1 diff -urN linux-2.4.21/Documentation/Configure.help linux-2.4.21/Documentation/Configure.help
2 --- linux-2.4.21/Documentation/Configure.help 2003-06-23 11:42:34.000000000 -0400
3 +++ linux-2.4.21/Documentation/Configure.help 2003-06-23 11:49:15.000000000 -0400
5 If you want to compile it as a module, say M here and read
6 Documentation/modules.txt. If unsure, say `N'.
8 +stealth networking support
9 +CONFIG_IP_NF_MATCH_STEALTH
10 + Enabling this option will drop all syn packets coming to unserved tcp
11 + ports as well as all packets coming to unserved udp ports. If you
12 + are using your system to route any type of packets (ie. via NAT)
13 + you should put this module at the end of your ruleset, since it will
14 + drop packets that aren't going to ports that are listening on your
15 + machine itself, it doesn't take into account that the packet might be
16 + destined for someone on your internal network if you're using NAT for
19 + If you want to compile it as a module, say M here and read
20 + Documentation/modules.txt. If unsure, say `N'.
22 MAC address match support
23 CONFIG_IP_NF_MATCH_MAC
24 MAC matching allows you to match packets based on the source
25 @@ -21729,6 +21743,619 @@
27 "Area6" will work for most boards. For ADX, select "Area5".
31 + If you say Y here, you will be able to configure many features that
32 + will enhance the security of your system. It is highly recommended
33 + that you say Y here and read through the help for each option so
34 + you fully understand the features and can evaluate their usefulness
37 +Additional security levels
40 + Low additional security
41 + -----------------------------------------------------------------------
42 + If you choose this option, several of the grsecurity options will
43 + be enabled that will give you greater protection against a number
44 + of attacks, while assuring that none of your software will have any
45 + conflicts with the additional security measures. If you run a lot of
46 + unusual software, or you are having problems with the higher security
47 + levels, you should say Y here. With this option, the following features
50 + linking restrictions
53 + enforcing nproc on execve()
56 + enforced chdir("/") on chroot
58 + Medium additional security
59 + -----------------------------------------------------------------------
60 + If you say Y here, several features in addition to those included in the
61 + low additional security level will be enabled. These features provide
62 + even more security to your system, though in rare cases they may
63 + be incompatible with very old or poorly written software. If you
64 + enable this option, make sure that your auth service (identd) is
65 + running as gid 10 (usually group wheel). With this option the following
66 + features (in addition to those provided in the low additional security
67 + level) will be enabled:
69 + random tcp source ports
74 + deny mounts in chroot
75 + deny double chrooting
76 + deny sysctl writes in chroot
77 + deny mknod in chroot
78 + deny access to abstract AF_UNIX sockets out of chroot
79 + deny pivot_root in chroot
80 + denied writes of /dev/kmem, /dev/mem, and /dev/port
81 + /proc restrictions with special gid set to 10 (usually wheel)
82 + address space layout randomization
84 + High additional security
85 + ----------------------------------------------------------------------
86 + If you say Y here, many of the features of grsecurity will be enabled,
87 + that will protect you against virtually all kinds of attacks against
88 + your system. The much hightened security comes at a cost of an
89 + increased chance of incompatabilities with rare software on your
90 + machine. It is highly recommended that you view
91 + <http://grsecurity.net/features.htm> and read about each option.
92 + Also remember that since the /proc restrictions are
93 + enabled, you must run your identd as group wheel (gid 10).
94 + This security level enables the following features in addition to those
95 + listed in the low and medium security levels:
97 + additional /proc restrictions
98 + chmod restrictions in chroot
99 + no signals, ptrace, or viewing processes outside of chroot
100 + capability restrictions in chroot
101 + deny fchdir out of chroot
102 + priority restrictions in chroot
103 + mprotect restrictions
104 + removal of /proc/<pid>/[maps|mem]
105 + kernel stack randomization
106 + mount/unmount/remount logging
107 + kernel symbol hiding
109 +Customized additional security
110 +CONFIG_GRKERNSEC_CUSTOM
111 + If you say Y here, you will be able to configure every grsecurity
112 + option, which allows you to enable many more features that aren't
113 + covered in the basic security levels. These additional features include
114 + TPE, socket restrictions, and the sysctl system for grsecurity. It is
115 + advised that you read through the help for each option to determine its
116 + usefulness in your situation.
118 +Deny writing to /dev/kmem, /dev/mem, and /dev/port
119 +CONFIG_GRKERNSEC_KMEM
120 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
121 + be written to via mmap or otherwise to modify the running kernel.
122 + /dev/port will also not be allowed to be opened. If you have module
123 + support disabled, enabling this will close up four ways that are
124 + currently used to insert malicious code into the running kernel.
125 + Even with all these features enabled, we still highly recommend that
126 + you use the ACL system, as it is still possible for an attacker to
127 + modify the running kernel through privileged I/O granted by ioperm/iopl.
128 + If you are not using XFree86, you may be able to stop this additional
129 + case by enabling the 'Disable privileged I/O' option. Though nothing
130 + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
131 + but only to video memory, which is the only writing we allow in this
132 + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
133 + not be allowed to mprotect it with PROT_WRITE later.
134 + Enabling this feature could make certain apps like VMWare stop working,
135 + as they need to write to other locations in /dev/mem.
136 + There are a few video cards that require write access to the BIOS,
137 + one of which is the Savage. If you have this video card, you must say
138 + N here, or Xfree86 will not function.
139 + It is highly recommended that you say Y here if you meet all the
142 +Disable privileged I/O
144 + If you say Y here, all ioperm and iopl calls will return an error.
145 + Ioperm and iopl can be used to modify the running kernel.
146 + Unfortunately, some problems need this access to operate properly,
147 + the most notable of which are XFree86 and hwclock. hwclock can be
148 + remedied by having RTC support in the kernel, so CONFIG_RTC is
149 + enabled if this option is enabled, to ensure that hwclock operates
150 + correctly. XFree86 still will not operate correctly with this option
151 + enabled, so DO NOT CHOOSE Y IF YOU USE XFree86. If you use XFree86
152 + and you still want to protect your kernel against modification,
153 + use the ACL system.
156 +CONFIG_GRKERNSEC_HIDESYM
157 + If you say Y here, getting information on loaded modules, and
158 + displaying all kernel symbols through a syscall will be restricted
159 + to users with CAP_SYS_MODULE. This option is only effective
160 + provided the following conditions are met:
161 + 1) The kernel using grsecurity is not precompiled by some distribution
162 + 2) You are using the ACL system and hiding other files such as your
163 + kernel image and System.map
164 + 3) You have the additional /proc restrictions enabled, which removes
166 + If the above conditions are met, this option will aid to provide a
167 + useful protection against local and remote kernel exploitation of
168 + overflows and arbitrary read/write vulnerabilities.
170 +/proc/<pid>/ipaddr support
171 +CONFIG_GRKERNSEC_PROC_IPADDR
172 + If you say Y here, a new entry will be added to each /proc/<pid>
173 + directory that contains the IP address of the person using the task.
174 + The IP is carried across local TCP and AF_UNIX stream sockets.
175 + This information can be useful for IDS/IPSes to perform remote response
176 + to a local attack. The entry is readable by only the owner of the
177 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
178 + the RBAC system), and thus does not create privacy concerns.
181 +CONFIG_GRKERNSEC_PROC
182 + If you say Y here, the permissions of the /proc filesystem
183 + will be altered to enhance system security and privacy. Depending
184 + upon the options you choose, you can either restrict users to see
185 + only the processes they themselves run, or choose a group that can
186 + view all processes and files normally restricted to root if you choose
187 + the "restrict to user only" option. NOTE: If you're running identd as
188 + a non-root user, you will have to run it as the group you specify here.
190 +Restrict /proc to user only
191 +CONFIG_GRKERNSEC_PROC_USER
192 + If you say Y here, non-root users will only be able to view their own
193 + processes, and restricts them from viewing network-related information,
194 + and viewing kernel symbol and module information.
196 +Restrict /proc to user and group
197 +CONFIG_GRKERNSEC_PROC_USERGROUP
198 + If you say Y here, you will be able to select a group that will be
199 + able to view all processes, network-related information, and
200 + kernel and symbol information. This option is useful if you want
201 + to run identd as a non-root user.
203 +Additional proc restrictions
204 +CONFIG_GRKERNSEC_PROC_ADD
205 + If you say Y here, additional restrictions will be placed on
206 + /proc that keep normal users from viewing cpu and device information.
208 +Dmesg(8) Restriction
209 +CONFIG_GRKERNSEC_DMESG
210 + If you say Y here, non-root users will not be able to use dmesg(8)
211 + to view up to the last 4kb of messages in the kernel's log buffer.
212 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
215 +Linking restrictions
216 +CONFIG_GRKERNSEC_LINK
217 + If you say Y here, /tmp race exploits will be prevented, since users
218 + will no longer be able to follow symlinks owned by other users in
219 + world-writeable +t directories (i.e. /tmp), unless the owner of the
220 + symlink is the owner of the directory. users will also not be
221 + able to hardlink to files they do not own. If the sysctl option is
222 + enabled, a sysctl option with name "linking_restrictions" is created.
225 +CONFIG_GRKERNSEC_FIFO
226 + If you say Y here, users will not be able to write to FIFOs they don't
227 + own in world-writeable +t directories (i.e. /tmp), unless the owner of
228 + the FIFO is the same owner of the directory it's held in. If the sysctl
229 + option is enabled, a sysctl option with name "fifo_restrictions" is
232 +Enforce RLIMIT_NPROC on execs
233 +CONFIG_GRKERNSEC_EXECVE
234 + If you say Y here, users with a resource limit on processes will
235 + have the value checked during execve() calls. The current system
236 + only checks the system limit during fork() calls. If the sysctl option
237 + is enabled, a sysctl option with name "execve_limiting" is created.
239 +Single group for auditing
240 +CONFIG_GRKERNSEC_AUDIT_GROUP
241 + If you say Y here, the exec, chdir, (un)mount, and ipc logging features
242 + will only operate on a group you specify. This option is recommended
243 + if you only want to watch certain users instead of having a large
244 + amount of logs from the entire system. If the sysctl option is enabled,
245 + a sysctl option with name "audit_group" is created.
248 +CONFIG_GRKERNSEC_AUDIT_GID
249 + Here you can choose the GID that will be the target of kernel auditing.
250 + Remember to add the users you want to log to the GID specified here.
251 + If the sysctl option is enabled, whatever you choose here won't matter.
252 + You'll have to specify the GID in your bootup script by echoing the GID
253 + to the proper /proc entry. View the help on the sysctl option for more
254 + information. If the sysctl option is enabled, a sysctl option with name
255 + "audit_gid" is created.
258 +CONFIG_GRKERNSEC_AUDIT_CHDIR
259 + If you say Y here, all chdir() calls will be logged. If the sysctl
260 + option is enabled, a sysctl option with name "audit_chdir" is created.
263 +CONFIG_GRKERNSEC_AUDIT_MOUNT
264 + If you say Y here, all mounts and unmounts will be logged. If the
265 + sysctl option is enabled, a sysctl option with name "audit_mount" is
269 +CONFIG_GRKERNSEC_AUDIT_IPC
270 + If you say Y here, creation and removal of message queues, semaphores,
271 + and shared memory will be logged. If the sysctl option is enabled, a
272 + sysctl option with name "audit_ipc" is created.
275 +CONFIG_GRKERNSEC_EXECLOG
276 + If you say Y here, all execve() calls will be logged (since the
277 + other exec*() calls are frontends to execve(), all execution
278 + will be logged). Useful for shell-servers that like to keep track
279 + of their users. If the sysctl option is enabled, a sysctl option with
280 + name "exec_logging" is created.
281 + WARNING: This option when enabled will produce a LOT of logs, especially
282 + on an active system.
285 +CONFIG_GRKERNSEC_RESLOG
286 + If you say Y here, all attempts to overstep resource limits will
287 + be logged with the resource name, the requested size, and the current
288 + limit. It is highly recommended that you say Y here.
291 +CONFIG_GRKERNSEC_SIGNAL
292 + If you say Y here, certain important signals will be logged, such as
293 + SIGSEGV, which will as a result inform you of when a error in a program
294 + occurred, which in some cases could mean a possible exploit attempt.
295 + If the sysctl option is enabled, a sysctl option with name
296 + "signal_logging" is created.
298 +Fork failure logging
299 +CONFIG_GRKERNSEC_FORKFAIL
300 + If you say Y here, all failed fork() attempts will be logged.
301 + This could suggest a fork bomb, or someone attempting to overstep
302 + their process limit. If the sysctl option is enabled, a sysctl option
303 + with name "forkfail_logging" is created.
306 +CONFIG_GRKERNSEC_TIME
307 + If you say Y here, any changes of the system clock will be logged.
308 + If the sysctl option is enabled, a sysctl option with name
309 + "timechange_logging" is created.
311 +Chroot jail restrictions
312 +CONFIG_GRKERNSEC_CHROOT
313 + If you say Y here, you will be able to choose several options that will
314 + make breaking out of a chrooted jail much more difficult. If you
315 + encounter no software incompatibilities with the following options, it
316 + is recommended that you enable each one.
318 +Deny access to abstract AF_UNIX sockets out of chroot
319 +CONFIG_GRKERNSEC_CHROOT_UNIX
320 + If you say Y here, processes inside a chroot will not be able to
321 + connect to abstract (meaning not belonging to a filesystem) Unix
322 + domain sockets that were bound outside of a chroot. It is recommended
323 + that you say Y here. If the sysctl option is enabled, a sysctl option
324 + with name "chroot_deny_unix" is created.
326 +Deny shmat() out of chroot
327 +CONFIG_GRKERNSEC_CHROOT_SHMAT
328 + If you say Y here, processes inside a chroot will not be able to attach
329 + to shared memory segments that were created outside of the chroot jail.
330 + It is recommended that you say Y here. If the sysctl option is enabled,
331 + a sysctl option with name "chroot_deny_shmat" is created.
333 +Protect outside processes
334 +CONFIG_GRKERNSEC_CHROOT_FINDTASK
335 + If you say Y here, processes inside a chroot will not be able to
336 + kill, send signals with fcntl, ptrace, capget, setpgid, getpgid,
337 + getsid, or view any process outside of the chroot. If the sysctl
338 + option is enabled, a sysctl option with name "chroot_findtask" is
341 +Deny mounts in chroot
342 +CONFIG_GRKERNSEC_CHROOT_MOUNT
343 + If you say Y here, processes inside a chroot will not be able to
344 + mount or remount filesystems. If the sysctl option is enabled, a
345 + sysctl option with name "chroot_deny_mount" is created.
347 +Deny pivot_root in chroot
348 +CONFIG_GRKERNSEC_CHROOT_PIVOT
349 + If you say Y here, processes inside a chroot will not be able to use
350 + a function called pivot_root() that was introduced in Linux 2.3.41. It
351 + works similar to chroot in that it changes the root filesystem. This
352 + function could be misused in a chrooted process to attempt to break out
353 + of the chroot, and therefore should not be allowed. If the sysctl
354 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
358 +CONFIG_GRKERNSEC_CHROOT_DOUBLE
359 + If you say Y here, processes inside a chroot will not be able to chroot
360 + again. This is a widely used method of breaking out of a chroot jail
361 + and should not be allowed. If the sysctl option is enabled, a sysctl
362 + option with name "chroot_deny_chroot" is created.
364 +Deny fchdir outside of chroot
365 +CONFIG_GRKERNSEC_CHROOT_FCHDIR
366 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
367 + to a file descriptor of the chrooting process that points to a directory
368 + outside the filesystem will be stopped. If the sysctl option
369 + is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
371 +Enforce chdir("/") on all chroots
372 +CONFIG_GRKERNSEC_CHROOT_CHDIR
373 + If you say Y here, the current working directory of all newly-chrooted
374 + applications will be set to the the root directory of the chroot.
375 + The man page on chroot(2) states:
376 + Note that this call does not change the current working
377 + directory, so that `.' can be outside the tree rooted at
378 + `/'. In particular, the super-user can escape from a
379 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
381 + It is recommended that you say Y here, since it's not known to break
382 + any software. If the sysctl option is enabled, a sysctl option with
383 + name "chroot_enforce_chdir" is created.
385 +Deny (f)chmod +s in chroot
386 +CONFIG_GRKERNSEC_CHROOT_CHMOD
387 + If you say Y here, processes inside a chroot will not be able to chmod
388 + or fchmod files to make them have suid or sgid bits. This protects
389 + against another published method of breaking a chroot. If the sysctl
390 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
393 +Deny mknod in chroot
394 +CONFIG_GRKERNSEC_CHROOT_MKNOD
395 + If you say Y here, processes inside a chroot will not be allowed to
396 + mknod. The problem with using mknod inside a chroot is that it
397 + would allow an attacker to create a device entry that is the same
398 + as one on the physical root of your system, which could range from
399 + anyhing from the console device to a device for your harddrive (which
400 + they could then use to wipe the drive or steal data). It is recommended
401 + that you say Y here, unless you run into software incompatibilities.
402 + If the sysctl option is enabled, a sysctl option with name
403 + "chroot_deny_mknod" is created.
405 +Restrict priority changes in chroot
406 +CONFIG_GRKERNSEC_CHROOT_NICE
407 + If you say Y here, processes inside a chroot will not be able to raise
408 + the priority of processes in the chroot, or alter the priority of
409 + processes outside the chroot. This provides more security than simply
410 + removing CAP_SYS_NICE from the process' capability set. If the
411 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
414 +Log all execs within chroot
415 +CONFIG_GRKERNSEC_CHROOT_EXECLOG
416 + If you say Y here, all executions inside a chroot jail will be logged
417 + to syslog. This can cause a large amount of logs if certain
418 + applications (eg. djb's daemontools) are installed on the system, and
419 + is therefore left as an option. If the sysctl option is enabled, a
420 + sysctl option with name "chroot_execlog" is created.
422 +Deny sysctl writes in chroot
423 +CONFIG_GRKERNSEC_CHROOT_SYSCTL
424 + If you say Y here, an attacker in a chroot will not be able to
425 + write to sysctl entries, either by sysctl(2) or through a /proc
426 + interface. It is strongly recommended that you say Y here. If the
427 + sysctl option is enabled, a sysctl option with name
428 + "chroot_deny_sysctl" is created.
430 +Chroot jail capability restrictions
431 +CONFIG_GRKERNSEC_CHROOT_CAPS
432 + If you say Y here, the capabilities on all root processes within a
433 + chroot jail will be lowered to stop module insertion, raw i/o,
434 + system and net admin tasks, rebooting the system, modifying immutable
435 + files, modifying IPC owned by another, and changing the system time.
436 + This is left an option because it can break some apps. Disable this
437 + if your chrooted apps are having problems performing those kinds of
438 + tasks. If the sysctl option is enabled, a sysctl option with
439 + name "chroot_caps" is created.
441 +Trusted path execution
442 +CONFIG_GRKERNSEC_TPE
443 + If you say Y here, you will be able to choose a gid to add to the
444 + supplementary groups of users you want to mark as "untrusted."
445 + These users will not be able to execute any files that are not in
446 + root-owned directories writeable only by root. If the sysctl option
447 + is enabled, a sysctl option with name "tpe" is created.
449 +Group for trusted path execution
450 +CONFIG_GRKERNSEC_TPE_GID
451 + Here you can choose the GID to enable trusted path protection for.
452 + Remember to add the users you want protection enabled for to the GID
453 + specified here. If the sysctl option is enabled, whatever you choose
454 + here won't matter. You'll have to specify the GID in your bootup
455 + script by echoing the GID to the proper /proc entry. View the help
456 + on the sysctl option for more information. If the sysctl option is
457 + enabled, a sysctl option with name "tpe_gid" is created.
459 +Partially restrict non-root users
460 +CONFIG_GRKERNSEC_TPE_ALL
461 + If you say Y here, All non-root users other than the ones in the
462 + group specified in the main TPE option will only be allowed to
463 + execute files in directories they own that are not group or
464 + world-writeable, or in directories owned by root and writeable only by
465 + root. If the sysctl option is enabled, a sysctl option with name
466 + "tpe_restrict_all" is created.
469 +CONFIG_GRKERNSEC_RANDPID
470 + If you say Y here, all PIDs created on the system will be
471 + pseudo-randomly generated. This is extremely effective along
472 + with the /proc restrictions to disallow an attacker from guessing
473 + pids of daemons, etc. PIDs are also used in some cases as part
474 + of a naming system for temporary files, so this option would keep
475 + those filenames from being predicted as well. We also use code
476 + to make sure that PID numbers aren't reused too soon. If the sysctl
477 + option is enabled, a sysctl option with name "rand_pids" is created.
479 +Larger entropy pools
480 +CONFIG_GRKERNSEC_RANDNET
481 + If you say Y here, the entropy pools used for many features of Linux
482 + and grsecurity will be doubled in size. Since several grsecurity
483 + features use additional randomness, it is recommended that you say Y
484 + here. Saying Y here has a similar effect as modifying
485 + /proc/sys/kernel/random/poolsize.
487 +Truly random TCP ISN selection
488 +CONFIG_GRKERNSEC_RANDISN
489 + If you say Y here, Linux's default selection of TCP Initial Sequence
490 + Numbers (ISNs) will be replaced with that of OpenBSD. Linux uses
491 + an MD4 hash based on the connection plus a time value to create the
492 + ISN, while OpenBSD's selection is random. If the sysctl option is
493 + enabled, a sysctl option with name "rand_isns" is created.
496 +CONFIG_GRKERNSEC_RANDID
497 + If you say Y here, all the id field on all outgoing packets
498 + will be randomized. This hinders os fingerprinters and
499 + keeps your machine from being used as a bounce for an untraceable
500 + portscan. Ids are used for fragmented packets, fragments belonging
501 + to the same packet have the same id. By default linux only
502 + increments the id value on each packet sent to an individual host.
503 + We use a port of the OpenBSD random ip id code to achieve the
504 + randomness, while keeping the possibility of id duplicates to
505 + near none. If the sysctl option is enabled, a sysctl option with name
506 + "rand_ip_ids" is created.
508 +Randomized TCP source ports
509 +CONFIG_GRKERNSEC_RANDSRC
510 + If you say Y here, situations where a source port is generated on the
511 + fly for the TCP protocol (ie. with connect() ) will be altered so that
512 + the source port is generated at random, instead of a simple incrementing
513 + algorithm. If the sysctl option is enabled, a sysctl option with name
514 + "rand_tcp_src_ports" is created.
517 +CONFIG_GRKERNSEC_RANDRPC
518 + If you say Y here, the method of determining XIDs for RPC requests will
519 + be randomized, instead of using linux's default behavior of simply
520 + incrementing the XID. If you want your RPC connections to be more
521 + secure, say Y here. If the sysctl option is enabled, a sysctl option
522 + with name "rand_rpc" is created.
525 +CONFIG_GRKERNSEC_RANDPING
526 + If you say Y here, the way Linux handles echo replies will be changed
527 + so that the reply uses an ID equal to the ID of the echo request.
528 + This will help in confusing OS detection. If the sysctl option is
529 + enabled, a sysctl option with name "altered_pings" is created.
532 +CONFIG_GRKERNSEC_SOCKET
533 + If you say Y here, you will be able to choose from several options.
534 + If you assign a GID on your system and add it to the supplementary
535 + groups of users you want to restrict socket access to, this patch
536 + will perform up to three things, based on the option(s) you choose.
538 +Deny all socket access
539 +CONFIG_GRKERNSEC_SOCKET_ALL
540 + If you say Y here, you will be able to choose a GID of whose users will
541 + be unable to connect to other hosts from your machine or run server
542 + applications from your machine. If the sysctl option is enabled, a
543 + sysctl option with name "socket_all" is created.
545 +Group for disabled socket access
546 +CONFIG_GRKERNSEC_SOCKET_ALL_GID
547 + Here you can choose the GID to disable socket access for. Remember to
548 + add the users you want socket access disabled for to the GID
549 + specified here. If the sysctl option is enabled, whatever you choose
550 + here won't matter. You'll have to specify the GID in your bootup
551 + script by echoing the GID to the proper /proc entry. View the help
552 + on the sysctl option for more information. If the sysctl option is
553 + enabled, a sysctl option with name "socket_all_gid" is created.
555 +Deny all client socket access
556 +CONFIG_GRKERNSEC_SOCKET_CLIENT
557 + If you say Y here, you will be able to choose a GID of whose users will
558 + be unable to connect to other hosts from your machine, but will be
559 + able to run servers. If this option is enabled, all users in the group
560 + you specify will have to use passive mode when initiating ftp transfers
561 + from the shell on your machine. If the sysctl option is enabled, a
562 + sysctl option with name "socket_client" is created.
564 +Group for disabled client socket access
565 +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID
566 + Here you can choose the GID to disable client socket access for.
567 + Remember to add the users you want client socket access disabled for to
568 + the GID specified here. If the sysctl option is enabled, whatever you
569 + choose here won't matter. You'll have to specify the GID in your bootup
570 + script by echoing the GID to the proper /proc entry. View the help
571 + on the sysctl option for more information. If the sysctl option is
572 + enabled, a sysctl option with name "socket_client_gid" is created.
574 +Deny all server socket access
575 +CONFIG_GRKERNSEC_SOCKET_SERVER
576 + If you say Y here, you will be able to choose a GID of whose users will
577 + be unable to run server applications from your machine. If the sysctl
578 + option is enabled, a sysctl option with name "socket_server" is created.
580 +Group for disabled server socket access
581 +CONFIG_GRKERNSEC_SOCKET_SERVER_GID
582 + Here you can choose the GID to disable server socket access for.
583 + Remember to add the users you want server socket access disabled for to
584 + the GID specified here. If the sysctl option is enabled, whatever you
585 + choose here won't matter. You'll have to specify the GID in your bootup
586 + script by echoing the GID to the proper /proc entry. View the help
587 + on the sysctl option for more information. If the sysctl option is
588 + enabled, a sysctl option with name "socket_server_gid" is created.
591 +CONFIG_GRKERNSEC_SYSCTL
592 + If you say Y here, you will be able to change the options that
593 + grsecurity runs with at bootup, without having to recompile your
594 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
595 + to enable (1) or disable (0) various features. All the sysctl entries
596 + are mutable until the "grsec_lock" entry is set to a non-zero value.
597 + All features are disabled by default. Please note that this option could
598 + reduce the effectiveness of the added security of this patch if an ACL
599 + system is not put in place. Your init scripts should be read-only, and
600 + root should not have access to adding modules or performing raw i/o
601 + operations. All options should be set at startup, and the grsec_lock
602 + entry should be set to a non-zero value after all the options are set.
603 + *THIS IS EXTREMELY IMPORTANT*
605 +Number of burst messages
606 +CONFIG_GRKERNSEC_FLOODBURST
607 + This option allows you to choose the maximum number of messages allowed
608 + within the flood time interval you chose in a separate option. The
609 + default should be suitable for most people, however if you find that
610 + many of your logs are being interpreted as flooding, you may want to
613 +Seconds in between log messages
614 +CONFIG_GRKERNSEC_FLOODTIME
615 + This option allows you to enforce the number of seconds between
616 + grsecurity log messages. The default should be suitable for most
617 + people, however, if you choose to change it, choose a value small enough
618 + to allow informative logs to be produced, but large enough to
621 +Hide kernel processes
622 +CONFIG_GRKERNSEC_ACL_HIDEKERN
623 + If you say Y here, when the ACL system is enabled via gradm -E,
624 + an additional ACL will be passed to the kernel that hides all kernel
625 + processes. These processes will only be viewable by the authenticated
626 + admin, or processes that have viewing access set.
628 +Maximum tries before password lockout
629 +CONFIG_GRKERNSEC_ACL_MAXTRIES
630 + This option enforces the maximum number of times a user can attempt
631 + to authorize themselves with the grsecurity ACL system before being
632 + denied the ability to attempt authorization again for a specified time.
633 + The lower the number, the harder it will be to brute-force a password.
