2003 | |
2404 | +++ linux-2.4.22-ow1/kernel/printk.c Thu Aug 28 06:20:52 2003 | |
2405 | @@ -294,8 +294,13 @@ | |
2406 | ||
2407 | asmlinkage long sys_syslog(int type, char * buf, int len) | |
2408 | { | |
2409 | +#ifdef CONFIG_HARDEN_PROC | |
2410 | + if (!capable(CAP_SYS_ADMIN)) | |
2411 | + return -EPERM; | |
2412 | +#else | |
2413 | if ((type != 3) && !capable(CAP_SYS_ADMIN)) | |
2414 | return -EPERM; | |
2415 | +#endif | |
2416 | return do_syslog(type, buf, len); | |
2417 | } | |
2418 | ||
2419 | diff -urPX nopatch linux-2.4.22/kernel/sysctl.c linux-2.4.22-ow1/kernel/sysctl.c | |
2420 | --- linux-2.4.22/kernel/sysctl.c Mon Aug 25 15:44:44 2003 | |
2421 | +++ linux-2.4.22-ow1/kernel/sysctl.c Thu Aug 28 06:20:52 2003 | |
2422 | @@ -352,6 +352,9 @@ | |
2423 | int old_len; | |
2424 | if (!oldlenp || get_user(old_len, oldlenp)) | |
2425 | return -EFAULT; | |
2426 | + /* XXX: insufficient for SMP, but should be redundant anyway */ | |
2427 | + if ((ssize_t)old_len < 0) | |
2428 | + return -EINVAL; | |
2429 | } | |
2430 | tmp = &root_table_header.ctl_entry; | |
2431 | do { | |
2432 | diff -urPX nopatch linux-2.4.22/mm/mmap.c linux-2.4.22-ow1/mm/mmap.c | |
2433 | --- linux-2.4.22/mm/mmap.c Fri Jun 13 18:51:39 2003 | |
2434 | +++ linux-2.4.22-ow1/mm/mmap.c Thu Aug 28 06:20:52 2003 | |
2435 | @@ -3,6 +3,7 @@ | |
2436 | * | |
2437 | * Written by obz. | |
2438 | */ | |
2439 | +#include <linux/config.h> | |
2440 | #include <linux/slab.h> | |
2441 | #include <linux/shm.h> | |
2442 | #include <linux/mman.h> | |
2443 | @@ -626,7 +627,11 @@ | |
2444 | (!vma || addr + len <= vma->vm_start)) | |
2445 | return addr; | |
2446 | } | |
2447 | +#if defined(CONFIG_HARDEN_STACK) && defined(CONFIG_BINFMT_ELF) | |
2448 | + addr = PAGE_ALIGN(TASK_UNMAPPED_BASE(len)); | |
2449 | +#else | |
2450 | addr = PAGE_ALIGN(TASK_UNMAPPED_BASE); | |
2451 | +#endif | |
2452 | ||
2453 | for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) { | |
2454 | /* At this point: (!vma || addr < vma->vm_end). */ | |
2455 | diff -urPX nopatch linux-2.4.22/mm/swapfile.c linux-2.4.22-ow1/mm/swapfile.c | |
2456 | --- linux-2.4.22/mm/swapfile.c Mon Aug 25 15:44:44 2003 | |
2457 | +++ linux-2.4.22-ow1/mm/swapfile.c Thu Aug 28 06:20:52 2003 | |
2458 | @@ -738,8 +738,10 @@ | |
2459 | for (type = swap_list.head; type >= 0; type = swap_info[type].next) { | |
2460 | p = swap_info + type; | |
2461 | if ((p->flags & SWP_WRITEOK) == SWP_WRITEOK) { | |
2462 | - if (p->swap_file == nd.dentry) | |
2463 | - break; | |
2464 | + if (p->swap_file == nd.dentry || | |
2465 | + (S_ISBLK(nd.dentry->d_inode->i_mode) && | |
2466 | + p->swap_device == nd.dentry->d_inode->i_rdev)) | |
2467 | + break; | |
2468 | } | |
2469 | prev = type; | |
2470 | } | |
2471 | diff -urPX nopatch linux-2.4.22/net/socket.c linux-2.4.22-ow1/net/socket.c | |
2472 | --- linux-2.4.22/net/socket.c Mon Aug 25 15:44:44 2003 | |
2473 | +++ linux-2.4.22-ow1/net/socket.c Thu Aug 28 06:20:52 2003 | |
2474 | @@ -1305,10 +1305,18 @@ | |
2475 | asmlinkage long sys_getsockopt(int fd, int level, int optname, char *optval, int *optlen) | |
2476 | { | |
2477 | int err; | |
2478 | + int len; | |
2479 | struct socket *sock; | |
2480 | ||
2481 | if ((sock = sockfd_lookup(fd, &err))!=NULL) | |
2482 | { | |
2483 | + /* XXX: insufficient for SMP, but should be redundant anyway */ | |
2484 | + if (get_user(len, optlen)) | |
2485 | + err = -EFAULT; | |
2486 | + else | |
2487 | + if (len < 0) | |
2488 | + err = -EINVAL; | |
2489 | + else | |
2490 | if (level == SOL_SOCKET) | |
2491 | err=sock_getsockopt(sock,level,optname,optval,optlen); | |
2492 | else | |
2493 | diff -urPX nopatch linux-2.4.22/security/Common.in linux-2.4.22-ow1/security/Common.in | |
2494 | --- linux-2.4.22/security/Common.in Thu Jan 1 03:00:00 1970 | |
2495 | +++ linux-2.4.22-ow1/security/Common.in Thu Aug 28 06:20:52 2003 | |
2496 | @@ -0,0 +1,11 @@ | |
2497 | +# | |
2498 | +# Security options common to all architectures | |
2499 | +# | |
2500 | + | |
2501 | +bool 'Restricted links in /tmp' CONFIG_HARDEN_LINK | |
2502 | +bool 'Restricted FIFOs in /tmp' CONFIG_HARDEN_FIFO | |
2503 | +bool 'Restricted /proc' CONFIG_HARDEN_PROC | |
2504 | +bool 'Enforce RLIMIT_NPROC on execve(2)' CONFIG_HARDEN_RLIMIT_NPROC | |
2505 | +if [ "$CONFIG_SYSVIPC" = "y" ]; then | |
2506 | + bool 'Destroy shared memory segments not in use' CONFIG_HARDEN_SHM | |
2507 | +fi | |
2508 | diff -urPX nopatch linux-2.4.22/security/Config.in linux-2.4.22-ow1/security/Config.in | |
2509 | --- linux-2.4.22/security/Config.in Thu Jan 1 03:00:00 1970 | |
2510 | +++ linux-2.4.22-ow1/security/Config.in Thu Aug 28 06:20:52 2003 | |
2511 | @@ -0,0 +1,9 @@ | |
2512 | +# | |
2513 | +# Security options | |
2514 | +# | |
2515 | +mainmenu_option next_comment | |
2516 | +comment 'Security options' | |
2517 | + | |
2518 | +source security/Common.in | |
2519 | + | |
2520 | +endmenu |