635 +Time to wait after max password tries, in seconds
636 +CONFIG_GRKERNSEC_ACL_TIMEOUT
637 + This option specifies the time the user must wait after attempting to
638 + authorize to the ACL system with the maximum number of invalid
639 + passwords. The higher the number, the harder it will be to brute-force
643 CONFIG_DCACHE_DISABLE
644 This option allows you to run the kernel with data cache disabled.
645 diff -urN linux-2.4.21/Makefile linux-2.4.21/Makefile
646 --- linux-2.4.21/Makefile 2003-06-23 11:41:28.000000000 -0400
647 +++ linux-2.4.21/Makefile 2003-06-23 11:49:15.000000000 -0400
649 CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o
650 NETWORKS =net/network.o
651 CRYPTO =crypto/crypto.o
652 +GRSECURITY =grsecurity/grsec.o
654 LIBS =$(TOPDIR)/lib/lib.a
655 -SUBDIRS =kernel drivers mm fs net ipc lib crypto
656 +SUBDIRS =kernel drivers mm fs net ipc lib crypto grsecurity
662 export CPPFLAGS CFLAGS CFLAGS_KERNEL AFLAGS AFLAGS_KERNEL
664 -export NETWORKS CRYPTO DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS
665 +export NETWORKS CRYPTO DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS GRSECURITY
668 $(CPP) $(AFLAGS) $(AFLAGS_KERNEL) -traditional -o $*.s $<
678 diff -urN linux-2.4.21/arch/alpha/config.in linux-2.4.21/arch/alpha/config.in
679 --- linux-2.4.21/arch/alpha/config.in 2003-06-23 11:42:24.000000000 -0400
680 +++ linux-2.4.21/arch/alpha/config.in 2003-06-23 11:49:15.000000000 -0400
686 +mainmenu_option next_comment
687 +comment 'Grsecurity'
688 +bool 'Grsecurity' CONFIG_GRKERNSEC
689 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
690 + source grsecurity/Config.in
694 diff -urN linux-2.4.21/arch/alpha/kernel/osf_sys.c linux-2.4.21/arch/alpha/kernel/osf_sys.c
695 --- linux-2.4.21/arch/alpha/kernel/osf_sys.c 2003-06-23 11:42:24.000000000 -0400
696 +++ linux-2.4.21/arch/alpha/kernel/osf_sys.c 2003-06-23 11:49:15.000000000 -0400
698 #include <linux/file.h>
699 #include <linux/types.h>
700 #include <linux/ipc.h>
701 +#include <linux/grsecurity.h>
710 + if(gr_handle_mmap(file, prot)) {
716 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
717 down_write(¤t->mm->mmap_sem);
718 ret = do_mmap(file, addr, len, prot, flags, off);
719 diff -urN linux-2.4.21/arch/alpha/kernel/ptrace.c linux-2.4.21/arch/alpha/kernel/ptrace.c
720 --- linux-2.4.21/arch/alpha/kernel/ptrace.c 2003-06-23 11:42:24.000000000 -0400
721 +++ linux-2.4.21/arch/alpha/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
723 #include <linux/ptrace.h>
724 #include <linux/user.h>
725 #include <linux/slab.h>
726 +#include <linux/grsecurity.h>
728 #include <asm/uaccess.h>
729 #include <asm/pgtable.h>
731 read_unlock(&tasklist_lock);
735 + if(gr_handle_ptrace(child, request))
738 if (request == PTRACE_ATTACH) {
739 ret = ptrace_attach(child);
741 diff -urN linux-2.4.21/arch/arm/config.in linux-2.4.21/arch/arm/config.in
742 --- linux-2.4.21/arch/arm/config.in 2003-06-23 11:42:30.000000000 -0400
743 +++ linux-2.4.21/arch/arm/config.in 2003-06-23 11:49:15.000000000 -0400
749 +mainmenu_option next_comment
750 +comment 'Grsecurity'
751 +bool 'Grsecurity' CONFIG_GRKERNSEC
752 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
753 + source grsecurity/Config.in
756 diff -urN linux-2.4.21/arch/cris/config.in linux-2.4.21/arch/cris/config.in
757 --- linux-2.4.21/arch/cris/config.in 2003-06-23 11:42:34.000000000 -0400
758 +++ linux-2.4.21/arch/cris/config.in 2003-06-23 11:49:15.000000000 -0400
764 +mainmenu_option next_comment
765 +comment 'Grsecurity'
766 +bool 'Grsecurity' CONFIG_GRKERNSEC
767 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
768 + source grsecurity/Config.in
772 diff -urN linux-2.4.21/arch/i386/config.in linux-2.4.21/arch/i386/config.in
773 --- linux-2.4.21/arch/i386/config.in 2003-06-23 11:42:23.000000000 -0400
774 +++ linux-2.4.21/arch/i386/config.in 2003-06-23 11:49:15.000000000 -0400
780 +mainmenu_option next_comment
781 +comment 'Grsecurity'
782 +bool 'Grsecurity' CONFIG_GRKERNSEC
783 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
784 + source grsecurity/Config.in
787 diff -urN linux-2.4.21/arch/i386/kernel/i387.c linux-2.4.21/arch/i386/kernel/i387.c
788 --- linux-2.4.21/arch/i386/kernel/i387.c 2003-06-23 11:42:24.000000000 -0400
789 +++ linux-2.4.21/arch/i386/kernel/i387.c 2003-06-23 11:49:15.000000000 -0400
790 @@ -373,13 +373,16 @@
792 static inline int restore_i387_fxsave( struct _fpstate *buf )
795 struct task_struct *tsk = current;
797 - if ( __copy_from_user( &tsk->thread.i387.fxsave, &buf->_fxsr_env[0],
798 - sizeof(struct i387_fxsave_struct) ) )
800 + err = __copy_from_user( &tsk->thread.i387.fxsave, &buf->_fxsr_env[0],
801 + sizeof(struct i387_fxsave_struct) );
802 /* mxcsr bit 6 and 31-16 must be zero for security reasons */
803 tsk->thread.i387.fxsave.mxcsr &= 0xffbf;
807 return convert_fxsr_from_user( &tsk->thread.i387.fxsave, buf );
810 diff -urN linux-2.4.21/arch/i386/kernel/ioport.c linux-2.4.21/arch/i386/kernel/ioport.c
811 --- linux-2.4.21/arch/i386/kernel/ioport.c 2003-06-23 11:42:23.000000000 -0400
812 +++ linux-2.4.21/arch/i386/kernel/ioport.c 2003-06-23 11:49:15.000000000 -0400
814 #include <linux/smp.h>
815 #include <linux/smp_lock.h>
816 #include <linux/stddef.h>
817 +#include <linux/grsecurity.h>
819 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
820 static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
823 if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
825 +#ifdef CONFIG_GRKERNSEC_IO
827 + gr_handle_ioperm();
829 if (turn_on && !capable(CAP_SYS_RAWIO))
832 +#ifdef CONFIG_GRKERNSEC_IO
836 * If it's the first ioperm() call in this thread's lifetime, set the
837 * IO bitmap up. ioperm() is much less timing critical than clone(),
840 /* Trying to gain more privileges? */
842 +#ifdef CONFIG_GRKERNSEC_IO
846 if (!capable(CAP_SYS_RAWIO))
850 regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
852 diff -urN linux-2.4.21/arch/i386/kernel/ptrace.c linux-2.4.21/arch/i386/kernel/ptrace.c
853 --- linux-2.4.21/arch/i386/kernel/ptrace.c 2003-06-23 11:42:24.000000000 -0400
854 +++ linux-2.4.21/arch/i386/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
856 #include <linux/errno.h>
857 #include <linux/ptrace.h>
858 #include <linux/user.h>
859 +#include <linux/grsecurity.h>
861 #include <asm/uaccess.h>
862 #include <asm/pgtable.h>
864 if (pid == 1) /* you may not mess with init */
867 + if(gr_handle_ptrace(child, request))
870 if (request == PTRACE_ATTACH) {
871 ret = ptrace_attach(child);
874 if(addr < (long) &dummy->u_debugreg[4] &&
875 ((unsigned long) data) >= TASK_SIZE-3) break;
877 +#ifdef CONFIG_GRKERNSEC
878 + if(addr >= (long) &dummy->u_debugreg[0] &&
879 + addr <= (long) &dummy->u_debugreg[3]){
880 + long reg = (addr - (long) &dummy->u_debugreg[0]) >> 2;
881 + long type = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 4*reg)) & 3;
882 + long align = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 2 + 4*reg)) & 3;
883 + if((type & 1) && (data & align))
888 if(addr == (long) &dummy->u_debugreg[7]) {
889 data &= ~DR_CONTROL_RESERVED;
891 diff -urN linux-2.4.21/arch/i386/kernel/sys_i386.c linux-2.4.21/arch/i386/kernel/sys_i386.c
892 --- linux-2.4.21/arch/i386/kernel/sys_i386.c 2003-06-23 11:42:24.000000000 -0400
893 +++ linux-2.4.21/arch/i386/kernel/sys_i386.c 2003-06-23 11:49:15.000000000 -0400
895 #include <linux/mman.h>
896 #include <linux/file.h>
897 #include <linux/utsname.h>
898 +#include <linux/grsecurity.h>
900 #include <asm/uaccess.h>
906 + if(gr_handle_mmap(file, prot)) {
912 down_write(&mm->mmap_sem);
913 error = do_mmap_pgoff(mm, file, addr, len, prot, flags, pgoff);
914 up_write(&mm->mmap_sem);
917 diff -urN linux-2.4.21/arch/ia64/config.in linux-2.4.21/arch/ia64/config.in
918 --- linux-2.4.21/arch/ia64/config.in 2003-06-23 11:42:33.000000000 -0400
919 +++ linux-2.4.21/arch/ia64/config.in 2003-06-23 11:49:15.000000000 -0400
925 +mainmenu_option next_comment
926 +comment 'Grsecurity'
927 +bool 'Grsecurity' CONFIG_GRKERNSEC
928 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
929 + source grsecurity/Config.in
933 diff -urN linux-2.4.21/arch/ia64/kernel/ptrace.c linux-2.4.21/arch/ia64/kernel/ptrace.c
934 --- linux-2.4.21/arch/ia64/kernel/ptrace.c 2003-06-23 11:42:33.000000000 -0400
935 +++ linux-2.4.21/arch/ia64/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
937 #include <linux/ptrace.h>
938 #include <linux/smp_lock.h>
939 #include <linux/user.h>
940 +#include <linux/grsecurity.h>
942 #include <asm/pgtable.h>
943 #include <asm/processor.h>
944 @@ -1179,6 +1180,9 @@
945 if (pid == 1) /* no messing around with init! */
948 + if (gr_handle_ptrace(child, request))
951 if (request == PTRACE_ATTACH) {
952 ret = ptrace_attach(child);
954 diff -urN linux-2.4.21/arch/ia64/kernel/sys_ia64.c linux-2.4.21/arch/ia64/kernel/sys_ia64.c
955 --- linux-2.4.21/arch/ia64/kernel/sys_ia64.c 2003-06-23 11:42:33.000000000 -0400
956 +++ linux-2.4.21/arch/ia64/kernel/sys_ia64.c 2003-06-23 11:49:15.000000000 -0400
958 #include <linux/smp.h>
959 #include <linux/smp_lock.h>
960 #include <linux/highuid.h>
961 +#include <linux/grsecurity.h>
963 #include <asm/shmparam.h>
964 #include <asm/uaccess.h>
969 + if (gr_handle_mmap(file, prot)) {
974 down_write(¤t->mm->mmap_sem);
975 addr = do_mmap_pgoff(current->mm, file, addr, len, prot, flags, pgoff);
976 up_write(¤t->mm->mmap_sem);
977 diff -urN linux-2.4.21/arch/m68k/config.in linux-2.4.21/arch/m68k/config.in
978 --- linux-2.4.21/arch/m68k/config.in 2003-06-23 11:42:29.000000000 -0400
979 +++ linux-2.4.21/arch/m68k/config.in 2003-06-23 11:49:15.000000000 -0400
985 +mainmenu_option next_comment
986 +comment 'Grsecurity'
987 +bool 'Grsecurity' CONFIG_GRKERNSEC
988 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
989 + source grsecurity/Config.in
992 diff -urN linux-2.4.21/arch/mips/config.in linux-2.4.21/arch/mips/config.in
993 --- linux-2.4.21/arch/mips/config.in 2003-06-23 11:42:24.000000000 -0400
994 +++ linux-2.4.21/arch/mips/config.in 2003-06-23 11:49:15.000000000 -0400
996 define_bool CONFIG_MIPS64 n
998 source arch/mips/config-shared.in
1000 +mainmenu_option next_comment
1001 +comment 'Grsecurity'
1002 +bool 'Grsecurity' CONFIG_GRKERNSEC
1003 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1004 + source grsecurity/Config.in
1007 diff -urN linux-2.4.21/arch/mips64/config.in linux-2.4.21/arch/mips64/config.in
1008 --- linux-2.4.21/arch/mips64/config.in 2003-06-23 11:42:33.000000000 -0400
1009 +++ linux-2.4.21/arch/mips64/config.in 2003-06-23 11:49:15.000000000 -0400
1011 define_bool CONFIG_MIPS64 y
1013 source arch/mips/config-shared.in
1015 +mainmenu_option next_comment
1016 +comment 'Grsecurity'
1017 +bool 'Grsecurity' CONFIG_GRKERNSEC
1018 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1019 + source grsecurity/Config.in
1022 diff -urN linux-2.4.21/arch/parisc/config.in linux-2.4.21/arch/parisc/config.in
1023 --- linux-2.4.21/arch/parisc/config.in 2003-06-23 11:42:33.000000000 -0400
1024 +++ linux-2.4.21/arch/parisc/config.in 2003-06-23 11:49:15.000000000 -0400
1025 @@ -197,3 +197,11 @@
1028 source lib/Config.in
1030 +mainmenu_option next_comment
1031 +comment 'Grsecurity'
1032 +bool 'Grsecurity' CONFIG_GRKERNSEC
1033 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1034 + source grsecurity/Config.in
1037 diff -urN linux-2.4.21/arch/parisc/kernel/ioctl32.c linux-2.4.21/arch/parisc/kernel/ioctl32.c
1038 --- linux-2.4.21/arch/parisc/kernel/ioctl32.c 2003-06-23 11:42:33.000000000 -0400
1039 +++ linux-2.4.21/arch/parisc/kernel/ioctl32.c 2003-06-23 11:49:15.000000000 -0400
1040 @@ -1434,7 +1434,11 @@
1041 * To have permissions to do most of the vt ioctls, we either have
1042 * to be the owner of the tty, or super-user.
1044 +#ifdef CONFIG_GRKERNSEC
1045 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1047 if (current->tty == tty || suser())
1052 diff -urN linux-2.4.21/arch/parisc/kernel/ptrace.c linux-2.4.21/arch/parisc/kernel/ptrace.c
1053 --- linux-2.4.21/arch/parisc/kernel/ptrace.c 2003-06-23 11:42:34.000000000 -0400
1054 +++ linux-2.4.21/arch/parisc/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1056 #include <linux/ptrace.h>
1057 #include <linux/user.h>
1058 #include <linux/personality.h>
1060 +#include <linux/grsecurity.h>
1061 #include <asm/uaccess.h>
1062 #include <asm/pgtable.h>
1063 #include <asm/system.h>
1065 if (pid == 1) /* no messing around with init! */
1068 + if (gr_handle_ptrace(child, request))
1071 if (request == PTRACE_ATTACH) {
1072 ret = ptrace_attach(child);
1074 diff -urN linux-2.4.21/arch/parisc/kernel/sys_parisc.c linux-2.4.21/arch/parisc/kernel/sys_parisc.c
1075 --- linux-2.4.21/arch/parisc/kernel/sys_parisc.c 2003-06-23 11:42:33.000000000 -0400
1076 +++ linux-2.4.21/arch/parisc/kernel/sys_parisc.c 2003-06-23 11:49:15.000000000 -0400
1078 #include <linux/mman.h>
1079 #include <linux/shm.h>
1080 #include <linux/smp_lock.h>
1081 +#include <linux/grsecurity.h>
1083 int sys_pipe(int *fildes)
1085 @@ -104,6 +110,11 @@
1089 + if (gr_handle_mmap(file, prot)) {
1094 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1096 down_write(¤t->mm->mmap_sem);
1097 diff -urN linux-2.4.21/arch/parisc/kernel/sys_parisc32.c linux-2.4.21/arch/parisc/kernel/sys_parisc32.c
1098 --- linux-2.4.21/arch/parisc/kernel/sys_parisc32.c 2003-06-23 11:42:33.000000000 -0400
1099 +++ linux-2.4.21/arch/parisc/kernel/sys_parisc32.c 2003-06-23 11:49:15.000000000 -0400
1101 #include <linux/highmem.h>
1102 #include <linux/highuid.h>
1103 #include <linux/mman.h>
1104 +#include <linux/grsecurity.h>
1106 #include <asm/types.h>
1107 #include <asm/uaccess.h>
1108 @@ -177,6 +178,11 @@
1112 +#ifdef CONFIG_GRKERNSEC
1113 + struct file *old_exec_file;
1114 + struct acl_subject_label *old_acl;
1115 + struct rlimit old_rlim[RLIM_NLIMITS];
1118 file = open_exec(filename);
1120 @@ -184,6 +190,20 @@
1124 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1126 + if (gr_handle_nproc()) {
1127 + allow_write_access(file);
1132 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1133 + allow_write_access(file);
1138 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1139 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
1141 @@ -209,11 +238,24 @@
1145 + if (!gr_tpe_allow(file)) {
1150 + if (gr_check_crash_exec(file)) {
1155 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
1161 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
1163 retval = copy_strings32(bprm.envc, envp, &bprm);
1166 @@ -222,11 +264,31 @@
1170 +#ifdef CONFIG_GRKERNSEC
1171 + old_acl = current->acl;
1172 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
1173 + old_exec_file = current->exec_file;
1175 + current->exec_file = file;
1178 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
1180 retval = search_binary_handler(&bprm,regs);
1182 + if (retval >= 0) {
1183 +#ifdef CONFIG_GRKERNSEC
1184 + if (old_exec_file)
1185 + fput(old_exec_file);
1187 /* execve success */
1190 +#ifdef CONFIG_GRKERNSEC
1191 + current->acl = old_acl;
1192 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
1193 + fput(current->exec_file);
1194 + current->exec_file = old_exec_file;
1197 /* Something went wrong, return the inode and free the argument pages*/
1198 allow_write_access(bprm.file);
1199 diff -urN linux-2.4.21/arch/ppc/config.in linux-2.4.21/arch/ppc/config.in
1200 --- linux-2.4.21/arch/ppc/config.in 2003-06-23 11:42:28.000000000 -0400
1201 +++ linux-2.4.21/arch/ppc/config.in 2003-06-23 11:49:15.000000000 -0400
1202 @@ -461,3 +461,12 @@
1203 bool 'Support for early boot texts over serial port' CONFIG_SERIAL_TEXT_DEBUG
1207 +mainmenu_option next_comment
1208 +comment 'Grsecurity'
1209 +bool 'Grsecurity' CONFIG_GRKERNSEC
1210 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1211 + source grsecurity/Config.in
1215 diff -urN linux-2.4.21/arch/ppc/kernel/ptrace.c linux-2.4.21/arch/ppc/kernel/ptrace.c
1216 --- linux-2.4.21/arch/ppc/kernel/ptrace.c 2003-06-23 11:42:28.000000000 -0400
1217 +++ linux-2.4.21/arch/ppc/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1219 #include <linux/errno.h>
1220 #include <linux/ptrace.h>
1221 #include <linux/user.h>
1222 +#include <linux/grsecurity.h>
1224 #include <asm/uaccess.h>
1225 #include <asm/page.h>
1227 if (pid == 1) /* you may not mess with init */
1230 + if (gr_handle_ptrace(child, request))
1233 if (request == PTRACE_ATTACH) {
1234 ret = ptrace_attach(child);
1236 diff -urN linux-2.4.21/arch/ppc/kernel/syscalls.c linux-2.4.21/arch/ppc/kernel/syscalls.c
1237 --- linux-2.4.21/arch/ppc/kernel/syscalls.c 2003-06-23 11:42:28.000000000 -0400
1238 +++ linux-2.4.21/arch/ppc/kernel/syscalls.c 2003-06-23 11:49:15.000000000 -0400
1240 #include <linux/ipc.h>
1241 #include <linux/utsname.h>
1242 #include <linux/file.h>
1243 +#include <linux/grsecurity.h>
1245 #include <asm/uaccess.h>
1246 #include <asm/ipc.h>
1247 @@ -181,8 +182,14 @@
1251 + if (gr_handle_mmap(file, prot)) {
1257 down_write(¤t->mm->mmap_sem);
1258 ret = do_mmap_pgoff(current->mm, file, addr, len, prot, flags, pgoff);
1259 up_write(¤t->mm->mmap_sem);
1262 diff -urN linux-2.4.21/arch/ppc64/kernel/ioctl32.c linux-2.4.21/arch/ppc64/kernel/ioctl32.c
1263 --- linux-2.4.21/arch/ppc64/kernel/ioctl32.c 2003-06-23 11:42:23.000000000 -0400
1264 +++ linux-2.4.21/arch/ppc64/kernel/ioctl32.c 2003-06-23 11:49:15.000000000 -0400
1265 @@ -1789,7 +1789,11 @@
1266 * To have permissions to do most of the vt ioctls, we either have
1267 * to be the owner of the tty, or super-user.
1269 +#ifdef CONFIG_GRKERNSEC
1270 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1272 if (current->tty == tty || suser())
1277 diff -urN linux-2.4.21/arch/s390/config.in linux-2.4.21/arch/s390/config.in
1278 --- linux-2.4.21/arch/s390/config.in 2003-06-23 11:42:33.000000000 -0400
1279 +++ linux-2.4.21/arch/s390/config.in 2003-06-23 11:49:15.000000000 -0400
1283 source lib/Config.in
1285 +mainmenu_option next_comment
1286 +comment 'Grsecurity'
1287 +bool 'Grsecurity' CONFIG_GRKERNSEC
1288 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1289 + source grsecurity/Config.in
1292 diff -urN linux-2.4.21/arch/s390x/config.in linux-2.4.21/arch/s390x/config.in
1293 --- linux-2.4.21/arch/s390x/config.in 2003-06-23 11:42:34.000000000 -0400
1294 +++ linux-2.4.21/arch/s390x/config.in 2003-06-23 11:49:15.000000000 -0400
1298 source lib/Config.in
1300 +mainmenu_option next_comment
1301 +comment 'Grsecurity'
1302 +bool 'Grsecurity' CONFIG_GRKERNSEC
1303 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1304 + source grsecurity/Config.in
1307 diff -urN linux-2.4.21/arch/sh/config.in linux-2.4.21/arch/sh/config.in
1308 --- linux-2.4.21/arch/sh/config.in 2003-06-23 11:42:32.000000000 -0400
1309 +++ linux-2.4.21/arch/sh/config.in 2003-06-23 11:49:15.000000000 -0400
1310 @@ -388,3 +388,11 @@
1313 source lib/Config.in
1315 +mainmenu_option next_comment
1316 +comment 'Grsecurity'
1317 +bool 'Grsecurity' CONFIG_GRKERNSEC
1318 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1319 + source grsecurity/Config.in
1322 diff -urN linux-2.4.21/arch/sparc/boot/Makefile linux-2.4.21/arch/sparc/boot/Makefile
1323 --- linux-2.4.21/arch/sparc/boot/Makefile 2003-06-23 11:42:24.000000000 -0400
1324 +++ linux-2.4.21/arch/sparc/boot/Makefile 2003-06-23 11:49:15.000000000 -0400
1327 BTOBJS := $(HEAD) init/main.o init/version.o init/do_mounts.o
1328 BTLIBS := $(CORE_FILES_NO_BTFIX) $(FILESYSTEMS) \
1329 - $(DRIVERS) $(NETWORKS)
1330 + $(DRIVERS) $(NETWORKS) $(GRSECURITY)
1332 # I wanted to make this depend upon BTOBJS so that a parallel
1333 # build would work, but this fails because $(HEAD) cannot work
1334 diff -urN linux-2.4.21/arch/sparc/config.in linux-2.4.21/arch/sparc/config.in
1335 --- linux-2.4.21/arch/sparc/config.in 2003-06-23 11:42:24.000000000 -0400
1336 +++ linux-2.4.21/arch/sparc/config.in 2003-06-23 11:49:15.000000000 -0400
1337 @@ -276,3 +276,11 @@
1340 source lib/Config.in
1342 +mainmenu_option next_comment
1343 +comment 'Grsecurity'
1344 +bool 'Grsecurity' CONFIG_GRKERNSEC
1345 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1346 + source grsecurity/Config.in
1349 diff -urN linux-2.4.21/arch/sparc/kernel/ptrace.c linux-2.4.21/arch/sparc/kernel/ptrace.c
1350 --- linux-2.4.21/arch/sparc/kernel/ptrace.c 2003-06-23 11:42:24.000000000 -0400
1351 +++ linux-2.4.21/arch/sparc/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1353 #include <linux/user.h>
1354 #include <linux/smp.h>
1355 #include <linux/smp_lock.h>
1356 +#include <linux/grsecurity.h>
1358 #include <asm/pgtable.h>
1359 #include <asm/system.h>
1364 + if(gr_handle_ptrace(child, request))
1367 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1368 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1369 if (ptrace_attach(child)) {
1370 diff -urN linux-2.4.21/arch/sparc/kernel/sys_sparc.c linux-2.4.21/arch/sparc/kernel/sys_sparc.c
1371 --- linux-2.4.21/arch/sparc/kernel/sys_sparc.c 2003-06-23 11:42:24.000000000 -0400
1372 +++ linux-2.4.21/arch/sparc/kernel/sys_sparc.c 2003-06-23 11:49:15.000000000 -0400
1374 #include <linux/utsname.h>
1375 #include <linux/smp.h>
1376 #include <linux/smp_lock.h>
1377 +#include <linux/grsecurity.h>
1379 #include <asm/uaccess.h>
1380 #include <asm/ipc.h>
1381 @@ -240,6 +253,12 @@
1382 if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE)
1385 + if (gr_handle_mmap(file, prot)) {
1391 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1393 down_write(¤t->mm->mmap_sem);
1394 diff -urN linux-2.4.21/arch/sparc64/config.in linux-2.4.21/arch/sparc64/config.in
1395 --- linux-2.4.21/arch/sparc64/config.in 2003-06-23 11:42:30.000000000 -0400
1396 +++ linux-2.4.21/arch/sparc64/config.in 2003-06-23 11:49:15.000000000 -0400
1397 @@ -310,3 +310,11 @@
1400 source lib/Config.in
1402 +mainmenu_option next_comment
1403 +comment 'Grsecurity'
1404 +bool 'Grsecurity' CONFIG_GRKERNSEC
1405 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1406 + source grsecurity/Config.in
1409 diff -urN linux-2.4.21/arch/sparc64/kernel/ioctl32.c linux-2.4.21/arch/sparc64/kernel/ioctl32.c
1410 --- linux-2.4.21/arch/sparc64/kernel/ioctl32.c 2003-06-23 11:42:30.000000000 -0400
1411 +++ linux-2.4.21/arch/sparc64/kernel/ioctl32.c 2003-06-23 11:49:15.000000000 -0400
1412 @@ -2046,7 +2046,11 @@
1413 * To have permissions to do most of the vt ioctls, we either have
1414 * to be the owner of the tty, or super-user.
1416 +#ifdef CONFIG_GRKERNSEC
1417 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1419 if (current->tty == tty || suser())
1424 diff -urN linux-2.4.21/arch/sparc64/kernel/ptrace.c linux-2.4.21/arch/sparc64/kernel/ptrace.c
1425 --- linux-2.4.21/arch/sparc64/kernel/ptrace.c 2003-06-23 11:42:30.000000000 -0400
1426 +++ linux-2.4.21/arch/sparc64/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1428 #include <linux/user.h>
1429 #include <linux/smp.h>
1430 #include <linux/smp_lock.h>
1431 +#include <linux/grsecurity.h>
1433 #include <asm/asi.h>
1434 #include <asm/pgtable.h>
1435 @@ -161,6 +162,11 @@
1439 + if (gr_handle_ptrace(child, (long)request)) {
1440 + pt_error_return(regs, EPERM);
1444 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1445 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1446 if (ptrace_attach(child)) {
1447 diff -urN linux-2.4.21/arch/sparc64/kernel/sys_sparc.c linux-2.4.21/arch/sparc64/kernel/sys_sparc.c
1448 --- linux-2.4.21/arch/sparc64/kernel/sys_sparc.c 2003-06-23 11:42:30.000000000 -0400
1449 +++ linux-2.4.21/arch/sparc64/kernel/sys_sparc.c 2003-06-23 11:49:15.000000000 -0400
1451 #include <linux/slab.h>
1452 #include <linux/ipc.h>
1453 #include <linux/personality.h>
1454 +#include <linux/grsecurity.h>
1456 #include <asm/uaccess.h>
1457 #include <asm/ipc.h>
1458 @@ -280,6 +288,12 @@
1463 + if (gr_handle_mmap(file, prot)) {
1468 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1469 len = PAGE_ALIGN(len);
1471 diff -urN linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c
1472 --- linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c 2003-06-23 11:42:30.000000000 -0400
1473 +++ linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c 2003-06-23 11:49:15.000000000 -0400
1475 #include <linux/sysctl.h>
1476 #include <linux/dnotify.h>
1477 #include <linux/netfilter_ipv4/ip_tables.h>
1478 +#include <linux/random.h>
1479 +#include <linux/grsecurity.h>
1481 #include <asm/types.h>
1482 #include <asm/ipc.h>
1483 @@ -3203,6 +3205,11 @@
1487 +#ifdef CONFIG_GRKERNSEC
1488 + struct file *old_exec_file;
1489 + struct acl_subject_label *old_acl;
1490 + struct rlimit old_rlim[RLIM_NLIMITS];
1493 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1494 memset(bprm.page, 0, MAX_ARG_PAGES * sizeof(bprm.page[0]));
1495 @@ -3213,6 +3229,20 @@
1499 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1501 + if (gr_handle_nproc()) {
1502 + allow_write_access(file);
1507 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1508 + allow_write_access(file);
1514 bprm.filename = filename;
1516 @@ -3233,11 +3263,24 @@
1520 + if(!gr_tpe_allow(file)) {
1525 + if (gr_check_crash_exec(file)) {
1530 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
1536 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
1538 retval = copy_strings32(bprm.envc, envp, &bprm);
1541 @@ -3246,11 +3289,32 @@
1545 +#ifdef CONFIG_GRKERNSEC
1546 + old_acl = current->acl;
1547 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
1548 + old_exec_file = current->exec_file;
1550 + current->exec_file = file;
1553 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
1555 retval = search_binary_handler(&bprm, regs);
1557 + if (retval >= 0) {
1558 +#ifdef CONFIG_GRKERNSEC
1559 + if (old_exec_file)
1560 + fput(old_exec_file);
1562 /* execve success */
1566 +#ifdef CONFIG_GRKERNSEC
1567 + current->acl = old_acl;
1568 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
1569 + fput(current->exec_file);
1570 + current->exec_file = old_exec_file;
1573 /* Something went wrong, return the inode and free the argument pages*/
1574 allow_write_access(bprm.file);
1575 diff -urN linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c
1576 --- linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c 2003-06-23 11:42:23.000000000 -0400
1577 +++ linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c 2003-06-23 11:49:15.000000000 -0400
1578 @@ -1932,7 +1932,11 @@
1579 * To have permissions to do most of the vt ioctls, we either have
1580 * to be the owner of the tty, or super-user.
1582 +#ifdef CONFIG_GRKERNSEC
1583 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1585 if (current->tty == tty || suser())
1590 diff -urN linux-2.4.21/drivers/char/mem.c linux-2.4.21/drivers/char/mem.c
1591 --- linux-2.4.21/drivers/char/mem.c 2003-06-23 11:42:01.000000000 -0400
1592 +++ linux-2.4.21/drivers/char/mem.c 2003-06-23 11:49:15.000000000 -0400
1594 #include <linux/raw.h>
1595 #include <linux/tty.h>
1596 #include <linux/capability.h>
1597 +#include <linux/grsecurity.h>
1599 #include <asm/uaccess.h>
1602 #if defined(CONFIG_S390_TAPE) && defined(CONFIG_S390_TAPE_CHAR)
1603 extern void tapechar_init(void);
1606 +#ifdef CONFIG_GRKERNSEC
1607 +extern struct file_operations grsec_fops;
1610 static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp,
1611 const char * buf, size_t count, loff_t *ppos)
1612 @@ -114,6 +119,11 @@
1613 unsigned long p = *ppos;
1614 unsigned long end_mem;
1616 +#ifdef CONFIG_GRKERNSEC_KMEM
1617 + gr_handle_mem_write();
1621 end_mem = __pa(high_memory);
1624 @@ -186,6 +196,12 @@
1626 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
1628 +#ifdef CONFIG_GRKERNSEC_KMEM
1629 + if (gr_handle_mem_mmap(offset, vma))
1635 * Accessing memory above the top the kernel knows about or
1636 * through a file pointer that was marked O_SYNC will be
1637 @@ -285,6 +301,11 @@
1639 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
1641 +#ifdef CONFIG_GRKERNSEC_KMEM
1642 + gr_handle_kmem_write();
1646 if (p < (unsigned long) high_memory) {
1648 if (count > (unsigned long) high_memory - p)
1649 @@ -517,6 +538,15 @@
1651 static int open_port(struct inode * inode, struct file * filp)
1653 +#ifdef CONFIG_GRKERNSEC_KMEM
1654 + gr_handle_open_port();
1657 + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
1660 +static int open_mem(struct inode * inode, struct file * filp)
1662 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
1666 #define full_lseek null_lseek
1667 #define write_zero write_null
1668 #define read_full read_zero
1669 -#define open_mem open_port
1670 #define open_kmem open_mem
1672 static struct file_operations mem_fops = {
1673 @@ -685,6 +714,11 @@
1675 filp->f_op = &urandom_fops;
1677 +#ifdef CONFIG_GRKERNSEC
1679 + filp->f_op = &grsec_fops;
1685 @@ -711,7 +745,10 @@
1686 {5, "zero", S_IRUGO | S_IWUGO, &zero_fops},
1687 {7, "full", S_IRUGO | S_IWUGO, &full_fops},
1688 {8, "random", S_IRUGO | S_IWUSR, &random_fops},
1689 - {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}
1690 + {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
1691 +#ifdef CONFIG_GRKERNSEC
1692 + {10,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}
1697 diff -urN linux-2.4.21/drivers/char/random.c linux-2.4.21/drivers/char/random.c
1698 --- linux-2.4.21/drivers/char/random.c 2003-06-23 11:42:01.000000000 -0400
1699 +++ linux-2.4.21/drivers/char/random.c 2003-06-23 11:49:15.000000000 -0400
1700 @@ -260,9 +260,15 @@
1702 * Configuration information
1704 +#ifdef CONFIG_GRKERNSEC_RANDNET
1705 +#define DEFAULT_POOL_SIZE 1024
1706 +#define SECONDARY_POOL_SIZE 256
1707 +#define BATCH_ENTROPY_SIZE 512
1709 #define DEFAULT_POOL_SIZE 512
1710 #define SECONDARY_POOL_SIZE 128
1711 #define BATCH_ENTROPY_SIZE 256
1718 * Static global variables
1721 static struct entropy_store *random_state; /* The default global store */
1722 static struct entropy_store *sec_random_state; /* secondary store */
1723 static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
1724 diff -urN linux-2.4.21/drivers/char/tty_io.c linux-2.4.21/drivers/char/tty_io.c
1725 --- linux-2.4.21/drivers/char/tty_io.c 2003-06-23 11:42:01.000000000 -0400
1726 +++ linux-2.4.21/drivers/char/tty_io.c 2003-06-23 11:49:15.000000000 -0400
1728 #include <linux/vt_kern.h>
1729 #include <linux/selection.h>
1730 #include <linux/devfs_fs_kernel.h>
1732 +#include <linux/grsecurity.h>
1733 #include <linux/kmod.h>
1736 @@ -1397,7 +1397,11 @@
1738 filp->f_flags = saved_flags;
1740 +#ifdef CONFIG_GRKERNSEC
1741 + if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
1743 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
1748 @@ -1499,7 +1503,11 @@
1752 +#ifdef CONFIG_GRKERNSEC
1753 + if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
1755 if ((current->tty != tty) && !suser())
1758 if (get_user(ch, arg))
1760 @@ -1537,7 +1545,11 @@
1761 if (inode->i_rdev == SYSCONS_DEV ||
1762 inode->i_rdev == CONSOLE_DEV) {
1764 +#ifdef CONFIG_GRKERNSEC
1765 + if (!capable(CAP_SYS_TTY_CONFIG))
1770 spin_lock(&redirect_lock);
1772 @@ -1589,7 +1601,11 @@
1773 * This tty is already the controlling
1774 * tty for another session group!
1776 +#ifdef CONFIG_GRKERNSEC
1777 + if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
1779 if ((arg == 1) && suser()) {
1784 diff -urN linux-2.4.21/drivers/char/vt.c linux-2.4.21/drivers/char/vt.c
1785 --- linux-2.4.21/drivers/char/vt.c 2003-06-23 11:42:01.000000000 -0400
1786 +++ linux-2.4.21/drivers/char/vt.c 2003-06-23 11:49:15.000000000 -0400
1788 #include <linux/vt_kern.h>
1789 #include <linux/kbd_diacr.h>
1790 #include <linux/selection.h>
1791 +#include <linux/grsecurity.h>
1793 #ifdef CONFIG_FB_COMPAT_XPMAC
1794 #include <asm/vc_ioctl.h>
1795 @@ -443,7 +444,11 @@
1796 * to be the owner of the tty, or super-user.
1799 +#ifdef CONFIG_GRKERNSEC
1800 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1802 if (current->tty == tty || suser())
1806 kbd = kbd_table + console;
1807 @@ -1038,12 +1043,20 @@
1808 return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
1811 +#ifdef CONFIG_GRKERNSEC
1812 + if (!capable(CAP_SYS_TTY_CONFIG))
1819 case VT_UNLOCKSWITCH:
1820 +#ifdef CONFIG_GRKERNSEC
1821 + if (!capable(CAP_SYS_TTY_CONFIG))
1828 diff -urN linux-2.4.21/drivers/pci/proc.c linux-2.4.21/drivers/pci/proc.c
1829 --- linux-2.4.21/drivers/pci/proc.c 2003-06-23 11:42:12.000000000 -0400
1830 +++ linux-2.4.21/drivers/pci/proc.c 2003-06-23 11:49:15.000000000 -0400
1831 @@ -562,7 +562,15 @@
1832 pci_for_each_dev(dev) {
1833 pci_proc_attach_device(dev);
1835 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
1836 +#ifdef CONFIG_GRKERNSEC_PROC_USER
1837 + entry = create_proc_entry("pci", S_IRUSR, NULL);
1838 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
1839 + entry = create_proc_entry("pci", S_IRUSR | S_IRGRP, NULL);
1842 entry = create_proc_entry("pci", 0, NULL);
1845 entry->proc_fops = &proc_pci_operations;
1847 diff -urN linux-2.4.21/fs/binfmt_aout.c linux-2.4.21/fs/binfmt_aout.c
1848 --- linux-2.4.21/fs/binfmt_aout.c 2003-06-23 11:41:29.000000000 -0400
1849 +++ linux-2.4.21/fs/binfmt_aout.c 2003-06-23 11:49:16.000000000 -0400
1853 #include <linux/module.h>
1854 +#include <linux/config.h>
1856 #include <linux/sched.h>
1857 #include <linux/kernel.h>
1858 @@ -113,10 +114,12 @@
1859 /* If the size of the dump file exceeds the rlimit, then see what would happen
1860 if we wrote the stack, but not the data area. */
1862 + gr_learn_resource(current, RLIMIT_CORE, dump.u_dsize+dump.u_ssize);
1863 if ((dump.u_dsize+dump.u_ssize) >
1864 current->rlim[RLIMIT_CORE].rlim_cur)
1867 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE);
1868 if ((dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE >
1869 current->rlim[RLIMIT_CORE].rlim_cur)
1871 @@ -124,10 +127,12 @@
1873 /* Make sure we have enough room to write the stack and data areas. */
1875 + gr_learn_resource(current, RLIMIT_CORE, dump.u_ssize);
1876 if ((dump.u_ssize) >
1877 current->rlim[RLIMIT_CORE].rlim_cur)
1880 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize+1) * PAGE_SIZE);
1881 if ((dump.u_ssize+1) * PAGE_SIZE >
1882 current->rlim[RLIMIT_CORE].rlim_cur)
1885 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
1886 if (rlim >= RLIM_INFINITY)
1889 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss);
1890 if (ex.a_data + ex.a_bss > rlim)
1893 diff -urN linux-2.4.21/fs/binfmt_elf.c linux-2.4.21/fs/binfmt_elf.c
1894 --- linux-2.4.21/fs/binfmt_elf.c 2003-06-23 11:41:29.000000000 -0400
1895 +++ linux-2.4.21/fs/binfmt_elf.c 2003-06-23 11:49:16.000000000 -0400
1898 #include <linux/module.h>
1900 +#include <linux/config.h>
1901 #include <linux/fs.h>
1902 #include <linux/stat.h>
1903 #include <linux/sched.h>
1905 #include <linux/smp_lock.h>
1906 #include <linux/compiler.h>
1907 #include <linux/highmem.h>
1908 +#include <linux/grsecurity.h>
1910 #include <asm/uaccess.h>
1911 #include <asm/param.h>
1912 @@ -1003,8 +1163,11 @@
1915 #define DUMP_WRITE(addr, nr) \
1917 + gr_learn_resource(current, RLIMIT_CORE, size + (nr)); \
1918 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
1919 - goto end_coredump;
1920 + goto end_coredump; \
1922 #define DUMP_SEEK(off) \
1923 if (!dump_seek(file, (off))) \
1925 diff -urN linux-2.4.21/fs/buffer.c linux-2.4.21/fs/buffer.c
1926 --- linux-2.4.21/fs/buffer.c 2003-06-23 11:41:28.000000000 -0400
1927 +++ linux-2.4.21/fs/buffer.c 2003-06-23 11:49:16.000000000 -0400
1928 @@ -1781,6 +1781,9 @@
1933 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size);
1935 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
1936 if (limit != RLIM_INFINITY && size > (loff_t)limit) {
1937 send_sig(SIGXFSZ, current, 0);
1938 diff -urN linux-2.4.21/fs/exec.c linux-2.4.21/fs/exec.c
1939 --- linux-2.4.21/fs/exec.c 2003-06-23 11:41:28.000000000 -0400
1940 +++ linux-2.4.21/fs/exec.c 2003-06-23 11:49:16.000000000 -0400
1942 #include <asm/uaccess.h>
1943 #include <asm/pgalloc.h>
1944 #include <asm/mmu_context.h>
1945 +#include <linux/major.h>
1946 +#include <linux/grsecurity.h>
1949 #include <linux/kmod.h>
1951 cap_set_full(bprm->cap_effective);
1954 + if (gr_handle_ptrace_exec(bprm->file->f_dentry, bprm->file->f_vfsmnt))
1957 memset(bprm->buf,0,BINPRM_BUF_SIZE);
1958 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
1961 current->suid = current->euid = current->fsuid = bprm->e_uid;
1962 current->sgid = current->egid = current->fsgid = bprm->e_gid;
1964 + gr_handle_chroot_caps(current);
1968 current->keep_capabilities = 0;
1969 @@ -885,6 +928,11 @@
1973 +#ifdef CONFIG_GRKERNSEC
1974 + struct file *old_exec_file;
1975 + struct acl_subject_label *old_acl;
1976 + struct rlimit old_rlim[RLIM_NLIMITS];
1979 file = open_exec(filename);
1981 @@ -892,7 +940,21 @@
1985 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1987 + if (gr_handle_nproc()) {
1988 + allow_write_access(file);
1993 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1994 + allow_write_access(file);
1999 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
2000 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
2003 @@ -916,11 +987,26 @@
2007 + if (!gr_tpe_allow(file)) {
2012 + if(gr_check_crash_exec(file)) {
2017 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
2023 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
2025 + gr_handle_exec_args(&bprm, argv);
2027 retval = copy_strings(bprm.envc, envp, &bprm);
2030 @@ -929,11 +1015,32 @@
2034 +#ifdef CONFIG_GRKERNSEC
2035 + old_acl = current->acl;
2036 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
2037 + old_exec_file = current->exec_file;
2039 + current->exec_file = file;
2042 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
2044 retval = search_binary_handler(&bprm,regs);
2046 + if (retval >= 0) {
2047 +#ifdef CONFIG_GRKERNSEC
2048 + if (old_exec_file)
2049 + fput(old_exec_file);
2051 /* execve success */
2055 +#ifdef CONFIG_GRKERNSEC
2056 + current->acl = old_acl;
2057 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
2058 + fput(current->exec_file);
2059 + current->exec_file = old_exec_file;
2062 /* Something went wrong, return the inode and free the argument pages*/
2063 allow_write_access(bprm.file);
2064 @@ -1090,6 +1234,7 @@
2065 if (!is_dumpable(current))
2067 current->mm->dumpable = 0;
2068 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump);
2069 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
2072 @@ -1109,7 +1254,7 @@
2074 if (!file->f_op->write)
2076 - if (do_truncate(file->f_dentry, 0) != 0)
2077 + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)
2080 retval = binfmt->core_dump(signr, regs, file);
2081 diff -urN linux-2.4.21/fs/fcntl.c linux-2.4.21/fs/fcntl.c
2082 --- linux-2.4.21/fs/fcntl.c 2003-06-23 11:41:29.000000000 -0400
2083 +++ linux-2.4.21/fs/fcntl.c 2003-06-23 11:49:16.000000000 -0400
2085 #include <linux/smp_lock.h>
2086 #include <linux/slab.h>
2087 #include <linux/iobuf.h>
2088 +#include <linux/grsecurity.h>
2090 #include <asm/poll.h>
2091 #include <asm/siginfo.h>
2093 write_lock(&files->file_lock);
2096 + gr_learn_resource(current, RLIMIT_NOFILE, orig_start);
2097 if (orig_start >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2104 + gr_learn_resource(current, RLIMIT_NOFILE, newfd);
2105 if (newfd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2112 + gr_learn_resource(current, RLIMIT_NOFILE, newfd);
2113 if (newfd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2115 get_file(file); /* We are now finished with oldfd */
2116 @@ -448,6 +452,10 @@
2120 + if (gr_check_protected_task(p))
2122 + if (gr_pid_is_chrooted(p))
2124 send_sigio_to_task(p, fown, fd, band);
2127 diff -urN linux-2.4.21/fs/locks.c linux-2.4.21/fs/locks.c
2128 --- linux-2.4.21/fs/locks.c 2003-06-23 11:41:28.000000000 -0400
2129 +++ linux-2.4.21/fs/locks.c 2003-06-23 11:49:16.000000000 -0400
2131 static struct file_lock *locks_alloc_lock(int account)
2133 struct file_lock *fl;
2134 + if(account) gr_learn_resource(current, RLIMIT_LOCKS, current->locks);
2135 if (account && current->locks >= current->rlim[RLIMIT_LOCKS].rlim_cur)
2137 fl = kmem_cache_alloc(filelock_cache, SLAB_KERNEL);
2138 diff -urN linux-2.4.21/fs/namei.c linux-2.4.21/fs/namei.c
2139 --- linux-2.4.21/fs/namei.c 2003-06-23 11:41:28.000000000 -0400
2140 +++ linux-2.4.21/fs/namei.c 2003-06-23 11:49:16.000000000 -0400
2142 #include <linux/dnotify.h>
2143 #include <linux/smp_lock.h>
2144 #include <linux/personality.h>
2145 +#include <linux/grsecurity.h>
2147 #include <asm/namei.h>
2148 #include <asm/uaccess.h>
2149 @@ -343,6 +344,13 @@
2150 current->state = TASK_RUNNING;
2154 + if (gr_handle_follow_link(dentry->d_parent->d_inode,
2155 + dentry->d_inode, dentry, nd->mnt)) {
2160 current->link_count++;
2161 current->total_link_count++;
2162 UPDATE_ATIME(dentry->d_inode);
2163 @@ -641,6 +649,10 @@
2167 + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) {
2174 @@ -1013,7 +1025,21 @@
2175 error = path_lookup(pathname, lookup_flags(flag), nd);
2179 + if (gr_acl_is_enabled() && nd->dentry->d_inode &&
2180 + S_ISBLK(nd->dentry->d_inode->i_mode) &&
2181 + !capable(CAP_SYS_RAWIO)) {
2186 + if (!gr_acl_handle_open(nd->dentry, nd->mnt, flag)) {
2191 dentry = nd->dentry;
2196 @@ -1046,7 +1072,16 @@
2197 if (!dentry->d_inode) {
2198 if (!IS_POSIXACL(dir->d_inode))
2199 mode &= ~current->fs->umask;
2200 + if (!gr_acl_handle_creat(dentry, nd->dentry, nd->mnt, flag, mode)) {
2202 + up(&dir->d_inode->i_sem);
2206 error = vfs_create(dir->d_inode, dentry, mode);
2208 + gr_handle_create(dentry, nd->mnt);
2210 up(&dir->d_inode->i_sem);
2212 nd->dentry = dentry;
2213 @@ -1056,12 +1091,35 @@
2214 /* Don't check for write permission, don't truncate */
2222 * It already exists.
2225 + if (gr_acl_is_enabled() && S_ISBLK(dentry->d_inode->i_mode) &&
2226 + !capable(CAP_SYS_RAWIO)) {
2228 + up(&dir->d_inode->i_sem);
2232 + if (!gr_acl_handle_open(dentry, nd->mnt, flag)) {
2234 + up(&dir->d_inode->i_sem);
2238 + inode = dentry->d_inode;
2240 + if (gr_handle_fifo(dentry, nd->mnt, dir, flag, acc_mode)) {
2241 + up(&dir->d_inode->i_sem);
2246 up(&dir->d_inode->i_sem);
2249 @@ -1151,7 +1209,7 @@
2253 - error = do_truncate(dentry, 0);
2254 + error = do_truncate(dentry,0,nd->mnt);
2256 put_write_access(inode);
2258 @@ -1182,6 +1240,13 @@
2259 * stored in nd->last.name and we will have to putname() it when we
2260 * are done. Procfs-like symlinks just set LAST_BIND.
2263 + if (gr_handle_follow_link(dentry->d_parent->d_inode, dentry->d_inode,
2264 + dentry, nd->mnt)) {
2269 UPDATE_ATIME(dentry->d_inode);
2270 error = dentry->d_inode->i_op->follow_link(dentry, nd);
2272 @@ -1280,6 +1345,18 @@
2274 mode &= ~current->fs->umask;
2275 if (!IS_ERR(dentry)) {
2276 + if (gr_handle_chroot_mknod(dentry, nd.mnt, mode)) {
2282 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
2288 switch (mode & S_IFMT) {
2289 case 0: case S_IFREG:
2290 error = vfs_create(nd.dentry->d_inode,dentry,mode);
2291 @@ -1293,8 +1370,13 @@
2297 + gr_handle_create(dentry, nd.mnt);
2302 up(&nd.dentry->d_inode->i_sem);
2305 @@ -1346,7 +1428,16 @@
2306 if (!IS_ERR(dentry)) {
2307 if (!IS_POSIXACL(nd.dentry->d_inode))
2308 mode &= ~current->fs->umask;
2309 - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
2312 + if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
2316 + error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
2318 + gr_handle_create(dentry, nd.mnt);
2322 up(&nd.dentry->d_inode->i_sem);
2323 @@ -1431,6 +1522,8 @@
2325 struct dentry *dentry;
2326 struct nameidata nd;
2327 + ino_t saved_ino = 0;
2328 + kdev_t saved_dev = 0;
2330 name = getname(pathname);
2332 @@ -1455,7 +1548,22 @@
2333 dentry = lookup_hash(&nd.last, nd.dentry);
2334 error = PTR_ERR(dentry);
2335 if (!IS_ERR(dentry)) {
2336 - error = vfs_rmdir(nd.dentry->d_inode, dentry);
2338 + if (dentry->d_inode) {
2339 + if (dentry->d_inode->i_nlink <= 1) {
2340 + saved_ino = dentry->d_inode->i_ino;
2341 + saved_dev = dentry->d_inode->i_dev;
2344 + if (!gr_acl_handle_rmdir(dentry, nd.mnt))
2349 + error = vfs_rmdir(nd.dentry->d_inode, dentry);
2350 + if (!error && (saved_dev || saved_ino))
2351 + gr_handle_delete(saved_ino,saved_dev);
2355 up(&nd.dentry->d_inode->i_sem);
2356 @@ -1499,6 +1607,8 @@
2358 struct dentry *dentry;
2359 struct nameidata nd;
2360 + ino_t saved_ino = 0;
2361 + kdev_t saved_dev = 0;
2363 name = getname(pathname);
2365 @@ -1517,7 +1627,21 @@
2366 /* Why not before? Because we want correct error value */
2367 if (nd.last.name[nd.last.len])
2369 - error = vfs_unlink(nd.dentry->d_inode, dentry);
2371 + if (dentry->d_inode) {
2372 + if (dentry->d_inode->i_nlink <= 1) {
2373 + saved_ino = dentry->d_inode->i_ino;
2374 + saved_dev = dentry->d_inode->i_dev;
2377 + if (!gr_acl_handle_unlink(dentry, nd.mnt))
2382 + error = vfs_unlink(nd.dentry->d_inode, dentry);
2383 + if (!error && (saved_ino || saved_dev))
2384 + gr_handle_delete(saved_ino,saved_dev);
2388 @@ -1581,7 +1705,15 @@
2389 dentry = lookup_create(&nd, 0);
2390 error = PTR_ERR(dentry);
2391 if (!IS_ERR(dentry)) {
2392 - error = vfs_symlink(nd.dentry->d_inode, dentry, from);
2395 + if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from))
2399 + error = vfs_symlink(nd.dentry->d_inode, dentry, from);
2401 + gr_handle_create(dentry, nd.mnt);
2404 up(&nd.dentry->d_inode->i_sem);
2405 @@ -1665,7 +1797,27 @@
2406 new_dentry = lookup_create(&nd, 0);
2407 error = PTR_ERR(new_dentry);
2408 if (!IS_ERR(new_dentry)) {
2409 - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
2412 + if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
2413 + old_nd.dentry->d_inode,
2414 + old_nd.dentry->d_inode->i_mode, to)) {
2419 + if (!gr_acl_handle_link(new_dentry, nd.dentry, nd.mnt,
2420 + old_nd.dentry, old_nd.mnt, to)) {
2425 + error = vfs_link(old_nd.dentry,
2426 + nd.dentry->d_inode, new_dentry);
2429 + gr_handle_create(new_dentry, nd.mnt);
2433 up(&nd.dentry->d_inode->i_sem);
2434 @@ -1896,10 +2048,15 @@
2435 if (IS_ERR(new_dentry))
2439 - error = vfs_rename(old_dir->d_inode, old_dentry,
2440 + error = gr_acl_handle_rename(new_dentry, newnd.dentry, newnd.mnt,
2441 + old_dentry, old_dir->d_inode, oldnd.mnt, newname);
2445 + error = vfs_rename(old_dir->d_inode, old_dentry,
2446 new_dir->d_inode, new_dentry);
2453 diff -urN linux-2.4.21/fs/namespace.c linux-2.4.21/fs/namespace.c
2454 --- linux-2.4.21/fs/namespace.c 2003-06-23 11:41:28.000000000 -0400
2455 +++ linux-2.4.21/fs/namespace.c 2003-06-23 11:49:16.000000000 -0400
2457 #include <linux/quotaops.h>
2458 #include <linux/acct.h>
2459 #include <linux/module.h>
2460 +#include <linux/sched.h>
2461 +#include <linux/grsecurity.h>
2463 #include <asm/uaccess.h>
2467 retval = do_remount_sb(sb, MS_RDONLY, 0);
2470 + gr_log_remount(mnt->mnt_devname, retval);
2472 up_write(&sb->s_umount);
2476 spin_unlock(&dcache_lock);
2477 up_write(¤t->namespace->sem);
2479 + gr_log_unmount(mnt->mnt_devname, retval);
2484 @@ -729,6 +736,12 @@
2488 + if (gr_handle_chroot_mount(nd.dentry, nd.mnt, dev_name)) {
2490 + path_release(&nd);
2494 if (flags & MS_REMOUNT)
2495 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
2498 retval = do_add_mount(&nd, type_page, flags, mnt_flags,
2499 dev_name, data_page);
2502 + gr_log_mount(dev_name, dir_name, retval);
2508 if (!capable(CAP_SYS_ADMIN))
2511 + if (gr_handle_chroot_pivot())
2516 error = __user_walk(new_root, LOOKUP_POSITIVE|LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd);
2517 diff -urN linux-2.4.21/fs/open.c linux-2.4.21/fs/open.c
2518 --- linux-2.4.21/fs/open.c 2003-06-23 11:41:28.000000000 -0400
2519 +++ linux-2.4.21/fs/open.c 2003-06-23 11:49:16.000000000 -0400
2521 #include <linux/slab.h>
2522 #include <linux/tty.h>
2523 #include <linux/iobuf.h>
2524 +#include <linux/grsecurity.h>
2526 #include <asm/uaccess.h>
2529 write_unlock(&files->file_lock);
2532 -int do_truncate(struct dentry *dentry, loff_t length)
2533 +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)
2535 struct inode *inode = dentry->d_inode;
2541 + if (!gr_acl_handle_truncate(dentry, mnt))
2544 down(&inode->i_sem);
2545 newattrs.ia_size = length;
2546 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
2548 error = locks_verify_truncate(inode, NULL, length);
2551 - error = do_truncate(nd.dentry, length);
2552 + error = do_truncate(nd.dentry, length, nd.mnt);
2554 put_write_access(inode);
2558 error = locks_verify_truncate(inode, file, length);
2560 - error = do_truncate(dentry, length);
2561 + error = do_truncate(dentry, length, file->f_vfsmnt);
2565 @@ -284,6 +288,12 @@
2566 (error = permission(inode,MAY_WRITE)) != 0)
2570 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
2572 + goto dput_and_out;
2575 error = notify_change(nd.dentry, &newattrs);
2578 @@ -329,6 +339,12 @@
2579 (error = permission(inode,MAY_WRITE)) != 0)
2583 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
2585 + goto dput_and_out;
2588 error = notify_change(nd.dentry, &newattrs);
2591 @@ -371,6 +387,10 @@
2592 if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
2593 && !special_file(nd.dentry->d_inode->i_mode))
2596 + if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode))
2606 + gr_log_chdir(nd.dentry, nd.mnt);
2608 set_fs_pwd(current->fs, nd.mnt, nd.dentry);
2611 @@ -424,6 +446,13 @@
2614 error = permission(inode, MAY_EXEC);
2616 + if (!error && !gr_chroot_fchdir(dentry, mnt))
2620 + gr_log_chdir(dentry, mnt);
2623 set_fs_pwd(current->fs, mnt, dentry);
2625 @@ -450,8 +479,16 @@
2626 if (!capable(CAP_SYS_CHROOT))
2629 + if (gr_handle_chroot_chroot(nd.dentry, nd.mnt))
2630 + goto dput_and_out;
2632 set_fs_root(current->fs, nd.mnt, nd.dentry);
2635 + gr_handle_chroot_caps(current);
2637 + gr_handle_chroot_chdir(nd.dentry, nd.mnt);
2642 @@ -480,8 +517,20 @@
2644 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2647 + if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) {
2652 if (mode == (mode_t) -1)
2653 mode = inode->i_mode;
2655 + if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) {
2660 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
2661 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
2662 err = notify_change(dentry, &newattrs);
2663 @@ -512,8 +561,19 @@
2664 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2667 + if (!gr_acl_handle_chmod(nd.dentry, nd.mnt, mode)) {
2669 + goto dput_and_out;
2672 if (mode == (mode_t) -1)
2673 mode = inode->i_mode;
2675 + if (gr_handle_chroot_chmod(nd.dentry, nd.mnt, mode)) {
2677 + goto dput_and_out;
2680 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
2681 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
2682 error = notify_change(nd.dentry, &newattrs);
2687 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
2688 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
2690 struct inode * inode;
2692 @@ -541,6 +601,12 @@
2694 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2697 + if (!gr_acl_handle_chown(dentry, mnt)) {
2702 if (user == (uid_t) -1)
2703 user = inode->i_uid;
2704 if (group == (gid_t) -1)
2707 error = user_path_walk(filename, &nd);
2709 - error = chown_common(nd.dentry, user, group);
2710 + error = chown_common(nd.dentry, user, group, nd.mnt);
2716 error = user_path_walk_link(filename, &nd);
2718 - error = chown_common(nd.dentry, user, group);
2719 + error = chown_common(nd.dentry, user, group, nd.mnt);
2727 - error = chown_common(file->f_dentry, user, group);
2728 + error = chown_common(file->f_dentry, user,
2729 + group, file->f_vfsmnt);
2734 * N.B. For clone tasks sharing a files structure, this test
2735 * will limit the total number of files that can be opened.
2737 + gr_learn_resource(current, RLIMIT_NOFILE, fd);
2738 if (fd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2741 diff -urN linux-2.4.21/fs/proc/array.c linux-2.4.21/fs/proc/array.c
2742 --- linux-2.4.21/fs/proc/array.c 2003-06-23 11:41:29.000000000 -0400
2743 +++ linux-2.4.21/fs/proc/array.c 2003-06-23 11:49:16.000000000 -0400
2744 @@ -334,6 +340,11 @@
2746 wchan = get_wchan(task);
2748 +#ifdef CONFIG_GRKERNSEC_HIDESYM
2753 collect_sigign_sigcatch(task, &sigign, &sigcatch);
2755 /* scale priority and nice values from timeslices to -20..20 */
2756 @@ -684,6 +727,16 @@
2760 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2761 +int proc_pid_ipaddr(struct task_struct *task, char * buffer)
2765 + len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->curr_ip));
2771 int proc_pid_cpu(struct task_struct *task, char * buffer)
2773 diff -urN linux-2.4.21/fs/proc/base.c linux-2.4.21/fs/proc/base.c
2774 --- linux-2.4.21/fs/proc/base.c 2003-06-23 11:41:29.000000000 -0400
2775 +++ linux-2.4.21/fs/proc/base.c 2003-06-23 11:49:16.000000000 -0400
2777 #include <linux/string.h>
2778 #include <linux/seq_file.h>
2779 #include <linux/namespace.h>
2780 +#include <linux/grsecurity.h>
2783 * For hysterical raisins we keep the same inumbers as in the old procfs.
2785 int proc_pid_status(struct task_struct*,char*);
2786 int proc_pid_statm(struct task_struct*,char*);
2787 int proc_pid_cpu(struct task_struct*,char*);
2788 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2789 +int proc_pid_ipaddr(struct task_struct*,char*);
2792 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
2794 @@ -228,9 +232,22 @@
2796 static int proc_permission(struct inode *inode, int mask)
2799 + struct task_struct *task;
2801 if (vfs_permission(inode, mask) != 0)
2803 - return proc_check_root(inode);
2804 + ret = proc_check_root(inode);
2809 + task = inode->u.proc_i.task;
2814 + return gr_acl_handle_procpidmem(task);
2817 static ssize_t pid_maps_read(struct file * file, char * buf,
2822 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2826 PROC_PID_FD_DIR = 0x8000, /* 0x8000-0xffff */
2830 E(PROC_PID_CPU, "cpu", S_IFREG|S_IRUGO),
2832 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2833 + E(PROC_PID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
2835 E(PROC_PID_MAPS, "maps", S_IFREG|S_IRUGO),
2836 E(PROC_PID_MEM, "mem", S_IFREG|S_IRUSR|S_IWUSR),
2837 E(PROC_PID_CWD, "cwd", S_IFLNK|S_IRWXUGO),
2838 @@ -717,10 +740,17 @@
2839 get_task_struct(task);
2840 inode->u.proc_i.task = task;
2842 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2843 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
2848 if (ino == PROC_PID_INO || task_dumpable(task)) {
2849 inode->i_uid = task->euid;
2850 +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP
2851 inode->i_gid = task->egid;
2856 @@ -928,6 +958,12 @@
2857 inode->u.proc_i.op.proc_read = proc_pid_cpu;
2860 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2861 + case PROC_PID_IPADDR:
2862 + inode->i_fop = &proc_info_file_operations;
2863 + inode->u.proc_i.op.proc_read = proc_pid_ipaddr;
2867 inode->i_op = &proc_mem_inode_operations;
2868 inode->i_fop = &proc_mem_operations;
2869 @@ -1026,13 +1062,34 @@
2873 + if(gr_check_hidden_task(task)) {
2874 + free_task_struct(task);
2878 +#ifdef CONFIG_GRKERNSEC_PROC
2879 + if (current->uid && (task->uid != current->uid)
2880 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2881 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
2884 + free_task_struct(task);
2888 inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);
2890 free_task_struct(task);
2894 +#ifdef CONFIG_GRKERNSEC_PROC_USER
2895 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
2896 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
2897 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
2899 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
2901 inode->i_op = &proc_base_inode_operations;
2902 inode->i_fop = &proc_base_operations;
2904 @@ -1072,6 +1129,18 @@
2908 + if(gr_pid_is_chrooted(p))
2910 + if(gr_check_hidden_task(p))
2912 +#ifdef CONFIG_GRKERNSEC_PROC
2913 + if (current->uid && (p->uid != current->uid)
2914 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2915 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
2922 pids[nr_pids] = pid;
2923 diff -urN linux-2.4.21/fs/proc/generic.c linux-2.4.21/fs/proc/generic.c
2924 --- linux-2.4.21/fs/proc/generic.c 2003-06-23 11:41:29.000000000 -0400
2925 +++ linux-2.4.21/fs/proc/generic.c 2003-06-23 11:49:16.000000000 -0400
2926 @@ -503,6 +503,29 @@
2930 +#ifdef CONFIG_GRKERNSEC_PROC
2931 +struct proc_dir_entry *proc_priv_mkdir(const char *name, struct proc_dir_entry *parent)
2933 + struct proc_dir_entry *ent;
2936 +#ifdef CONFIG_GRKERNSEC_PROC_USER
2937 + mode = S_IFDIR | S_IRUSR | S_IXUSR;
2938 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
2939 + mode = S_IFDIR | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP;
2942 + ent = proc_create(&parent, name, mode, 2);
2944 + ent->proc_fops = &proc_dir_operations;
2945 + ent->proc_iops = &proc_dir_inode_operations;
2947 + proc_register(parent, ent);
2953 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
2954 struct proc_dir_entry *parent)
2956 diff -urN linux-2.4.21/fs/proc/inode.c linux-2.4.21/fs/proc/inode.c
2957 --- linux-2.4.21/fs/proc/inode.c 2003-06-23 11:41:29.000000000 -0400
2958 +++ linux-2.4.21/fs/proc/inode.c 2003-06-23 11:49:16.000000000 -0400
2959 @@ -152,7 +152,11 @@
2961 inode->i_mode = de->mode;
2962 inode->i_uid = de->uid;
2963 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2964 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
2966 inode->i_gid = de->gid;
2970 inode->i_size = de->size;
2971 diff -urN linux-2.4.21/fs/proc/proc_misc.c linux-2.4.21/fs/proc/proc_misc.c
2972 --- linux-2.4.21/fs/proc/proc_misc.c 2003-06-23 11:41:29.000000000 -0400
2973 +++ linux-2.4.21/fs/proc/proc_misc.c 2003-06-23 11:49:16.000000000 -0400
2975 void __init proc_misc_init(void)
2977 struct proc_dir_entry *entry;
2981 int (*read_proc)(char*,char**,off_t,int,int*,void*);
2982 @@ -582,48 +583,81 @@
2983 #ifdef CONFIG_STRAM_PROC
2984 {"stram", stram_read_proc},
2986 -#ifdef CONFIG_MODULES
2987 +#if defined(CONFIG_MODULES) && !defined(CONFIG_GRKERNSEC_PROC)
2988 {"modules", modules_read_proc},
2990 {"stat", kstat_read_proc},
2991 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
2992 {"devices", devices_read_proc},
2993 -#if !defined(CONFIG_ARCH_S390)
2995 +#if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
2996 {"interrupts", interrupts_read_proc},
2998 {"filesystems", filesystems_read_proc},
2999 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3000 {"dma", dma_read_proc},
3001 {"ioports", ioports_read_proc},
3002 {"cmdline", cmdline_read_proc},
3004 #ifdef CONFIG_SGI_DS1286
3005 {"rtc", ds1286_read_proc},
3007 {"locks", locks_read_proc},
3008 {"swaps", swaps_read_proc},
3009 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3010 {"iomem", memory_read_proc},
3012 {"execdomains", execdomains_read_proc},
3015 for (p = simple_ones; p->name; p++)
3016 create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
3018 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3019 + gr_mode = S_IRUSR;
3020 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3021 + gr_mode = S_IRUSR | S_IRGRP;
3024 +#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)
3025 + create_proc_read_entry("modules", gr_mode, NULL, &modules_read_proc, NULL);
3027 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3028 + create_proc_read_entry("devices", gr_mode, NULL, &devices_read_proc, NULL);
3029 + create_proc_read_entry("dma", gr_mode, NULL, &dma_read_proc, NULL);
3030 + create_proc_read_entry("ioports", gr_mode, NULL, &ioports_read_proc, NULL);
3031 + create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL);
3032 + create_proc_read_entry("iomem", gr_mode, NULL, &memory_read_proc, NULL);
3033 +#if !defined(CONFIG_ARCH_S390)
3034 + create_proc_read_entry("interrupts", gr_mode, NULL, &interrupts_read_proc, NULL);
3038 proc_symlink("mounts", NULL, "self/mounts");
3040 /* And now for trickier ones */
3041 entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
3043 entry->proc_fops = &proc_kmsg_operations;
3044 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3045 + create_seq_entry("cpuinfo", gr_mode, &proc_cpuinfo_operations);
3046 + create_seq_entry("slabinfo", gr_mode,&proc_slabinfo_operations);
3048 create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
3049 - create_seq_entry("partitions", 0, &proc_partitions_operations);
3050 create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations);
3052 + create_seq_entry("partitions", 0, &proc_partitions_operations);
3053 #ifdef CONFIG_MODULES
3054 - create_seq_entry("ksyms", 0, &proc_ksyms_operations);
3055 + create_seq_entry("ksyms", gr_mode, &proc_ksyms_operations);
3057 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3058 proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
3059 if (proc_root_kcore) {
3060 proc_root_kcore->proc_fops = &proc_kcore_operations;
3061 proc_root_kcore->size =
3062 (size_t)high_memory - PAGE_OFFSET + PAGE_SIZE;
3066 entry = create_proc_entry("profile", S_IWUSR | S_IRUGO, NULL);
3068 diff -urN linux-2.4.21/fs/proc/proc_tty.c linux-2.4.21/fs/proc/proc_tty.c
3069 --- linux-2.4.21/fs/proc/proc_tty.c 2003-06-23 11:41:29.000000000 -0400
3070 +++ linux-2.4.21/fs/proc/proc_tty.c 2003-06-23 11:49:16.000000000 -0400
3071 @@ -174,7 +174,11 @@
3072 * password lengths and inter-keystroke timings during password
3075 +#ifdef CONFIG_GRKERNSEC_PROC
3076 + proc_tty_driver = proc_priv_mkdir("tty/driver", 0);
3078 proc_tty_driver = proc_mkdir_mode("tty/driver", S_IRUSR | S_IXUSR, 0);
3081 create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
3082 create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);
3083 diff -urN linux-2.4.21/fs/proc/root.c linux-2.4.21/fs/proc/root.c
3084 --- linux-2.4.21/fs/proc/root.c 2003-06-23 11:41:29.000000000 -0400
3085 +++ linux-2.4.21/fs/proc/root.c 2003-06-23 11:49:16.000000000 -0400
3090 +#ifdef CONFIG_GRKERNSEC_PROC
3091 + proc_net = proc_priv_mkdir("net", 0);
3093 proc_net = proc_mkdir("net", 0);
3095 #ifdef CONFIG_SYSVIPC
3096 proc_mkdir("sysvipc", 0);
3098 #ifdef CONFIG_SYSCTL
3099 +#ifdef CONFIG_GRKERNSEC_PROC
3100 + proc_sys_root = proc_priv_mkdir("sys", 0);
3102 proc_sys_root = proc_mkdir("sys", 0);
3105 #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE)
3106 proc_mkdir("sys/fs", 0);
3107 proc_mkdir("sys/fs/binfmt_misc", 0);
3109 #ifdef CONFIG_PPC_RTAS
3113 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3114 + proc_bus = proc_priv_mkdir("bus", 0);
3116 proc_bus = proc_mkdir("bus", 0);
3120 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry)
3121 diff -urN linux-2.4.21/fs/readdir.c linux-2.4.21/fs/readdir.c
3122 --- linux-2.4.21/fs/readdir.c 2003-06-23 11:41:29.000000000 -0400
3123 +++ linux-2.4.21/fs/readdir.c 2003-06-23 11:49:16.000000000 -0400
3125 #include <linux/stat.h>
3126 #include <linux/file.h>
3127 #include <linux/smp_lock.h>
3128 +#include <linux/grsecurity.h>
3130 #include <asm/uaccess.h>
3133 struct readdir_callback {
3134 struct old_linux_dirent * dirent;
3136 + struct nameidata nd;
3139 static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset,
3140 @@ -191,6 +193,10 @@
3145 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3149 dirent = buf->dirent;
3150 put_user(ino, &dirent->d_ino);
3153 buf.dirent = dirent;
3155 + buf.nd.dentry = file->f_dentry;
3156 + buf.nd.mnt = file->f_vfsmnt;
3158 error = vfs_readdir(file, fillonedir, &buf);
3162 struct linux_dirent * previous;
3165 + struct nameidata nd;
3168 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
3169 @@ -254,6 +264,10 @@
3170 buf->error = -EINVAL; /* only used if we fail.. */
3171 if (reclen > buf->count)
3174 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3177 dirent = buf->previous;
3179 put_user(offset, &dirent->d_off);
3184 + buf.nd.dentry = file->f_dentry;
3185 + buf.nd.mnt = file->f_vfsmnt;
3187 error = vfs_readdir(file, filldir, &buf);
3191 struct linux_dirent64 * previous;
3194 + struct nameidata nd;
3197 static int filldir64(void * __buf, const char * name, int namlen, loff_t offset,
3198 @@ -332,6 +350,10 @@
3199 buf->error = -EINVAL; /* only used if we fail.. */
3200 if (reclen > buf->count)
3203 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3206 dirent = buf->previous;
3213 + buf.nd.mnt = file->f_vfsmnt;
3214 + buf.nd.dentry = file->f_dentry;
3216 error = vfs_readdir(file, filldir64, &buf);
3219 diff -urN linux-2.4.21/grsecurity/Config.in linux-2.4.21/grsecurity/Config.in
3220 --- linux-2.4.21/grsecurity/Config.in 1969-12-31 19:00:00.000000000 -0500
3221 +++ linux-2.4.21/grsecurity/Config.in 2003-06-23 11:49:16.000000000 -0400
3223 +choice 'Security level' \
3224 + "Low CONFIG_GRKERNSEC_LOW \
3225 + Medium CONFIG_GRKERNSEC_MID \
3226 + High CONFIG_GRKERNSEC_HI \
3227 + Customized CONFIG_GRKERNSEC_CUSTOM" Customized
3228 +if [ "$CONFIG_GRKERNSEC_LOW" = "y" ]; then
3229 +define_bool CONFIG_GRKERNSEC_RANDSRC n
3230 +define_bool CONFIG_GRKERNSEC_RANDRPC n
3231 +define_bool CONFIG_GRKERNSEC_RANDPING n
3232 +define_bool CONFIG_GRKERNSEC_FORKFAIL n
3233 +define_bool CONFIG_GRKERNSEC_TIME n
3234 +define_bool CONFIG_GRKERNSEC_SIGNAL n
3235 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
3236 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT n
3237 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
3238 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE n
3239 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT n
3240 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD n
3241 +define_bool CONFIG_GRKERNSEC_PROC n
3242 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3243 +define_bool CONFIG_GRKERNSEC_HIDESYM n
3244 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
3245 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL n
3246 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP n
3247 +define_bool CONFIG_GRKERNSEC_KMEM n
3248 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
3249 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
3250 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
3251 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
3252 +if [ "$CONFIG_X86" = "y" ]; then
3253 +define_bool CONFIG_GRKERNSEC_IO n
3255 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3256 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3257 +define_bool CONFIG_GRKERNSEC_RESLOG n
3258 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3259 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3261 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3262 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3263 +define_bool CONFIG_GRKERNSEC_LINK y
3264 +define_bool CONFIG_GRKERNSEC_FIFO y
3265 +define_bool CONFIG_GRKERNSEC_RANDPID y
3266 +define_bool CONFIG_GRKERNSEC_EXECVE y
3267 +define_bool CONFIG_GRKERNSEC_RANDNET y
3268 +define_bool CONFIG_GRKERNSEC_RANDISN n
3269 +define_bool CONFIG_GRKERNSEC_DMESG y
3270 +define_bool CONFIG_GRKERNSEC_RANDID y
3271 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3273 +if [ "$CONFIG_GRKERNSEC_MID" = "y" ]; then
3274 +define_bool CONFIG_GRKERNSEC_KMEM n
3275 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3276 +define_bool CONFIG_GRKERNSEC_HIDESYM n
3277 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
3278 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
3279 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
3280 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
3281 +if [ "$CONFIG_X86" = "y" ]; then
3282 +define_bool CONFIG_GRKERNSEC_IO n
3284 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3285 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
3286 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
3287 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3288 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
3289 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3290 +define_bool CONFIG_GRKERNSEC_RESLOG n
3291 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3292 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3294 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3295 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3296 +define_bool CONFIG_GRKERNSEC_LINK y
3297 +define_bool CONFIG_GRKERNSEC_FIFO y
3298 +define_bool CONFIG_GRKERNSEC_RANDPID y
3299 +define_bool CONFIG_GRKERNSEC_EXECVE y
3300 +define_bool CONFIG_GRKERNSEC_DMESG y
3301 +define_bool CONFIG_GRKERNSEC_RANDID y
3302 +define_bool CONFIG_GRKERNSEC_RANDNET y
3303 +define_bool CONFIG_GRKERNSEC_RANDISN y
3304 +define_bool CONFIG_GRKERNSEC_RANDSRC y
3305 +define_bool CONFIG_GRKERNSEC_RANDRPC y
3306 +define_bool CONFIG_GRKERNSEC_RANDPING y
3307 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
3308 +define_bool CONFIG_GRKERNSEC_TIME y
3309 +define_bool CONFIG_GRKERNSEC_SIGNAL y
3310 +define_bool CONFIG_GRKERNSEC_CHROOT y
3311 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
3312 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
3313 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
3314 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
3315 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
3316 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3317 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
3318 +define_bool CONFIG_GRKERNSEC_PROC y
3319 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
3320 +define_int CONFIG_GRKERNSEC_PROC_GID 10
3322 +if [ "$CONFIG_GRKERNSEC_HI" = "y" ]; then
3323 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3324 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3325 +define_bool CONFIG_GRKERNSEC_LINK y
3326 +define_bool CONFIG_GRKERNSEC_FIFO y
3327 +define_bool CONFIG_GRKERNSEC_RANDPID y
3328 +define_bool CONFIG_GRKERNSEC_EXECVE y
3329 +define_bool CONFIG_GRKERNSEC_DMESG y
3330 +define_bool CONFIG_GRKERNSEC_RANDID y
3331 +define_bool CONFIG_GRKERNSEC_RANDSRC y
3332 +define_bool CONFIG_GRKERNSEC_RANDRPC y
3333 +define_bool CONFIG_GRKERNSEC_RANDPING y
3334 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
3335 +define_bool CONFIG_GRKERNSEC_TIME y
3336 +define_bool CONFIG_GRKERNSEC_SIGNAL y
3337 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT y
3338 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
3339 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
3340 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR y
3341 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
3342 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
3343 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3344 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
3345 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS y
3346 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
3347 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK y
3348 +define_bool CONFIG_GRKERNSEC_PROC y
3349 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3350 +define_bool CONFIG_GRKERNSEC_HIDESYM y
3351 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
3352 +define_int CONFIG_GRKERNSEC_PROC_GID 10
3353 +define_bool CONFIG_GRKERNSEC_KMEM y
3354 +define_bool CONFIG_GRKERNSEC_RESLOG y
3355 +define_bool CONFIG_GRKERNSEC_RANDNET y
3356 +define_bool CONFIG_GRKERNSEC_RANDISN y
3358 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3359 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3360 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3361 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3363 +define_bool CONFIG_GRKERNSEC_PROC_ADD y
3364 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD y
3365 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE y
3366 +if [ "$CONFIG_X86" = "y" ]; then
3367 +define_bool CONFIG_GRKERNSEC_IO n
3369 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT y
3371 +if [ "$CONFIG_GRKERNSEC_CUSTOM" = "y" ]; then
3372 +mainmenu_option next_comment
3373 +comment 'Address Space Protection'
3374 +bool 'Deny writing to /dev/kmem, /dev/mem, and /dev/port' CONFIG_GRKERNSEC_KMEM
3375 +if [ "$CONFIG_X86" = "y" ]; then
3376 + bool 'Disable privileged I/O' CONFIG_GRKERNSEC_IO
3377 + if [ "$CONFIG_GRKERNSEC_IO" = "y" ]; then
3378 + define_bool CONFIG_RTC y
3381 +bool 'Hide kernel symbols' CONFIG_GRKERNSEC_HIDESYM
3383 +mainmenu_option next_comment
3384 +comment 'Role Based Access Control Options'
3385 +bool 'Hide kernel processes' CONFIG_GRKERNSEC_ACL_HIDEKERN
3386 +int 'Maximum tries before password lockout' CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3387 +int 'Time to wait after max password tries, in seconds' CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3389 +mainmenu_option next_comment
3390 +comment 'Filesystem Protections'
3391 +bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC
3392 +if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then
3393 + bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER
3394 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then
3395 + bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP
3396 + if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
3397 + int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001
3400 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "n" -o "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
3401 + bool ' Additional restrictions' CONFIG_GRKERNSEC_PROC_ADD
3404 +bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK
3405 +bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO
3406 +bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT
3407 +if [ "$CONFIG_GRKERNSEC_CHROOT" != "n" ]; then
3408 +bool ' Deny mounts' CONFIG_GRKERNSEC_CHROOT_MOUNT
3409 +bool ' Deny double-chroots' CONFIG_GRKERNSEC_CHROOT_DOUBLE
3410 +bool ' Deny pivot_root in chroot' CONFIG_GRKERNSEC_CHROOT_PIVOT
3411 +bool ' Enforce chdir("/") on all chroots' CONFIG_GRKERNSEC_CHROOT_CHDIR
3412 +bool ' Deny (f)chmod +s' CONFIG_GRKERNSEC_CHROOT_CHMOD
3413 +bool ' Deny fchdir out of chroot' CONFIG_GRKERNSEC_CHROOT_FCHDIR
3414 +bool ' Deny mknod' CONFIG_GRKERNSEC_CHROOT_MKNOD
3415 +bool ' Deny shmat() out of chroot' CONFIG_GRKERNSEC_CHROOT_SHMAT
3416 +bool ' Deny access to abstract AF_UNIX sockets out of chroot' CONFIG_GRKERNSEC_CHROOT_UNIX
3417 +bool ' Protect outside processes' CONFIG_GRKERNSEC_CHROOT_FINDTASK
3418 +bool ' Restrict priority changes' CONFIG_GRKERNSEC_CHROOT_NICE
3419 +bool ' Deny sysctl writes in chroot' CONFIG_GRKERNSEC_CHROOT_SYSCTL
3420 +bool ' Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS
3423 +mainmenu_option next_comment
3424 +comment 'Kernel Auditing'
3425 +bool 'Single group for auditing' CONFIG_GRKERNSEC_AUDIT_GROUP
3426 +if [ "$CONFIG_GRKERNSEC_AUDIT_GROUP" != "n" ]; then
3427 +int ' GID for auditing' CONFIG_GRKERNSEC_AUDIT_GID 1007
3429 +bool 'Exec logging' CONFIG_GRKERNSEC_EXECLOG
3430 +bool 'Resource logging' CONFIG_GRKERNSEC_RESLOG
3431 +bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG
3432 +bool 'Chdir logging' CONFIG_GRKERNSEC_AUDIT_CHDIR
3433 +bool '(Un)Mount logging' CONFIG_GRKERNSEC_AUDIT_MOUNT
3434 +bool 'IPC logging' CONFIG_GRKERNSEC_AUDIT_IPC
3435 +bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL
3436 +bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL
3437 +bool 'Time change logging' CONFIG_GRKERNSEC_TIME
3438 +bool '/proc/<pid>/ipaddr support' CONFIG_GRKERNSEC_PROC_IPADDR
3440 +mainmenu_option next_comment
3441 +comment 'Executable Protections'
3442 +bool 'Enforce RLIMIT_NPROC on execs' CONFIG_GRKERNSEC_EXECVE
3443 +bool 'Dmesg(8) restriction' CONFIG_GRKERNSEC_DMESG
3444 +bool 'Randomized PIDs' CONFIG_GRKERNSEC_RANDPID
3445 +bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE
3446 +if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then
3447 +bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL
3448 +int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005
3451 +mainmenu_option next_comment
3452 +comment 'Network Protections'
3453 +bool 'Larger entropy pools' CONFIG_GRKERNSEC_RANDNET
3454 +bool 'Truly random TCP ISN selection' CONFIG_GRKERNSEC_RANDISN
3455 +bool 'Randomized IP IDs' CONFIG_GRKERNSEC_RANDID
3456 +bool 'Randomized TCP source ports' CONFIG_GRKERNSEC_RANDSRC
3457 +bool 'Randomized RPC XIDs' CONFIG_GRKERNSEC_RANDRPC
3458 +bool 'Altered Ping IDs' CONFIG_GRKERNSEC_RANDPING
3459 +bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET
3460 +if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then
3461 +bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL
3462 +if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then
3463 +int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004
3465 +bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT
3466 +if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then
3467 +int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003
3469 +bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER
3470 +if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then
3471 +int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002
3475 +if [ "$CONFIG_SYSCTL" != "n" ]; then
3476 +mainmenu_option next_comment
3477 +comment 'Sysctl support'
3478 +bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL
3481 +mainmenu_option next_comment
3482 +comment 'Logging options'
3483 +int 'Seconds in between log messages (minimum)' CONFIG_GRKERNSEC_FLOODTIME 10
3484 +int 'Number of messages in a burst (maximum)' CONFIG_GRKERNSEC_FLOODBURST 4
3487 diff -urN linux-2.4.21/grsecurity/Makefile linux-2.4.21/grsecurity/Makefile
3488 --- linux-2.4.21/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
3489 +++ linux-2.4.21/grsecurity/Makefile 2003-06-23 11:49:16.000000000 -0400
3491 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
3492 +# during 2001, 2002, and 2003 it has been completely redesigned by
3495 +# All code in this directory and various hooks inserted throughout the kernel
3496 +# are copyright Brad Spengler, and released under the GPL, unless otherwise
3497 +# noted (as in obsd_rand.c)
3499 +O_TARGET := grsec.o
3501 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
3502 + grsec_mount.o grsec_rand.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
3503 + grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o
3505 +ifeq ($(CONFIG_GRKERNSEC),y)
3506 +obj-y += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o obsd_rand.o \
3507 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
3509 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
3511 +obj-y += grsec_disabled.o
3514 +include $(TOPDIR)/Rules.make
3515 diff -urN linux-2.4.21/grsecurity/gracl.c linux-2.4.21/grsecurity/gracl.c
3516 --- linux-2.4.21/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
3517 +++ linux-2.4.21/grsecurity/gracl.c 2003-06-23 11:49:16.000000000 -0400
3520 + * grsecurity/gracl.c
3521 + * Copyright Brad Spengler 2001, 2002, 2003
3525 +#include <linux/kernel.h>
3526 +#include <linux/sched.h>
3527 +#include <linux/mm.h>
3528 +#include <linux/file.h>
3529 +#include <linux/fs.h>
3530 +#include <linux/proc_fs.h>
3531 +#include <linux/smp_lock.h>
3532 +#include <linux/slab.h>
3533 +#include <linux/vmalloc.h>
3534 +#include <linux/types.h>
3535 +#include <linux/capability.h>
3536 +#include <linux/sysctl.h>
3537 +#include <linux/gracl.h>
3538 +#include <linux/gralloc.h>
3539 +#include <linux/grsecurity.h>
3540 +#include <linux/grinternal.h>
3542 +#include <asm/uaccess.h>
3543 +#include <asm/errno.h>
3544 +#include <asm/mman.h>
3546 +static struct acl_role_db acl_role_set;
3547 +static struct acl_role_label *role_list_head;
3548 +static struct name_db name_set;
3549 +static struct name_db inodev_set;
3551 +static struct acl_role_label *default_role;
3553 +static u16 acl_sp_role_value;
3555 +static spinlock_t gr_dev_lock = SPIN_LOCK_UNLOCKED;
3556 +rwlock_t gr_inode_lock = RW_LOCK_UNLOCKED;
3558 +extern char *gr_shared_page[2][NR_CPUS];
3560 +static unsigned long gr_status = GR_STATUS_INIT;
3562 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
3564 +#ifdef CONFIG_GRKERNSEC_RESLOG
3565 +extern __inline__ void gr_log_resource(const struct task_struct *task,
3567 + const unsigned long wanted);
3570 +static unsigned char system_salt[GR_SALT_LEN];
3571 +static unsigned char system_sum[GR_SHA_LEN];
3573 +static struct sprole_pw **acl_special_roles = NULL;
3574 +static __u16 num_sprole_pws = 0;
3576 +static struct acl_role_label *kernel_role = NULL;
3578 +/* The following are used to keep a place held in the hash table when we move
3579 + entries around. They can be replaced during insert. */
3581 +static struct acl_subject_label *deleted_subject;
3582 +static struct acl_object_label *deleted_object;
3583 +static struct name_entry *deleted_inodev;
3585 +/* for keeping track of the last and final allocated subjects, since
3586 + nested subject parsing is tricky
3588 +static struct acl_subject_label *s_last = NULL;
3589 +static struct acl_subject_label *s_final = NULL;
3591 +static unsigned int gr_auth_attempts = 0;
3592 +static unsigned long gr_auth_expires = 0UL;
3594 +extern int gr_init_uidset(void);
3595 +extern void gr_free_uidset(void);
3596 +extern void gr_remove_uid(uid_t uid);
3597 +extern int gr_find_uid(uid_t uid);
3600 +gr_acl_is_enabled(void)
3602 + return (gr_status & GR_READY);
3605 +static __inline__ char *
3606 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
3607 + char *buf, int buflen)
3610 + struct dentry *our_dentry;
3611 + struct vfsmount *our_mount;
3612 + struct vfsmount *rootmnt;
3613 + struct dentry *root;
3615 + our_dentry = (struct dentry *) dentry;
3616 + our_mount = (struct vfsmount *) vfsmnt;
3618 + read_lock(&child_reaper->fs->lock);
3619 + rootmnt = mntget(child_reaper->fs->rootmnt);
3620 + root = dget(child_reaper->fs->root);
3621 + read_unlock(&child_reaper->fs->lock);
3623 + spin_lock(&dcache_lock);
3624 + res = __d_path(our_dentry, our_mount, root, rootmnt, buf, buflen);
3625 + spin_unlock(&dcache_lock);
3632 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
3634 + return d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
3639 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
3641 + return d_real_path(dentry, mnt, gr_shared_page[1][smp_processor_id()],
3646 +to_gr_audit(const __u32 reqmode)
3648 + __u32 retmode = 0;
3650 + retmode |= (reqmode & GR_READ) ? GR_AUDIT_READ : 0;
3651 + retmode |= (reqmode & GR_WRITE) ? GR_AUDIT_WRITE | GR_AUDIT_APPEND : 0;
3652 + retmode |= (reqmode & GR_APPEND) ? GR_AUDIT_APPEND : 0;
3653 + retmode |= (reqmode & GR_EXEC) ? GR_AUDIT_EXEC : 0;
3654 + retmode |= (reqmode & GR_INHERIT) ? GR_AUDIT_INHERIT : 0;
3655 + retmode |= (reqmode & GR_FIND) ? GR_AUDIT_FIND : 0;
3656 + retmode |= (reqmode & GR_SETID) ? GR_AUDIT_SETID : 0;
3657 + retmode |= (reqmode & GR_CREATE) ? GR_AUDIT_CREATE : 0;
3658 + retmode |= (reqmode & GR_DELETE) ? GR_AUDIT_DELETE : 0;
3663 +__inline__ struct acl_role_label *
3664 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
3667 + unsigned long index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
3668 + struct acl_role_label *match;
3669 + struct role_allowed_ip *ipp;
3672 + match = acl_role_set.r_hash[index];
3675 + && (match->uidgid != uid || !(match->roletype & GR_ROLE_USER))) {
3676 + index = (index + (1 << i)) % acl_role_set.r_size;
3677 + match = acl_role_set.r_hash[index];
3681 + if (!match || match->uidgid != uid || !(match->roletype & GR_ROLE_USER)) {
3683 + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
3684 + match = acl_role_set.r_hash[index];
3688 + && (match->uidgid != gid
3689 + || !(match->roletype & GR_ROLE_GROUP))) {
3690 + index = (index + (1 << i)) % acl_role_set.r_size;
3691 + match = acl_role_set.r_hash[index];
3695 + if (!match || match->uidgid != gid
3696 + || !(match->roletype & GR_ROLE_GROUP))
3697 + match = default_role;
3698 + else if (likely(!match->allowed_ips)) {
3701 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
3703 + ((task->curr_ip & ipp->netmask) ==
3704 + (ipp->addr & ipp->netmask)))
3707 + match = default_role;
3709 + } else if (likely(!match->allowed_ips)) {
3712 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
3714 + ((task->curr_ip & ipp->netmask) ==
3715 + (ipp->addr & ipp->netmask)))
3724 +__inline__ struct acl_subject_label *
3725 +lookup_acl_subj_label(const ino_t ino, const kdev_t dev,
3726 + const struct acl_role_label *role)
3728 + unsigned long subj_size = role->subj_hash_size;
3729 + struct acl_subject_label **s_hash = role->subj_hash;
3730 + unsigned long index = fhash(ino, dev, subj_size);
3731 + struct acl_subject_label *match;
3734 + match = s_hash[index];
3736 + while (match && (match->inode != ino || match->device != dev ||
3737 + (match->mode & GR_DELETED))) {
3738 + index = (index + (1 << i)) % subj_size;
3739 + match = s_hash[index];
3743 + if (unlikely(match && (match != deleted_subject) &&
3744 + (match->inode == ino) && (match->device == dev) &&
3745 + !(match->mode & GR_DELETED)))
3751 +static __inline__ struct acl_object_label *
3752 +lookup_acl_obj_label(const ino_t ino, const kdev_t dev,
3753 + const struct acl_subject_label *subj)
3755 + unsigned long obj_size = subj->obj_hash_size;
3756 + struct acl_object_label **o_hash = subj->obj_hash;
3757 + unsigned long index = fhash(ino, dev, obj_size);
3758 + struct acl_object_label *match;
3761 + match = o_hash[index];
3763 + while (match && (match->inode != ino || match->device != dev ||
3764 + (match->mode & GR_DELETED))) {
3765 + index = (index + (1 << i)) % obj_size;
3766 + match = o_hash[index];
3770 + if (unlikely(match && (match != deleted_object) &&
3771 + (match->inode == ino) && (match->device == dev) &&
3772 + !(match->mode & GR_DELETED)))
3778 +static __inline__ struct acl_object_label *
3779 +lookup_acl_obj_label_create(const ino_t ino, const kdev_t dev,
3780 + const struct acl_subject_label *subj)
3782 + unsigned long obj_size = subj->obj_hash_size;
3783 + struct acl_object_label **o_hash = subj->obj_hash;
3784 + unsigned long index = fhash(ino, dev, obj_size);
3785 + struct acl_object_label *match;
3788 + match = o_hash[index];
3790 + while (match && (match->inode != ino || match->device != dev ||
3791 + !(match->mode & GR_DELETED))) {
3792 + index = (index + (1 << i)) % obj_size;
3793 + match = o_hash[index];
3797 + if (unlikely(match && (match != deleted_object) &&
3798 + (match->inode == ino) && (match->device == dev) &&
3799 + (match->mode & GR_DELETED)))
3803 + index = fhash(ino, dev, obj_size);
3804 + match = o_hash[index];
3806 + while (match && (match->inode != ino || match->device != dev ||
3807 + (match->mode & GR_DELETED))) {
3808 + index = (index + (1 << i)) % obj_size;
3809 + match = o_hash[index];
3813 + if (unlikely(match && (match != deleted_object) &&
3814 + (match->inode == ino) && (match->device == dev) &&
3815 + !(match->mode & GR_DELETED)))
3821 +static __inline__ struct name_entry *
3822 +lookup_name_entry(const char *name)
3824 + unsigned long index = nhash(name, name_set.n_size);
3825 + struct name_entry *match;
3828 + match = name_set.n_hash[index];
3830 + while (match && (strcmp(match->name, name)) != 0) {
3831 + index = (index + (1 << i)) % name_set.n_size;
3832 + match = name_set.n_hash[index];
3836 + if (unlikely(match && !strcmp(name, match->name)))
3842 +static __inline__ struct name_entry *
3843 +lookup_inodev_entry(const ino_t ino, const kdev_t dev)
3845 + unsigned long index = fhash(ino, dev, inodev_set.n_size);
3846 + struct name_entry *match;
3849 + match = inodev_set.n_hash[index];
3851 + while (match && (match->inode != ino || match->device != dev)) {
3852 + index = (index + (1 << i)) % inodev_set.n_size;
3853 + match = inodev_set.n_hash[index];
3857 + if (unlikely(match && (match != deleted_inodev) &&
3858 + (match->inode == ino) && (match->device == dev)))
3865 +insert_inodev_entry(struct name_entry *nentry)
3867 + unsigned long index = fhash(nentry->inode, nentry->device,
3868 + inodev_set.n_size);
3869 + struct name_entry **curr;
3872 + curr = &inodev_set.n_hash[index];
3874 + while (*curr && *curr != deleted_inodev) {
3875 + index = (index + (1 << i)) % inodev_set.n_size;
3876 + curr = &inodev_set.n_hash[index];
3886 +insert_acl_role_label(struct acl_role_label *role)
3888 + unsigned long index =
3889 + rhash(role->uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
3890 + struct acl_role_label **curr;
3893 + curr = &acl_role_set.r_hash[index];
3896 + index = (index + (1 << i)) % acl_role_set.r_size;
3897 + curr = &acl_role_set.r_hash[index];
3907 +insert_name_entry(char *name, const ino_t inode, const kdev_t device)
3909 + unsigned long index = nhash(name, name_set.n_size);
3910 + struct name_entry **curr;
3913 + curr = &name_set.n_hash[index];
3915 + while (*curr && strcmp(name, (*curr)->name)) {
3916 + index = (index + (1 << i)) % name_set.n_size;
3917 + curr = &name_set.n_hash[index];
3922 + struct name_entry *nentry =
3923 + acl_alloc(sizeof (struct name_entry));
3926 + nentry->name = name;
3927 + nentry->inode = inode;
3928 + nentry->device = device;
3930 + /* insert us into the table searchable by inode/dev */
3931 + insert_inodev_entry(nentry);
3938 +insert_acl_obj_label(struct acl_object_label *obj,
3939 + struct acl_subject_label *subj)
3941 + unsigned long index =
3942 + fhash(obj->inode, obj->device, subj->obj_hash_size);
3943 + struct acl_object_label **curr;
3946 + curr = &subj->obj_hash[index];
3948 + while (*curr && *curr != deleted_object) {
3949 + index = (index + (1 << i)) % subj->obj_hash_size;
3950 + curr = &subj->obj_hash[index];
3960 +insert_acl_subj_label(struct acl_subject_label *obj,
3961 + struct acl_role_label *role)
3963 + unsigned long subj_size = role->subj_hash_size;
3964 + struct acl_subject_label **s_hash = role->subj_hash;
3965 + unsigned long index = fhash(obj->inode, obj->device, subj_size);
3966 + struct acl_subject_label **curr;
3969 + curr = &s_hash[index];
3971 + while (*curr && *curr != deleted_subject) {
3972 + index = (index + (1 << i)) % subj_size;
3973 + curr = &s_hash[index];
3983 +create_table(__u32 * len)
3985 + unsigned long table_sizes[] = {
3986 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
3987 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
3988 + 4194301, 8388593, 16777213, 33554393, 67108859, 134217689,
3989 + 268435399, 536870909, 1073741789, 2147483647
3991 + void *newtable = NULL;
3992 + unsigned int pwr = 0;
3994 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
3995 + table_sizes[pwr] <= (2 * (*len)))
3998 + if (table_sizes[pwr] <= (2 * (*len)))
4001 + if ((table_sizes[pwr] * sizeof (void *)) <= PAGE_SIZE)
4003 + kmalloc(table_sizes[pwr] * sizeof (void *), GFP_KERNEL);
4005 + newtable = vmalloc(table_sizes[pwr] * sizeof (void *));
4007 + *len = table_sizes[pwr];
4013 +init_variables(const unsigned long acl_obj_size,
4014 + const unsigned long acl_subj_size,
4015 + const unsigned long acl_ip_size,
4016 + const unsigned long acl_role_size,
4017 + const unsigned long allowed_ip_size,
4018 + const unsigned long acl_trans_size,
4019 + const __u16 num_sprole_pws)
4021 + unsigned long stacksize;
4023 + acl_role_set.r_size = acl_role_size;
4024 + name_set.n_size = (acl_obj_size + acl_subj_size);
4025 + inodev_set.n_size = (acl_obj_size + acl_subj_size);
4027 + if (!gr_init_uidset())
4030 + /* set up the stack that holds allocation info */
4032 + stacksize = (3 * acl_obj_size) + (2 * acl_role_size) +
4033 + (4 * acl_subj_size) + acl_ip_size + (2 * acl_trans_size) +
4034 + allowed_ip_size + (2 * num_sprole_pws) + 5;
4036 + if (!acl_alloc_stack_init(stacksize))
4039 + /* create our empty, fake deleted acls */
4041 + (struct acl_subject_label *)
4042 + acl_alloc(sizeof (struct acl_subject_label));
4044 + (struct acl_object_label *)
4045 + acl_alloc(sizeof (struct acl_object_label));
4047 + (struct name_entry *) acl_alloc(sizeof (struct name_entry));
4049 + if (!deleted_subject || !deleted_object || !deleted_inodev)
4052 + memset(deleted_subject, 0, sizeof (struct acl_subject_label));
4053 + memset(deleted_object, 0, sizeof (struct acl_object_label));
4054 + memset(deleted_inodev, 0, sizeof (struct name_entry));
4056 + /* We only want 50% full tables for now */
4058 + acl_role_set.r_hash =
4059 + (struct acl_role_label **) create_table(&acl_role_set.r_size);
4060 + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size);
4061 + inodev_set.n_hash =
4062 + (struct name_entry **) create_table(&inodev_set.n_size);
4064 + if (!acl_role_set.r_hash || !name_set.n_hash || !inodev_set.n_hash)
4066 + memset(acl_role_set.r_hash, 0,
4067 + sizeof (struct acl_role_label *) * acl_role_set.r_size);
4068 + memset(name_set.n_hash, 0,
4069 + sizeof (struct name_entry *) * name_set.n_size);
4070 + memset(inodev_set.n_hash, 0,
4071 + sizeof (struct name_entry *) * inodev_set.n_size);
4077 +free_variables(void)
4079 + struct acl_subject_label *s;
4080 + struct acl_role_label *r;
4081 + struct task_struct *task;
4083 + read_lock(&tasklist_lock);
4084 + for_each_task(task) {
4085 + task->acl_sp_role = 0;
4086 + task->acl_role_id = 0;
4088 + task->role = NULL;
4090 + read_unlock(&tasklist_lock);
4092 + /* free all object hash tables */
4094 + if (role_list_head) {
4095 + for (r = role_list_head; r; r = r->next) {
4096 + if (!r->subj_hash)
4098 + for (s = r->proc_subject; s; s = s->next) {
4101 + if ((s->obj_hash_size *
4102 + sizeof (struct acl_object_label *)) <=
4104 + kfree(s->obj_hash);
4106 + vfree(s->obj_hash);
4108 + if ((r->subj_hash_size *
4109 + sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
4110 + kfree(r->subj_hash);
4112 + vfree(r->subj_hash);
4118 + if (acl_role_set.r_hash) {
4119 + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
4121 + kfree(acl_role_set.r_hash);
4123 + vfree(acl_role_set.r_hash);
4125 + if (name_set.n_hash) {
4126 + if ((name_set.n_size * sizeof (struct name_entry *)) <=
4128 + kfree(name_set.n_hash);
4130 + vfree(name_set.n_hash);
4133 + if (inodev_set.n_hash) {
4134 + if ((inodev_set.n_size * sizeof (struct name_entry *)) <=
4136 + kfree(inodev_set.n_hash);
4138 + vfree(inodev_set.n_hash);
4143 + memset(&name_set, 0, sizeof (struct name_db));
4144 + memset(&inodev_set, 0, sizeof (struct name_db));
4145 + memset(&acl_role_set, 0, sizeof (struct acl_role_db));
4147 + role_list_head = NULL;
4148 + default_role = NULL;
4154 +count_user_objs(struct acl_object_label *userp)
4156 + struct acl_object_label o_tmp;
4160 + if (copy_from_user(&o_tmp, userp,
4161 + sizeof (struct acl_object_label)))
4164 + userp = o_tmp.prev;
4171 +static struct acl_subject_label *
4172 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
4175 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
4176 + struct acl_role_label *role)
4178 + struct acl_object_label *o_tmp;
4183 + if ((o_tmp = (struct acl_object_label *)
4184 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
4187 + if (copy_from_user(o_tmp, userp,
4188 + sizeof (struct acl_object_label)))
4191 + userp = o_tmp->prev;
4193 + len = strnlen_user(o_tmp->filename, PATH_MAX);
4195 + if (!len || len >= PATH_MAX)
4198 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4201 + if (copy_from_user(tmp, o_tmp->filename, len))
4204 + o_tmp->filename = tmp;
4206 + insert_acl_obj_label(o_tmp, subj);
4207 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
4211 + if (o_tmp->nested) {
4212 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
4213 + if (IS_ERR(o_tmp->nested))
4214 + return PTR_ERR(o_tmp->nested);
4216 + s_final = o_tmp->nested;
4224 +count_user_subjs(struct acl_subject_label *userp)
4226 + struct acl_subject_label s_tmp;
4230 + if (copy_from_user(&s_tmp, userp,
4231 + sizeof (struct acl_subject_label)))
4234 + userp = s_tmp.prev;
4235 + /* do not count nested subjects against this count, since
4236 + they are not included in the hash table, but are
4237 + attached to objects. We have already counted
4238 + the subjects in userspace for the allocation
4241 + if (!s_tmp.parent_subject)
4249 +copy_user_allowedips(struct acl_role_label *rolep)
4251 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
4253 + ruserip = rolep->allowed_ips;
4258 + if ((rtmp = (struct role_allowed_ip *)
4259 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
4262 + if (copy_from_user(rtmp, ruserip,
4263 + sizeof (struct role_allowed_ip)))
4266 + ruserip = rtmp->prev;
4269 + rtmp->prev = NULL;
4270 + rolep->allowed_ips = rtmp;
4272 + rlast->next = rtmp;
4273 + rtmp->prev = rlast;
4277 + rtmp->next = NULL;
4284 +copy_user_transitions(struct acl_role_label *rolep)
4286 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
4290 + rusertp = rolep->transitions;
4295 + if ((rtmp = (struct role_transition *)
4296 + acl_alloc(sizeof (struct role_transition))) == NULL)
4299 + if (copy_from_user(rtmp, rusertp,
4300 + sizeof (struct role_transition)))
4303 + rusertp = rtmp->prev;
4305 + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
4307 + if (!len || len >= GR_SPROLE_LEN)
4310 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4313 + if (copy_from_user(tmp, rtmp->rolename, len))
4316 + rtmp->rolename = tmp;
4319 + rtmp->prev = NULL;
4320 + rolep->transitions = rtmp;
4322 + rlast->next = rtmp;
4323 + rtmp->prev = rlast;
4327 + rtmp->next = NULL;
4333 +static struct acl_subject_label *
4334 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
4336 + struct acl_subject_label *s_tmp = NULL;
4340 + struct acl_ip_label **i_tmp, *i_utmp2;
4341 + unsigned long i_num;
4345 + if ((s_tmp = (struct acl_subject_label *)
4346 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
4347 + return ERR_PTR(-ENOMEM);
4349 + if (copy_from_user(s_tmp, userp,
4350 + sizeof (struct acl_subject_label)))
4351 + return ERR_PTR(-EFAULT);
4354 + s_tmp->prev = NULL;
4355 + role->proc_subject = s_tmp;
4357 + s_last->next = s_tmp;
4358 + s_tmp->prev = s_last;
4363 + len = strnlen_user(s_tmp->filename, PATH_MAX);
4365 + if (!len || len >= PATH_MAX)
4366 + return ERR_PTR(-EINVAL);
4368 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4369 + return ERR_PTR(-ENOMEM);
4371 + if (copy_from_user(tmp, s_tmp->filename, len))
4372 + return ERR_PTR(-EFAULT);
4374 + s_tmp->filename = tmp;
4376 + if (!strcmp(s_tmp->filename, "/"))
4377 + role->root_label = s_tmp;
4379 + /* set up object hash table */
4380 + num_objs = count_user_objs(s_tmp->proc_object);
4382 + s_tmp->obj_hash_size = num_objs;
4384 + (struct acl_object_label **)
4385 + create_table(&(s_tmp->obj_hash_size));
4387 + if (!s_tmp->obj_hash)
4388 + return ERR_PTR(-ENOMEM);
4390 + memset(s_tmp->obj_hash, 0,
4391 + s_tmp->obj_hash_size *
4392 + sizeof (struct acl_object_label *));
4394 + /* copy before adding in objects, since a nested
4395 + acl could be found and be the final subject
4401 + /* add in objects */
4402 + err = copy_user_objs(s_tmp->proc_object, s_tmp, role);
4405 + return ERR_PTR(err);
4407 + /* add in ip acls */
4409 + if (!s_tmp->ip_num) {
4410 + s_tmp->ips = NULL;
4415 + (struct acl_ip_label **) acl_alloc(s_tmp->ip_num *
4420 + return ERR_PTR(-ENOMEM);
4422 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
4423 + *(i_tmp + i_num) =
4424 + (struct acl_ip_label *)
4425 + acl_alloc(sizeof (struct acl_ip_label));
4426 + if (!*(i_tmp + i_num))
4427 + return ERR_PTR(-ENOMEM);
4429 + if (copy_from_user
4430 + (&i_utmp2, s_tmp->ips + i_num,
4431 + sizeof (struct acl_ip_label *)))
4432 + return ERR_PTR(-EFAULT);
4434 + if (copy_from_user
4435 + (*(i_tmp + i_num), i_utmp2,
4436 + sizeof (struct acl_ip_label)))
4437 + return ERR_PTR(-EFAULT);
4440 + s_tmp->ips = i_tmp;
4443 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
4445 + return ERR_PTR(-ENOMEM);
4451 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
4453 + struct acl_subject_label s_pre;
4454 + struct acl_subject_label * ret;
4458 + if (copy_from_user(&s_pre, userp,
4459 + sizeof (struct acl_subject_label)))
4462 + /* do not add nested subjects here, add
4463 + while parsing objects
4466 + if (s_pre.parent_subject) {
4467 + userp = s_pre.prev;
4471 + ret = do_copy_user_subj(userp, role);
4473 + err = PTR_ERR(ret);
4477 + insert_acl_subj_label(ret, role);
4479 + userp = s_pre.prev;
4482 + s_final->next = NULL;
4488 +copy_user_acl(struct gr_arg *arg)
4490 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2, *r_last;
4491 + struct sprole_pw *sptmp;
4492 + unsigned long r_num;
4499 + /* we need a default and kernel role */
4500 + if (arg->role_db.r_entries < 2)
4503 + /* copy special role authentication info from userspace */
4505 + num_sprole_pws = arg->num_sprole_pws;
4506 + acl_special_roles = (struct sprole_pw **) acl_alloc(num_sprole_pws * sizeof(struct sprole_pw *));
4508 + if (!acl_special_roles) {
4513 + for (i = 0; i < num_sprole_pws; i++) {
4514 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
4519 + if (copy_from_user(sptmp, arg->sprole_pws + i,
4520 + sizeof (struct sprole_pw))) {
4526 + strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
4528 + if (!len || len >= GR_SPROLE_LEN) {
4533 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
4538 + if (copy_from_user(tmp, sptmp->rolename, len)) {
4543 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
4544 + printk(KERN_ALERT "Copying special role %s\n", tmp);
4546 + sptmp->rolename = tmp;
4547 + acl_special_roles[i] = sptmp;
4550 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
4552 + for (r_num = 0; r_num < arg->role_db.r_entries; r_num++) {
4555 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
4562 + if (copy_from_user(&r_utmp2, r_utmp + r_num,
4563 + sizeof (struct acl_role_label *))) {
4568 + if (copy_from_user(r_tmp, r_utmp2,
4569 + sizeof (struct acl_role_label))) {
4575 + r_tmp->prev = NULL;
4576 + role_list_head = r_tmp;
4578 + r_last->next = r_tmp;
4579 + r_tmp->prev = r_last;
4582 + if (r_num == (arg->role_db.r_entries - 1))
4583 + r_tmp->next = NULL;
4585 + len = strnlen_user(r_tmp->rolename, PATH_MAX);
4587 + if (!len || len >= PATH_MAX) {
4592 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
4596 + if (copy_from_user(tmp, r_tmp->rolename, len)) {
4600 + r_tmp->rolename = tmp;
4602 + if (!strcmp(r_tmp->rolename, "default")
4603 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
4604 + default_role = r_tmp;
4605 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
4606 + kernel_role = r_tmp;
4609 + num_subjs = count_user_subjs(r_tmp->proc_subject);
4611 + r_tmp->subj_hash_size = num_subjs;
4612 + r_tmp->subj_hash =
4613 + (struct acl_subject_label **)
4614 + create_table(&(r_tmp->subj_hash_size));
4616 + if (!r_tmp->subj_hash) {
4621 + err = copy_user_allowedips(r_tmp);
4625 + err = copy_user_transitions(r_tmp);
4629 + memset(r_tmp->subj_hash, 0,
4630 + r_tmp->subj_hash_size *
4631 + sizeof (struct acl_subject_label *));
4635 + err = copy_user_subjs(r_tmp->proc_subject, r_tmp);
4640 + insert_acl_role_label(r_tmp);
4652 +gracl_init(struct gr_arg *args)
4656 + memcpy(&system_salt, args->salt, sizeof (system_salt));
4657 + memcpy(&system_sum, args->sum, sizeof (system_sum));
4659 + if (init_variables(args->role_db.o_entries, args->role_db.s_entries,
4660 + args->role_db.i_entries, args->role_db.r_entries,
4661 + args->role_db.a_entries, args->role_db.t_entries,
4662 + args->num_sprole_pws)) {
4663 + security_alert_good(GR_INITF_ACL_MSG, GR_VERSION);
4668 + error = copy_user_acl(args);
4672 + if ((error = gr_set_acls(0))) {
4677 + gr_status |= GR_READY;
4682 +static struct acl_object_label *
4683 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
4684 + const struct acl_subject_label *subj)
4686 + struct dentry *dentry = (struct dentry *) l_dentry;
4687 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
4688 + struct dentry *root;
4689 + struct vfsmount *rootmnt;
4690 + struct acl_object_label *retval;
4692 + read_lock(&child_reaper->fs->lock);
4693 + rootmnt = mntget(child_reaper->fs->rootmnt);
4694 + root = dget(child_reaper->fs->root);
4695 + read_unlock(&child_reaper->fs->lock);
4696 + spin_lock(&dcache_lock);
4699 + if (unlikely(dentry == root && mnt == rootmnt))
4701 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
4702 + if (mnt->mnt_parent == mnt)
4705 + read_lock(&gr_inode_lock);
4707 + lookup_acl_obj_label(dentry->d_inode->i_ino,
4708 + dentry->d_inode->i_dev, subj);
4709 + read_unlock(&gr_inode_lock);
4710 + if (unlikely(retval != NULL))
4713 + dentry = mnt->mnt_mountpoint;
4714 + mnt = mnt->mnt_parent;
4718 + read_lock(&gr_inode_lock);
4720 + lookup_acl_obj_label(dentry->d_inode->i_ino,
4721 + dentry->d_inode->i_dev, subj);
4722 + read_unlock(&gr_inode_lock);
4723 + if (unlikely(retval != NULL))
4726 + dentry = dentry->d_parent;
4729 + read_lock(&gr_inode_lock);
4731 + lookup_acl_obj_label(dentry->d_inode->i_ino, dentry->d_inode->i_dev,
4733 + read_unlock(&gr_inode_lock);
4735 + if (unlikely(retval == NULL)) {
4736 + read_lock(&gr_inode_lock);
4738 + lookup_acl_obj_label(root->d_inode->i_ino,
4739 + root->d_inode->i_dev, subj);
4740 + read_unlock(&gr_inode_lock);
4743 + spin_unlock(&dcache_lock);
4750 +static struct acl_subject_label *
4751 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
4752 + const struct acl_role_label *role)
4754 + struct dentry *dentry = (struct dentry *) l_dentry;
4755 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
4756 + struct dentry *root;
4757 + struct vfsmount *rootmnt;
4758 + struct acl_subject_label *retval;
4760 + read_lock(&child_reaper->fs->lock);
4761 + rootmnt = mntget(child_reaper->fs->rootmnt);
4762 + root = dget(child_reaper->fs->root);
4763 + read_unlock(&child_reaper->fs->lock);
4764 + spin_lock(&dcache_lock);
4767 + if (unlikely(dentry == root && mnt == rootmnt))
4769 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
4770 + if (mnt->mnt_parent == mnt)
4773 + read_lock(&gr_inode_lock);
4775 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4776 + dentry->d_inode->i_dev, role);
4777 + read_unlock(&gr_inode_lock);
4778 + if (unlikely(retval != NULL))
4781 + dentry = mnt->mnt_mountpoint;
4782 + mnt = mnt->mnt_parent;
4786 + read_lock(&gr_inode_lock);
4788 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4789 + dentry->d_inode->i_dev, role);
4790 + read_unlock(&gr_inode_lock);
4791 + if (unlikely(retval != NULL))
4794 + dentry = dentry->d_parent;
4797 + read_lock(&gr_inode_lock);
4799 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4800 + dentry->d_inode->i_dev, role);
4801 + read_unlock(&gr_inode_lock);
4803 + if (unlikely(retval == NULL)) {
4804 + read_lock(&gr_inode_lock);
4806 + lookup_acl_subj_label(root->d_inode->i_ino,
4807 + root->d_inode->i_dev, role);
4808 + read_unlock(&gr_inode_lock);
4811 + spin_unlock(&dcache_lock);
4818 +static __inline__ void
4819 +gr_log_learn(const struct acl_role_label *role, const uid_t uid, const gid_t gid,
4820 + const struct task_struct *task, const char *pathname,
4823 + security_learn(GR_LEARN_AUDIT_MSG, role->rolename, role->roletype,
4824 + uid, gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry,
4825 + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename,
4826 + 1, 1, pathname, (unsigned long) mode, NIPQUAD(task->curr_ip));
4832 +gr_check_link(const struct dentry * new_dentry,
4833 + const struct dentry * parent_dentry,
4834 + const struct vfsmount * parent_mnt,
4835 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
4837 + struct acl_object_label *obj;
4838 + __u32 oldmode, newmode;
4840 + if (unlikely(!(gr_status & GR_READY)))
4841 + return (GR_WRITE | GR_CREATE);
4843 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
4844 + oldmode = obj->mode;
4846 + if (current->acl->mode & GR_LEARN)
4847 + oldmode |= (GR_WRITE | GR_CREATE);
4849 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
4850 + oldmode | GR_CREATE | GR_AUDIT_CREATE |
4851 + GR_AUDIT_WRITE | GR_SUPPRESS);
4853 + if ((newmode & oldmode) == oldmode)
4855 + else if (current->acl->mode & GR_LEARN) {
4856 + gr_log_learn(current->role, current->uid, current->gid,
4857 + current, gr_to_filename(old_dentry, old_mnt), oldmode);
4858 + return (GR_WRITE | GR_CREATE);
4859 + } else if (newmode & GR_SUPPRESS)
4860 + return GR_SUPPRESS;
4866 +gr_search_file(const struct dentry * dentry, const __u32 mode,
4867 + const struct vfsmount * mnt)
4869 + __u32 retval = mode;
4870 + struct acl_subject_label *curracl;
4871 + struct acl_object_label *currobj;
4873 + if (unlikely(!(gr_status & GR_READY)))
4874 + return (mode & ~GR_AUDITS);
4876 + curracl = current->acl;
4878 + currobj = chk_obj_label(dentry, mnt, curracl);
4879 + retval = currobj->mode & mode;
4882 + ((curracl->mode & GR_LEARN) && (mode != GR_PTRACERD)
4883 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
4884 + __u32 new_mode = mode;
4886 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
4888 + retval = new_mode;
4890 + if (!(mode & GR_NOLEARN))
4891 + gr_log_learn(current->role, current->uid, current->gid,
4892 + current, gr_to_filename(dentry, mnt), new_mode);
4899 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
4900 + const struct vfsmount * mnt, const __u32 mode)
4902 + struct name_entry *match;
4903 + struct acl_object_label *matchpo;
4904 + struct acl_subject_label *curracl;
4907 + if (unlikely(!(gr_status & GR_READY)))
4908 + return (mode & ~GR_AUDITS);
4910 + match = lookup_name_entry(gr_to_filename(new_dentry, mnt));
4913 + goto check_parent;
4915 + curracl = current->acl;
4917 + read_lock(&gr_inode_lock);
4918 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
4919 + read_unlock(&gr_inode_lock);
4922 + if ((matchpo->mode & mode) !=
4923 + (mode & ~(GR_AUDITS | GR_SUPPRESS))
4924 + && curracl->mode & GR_LEARN) {
4925 + __u32 new_mode = mode;
4927 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
4929 + gr_log_learn(current->role, current->uid, current->gid,
4930 + current, gr_to_filename(new_dentry, mnt), new_mode);
4934 + return (matchpo->mode & mode);
4938 + curracl = current->acl;
4940 + matchpo = chk_obj_label(parent, mnt, curracl);
4941 + retval = matchpo->mode & mode;
4943 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
4944 + && (curracl->mode & GR_LEARN)) {
4945 + __u32 new_mode = mode;
4947 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
4949 + gr_log_learn(current->role, current->uid, current->gid,
4950 + current, gr_to_filename(new_dentry, mnt), new_mode);
4958 +gr_check_hidden_task(const struct task_struct *task)
4960 + if (unlikely(!(gr_status & GR_READY)))
4963 + if (!(task->acl->mode & GR_FIND) && !(current->acl->mode & GR_VIEW))
4970 +gr_check_protected_task(const struct task_struct *task)
4972 + if (unlikely(!(gr_status & GR_READY) || !task))
4975 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL))
4982 +gr_copy_label(struct task_struct *tsk)
4984 + tsk->used_accept = 0;
4985 + tsk->used_connect = 0;
4986 + tsk->acl_sp_role = 0;
4987 + tsk->acl_role_id = current->acl_role_id;
4988 + tsk->acl = current->acl;
4989 + tsk->role = current->role;
4990 + tsk->curr_ip = current->curr_ip;
4991 + if (current->exec_file)
4992 + get_file(current->exec_file);
4993 + tsk->exec_file = current->exec_file;
4994 + tsk->is_writable = current->is_writable;
4995 + if (unlikely(current->used_accept))
4996 + current->curr_ip = 0;
5001 +static __inline__ void
5002 +gr_set_proc_res(void)
5004 + struct acl_subject_label *proc;
5007 + proc = current->acl;
5009 + if (proc->mode & GR_LEARN)
5012 + for (i = 0; i < RLIM_NLIMITS; i++) {
5013 + if (!(proc->resmask & (1 << i)))
5016 + current->rlim[i].rlim_cur = proc->res[i].rlim_cur;
5017 + current->rlim[i].rlim_max = proc->res[i].rlim_max;
5023 +static __inline__ void
5024 +do_set_role_label(struct task_struct *task, const uid_t uid, const gid_t gid)
5026 + task->role = lookup_acl_role_label(task, uid, gid);
5032 +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
5034 + struct acl_object_label *obj;
5035 + struct file *filp;
5037 + if (unlikely(!(gr_status & GR_READY)))
5040 + filp = task->exec_file;
5042 + /* kernel process, we'll give them the kernel role */
5043 + if (unlikely(!filp)) {
5044 + task->role = kernel_role;
5045 + task->acl = kernel_role->root_label;
5047 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
5048 + do_set_role_label(task, uid, gid);
5051 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, task->role);
5053 + task->is_writable = 0;
5055 + /* ignore additional mmap checks for processes that are writable
5056 + by the default ACL */
5057 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5058 + if (unlikely(obj->mode & GR_WRITE))
5059 + task->is_writable = 1;
5060 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
5061 + if (unlikely(obj->mode & GR_WRITE))
5062 + task->is_writable = 1;
5064 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5065 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
5068 + gr_set_proc_res();
5074 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
5076 + struct acl_subject_label *newacl;
5077 + struct acl_object_label *obj;
5080 + if (unlikely(!(gr_status & GR_READY)))
5083 + newacl = chk_subj_label(dentry, mnt, current->role);
5085 + obj = chk_obj_label(dentry, mnt, current->acl);
5086 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
5088 + if ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT)) {
5090 + current->acl = obj->nested;
5092 + current->acl = newacl;
5093 + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
5094 + security_audit(GR_INHERIT_ACL_MSG, current->acl->filename,
5095 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
5097 + current->is_writable = 0;
5099 + /* ignore additional mmap checks for processes that are writable
5100 + by the default ACL */
5101 + obj = chk_obj_label(dentry, mnt, default_role->root_label);
5102 + if (unlikely(obj->mode & GR_WRITE))
5103 + current->is_writable = 1;
5104 + obj = chk_obj_label(dentry, mnt, current->role->root_label);
5105 + if (unlikely(obj->mode & GR_WRITE))
5106 + current->is_writable = 1;
5108 + gr_set_proc_res();
5110 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5111 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", current->comm, current->pid, current->role->rolename, current->acl->filename);
5116 +static __inline__ void
5117 +do_handle_delete(const ino_t ino, const kdev_t dev)
5119 + struct acl_object_label *matchpo;
5120 + struct acl_subject_label *matchps;
5121 + struct acl_subject_label *i;
5122 + struct acl_role_label *role;
5124 + for (role = role_list_head; role; role = role->next) {
5125 + for (i = role->proc_subject; i; i = i->next) {
5126 + if (unlikely(i->parent_subject &&
5127 + (i->inode == ino) &&
5128 + (i->device == dev)))
5129 + i->mode |= GR_DELETED;
5130 + if (unlikely((matchpo =
5131 + lookup_acl_obj_label(ino, dev, i)) != NULL))
5132 + matchpo->mode |= GR_DELETED;
5135 + if (unlikely((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL))
5136 + matchps->mode |= GR_DELETED;
5143 +gr_handle_delete(const ino_t ino, const kdev_t dev)
5145 + if (unlikely(!(gr_status & GR_READY)))
5148 + write_lock(&gr_inode_lock);
5149 + if (unlikely((unsigned long)lookup_inodev_entry(ino, dev)))
5150 + do_handle_delete(ino, dev);
5151 + write_unlock(&gr_inode_lock);
5156 +static __inline__ void
5157 +update_acl_obj_label(const ino_t oldinode, const kdev_t olddevice,
5158 + const ino_t newinode, const kdev_t newdevice,
5159 + struct acl_subject_label *subj)
5161 + unsigned long index = fhash(oldinode, olddevice, subj->obj_hash_size);
5162 + struct acl_object_label **match;
5163 + struct acl_object_label *tmp;
5166 + match = &subj->obj_hash[index];
5168 + while (*match && ((*match)->inode != oldinode ||
5169 + (*match)->device != olddevice ||
5170 + !((*match)->mode & GR_DELETED))) {
5171 + index = (index + (1 << i)) % subj->obj_hash_size;
5172 + match = &subj->obj_hash[index];
5176 + if (*match && ((*match) != deleted_object)
5177 + && ((*match)->inode == oldinode)
5178 + && ((*match)->device == olddevice)
5179 + && ((*match)->mode & GR_DELETED)) {
5181 + tmp->inode = newinode;
5182 + tmp->device = newdevice;
5183 + tmp->mode &= ~GR_DELETED;
5185 + *match = deleted_object;
5187 + insert_acl_obj_label(tmp, subj);
5193 +static __inline__ void
5194 +update_acl_subj_label(const ino_t oldinode, const kdev_t olddevice,
5195 + const ino_t newinode, const kdev_t newdevice,
5196 + struct acl_role_label *role)
5198 + struct acl_subject_label **s_hash = role->subj_hash;
5199 + unsigned long subj_size = role->subj_hash_size;
5200 + unsigned long index = fhash(oldinode, olddevice, subj_size);
5201 + struct acl_subject_label **match;
5202 + struct acl_subject_label *tmp;
5205 + match = &s_hash[index];
5207 + while (*match && ((*match)->inode != oldinode ||
5208 + (*match)->device != olddevice ||
5209 + !((*match)->mode & GR_DELETED))) {
5210 + index = (index + (1 << i)) % subj_size;
5212 + match = &s_hash[index];
5215 + if (*match && (*match != deleted_subject)
5216 + && ((*match)->inode == oldinode)
5217 + && ((*match)->device == olddevice)
5218 + && ((*match)->mode & GR_DELETED)) {
5221 + tmp->inode = newinode;
5222 + tmp->device = newdevice;
5223 + tmp->mode &= ~GR_DELETED;
5225 + *match = deleted_subject;
5227 + insert_acl_subj_label(tmp, role);
5233 +static __inline__ void
5234 +update_inodev_entry(const ino_t oldinode, const kdev_t olddevice,
5235 + const ino_t newinode, const kdev_t newdevice)
5237 + unsigned long index = fhash(oldinode, olddevice, inodev_set.n_size);
5238 + struct name_entry **match;
5239 + struct name_entry *tmp;
5242 + match = &inodev_set.n_hash[index];
5245 + && ((*match)->inode != oldinode
5246 + || (*match)->device != olddevice)) {
5247 + index = (index + (1 << i)) % inodev_set.n_size;
5249 + match = &inodev_set.n_hash[index];
5252 + if (*match && (*match != deleted_inodev)
5253 + && ((*match)->inode == oldinode)
5254 + && ((*match)->device == olddevice)) {
5257 + tmp->inode = newinode;
5258 + tmp->device = newdevice;
5260 + *match = deleted_inodev;
5262 + insert_inodev_entry(tmp);
5268 +static __inline__ void
5269 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
5270 + const struct vfsmount *mnt)
5272 + struct acl_subject_label *i;
5273 + struct acl_role_label *role;
5275 + for (role = role_list_head; role; role = role->next) {
5276 + update_acl_subj_label(matchn->inode, matchn->device,
5277 + dentry->d_inode->i_ino,
5278 + dentry->d_inode->i_dev, role);
5280 + for (i = role->proc_subject; i; i = i->next) {
5281 + if (unlikely(i->parent_subject &&
5282 + (i->inode == dentry->d_inode->i_ino) &&
5283 + (i->device == dentry->d_inode->i_dev))) {
5284 + i->inode = dentry->d_inode->i_ino;
5285 + i->device = dentry->d_inode->i_dev;
5287 + update_acl_obj_label(matchn->inode, matchn->device,
5288 + dentry->d_inode->i_ino,
5289 + dentry->d_inode->i_dev, i);
5293 + update_inodev_entry(matchn->inode, matchn->device,
5294 + dentry->d_inode->i_ino, dentry->d_inode->i_dev);
5300 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
5302 + struct name_entry *matchn;
5304 + if (unlikely(!(gr_status & GR_READY)))
5307 + matchn = lookup_name_entry(gr_to_filename(dentry, mnt));
5309 + if (unlikely((unsigned long)matchn)) {
5310 + write_lock(&gr_inode_lock);
5311 + do_handle_create(matchn, dentry, mnt);
5312 + write_unlock(&gr_inode_lock);
5319 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
5320 + struct dentry *old_dentry,
5321 + struct dentry *new_dentry,
5322 + struct vfsmount *mnt, const __u8 replace)
5324 + struct name_entry *matchn;
5327 + matchn = lookup_name_entry(gr_to_filename(new_dentry, mnt));
5330 + error = vfs_rename(old_dir, old_dentry, new_dir, new_dentry);
5333 + if (unlikely(error))
5336 + /* we wouldn't have to check d_inode if it weren't for
5337 + NFS silly-renaming
5340 + write_lock(&gr_inode_lock);
5341 + if (unlikely(replace && new_dentry->d_inode)) {
5342 + if (unlikely(lookup_inodev_entry(new_dentry->d_inode->i_ino,
5343 + new_dentry->d_inode->i_dev) &&
5344 + (old_dentry->d_inode->i_nlink <= 1)))
5345 + do_handle_delete(new_dentry->d_inode->i_ino,
5346 + new_dentry->d_inode->i_dev);
5349 + if (unlikely(lookup_inodev_entry(old_dentry->d_inode->i_ino,
5350 + old_dentry->d_inode->i_dev) &&
5351 + (old_dentry->d_inode->i_nlink <= 1)))
5352 + do_handle_delete(old_dentry->d_inode->i_ino,
5353 + old_dentry->d_inode->i_dev);
5355 + if (unlikely((unsigned long)matchn))
5356 + do_handle_create(matchn, old_dentry, mnt);
5357 + write_unlock(&gr_inode_lock);
5363 +lookup_special_role_auth(const char *rolename, unsigned char **salt,
5364 + unsigned char **sum)
5366 + struct acl_role_label *r;
5367 + struct role_transition *trans;
5371 + /* check transition table */
5373 + for (trans = current->role->transitions; trans; trans = trans->next) {
5374 + if (!strcmp(rolename, trans->rolename)) {
5383 + /* handle special roles that do not require authentication */
5385 + for (r = role_list_head; r; r = r->next) {
5386 + if (!strcmp(rolename, r->rolename)
5387 + && (r->roletype & GR_ROLE_NOPW)) {
5394 + for (i = 0; i < num_sprole_pws; i++) {
5395 + if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
5396 + *salt = acl_special_roles[i]->salt;
5397 + *sum = acl_special_roles[i]->sum;
5406 +assign_special_role(char *rolename)
5408 + struct acl_object_label *obj;
5409 + struct acl_role_label *r;
5410 + struct acl_role_label *assigned = NULL;
5411 + struct task_struct *tsk;
5412 + struct file *filp;
5414 + for (r = role_list_head; r; r = r->next)
5415 + if (!strcmp(rolename, r->rolename) &&
5416 + (r->roletype & GR_ROLE_SPECIAL))
5422 + tsk = current->p_pptr;
5423 + filp = tsk->exec_file;
5425 + if (tsk && filp) {
5426 + tsk->is_writable = 0;
5428 + acl_sp_role_value = (acl_sp_role_value % 65535) + 1;
5429 + tsk->acl_sp_role = 1;
5430 + tsk->acl_role_id = acl_sp_role_value;
5431 + tsk->role = assigned;
5433 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role);
5435 + /* ignore additional mmap checks for processes that are writable
5436 + by the default ACL */
5437 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5438 + if (unlikely(obj->mode & GR_WRITE))
5439 + tsk->is_writable = 1;
5440 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role->root_label);
5441 + if (unlikely(obj->mode & GR_WRITE))
5442 + tsk->is_writable = 1;
5444 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5445 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
5453 +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
5455 + struct gr_arg *arg;
5456 + struct gr_arg usermode;
5457 + unsigned char *sprole_salt;
5458 + unsigned char *sprole_sum;
5459 + int error = sizeof (struct gr_arg);
5462 + spin_lock(&gr_dev_lock);
5464 + arg = (struct gr_arg *) buf;
5466 + if (count != sizeof (struct gr_arg)) {
5467 + security_alert_good(GR_DEV_ACL_MSG, count,
5468 + (int) sizeof (struct gr_arg));
5473 + if ((gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5474 + && time_before_eq(gr_auth_expires, jiffies)) {
5475 + gr_auth_expires = 0;
5476 + gr_auth_attempts = 0;
5479 + if (copy_from_user(&usermode, arg, sizeof (struct gr_arg))) {
5484 + if (usermode.mode != SPROLE && time_after(gr_auth_expires, jiffies)) {
5489 + /* if non-root trying to do anything other than use a special role,
5490 + do not attempt authentication, do not count towards authentication
5494 + if (usermode.mode != SPROLE && current->uid) {
5499 + /* ensure pw and special role name are null terminated */
5501 + usermode.pw[GR_PW_LEN - 1] = '\0';
5502 + usermode.sp_role[GR_SPROLE_LEN - 1] = '\0';
5505 + * We have our enough of the argument structure..(we have yet
5506 + * to copy_from_user the tables themselves) . Copy the tables
5507 + * only if we need them, i.e. for loading operations. */
5509 + switch (usermode.mode) {
5511 + if ((gr_status & GR_READY)
5512 + && !(chkpw(&usermode, system_salt, system_sum))) {
5513 + gr_status &= ~GR_READY;
5514 + security_alert_good(GR_SHUTS_ACL_MSG, DEFAULTSECARGS);
5516 + memset(&usermode, 0, sizeof (struct gr_arg));
5517 + memset(&system_salt, 0, sizeof (system_salt));
5518 + memset(&system_sum, 0, sizeof (system_sum));
5519 + } else if (gr_status & GR_READY) {
5520 + security_alert(GR_SHUTF_ACL_MSG, DEFAULTSECARGS);
5523 + security_alert_good(GR_SHUTI_ACL_MSG, DEFAULTSECARGS);
5528 + if (!(gr_status & GR_READY) && !(error2 = gracl_init(&usermode)))
5529 + security_alert_good(GR_ENABLE_ACL_MSG, GR_VERSION);
5531 + if (gr_status & GR_READY)
5535 + security_alert(GR_ENABLEF_ACL_MSG, GR_VERSION,
5540 + if (!(gr_status & GR_READY)) {
5541 + security_alert_good(GR_RELOADI_ACL_MSG);
5543 + } else if (!(chkpw(&usermode, system_salt, system_sum))) {
5544 + gr_status &= ~GR_READY;
5546 + if (!(error2 = gracl_init(&usermode)))
5547 + security_alert_good(GR_RELOAD_ACL_MSG,
5551 + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION,
5555 + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION,
5561 + if (unlikely(!(gr_status & GR_READY))) {
5562 + security_alert_good(GR_SEGVMODI_ACL_MSG,
5568 + if (!(chkpw(&usermode, system_salt, system_sum))) {
5569 + security_alert_good(GR_SEGVMODS_ACL_MSG,
5571 + if (usermode.segv_device && usermode.segv_inode) {
5572 + struct acl_subject_label *segvacl;
5574 + lookup_acl_subj_label(usermode.segv_inode,
5575 + usermode.segv_device,
5578 + segvacl->crashes = 0;
5579 + segvacl->expires = 0;
5581 + } else if (gr_find_uid(usermode.segv_uid) >= 0) {
5582 + gr_remove_uid(usermode.segv_uid);
5585 + security_alert(GR_SEGVMODF_ACL_MSG, DEFAULTSECARGS);
5590 + if (unlikely(!(gr_status & GR_READY))) {
5591 + security_alert_good(GR_SPROLEI_ACL_MSG, DEFAULTSECARGS);
5596 + if ((current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5597 + && time_before_eq(current->role->expires, jiffies)) {
5598 + current->role->expires = 0;
5599 + current->role->auth_attempts = 0;
5602 + if (time_after(current->role->expires, jiffies)) {
5607 + if (lookup_special_role_auth
5608 + (usermode.sp_role, &sprole_salt, &sprole_sum)
5609 + && ((!sprole_salt && !sprole_sum)
5610 + || !(chkpw(&usermode, sprole_salt, sprole_sum)))) {
5611 + assign_special_role(usermode.sp_role);
5612 + security_alert_good(GR_SPROLES_ACL_MSG,
5613 + (current->p_pptr) ? current->
5614 + p_pptr->role->rolename : "",
5615 + acl_sp_role_value, DEFAULTSECARGS);
5617 + security_alert(GR_SPROLEF_ACL_MSG, usermode.sp_role,
5620 + current->role->auth_attempts++;
5621 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5622 + current->role->expires =
5623 + jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5624 + security_alert(GR_MAXROLEPW_ACL_MSG,
5625 + CONFIG_GRKERNSEC_ACL_MAXTRIES,
5626 + usermode.sp_role, DEFAULTSECARGS);
5633 + security_alert(GR_INVMODE_ACL_MSG, usermode.mode,
5639 + if (error != -EPERM)
5642 + gr_auth_attempts++;
5644 + if (gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5645 + security_alert(GR_MAXPW_ACL_MSG, CONFIG_GRKERNSEC_ACL_MAXTRIES);
5646 + gr_auth_expires = jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5650 + spin_unlock(&gr_dev_lock);
5655 +gr_set_acls(const int type)
5657 + struct acl_object_label *obj;
5658 + struct task_struct *task;
5659 + struct file *filp;
5662 + read_lock(&tasklist_lock);
5663 + for_each_task(task) {
5664 + /* check to see if we're called from the exit handler,
5665 + if so, only replace ACLs that have inherited the admin
5668 + if (type && (task->role != current->role ||
5669 + task->acl_role_id != current->acl_role_id))
5672 + task->acl_role_id = 0;
5674 + if ((filp = task->exec_file)) {
5675 + do_set_role_label(task, task->uid, task->gid);
5678 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt,
5681 + struct acl_subject_label *curr;
5684 + task->is_writable = 0;
5685 + /* ignore additional mmap checks for processes that are writable
5686 + by the default ACL */
5687 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5688 + if (unlikely(obj->mode & GR_WRITE))
5689 + task->is_writable = 1;
5690 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
5691 + if (unlikely(obj->mode & GR_WRITE))
5692 + task->is_writable = 1;
5694 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5695 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
5697 + if (!(curr->mode & GR_LEARN))
5698 + for (i = 0; i < RLIM_NLIMITS; i++) {
5699 + if (!(curr->resmask & (1 << i)))
5702 + task->rlim[i].rlim_cur =
5703 + curr->res[i].rlim_cur;
5704 + task->rlim[i].rlim_max =
5705 + curr->res[i].rlim_max;
5708 + read_unlock(&tasklist_lock);
5709 + security_alert_good(GR_DEFACL_MSG, task->comm,
5714 + // it's a kernel process
5715 + task->role = kernel_role;
5716 + task->acl = kernel_role->root_label;
5717 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
5718 + task->acl->mode &= ~GR_FIND;
5722 + read_unlock(&tasklist_lock);
5727 +gr_learn_resource(const struct task_struct *task,
5728 + const int res, const unsigned long wanted)
5730 + struct acl_subject_label *acl;
5732 + if (unlikely((gr_status & GR_READY) &&
5733 + task->acl && (task->acl->mode & GR_LEARN)))
5736 +#ifdef CONFIG_GRKERNSEC_RESLOG
5737 + gr_log_resource(task, res, wanted);
5741 + if (unlikely(!(gr_status & GR_READY) || !wanted))
5746 + if (likely(!acl || !(acl->mode & GR_LEARN) ||
5747 + !(acl->resmask & (1 << (unsigned short) res))))
5750 + if (wanted >= acl->res[res].rlim_cur) {
5751 + unsigned long res_add;
5756 + res_add += GR_RLIM_CPU_BUMP;
5758 + case RLIMIT_FSIZE:
5759 + res_add += GR_RLIM_FSIZE_BUMP;
5762 + res_add += GR_RLIM_DATA_BUMP;
5764 + case RLIMIT_STACK:
5765 + res_add += GR_RLIM_STACK_BUMP;
5768 + res_add += GR_RLIM_CORE_BUMP;
5771 + res_add += GR_RLIM_RSS_BUMP;
5773 + case RLIMIT_NPROC:
5774 + res_add += GR_RLIM_NPROC_BUMP;
5776 + case RLIMIT_NOFILE:
5777 + res_add += GR_RLIM_NOFILE_BUMP;
5779 + case RLIMIT_MEMLOCK:
5780 + res_add += GR_RLIM_MEMLOCK_BUMP;
5783 + res_add += GR_RLIM_AS_BUMP;
5785 + case RLIMIT_LOCKS:
5786 + res_add += GR_RLIM_LOCKS_BUMP;
5790 + acl->res[res].rlim_cur = res_add;
5792 + if (wanted > acl->res[res].rlim_max)
5793 + acl->res[res].rlim_max = res_add;
5795 + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename,
5796 + current->role->roletype, acl->filename,
5797 + acl->res[res].rlim_cur, acl->res[res].rlim_max,
5798 + "", (unsigned long) res);
5804 +#ifdef CONFIG_SYSCTL
5805 +extern struct proc_dir_entry *proc_sys_root;
5808 +gr_handle_sysctl(const struct ctl_table *table, const void *oldval,
5809 + const void *newval)
5811 + struct proc_dir_entry *tmp;
5812 + struct nameidata nd;
5813 + const char *proc_sys = "/proc/sys";
5814 + char *path = gr_shared_page[0][smp_processor_id()];
5815 + struct acl_object_label *obj;
5816 + unsigned short len = 0, pos = 0, depth = 0, i;
5820 + if (unlikely(!(gr_status & GR_READY)))
5828 + /* convert the requested sysctl entry into a pathname */
5830 + for (tmp = table->de; tmp != proc_sys_root; tmp = tmp->parent) {
5831 + len += strlen(tmp->name);
5836 + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE)
5839 + memset(path, 0, PAGE_SIZE);
5841 + memcpy(path, proc_sys, strlen(proc_sys));
5843 + pos += strlen(proc_sys);
5845 + for (; depth > 0; depth--) {
5848 + for (i = 1, tmp = table->de; tmp != proc_sys_root;
5849 + tmp = tmp->parent) {
5851 + memcpy(path + pos, tmp->name,
5852 + strlen(tmp->name));
5853 + pos += strlen(tmp->name);
5859 + if (path_init(path, LOOKUP_FOLLOW, &nd))
5860 + err = path_walk(path, &nd);
5865 + obj = chk_obj_label(nd.dentry, nd.mnt, current->acl);
5866 + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
5868 + if (unlikely((current->acl->mode & GR_LEARN) && ((err & mode) != mode))) {
5869 + __u32 new_mode = mode;
5871 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
5874 + gr_log_learn(current->role, current->uid, current->gid,
5875 + current, path, new_mode);
5876 + } else if ((err & mode) != mode && !(err & GR_SUPPRESS)) {
5877 + security_alert(GR_SYSCTL_ACL_MSG, "denied", path,
5878 + (mode & GR_READ) ? " reading" : "",
5879 + (mode & GR_WRITE) ? " writing" : "",
5882 + } else if ((err & mode) != mode) {
5884 + } else if (((err & mode) == mode) && (err & GR_AUDITS)) {
5885 + security_audit(GR_SYSCTL_ACL_MSG, "successful",
5886 + path, (mode & GR_READ) ? " reading" : "",
5887 + (mode & GR_WRITE) ? " writing" : "",
5891 + path_release(&nd);
5899 +gr_handle_ptrace(struct task_struct *task, const long request)
5901 + struct file *filp;
5904 + if (unlikely(!(gr_status & GR_READY)))
5907 + filp = task->exec_file;
5909 + if (unlikely(!filp))
5912 + retmode = gr_search_file(filp->f_dentry, GR_PTRACERD, filp->f_vfsmnt);
5914 + if (retmode & GR_PTRACERD) {
5915 + switch (request) {
5916 + case PTRACE_POKETEXT:
5917 + case PTRACE_POKEDATA:
5918 + case PTRACE_POKEUSR:
5919 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA)
5920 + case PTRACE_SETREGS:
5921 + case PTRACE_SETFPREGS:
5924 + case PTRACE_SETFPXREGS:
5926 +#ifdef CONFIG_ALTIVEC
5927 + case PTRACE_SETVRREGS:
5933 + } else if (!(current->acl->mode & GR_OVERRIDE) &&
5934 + !(current->role->roletype & GR_ROLE_GOD)
5935 + && (current->acl != task->acl
5936 + || (current->acl != current->role->root_label
5937 + && current->pid != task->pid))) {
5938 + security_alert(GR_PTRACE_ACL_MSG,
5939 + gr_to_filename(filp->f_dentry, filp->f_vfsmnt),
5940 + task->comm, task->pid, DEFAULTSECARGS);
5948 +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt)
5951 + struct acl_subject_label *subj;
5953 + if (unlikely(!(gr_status & GR_READY)))
5957 + ((current->ptrace & PT_PTRACED)
5958 + && !(current->acl->mode & GR_OVERRIDE)))
5959 + retmode = gr_search_file(dentry, GR_PTRACERD, mnt);
5963 + subj = chk_subj_label(dentry, mnt, current->role);
5965 + if (!(retmode & GR_PTRACERD) &&
5966 + !(current->role->roletype & GR_ROLE_GOD) &&
5967 + (current->acl != subj)) {
5968 + security_alert(GR_PTRACE_EXEC_ACL_MSG,
5969 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
5977 +gr_handle_mmap(const struct file *filp, const unsigned long prot)
5979 + struct acl_object_label *obj, *obj2;
5981 + if (unlikely(!(gr_status & GR_READY) ||
5982 + (current->acl->mode & GR_OVERRIDE) || !filp ||
5983 + !(prot & PROT_EXEC)))
5986 + if (unlikely(current->is_writable))
5989 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5990 + obj2 = chk_obj_label(filp->f_dentry, filp->f_vfsmnt,
5991 + current->role->root_label);
5992 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
5993 + security_alert(GR_WRITLIB_ACL_MSG,
5994 + gr_to_filename(filp->f_dentry, filp->f_vfsmnt),
6003 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
6007 + if (unlikely(!file || !(prot & PROT_EXEC)))
6011 + gr_search_file(file->f_dentry,
6012 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
6015 + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) {
6016 + security_alert(GR_MMAP_ACL_MSG, "denied",
6017 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6020 + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) {
6022 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
6023 + security_audit(GR_MMAP_ACL_MSG, "successful",
6024 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6033 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
6037 + if (unlikely(!file || !(prot & PROT_EXEC)))
6041 + gr_search_file(file->f_dentry,
6042 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
6045 + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) {
6046 + security_alert(GR_MPROTECT_ACL_MSG, "denied",
6047 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6050 + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) {
6052 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
6053 + security_audit(GR_MPROTECT_ACL_MSG, "successful",
6054 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6063 +gr_acl_handle_psacct(struct task_struct *task, const long code)
6065 + unsigned long runtime;
6066 + unsigned long cputime;
6067 + unsigned int wday, cday;
6071 + char cur_tty[64] = { 0 };
6072 + char parent_tty[64] = { 0 };
6074 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
6075 + !(task->acl->mode & GR_PROCACCT)))
6078 + runtime = (jiffies - task->start_time) / HZ;
6079 + wday = runtime / (3600 * 24);
6080 + runtime -= wday * (3600 * 24);
6081 + whr = runtime / 3600;
6082 + runtime -= whr * 3600;
6083 + wmin = runtime / 60;
6084 + runtime -= wmin * 60;
6087 + cputime = (task->times.tms_utime + task->times.tms_stime) / HZ;
6088 + cday = cputime / (3600 * 24);
6089 + cputime -= cday * (3600 * 24);
6090 + chr = cputime / 3600;
6091 + cputime -= chr * 3600;
6092 + cmin = cputime / 60;
6093 + cputime -= cmin * 60;
6096 + security_audit(GR_ACL_PROCACCT_MSG, task->comm,
6097 + task->pid, NIPQUAD(task->curr_ip), tty_name(task->tty,
6099 + task->uid, task->euid, task->gid, task->egid, wday, whr,
6100 + wmin, wsec, cday, chr, cmin, csec,
6102 + flags & PF_SIGNALED) ? "killed by signal" : "exited",
6103 + code, task->p_pptr->comm, task->p_pptr->pid,
6104 + NIPQUAD(task->p_pptr->curr_ip),
6105 + tty_name(task->p_pptr->tty, parent_tty),
6106 + task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid,
6107 + task->p_pptr->egid);
6112 +void gr_set_kernel_label(struct task_struct *task)
6114 + if (gr_status & GR_READY) {
6115 + task->role = kernel_role;
6116 + task->acl = kernel_role->root_label;
6120 diff -urN linux-2.4.21/grsecurity/gracl_alloc.c linux-2.4.21/grsecurity/gracl_alloc.c
6121 --- linux-2.4.21/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
6122 +++ linux-2.4.21/grsecurity/gracl_alloc.c 2003-06-23 11:49:16.000000000 -0400
6124 +/* stack-based acl allocation tracking (c) Brad Spengler 2002,2003 */
6126 +#include <linux/kernel.h>
6127 +#include <linux/mm.h>
6128 +#include <linux/slab.h>
6129 +#include <linux/vmalloc.h>
6130 +#include <linux/gracl.h>
6131 +#include <linux/grsecurity.h>
6133 +static unsigned long alloc_stack_next = 1;
6134 +static unsigned long alloc_stack_size = 1;
6135 +static void **alloc_stack;
6137 +static __inline__ int
6140 + if ((alloc_stack_next - 1) == 0)
6143 + if (*(alloc_stack + alloc_stack_next - 2))
6144 + kfree(*(alloc_stack + alloc_stack_next - 2));
6146 + alloc_stack_next--;
6151 +static __inline__ void
6152 +alloc_push(void *buf)
6154 + if (alloc_stack_next >= alloc_stack_size)
6157 + *(alloc_stack + alloc_stack_next - 1) = buf;
6159 + alloc_stack_next++;
6165 +acl_alloc(unsigned long len)
6169 + if (len > PAGE_SIZE)
6172 + ret = kmalloc(len, GFP_KERNEL);
6183 + if (gr_acl_is_enabled() || !alloc_stack)
6186 + while (alloc_pop()) ;
6188 + if (alloc_stack) {
6189 + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
6190 + kfree(alloc_stack);
6192 + vfree(alloc_stack);
6195 + alloc_stack = NULL;
6196 + alloc_stack_size = 1;
6197 + alloc_stack_next = 1;
6203 +acl_alloc_stack_init(unsigned long size)
6205 + if ((size * sizeof (void *)) <= PAGE_SIZE)
6207 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
6209 + alloc_stack = (void **) vmalloc(size * sizeof (void *));
6211 + alloc_stack_size = size;
6218 diff -urN linux-2.4.21/grsecurity/gracl_cap.c linux-2.4.21/grsecurity/gracl_cap.c
6219 --- linux-2.4.21/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
6220 +++ linux-2.4.21/grsecurity/gracl_cap.c 2003-06-23 11:49:16.000000000 -0400
6222 +/* capability handling routines, (c) Brad Spengler 2002,2003 */
6224 +#include <linux/kernel.h>
6225 +#include <linux/sched.h>
6226 +#include <linux/capability.h>
6227 +#include <linux/gracl.h>
6228 +#include <linux/grsecurity.h>
6229 +#include <linux/grinternal.h>
6231 +static const char *captab_log[29] = {
6233 + "CAP_DAC_OVERRIDE",
6234 + "CAP_DAC_READ_SEARCH",
6241 + "CAP_LINUX_IMMUTABLE",
6242 + "CAP_NET_BIND_SERVICE",
6243 + "CAP_NET_BROADCAST",
6256 + "CAP_SYS_RESOURCE",
6258 + "CAP_SYS_TTY_CONFIG",
6264 +gr_is_capable(const int cap)
6266 + struct acl_subject_label *curracl;
6268 + if (!gr_acl_is_enabled())
6271 + curracl = current->acl;
6273 + if (!cap_raised(curracl->cap_lower, cap))
6276 + if ((curracl->mode & GR_LEARN)
6277 + && cap_raised(current->cap_effective, cap)) {
6278 + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename,
6279 + current->role->roletype, current->uid,
6280 + current->gid, current->exec_file ?
6281 + gr_to_filename(current->exec_file->f_dentry,
6282 + current->exec_file->f_vfsmnt) : curracl->filename,
6283 + curracl->filename, 0UL,
6284 + 0UL, "", (unsigned long) cap, NIPQUAD(current->curr_ip));
6288 + if ((cap >= 0) && (cap < 29) && cap_raised(current->cap_effective, cap))
6289 + security_alert(GR_CAP_ACL_MSG, captab_log[cap], DEFAULTSECARGS);
6293 diff -urN linux-2.4.21/grsecurity/gracl_fs.c linux-2.4.21/grsecurity/gracl_fs.c
6294 --- linux-2.4.21/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
6295 +++ linux-2.4.21/grsecurity/gracl_fs.c 2003-06-23 11:49:16.000000000 -0400
6297 +#include <linux/kernel.h>
6298 +#include <linux/sched.h>
6299 +#include <linux/types.h>
6300 +#include <linux/fs.h>
6301 +#include <linux/file.h>
6302 +#include <linux/grsecurity.h>
6303 +#include <linux/grinternal.h>
6304 +#include <linux/gracl.h>
6307 +gr_acl_handle_hidden_file(const struct dentry * dentry,
6308 + const struct vfsmount * mnt)
6312 + if (unlikely(!dentry->d_inode))
6316 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
6318 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
6319 + security_audit(GR_HIDDEN_ACL_MSG, "successful",
6320 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
6322 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
6323 + security_alert(GR_HIDDEN_ACL_MSG, "denied",
6324 + gr_to_filename(dentry, mnt),
6327 + } else if (unlikely(!(mode & GR_FIND)))
6334 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
6337 + __u32 reqmode = GR_FIND;
6340 + if (unlikely(!dentry->d_inode))
6343 + if (unlikely(fmode & O_APPEND))
6344 + reqmode |= GR_APPEND;
6345 + else if (unlikely(fmode & FMODE_WRITE))
6346 + reqmode |= GR_WRITE;
6347 + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
6348 + reqmode |= GR_READ;
6351 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
6354 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6355 + security_audit(GR_OPEN_ACL_MSG, "successful",
6356 + gr_to_filename(dentry, mnt),
6357 + reqmode & GR_READ ? " reading" : "",
6358 + reqmode & GR_WRITE ? " writing" :
6359 + reqmode & GR_APPEND ? " appending" : "",
6363 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6365 + security_alert(GR_OPEN_ACL_MSG, "denied",
6366 + gr_to_filename(dentry, mnt),
6367 + reqmode & GR_READ ? " reading" : "",
6368 + reqmode & GR_WRITE ? " writing" : reqmode &
6369 + GR_APPEND ? " appending" : "", DEFAULTSECARGS);
6371 + } else if (unlikely((mode & reqmode) != reqmode))
6378 +gr_acl_handle_creat(const struct dentry * dentry,
6379 + const struct dentry * p_dentry,
6380 + const struct vfsmount * p_mnt, const int fmode,
6383 + __u32 reqmode = GR_WRITE | GR_CREATE;
6386 + if (unlikely(fmode & O_APPEND))
6387 + reqmode |= GR_APPEND;
6388 + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
6389 + reqmode |= GR_READ;
6390 + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
6391 + reqmode |= GR_SETID;
6394 + gr_check_create(dentry, p_dentry, p_mnt,
6395 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
6397 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6398 + security_audit(GR_CREATE_ACL_MSG, "successful",
6399 + gr_to_filename(dentry, p_mnt),
6400 + reqmode & GR_READ ? " reading" : "",
6401 + reqmode & GR_WRITE ? " writing" :
6402 + reqmode & GR_APPEND ? " appending" : "",
6406 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6408 + security_alert(GR_CREATE_ACL_MSG, "denied",
6409 + gr_to_filename(dentry, p_mnt),
6410 + reqmode & GR_READ ? " reading" : "",
6411 + reqmode & GR_WRITE ? " writing" : reqmode &
6412 + GR_APPEND ? " appending" : "", DEFAULTSECARGS);
6414 + } else if (unlikely((mode & reqmode) != reqmode))
6421 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
6424 + __u32 mode, reqmode = GR_FIND;
6426 + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
6427 + reqmode |= GR_EXEC;
6428 + if (fmode & S_IWOTH)
6429 + reqmode |= GR_WRITE;
6430 + if (fmode & S_IROTH)
6431 + reqmode |= GR_READ;
6434 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
6437 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6438 + security_audit(GR_ACCESS_ACL_MSG, "successful",
6439 + gr_to_filename(dentry, mnt),
6440 + reqmode & GR_READ ? " reading" : "",
6441 + reqmode & GR_WRITE ? " writing" : "",
6442 + reqmode & GR_EXEC ? " executing" : "",
6446 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6448 + security_alert(GR_ACCESS_ACL_MSG, "denied",
6449 + gr_to_filename(dentry, mnt),
6450 + reqmode & GR_READ ? " reading" : "",
6451 + reqmode & GR_WRITE ? " writing" : "",
6452 + reqmode & GR_EXEC ? " executing" : "",
6455 + } else if (unlikely((mode & reqmode) != reqmode))
6461 +#define generic_fs_handler(dentry, mnt, reqmode, fmt) \
6465 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); \
6467 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \
6468 + security_audit(fmt, "successful", \
6469 + gr_to_filename(dentry, mnt), DEFAULTSECARGS); \
6471 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \
6472 + security_alert(fmt, "denied", gr_to_filename(dentry, mnt), \
6473 + DEFAULTSECARGS); \
6475 + } else if (unlikely((mode & (reqmode)) != (reqmode))) \
6478 + return (reqmode); \
6482 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
6484 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
6488 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
6490 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
6494 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
6496 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
6500 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
6502 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
6506 +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
6509 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
6510 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
6511 + GR_FCHMOD_ACL_MSG);
6513 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
6518 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
6521 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
6522 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
6523 + GR_CHMOD_ACL_MSG);
6525 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
6530 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
6532 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
6536 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
6538 + generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
6542 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
6544 + generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
6545 + GR_UNIXCONNECT_ACL_MSG);
6549 +gr_acl_handle_filldir(const struct dentry *dentry, const struct vfsmount *mnt,
6552 + if (likely((unsigned long)(dentry->d_inode))) {
6553 + struct dentry d = *dentry;
6554 + struct inode inode = *(dentry->d_inode);
6556 + inode.i_ino = ino;
6557 + d.d_inode = &inode;
6559 + if (unlikely(!gr_search_file(&d, GR_FIND | GR_NOLEARN, mnt)))
6567 +gr_acl_handle_link(const struct dentry * new_dentry,
6568 + const struct dentry * parent_dentry,
6569 + const struct vfsmount * parent_mnt,
6570 + const struct dentry * old_dentry,
6571 + const struct vfsmount * old_mnt, const char *to)
6573 + __u32 needmode = GR_WRITE | GR_CREATE;
6577 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
6580 + if (unlikely(((mode & needmode) == needmode) && mode & GR_AUDITS)) {
6581 + security_audit(GR_LINK_ACL_MSG, "successful",
6582 + gr_to_filename(old_dentry, old_mnt), to,
6585 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
6586 + security_alert(GR_LINK_ACL_MSG, "denied",
6587 + gr_to_filename(old_dentry, old_mnt), to,
6590 + } else if (unlikely((mode & needmode) != needmode))
6593 + return (GR_WRITE | GR_CREATE);
6597 +gr_acl_handle_symlink(const struct dentry * new_dentry,
6598 + const struct dentry * parent_dentry,
6599 + const struct vfsmount * parent_mnt, const char *from)
6601 + __u32 needmode = GR_WRITE | GR_CREATE;
6605 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
6606 + GR_CREATE | GR_AUDIT_CREATE |
6607 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
6609 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
6610 + security_audit(GR_SYMLINK_ACL_MSG, "successful",
6611 + from, gr_to_filename(new_dentry, parent_mnt),
6614 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
6615 + security_alert(GR_SYMLINK_ACL_MSG, "denied",
6616 + from, gr_to_filename(new_dentry, parent_mnt),
6619 + } else if (unlikely((mode & needmode) != needmode))
6622 + return (GR_WRITE | GR_CREATE);
6625 +#define generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, reqmode, fmt) \
6629 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); \
6631 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \
6632 + security_audit(fmt, "successful", \
6633 + gr_to_filename(new_dentry, parent_mnt), \
6634 + DEFAULTSECARGS); \
6636 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \
6637 + security_alert(fmt, "denied", \
6638 + gr_to_filename(new_dentry, parent_mnt), \
6639 + DEFAULTSECARGS); \
6641 + } else if (unlikely((mode & (reqmode)) != (reqmode))) \
6644 + return (reqmode); \
6648 +gr_acl_handle_mknod(const struct dentry * new_dentry,
6649 + const struct dentry * parent_dentry,
6650 + const struct vfsmount * parent_mnt,
6653 + __u32 reqmode = GR_WRITE | GR_CREATE;
6654 + if (unlikely(mode & (S_ISUID | S_ISGID)))
6655 + reqmode |= GR_SETID;
6657 + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6658 + reqmode, GR_MKNOD_ACL_MSG);
6662 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
6663 + const struct dentry *parent_dentry,
6664 + const struct vfsmount *parent_mnt)
6666 + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6667 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
6670 +#define RENAME_CHECK_SUCCESS(old, new) \
6671 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
6672 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
6675 +gr_acl_handle_rename(struct dentry *new_dentry,
6676 + struct dentry *parent_dentry,
6677 + const struct vfsmount *parent_mnt,
6678 + struct dentry *old_dentry,
6679 + struct inode *old_parent_inode,
6680 + struct vfsmount *old_mnt, const char *newname)
6682 + __u8 gr_replace = 1;
6683 + __u32 comp1, comp2;
6686 + if (unlikely(!gr_acl_is_enabled()))
6689 + if (!new_dentry->d_inode) {
6692 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
6693 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
6694 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
6695 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
6696 + GR_DELETE | GR_AUDIT_DELETE |
6697 + GR_AUDIT_READ | GR_AUDIT_WRITE |
6698 + GR_SUPPRESS, old_mnt);
6700 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
6701 + GR_CREATE | GR_DELETE |
6702 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
6703 + GR_AUDIT_READ | GR_AUDIT_WRITE |
6704 + GR_SUPPRESS, parent_mnt);
6706 + gr_search_file(old_dentry,
6707 + GR_READ | GR_WRITE | GR_AUDIT_READ |
6708 + GR_DELETE | GR_AUDIT_DELETE |
6709 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
6712 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
6713 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
6714 + security_audit(GR_RENAME_ACL_MSG, "successful",
6715 + gr_to_filename(old_dentry, old_mnt),
6716 + newname, DEFAULTSECARGS);
6717 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
6718 + && !(comp2 & GR_SUPPRESS)) {
6719 + security_alert(GR_RENAME_ACL_MSG, "denied",
6720 + gr_to_filename(old_dentry, old_mnt), newname,
6723 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
6729 + error = gr_handle_rename(old_parent_inode, parent_dentry->d_inode,
6730 + old_dentry, new_dentry, old_mnt, gr_replace);
6736 +gr_acl_handle_exit(void)
6741 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
6742 + id = current->acl_role_id;
6743 + rolename = current->role->rolename;
6745 + security_alert_good(GR_SPROLEL_ACL_MSG,
6746 + rolename, id, DEFAULTSECARGS);
6749 + if (current->exec_file) {
6750 + fput(current->exec_file);
6751 + current->exec_file = NULL;
6756 +gr_acl_handle_procpidmem(const struct task_struct *task)
6758 + if (unlikely(!gr_acl_is_enabled()))
6761 + if (task->acl->mode & GR_PROTPROCFD)
6766 diff -urN linux-2.4.21/grsecurity/gracl_ip.c linux-2.4.21/grsecurity/gracl_ip.c
6767 --- linux-2.4.21/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
6768 +++ linux-2.4.21/grsecurity/gracl_ip.c 2003-06-23 11:49:16.000000000 -0400
6771 + * grsecurity/gracl_ip.c
6772 + * Copyright Brad Spengler 2002, 2003
6776 +#include <linux/kernel.h>
6777 +#include <asm/uaccess.h>
6778 +#include <asm/errno.h>
6779 +#include <net/sock.h>
6780 +#include <linux/file.h>
6781 +#include <linux/fs.h>
6782 +#include <linux/net.h>
6783 +#include <linux/in.h>
6784 +#include <linux/skbuff.h>
6785 +#include <linux/ip.h>
6786 +#include <linux/udp.h>
6787 +#include <linux/smp_lock.h>
6788 +#include <linux/types.h>
6789 +#include <linux/sched.h>
6790 +#include <linux/gracl.h>
6791 +#include <linux/grsecurity.h>
6792 +#include <linux/grinternal.h>
6794 +#define GR_BIND 0x01
6795 +#define GR_CONNECT 0x02
6798 +gr_search_socket(const int domain, const int type, const int protocol)
6800 + struct acl_subject_label *curr;
6802 + if (unlikely(!gr_acl_is_enabled()))
6805 + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
6806 + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
6807 + goto exit; // let the kernel handle it
6809 + curr = current->acl;
6814 + if ((curr->ip_type & (1 << type)) &&
6815 + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
6818 + if (curr->mode & GR_LEARN) {
6819 + /* we don't place acls on raw sockets , and sometimes
6820 + dgram/ip sockets are opened for ioctl and not
6821 + bind/connect, so we'll fake a bind learn log */
6822 + if (type == SOCK_RAW || type == SOCK_PACKET) {
6824 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6825 + current->role->roletype, current->uid,
6826 + current->gid, current->exec_file ?
6827 + gr_to_filename(current->exec_file->f_dentry,
6828 + current->exec_file->f_vfsmnt) :
6829 + curr->filename, curr->filename,
6830 + NIPQUAD(fakeip), 0, type,
6831 + protocol, GR_CONNECT, NIPQUAD(current->curr_ip));
6832 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
6834 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6835 + current->role->roletype, current->uid,
6836 + current->gid, current->exec_file ?
6837 + gr_to_filename(current->exec_file->f_dentry,
6838 + current->exec_file->f_vfsmnt) :
6839 + curr->filename, curr->filename,
6840 + NIPQUAD(fakeip), 0, type,
6841 + protocol, GR_BIND, NIPQUAD(current->curr_ip));
6843 + /* we'll log when they use connect or bind */
6847 + security_alert(GR_SOCK_MSG, domain, type, protocol, DEFAULTSECARGS);
6854 +static __inline__ int
6855 +gr_search_connectbind(const int mode, const struct sock *sk,
6856 + const struct sockaddr_in *addr, const int type)
6858 + struct acl_subject_label *curr;
6859 + struct acl_ip_label *ip;
6861 + unsigned long ip_addr = 0;
6862 + __u16 ip_port = 0;
6864 + if (unlikely(!gr_acl_is_enabled() || sk->family != PF_INET))
6867 + curr = current->acl;
6872 + ip_addr = addr->sin_addr.s_addr;
6873 + ip_port = ntohs(addr->sin_port);
6875 + for (i = 0; i < curr->ip_num; i++) {
6876 + ip = *(curr->ips + i);
6877 + if ((ip->mode & mode) &&
6878 + (ip_port >= ip->low) &&
6879 + (ip_port <= ip->high) &&
6880 + ((ntohl(ip_addr) & ip->netmask) ==
6881 + (ntohl(ip->addr) & ip->netmask))
6883 + proto[sk->protocol / 32] & (1 << (sk->protocol % 32)))
6884 + && (ip->type & (1 << type)))
6888 + if (curr->mode & GR_LEARN) {
6889 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6890 + current->role->roletype, current->uid,
6891 + current->gid, current->exec_file ?
6892 + gr_to_filename(current->exec_file->f_dentry,
6893 + current->exec_file->f_vfsmnt) :
6894 + curr->filename, curr->filename,
6895 + NIPQUAD(ip_addr), ip_port, type,
6896 + sk->protocol, mode, NIPQUAD(current->curr_ip));
6900 + if (mode == GR_BIND)
6901 + security_alert(GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port,
6902 + type, sk->protocol, DEFAULTSECARGS);
6903 + else if (mode == GR_CONNECT)
6904 + security_alert(GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port,
6905 + type, sk->protocol, DEFAULTSECARGS);
6911 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
6913 + return gr_search_connectbind(GR_CONNECT, sock->sk, addr, sock->type);
6917 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
6919 + return gr_search_connectbind(GR_BIND, sock->sk, addr, sock->type);
6923 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
6926 + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
6928 + struct sockaddr_in sin;
6930 + sin.sin_addr.s_addr = sk->daddr;
6931 + sin.sin_port = sk->dport;
6933 + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM);
6938 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
6940 + struct sockaddr_in sin;
6942 + if (unlikely(skb->len < sizeof (struct udphdr)))
6943 + return 1; // skip this packet
6945 + sin.sin_addr.s_addr = skb->nh.iph->saddr;
6946 + sin.sin_port = skb->h.uh->source;
6948 + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM);
6950 diff -urN linux-2.4.21/grsecurity/gracl_learn.c linux-2.4.21/grsecurity/gracl_learn.c
6951 --- linux-2.4.21/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
6952 +++ linux-2.4.21/grsecurity/gracl_learn.c 2003-06-23 11:49:16.000000000 -0400
6954 +#include <linux/kernel.h>
6955 +#include <linux/mm.h>
6956 +#include <linux/sched.h>
6957 +#include <linux/poll.h>
6958 +#include <linux/string.h>
6959 +#include <linux/file.h>
6960 +#include <linux/types.h>
6961 +#include <linux/vmalloc.h>
6962 +#include <linux/grinternal.h>
6964 +extern ssize_t write_grsec_handler(struct file * file, const char * buf,
6965 + size_t count, loff_t *ppos);
6967 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
6969 +char *learn_buffer[80][NR_CPUS];
6970 +ssize_t learn_buffer_len[80][NR_CPUS];
6973 +read_learn(struct file *file, char * buf, size_t count, loff_t * ppos)
6975 + DECLARE_WAITQUEUE(wait, current);
6976 + ssize_t retval = 0, tmp;
6979 + add_wait_queue(&learn_wait, &wait);
6980 + set_current_state(TASK_INTERRUPTIBLE);
6982 + for (j = 0; j < 80; j++)
6983 + for (i = 0; i < NR_CPUS; i++)
6984 + if (learn_buffer_len[j][i])
6986 + if (file->f_flags & O_NONBLOCK) {
6990 + if (signal_pending(current)) {
6991 + retval = -ERESTARTSYS;
6999 + for (j = 0; j < 80; j++) {
7000 + for (i = 0; i < NR_CPUS; i++) {
7001 + tmp = learn_buffer_len[j][i];
7004 + if (count < ((i * 80 * 16384) + (j * 16384) + tmp)) {
7008 + if (copy_to_user(buf + (i * 80 * 16384) + (j * 16384), learn_buffer[j][i], tmp)) {
7013 + learn_buffer_len[j][i] = 0;
7019 + set_current_state(TASK_RUNNING);
7020 + remove_wait_queue(&learn_wait, &wait);
7024 +static unsigned int
7025 +poll_learn(struct file * file, poll_table * wait)
7029 + poll_wait(file, &learn_wait, wait);
7031 + for(j = 0; j < 80; j++)
7032 + for (i = 0; i < NR_CPUS; i++)
7033 + if (learn_buffer_len[j][i])
7034 + return (POLLIN | POLLRDNORM);
7040 +gr_add_learn_entry(const char *fmt, ...)
7044 + int cpu = smp_processor_id();
7046 + for(j = 0; j < 80; j++) {
7047 + if (learn_buffer_len[j][cpu])
7050 + if (!learn_buffer[j][cpu]) {
7051 + learn_buffer[j][cpu] = vmalloc(16384);
7052 + if (!learn_buffer[j][cpu])
7056 + va_start(args, fmt);
7057 + learn_buffer_len[j][cpu] = vsnprintf(learn_buffer[j][cpu], 16384, fmt, args);
7060 + if (learn_buffer_len[j][cpu] < 0)
7061 + learn_buffer_len[j][cpu] = 16384;
7062 + wake_up_interruptible(&learn_wait);
7069 +struct file_operations grsec_fops = {
7071 + write: write_grsec_handler,
7074 diff -urN linux-2.4.21/grsecurity/gracl_res.c linux-2.4.21/grsecurity/gracl_res.c
7075 --- linux-2.4.21/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
7076 +++ linux-2.4.21/grsecurity/gracl_res.c 2003-06-23 11:49:16.000000000 -0400
7078 +/* resource handling routines (c) Brad Spengler 2002, 2003 */
7080 +#include <linux/kernel.h>
7081 +#include <linux/sched.h>
7082 +#include <linux/gracl.h>
7083 +#include <linux/grinternal.h>
7085 +static const char *restab_log[11] = {
7100 +gr_log_resource(const struct task_struct *task,
7101 + const int res, const unsigned long wanted)
7103 + if (unlikely(res == RLIMIT_NPROC &&
7104 + (cap_raised(task->cap_effective, CAP_SYS_ADMIN) ||
7105 + cap_raised(task->cap_effective, CAP_SYS_RESOURCE))))
7108 + if (unlikely(wanted >= task->rlim[res].rlim_cur &&
7109 + task->rlim[res].rlim_cur != RLIM_INFINITY))
7110 + security_alert(GR_RESOURCE_MSG, wanted, restab_log[res],
7111 + task->rlim[res].rlim_cur, task->comm,
7112 + task->pid, task->uid, task->euid,
7113 + task->gid, task->egid, task->p_pptr->comm,
7114 + task->p_pptr->pid, task->p_pptr->uid,
7115 + task->p_pptr->euid, task->p_pptr->gid,
7116 + task->p_pptr->egid);
7120 diff -urN linux-2.4.21/grsecurity/gracl_segv.c linux-2.4.21/grsecurity/gracl_segv.c
7121 --- linux-2.4.21/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
7122 +++ linux-2.4.21/grsecurity/gracl_segv.c 2003-06-23 11:49:16.000000000 -0400
7125 + * grsecurity/gracl_segv.c
7126 + * Copyright Brad Spengler 2002, 2003
7130 +#include <linux/kernel.h>
7131 +#include <linux/mm.h>
7132 +#include <asm/uaccess.h>
7133 +#include <asm/errno.h>
7134 +#include <asm/mman.h>
7135 +#include <net/sock.h>
7136 +#include <linux/file.h>
7137 +#include <linux/fs.h>
7138 +#include <linux/net.h>
7139 +#include <linux/in.h>
7140 +#include <linux/smp_lock.h>
7141 +#include <linux/slab.h>
7142 +#include <linux/types.h>
7143 +#include <linux/sched.h>
7144 +#include <linux/timer.h>
7145 +#include <linux/gracl.h>
7146 +#include <linux/grsecurity.h>
7147 +#include <linux/grinternal.h>
7149 +static struct crash_uid *uid_set;
7150 +static unsigned short uid_used;
7151 +static rwlock_t gr_uid_lock = RW_LOCK_UNLOCKED;
7152 +extern rwlock_t gr_inode_lock;
7153 +extern __inline__ struct acl_subject_label *lookup_acl_subj_label(const ino_t
7162 +gr_init_uidset(void)
7165 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
7168 + return uid_set ? 1 : 0;
7172 +gr_free_uidset(void)
7181 +gr_find_uid(const uid_t uid)
7183 + struct crash_uid *tmp = uid_set;
7185 + int low = 0, high = uid_used - 1, mid;
7187 + while (high >= low) {
7188 + mid = (low + high) >> 1;
7189 + buid = tmp[mid].uid;
7201 +static __inline__ void
7202 +gr_insertsort(void)
7204 + unsigned short i, j;
7205 + struct crash_uid index;
7207 + for (i = 1; i < uid_used; i++) {
7208 + index = uid_set[i];
7210 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
7211 + uid_set[j] = uid_set[j - 1];
7214 + uid_set[j] = index;
7220 +static __inline__ void
7221 +gr_insert_uid(const uid_t uid, const unsigned long expires)
7225 + if (uid_used == GR_UIDTABLE_MAX)
7228 + loc = gr_find_uid(uid);
7231 + uid_set[loc].expires = expires;
7235 + uid_set[uid_used].uid = uid;
7236 + uid_set[uid_used].expires = expires;
7245 +gr_remove_uid(const unsigned short loc)
7249 + for (i = loc + 1; i < uid_used; i++)
7250 + uid_set[i - i] = uid_set[i];
7258 +gr_check_crash_uid(const uid_t uid)
7262 + if (unlikely(!gr_acl_is_enabled()))
7265 + read_lock(&gr_uid_lock);
7266 + loc = gr_find_uid(uid);
7267 + read_unlock(&gr_uid_lock);
7272 + write_lock(&gr_uid_lock);
7273 + if (time_before_eq(uid_set[loc].expires, jiffies))
7274 + gr_remove_uid(loc);
7276 + write_unlock(&gr_uid_lock);
7280 + write_unlock(&gr_uid_lock);
7284 +static __inline__ int
7285 +proc_is_setxid(const struct task_struct *task)
7287 + if (task->uid != task->euid || task->uid != task->suid ||
7288 + task->uid != task->fsuid)
7290 + if (task->gid != task->egid || task->gid != task->sgid ||
7291 + task->gid != task->fsgid)
7296 +static __inline__ int
7297 +gr_fake_force_sig(int sig, struct task_struct *t)
7299 + unsigned long int flags;
7301 + spin_lock_irqsave(&t->sigmask_lock, flags);
7302 + if (t->sig == NULL) {
7303 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
7307 + if (t->sig->action[sig - 1].sa.sa_handler == SIG_IGN)
7308 + t->sig->action[sig - 1].sa.sa_handler = SIG_DFL;
7309 + sigdelset(&t->blocked, sig);
7310 + recalc_sigpending(t);
7311 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
7313 + return send_sig_info(sig, (void *) 1L, t);
7317 +gr_handle_crash(struct task_struct *task, const int sig)
7319 + struct acl_subject_label *curr;
7320 + struct acl_subject_label *curr2;
7321 + struct task_struct *tsk;
7323 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
7326 + if (unlikely(!gr_acl_is_enabled()))
7331 + if (!(curr->resmask & (1 << GR_CRASH_RES)))
7334 + if (time_before_eq(curr->expires, jiffies)) {
7335 + curr->expires = 0;
7336 + curr->crashes = 0;
7341 + if (!curr->expires)
7342 + curr->expires = jiffies + curr->res[GR_CRASH_RES].rlim_max;
7344 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
7345 + time_after(curr->expires, jiffies)) {
7346 + if (task->uid && proc_is_setxid(task)) {
7347 + security_alert(GR_SEGVSTART_ACL_MSG, task->comm,
7348 + task->pid, task->uid, task->euid,
7349 + task->gid, task->egid,
7350 + task->p_pptr->comm, task->p_pptr->pid,
7351 + task->p_pptr->uid, task->p_pptr->euid,
7352 + task->p_pptr->gid, task->p_pptr->egid,
7354 + curr->res[GR_CRASH_RES].rlim_max / HZ);
7355 + write_lock(&gr_uid_lock);
7356 + gr_insert_uid(task->uid, curr->expires);
7357 + write_unlock(&gr_uid_lock);
7358 + curr->expires = 0;
7359 + curr->crashes = 0;
7360 + read_lock(&tasklist_lock);
7361 + for_each_task(tsk) {
7362 + if (tsk != task && tsk->uid == task->uid)
7363 + gr_fake_force_sig(SIGKILL, tsk);
7365 + read_unlock(&tasklist_lock);
7367 + security_alert(GR_SEGVNOSUID_ACL_MSG, task->comm,
7368 + task->pid, task->uid, task->euid,
7369 + task->gid, task->egid,
7370 + task->p_pptr->comm, task->p_pptr->pid,
7371 + task->p_pptr->uid, task->p_pptr->euid,
7372 + task->p_pptr->gid, task->p_pptr->egid,
7373 + kdevname(curr->device), curr->inode,
7374 + curr->res[GR_CRASH_RES].rlim_max / HZ);
7375 + read_lock(&tasklist_lock);
7376 + for_each_task(tsk) {
7377 + if (likely(tsk != task)) {
7380 + if (curr2->device == curr->device &&
7381 + curr2->inode == curr->inode)
7382 + gr_fake_force_sig(SIGKILL, tsk);
7385 + read_unlock(&tasklist_lock);
7393 +gr_check_crash_exec(const struct file *filp)
7395 + struct acl_subject_label *curr;
7397 + if (unlikely(!gr_acl_is_enabled()))
7400 + read_lock(&gr_inode_lock);
7401 + curr = lookup_acl_subj_label(filp->f_dentry->d_inode->i_ino,
7402 + filp->f_dentry->d_inode->i_dev,
7404 + read_unlock(&gr_inode_lock);
7406 + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
7407 + (!curr->crashes && !curr->expires))
7410 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
7411 + time_after(curr->expires, jiffies))
7413 + else if (time_before_eq(curr->expires, jiffies)) {
7414 + curr->crashes = 0;
7415 + curr->expires = 0;
7422 +gr_handle_alertkill(void)
7424 + struct acl_subject_label *curracl;
7426 + struct task_struct *task;
7428 + if (unlikely(!gr_acl_is_enabled()))
7431 + curracl = current->acl;
7432 + curr_ip = current->curr_ip;
7434 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip &&
7435 + (curr_ip != 0xffffffff)) {
7436 + read_lock(&tasklist_lock);
7437 + for_each_task(task) {
7438 + if (task->curr_ip == curr_ip)
7439 + gr_fake_force_sig(SIGKILL, task);
7441 + read_unlock(&tasklist_lock);
7442 + } else if (curracl->mode & GR_KILLPROC)
7443 + gr_fake_force_sig(SIGKILL, current);
7447 diff -urN linux-2.4.21/grsecurity/gracl_shm.c linux-2.4.21/grsecurity/gracl_shm.c
7448 --- linux-2.4.21/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
7449 +++ linux-2.4.21/grsecurity/gracl_shm.c 2003-06-23 11:49:16.000000000 -0400
7451 +/* shared memory handling routines, (c) Brad Spengler 2002, 2003 */
7453 +#include <linux/kernel.h>
7454 +#include <linux/mm.h>
7455 +#include <linux/sched.h>
7456 +#include <linux/file.h>
7457 +#include <linux/ipc.h>
7458 +#include <linux/gracl.h>
7459 +#include <linux/grsecurity.h>
7460 +#include <linux/grinternal.h>
7463 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
7464 + const time_t shm_createtime, const uid_t cuid, const int shmid)
7466 + struct task_struct *task;
7468 + if (!gr_acl_is_enabled())
7471 + task = find_task_by_pid(shm_cprid);
7473 + if (unlikely(!task))
7474 + task = find_task_by_pid(shm_lapid);
7476 + if (unlikely(task && ((task->start_time < shm_createtime) ||
7477 + (task->pid == shm_lapid)) &&
7478 + (task->acl->mode & GR_PROTSHM) &&
7479 + (task->acl != current->acl))) {
7480 + security_alert(GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid,
7487 diff -urN linux-2.4.21/grsecurity/grsec_chdir.c linux-2.4.21/grsecurity/grsec_chdir.c
7488 --- linux-2.4.21/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
7489 +++ linux-2.4.21/grsecurity/grsec_chdir.c 2003-06-23 11:49:16.000000000 -0400
7491 +#include <linux/kernel.h>
7492 +#include <linux/sched.h>
7493 +#include <linux/fs.h>
7494 +#include <linux/file.h>
7495 +#include <linux/grsecurity.h>
7496 +#include <linux/grinternal.h>
7499 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
7501 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
7502 + if ((grsec_enable_chdir && grsec_enable_group &&
7503 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
7504 + !grsec_enable_group)) {
7505 + security_audit(GR_CHDIR_AUDIT_MSG, gr_to_filename(dentry, mnt),
7511 diff -urN linux-2.4.21/grsecurity/grsec_chroot.c linux-2.4.21/grsecurity/grsec_chroot.c
7512 --- linux-2.4.21/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
7513 +++ linux-2.4.21/grsecurity/grsec_chroot.c 2003-06-23 11:49:16.000000000 -0400
7515 +#include <linux/kernel.h>
7516 +#include <linux/sched.h>
7517 +#include <linux/file.h>
7518 +#include <linux/fs.h>
7519 +#include <linux/types.h>
7520 +#include <linux/grinternal.h>
7523 +gr_handle_chroot_unix(const pid_t pid)
7525 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
7526 + struct task_struct *p, **htable;
7528 + if (unlikely(!grsec_enable_chroot_unix))
7531 + if (likely(!proc_is_chrooted(current)))
7534 + read_lock(&tasklist_lock);
7536 + htable = &pidhash[pid_hashfn(pid)];
7538 + for (p = *htable; p && p->pid != pid; p = p->pidhash_next) ;
7540 + if (unlikely(p && !have_same_root(current, p))) {
7541 + read_unlock(&tasklist_lock);
7542 + security_alert(GR_UNIX_CHROOT_MSG, DEFAULTSECARGS);
7545 + read_unlock(&tasklist_lock);
7551 +gr_handle_chroot_nice(void)
7553 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7554 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
7555 + security_alert(GR_NICE_CHROOT_MSG, DEFAULTSECARGS);
7563 +gr_handle_chroot_setpriority(task_t *p, const int niceval)
7565 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7566 + if (grsec_enable_chroot_nice && (!have_same_root(p, current)
7567 + || (have_same_root(p, current)
7568 + && (niceval < task_nice(p))
7569 + && proc_is_chrooted(current)))) {
7570 + security_alert(GR_PRIORITY_CHROOT_MSG, p->comm, p->pid,
7579 +gr_handle_chroot_capset(const struct task_struct *target)
7581 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7582 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
7583 + !have_same_root(current, target)) {
7584 + security_alert(GR_CAPSET_CHROOT_MSG, target->comm, target->pid,
7593 +gr_pid_is_chrooted(const struct task_struct *p)
7595 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
7596 + if (!grsec_enable_chroot_findtask || (current->pid <= 1))
7599 + if (p && p->fs && p->fs->root && p->fs->root->d_inode &&
7600 + child_reaper && child_reaper->fs && child_reaper->fs->root &&
7601 + child_reaper->fs->root->d_inode && current && current->fs &&
7602 + current->fs->root && current->fs->root->d_inode) {
7603 + if (proc_is_chrooted(current) && !have_same_root(current, p))
7611 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
7613 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
7614 + if (!grsec_enable_chroot_fchdir)
7617 + if (!proc_is_chrooted(current))
7620 + struct dentry *dentry = u_dentry;
7621 + struct vfsmount *mnt = u_mnt;
7622 + struct dentry *realroot;
7623 + struct vfsmount *realrootmnt;
7624 + struct dentry *currentroot;
7625 + struct vfsmount *currentmnt;
7627 + read_lock(&child_reaper->fs->lock);
7628 + realrootmnt = mntget(child_reaper->fs->rootmnt);
7629 + realroot = dget(child_reaper->fs->root);
7630 + read_unlock(&child_reaper->fs->lock);
7632 + read_lock(¤t->fs->lock);
7633 + currentmnt = mntget(current->fs->rootmnt);
7634 + currentroot = dget(current->fs->root);
7635 + read_unlock(¤t->fs->lock);
7637 + spin_lock(&dcache_lock);
7640 + ((dentry == realroot && mnt == realrootmnt)
7641 + || (dentry == currentroot && mnt == currentmnt)))
7644 + (dentry == mnt->mnt_root || IS_ROOT(dentry))) {
7645 + if (mnt->mnt_parent == mnt)
7647 + dentry = mnt->mnt_mountpoint;
7648 + mnt = mnt->mnt_parent;
7651 + dentry = dentry->d_parent;
7653 + spin_unlock(&dcache_lock);
7655 + dput(currentroot);
7656 + mntput(currentmnt);
7658 + if (dentry == realroot && mnt == realrootmnt) {
7659 + /* ok, they're definitely trying to fchdir outside of the
7662 + mntput(realrootmnt);
7663 + security_alert(GR_CHROOT_FCHDIR_MSG,
7664 + gr_to_filename(u_dentry, u_mnt),
7669 + mntput(realrootmnt);
7678 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
7679 + const time_t shm_createtime)
7681 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
7682 + struct task_struct *p, **htable;
7684 + if (unlikely(!grsec_enable_chroot_shmat))
7687 + if (likely(!proc_is_chrooted(current)))
7690 + read_lock(&tasklist_lock);
7692 + htable = &pidhash[pid_hashfn(shm_cprid)];
7694 + for (p = *htable; p && p->pid != shm_cprid; p = p->pidhash_next) ;
7696 + if (unlikely(p && !have_same_root(current, p) &&
7697 + (p->start_time < shm_createtime))) {
7698 + read_unlock(&tasklist_lock);
7699 + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS);
7703 + if (unlikely(!p)) {
7704 + htable = &pidhash[pid_hashfn(shm_lapid)];
7705 + for (p = *htable; p && p->pid != shm_lapid;
7706 + p = p->pidhash_next) ;
7708 + if (unlikely(p && !have_same_root(current, p))) {
7709 + read_unlock(&tasklist_lock);
7710 + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS);
7715 + read_unlock(&tasklist_lock);
7721 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
7723 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
7724 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
7725 + security_audit(GR_EXEC_CHROOT_MSG, gr_to_filename(dentry, mnt),
7732 +gr_handle_chroot_mknod(const struct dentry *dentry,
7733 + const struct vfsmount *mnt, const int mode)
7735 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
7736 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) &&
7737 + proc_is_chrooted(current)) {
7738 + security_alert(GR_MKNOD_CHROOT_MSG,
7739 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
7747 +gr_handle_chroot_mount(const struct dentry *dentry,
7748 + const struct vfsmount *mnt, const char *dev_name)
7750 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
7751 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
7752 + security_alert(GR_MOUNT_CHROOT_MSG, dev_name,
7753 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
7761 +gr_handle_chroot_pivot(void)
7763 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
7764 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
7765 + security_alert(GR_PIVOT_CHROOT_MSG, DEFAULTSECARGS);
7773 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
7775 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
7776 + if (grsec_enable_chroot_double && proc_is_chrooted(current)) {
7777 + security_alert(GR_CHROOT_CHROOT_MSG,
7778 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
7786 +gr_handle_chroot_caps(struct task_struct *task)
7788 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7789 + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
7790 + task->cap_permitted =
7791 + cap_drop(task->cap_permitted, GR_CHROOT_CAPS);
7792 + task->cap_inheritable =
7793 + cap_drop(task->cap_inheritable, GR_CHROOT_CAPS);
7794 + task->cap_effective =
7795 + cap_drop(task->cap_effective, GR_CHROOT_CAPS);
7802 +gr_handle_chroot_sysctl(const int op)
7804 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
7805 + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
7813 +gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt)
7815 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
7816 + if (grsec_enable_chroot_chdir)
7817 + set_fs_pwd(current->fs, mnt, dentry);
7823 +gr_handle_chroot_chmod(const struct dentry *dentry,
7824 + const struct vfsmount *mnt, const int mode)
7826 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
7827 + if (grsec_enable_chroot_chmod &&
7828 + ((mode & S_ISUID) || (mode & S_ISGID)) &&
7829 + proc_is_chrooted(current)) {
7830 + security_alert(GR_CHMOD_CHROOT_MSG,
7831 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
7837 diff -urN linux-2.4.21/grsecurity/grsec_disabled.c linux-2.4.21/grsecurity/grsec_disabled.c
7838 --- linux-2.4.21/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
7839 +++ linux-2.4.21/grsecurity/grsec_disabled.c 2003-06-23 11:49:16.000000000 -0400
7842 + * when grsecurity is disabled, compile all external functions into nothing
7845 +#include <linux/kernel.h>
7846 +#include <linux/config.h>
7847 +#include <linux/sched.h>
7848 +#include <linux/file.h>
7849 +#include <linux/fs.h>
7850 +#include <linux/kdev_t.h>
7851 +#include <linux/net.h>
7852 +#include <linux/in.h>
7853 +#include <linux/ip.h>
7854 +#include <linux/skbuff.h>
7855 +#include <linux/sysctl.h>
7857 +#ifdef CONFIG_SYSCTL
7859 +gr_handle_sysctl(const struct ctl_table * table, __u32 mode)
7866 +gr_acl_is_enabled(void)
7872 +gr_acl_handle_psacct(struct task_struct *task, const long code)
7878 +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt)
7884 +gr_handle_mmap(const struct file *filp, const unsigned long prot)
7890 +gr_handle_ptrace(struct task_struct *task, const long request)
7896 +gr_learn_resource(const struct task_struct *task,
7897 + const int res, const unsigned long wanted)
7903 +gr_set_acls(const int type)
7909 +gr_check_hidden_task(const struct task_struct *tsk)
7915 +gr_check_protected_task(const struct task_struct *task)
7921 +gr_copy_label(struct task_struct *tsk)
7927 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
7933 +gr_handle_delete(const ino_t ino, const kdev_t dev)
7939 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
7945 +gr_handle_crash(struct task_struct *task, const int sig)
7951 +gr_check_crash_exec(const struct file *filp)
7957 +gr_check_crash_uid(const uid_t uid)
7963 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
7964 + struct dentry *old_dentry,
7965 + struct dentry *new_dentry,
7966 + struct vfsmount *mnt, const __u8 replace)
7972 +gr_search_socket(const int family, const int type, const int protocol)
7978 +gr_search_connectbind(const int mode, const struct socket *sock,
7979 + const struct sockaddr_in *addr)
7985 +gr_is_capable(const int cap)
7991 +gr_handle_alertkill(void)
7997 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
8003 +gr_acl_handle_hidden_file(const struct dentry * dentry,
8004 + const struct vfsmount * mnt)
8010 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
8017 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
8023 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
8029 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
8030 + unsigned int *vm_flags)
8036 +gr_acl_handle_truncate(const struct dentry * dentry,
8037 + const struct vfsmount * mnt)
8043 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
8049 +gr_acl_handle_access(const struct dentry * dentry,
8050 + const struct vfsmount * mnt, const int fmode)
8056 +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
8063 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
8070 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
8076 +grsecurity_init(void)
8082 +gr_acl_handle_mknod(const struct dentry * new_dentry,
8083 + const struct dentry * parent_dentry,
8084 + const struct vfsmount * parent_mnt,
8091 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
8092 + const struct dentry * parent_dentry,
8093 + const struct vfsmount * parent_mnt)
8099 +gr_acl_handle_symlink(const struct dentry * new_dentry,
8100 + const struct dentry * parent_dentry,
8101 + const struct vfsmount * parent_mnt, const char *from)
8107 +gr_acl_handle_link(const struct dentry * new_dentry,
8108 + const struct dentry * parent_dentry,
8109 + const struct vfsmount * parent_mnt,
8110 + const struct dentry * old_dentry,
8111 + const struct vfsmount * old_mnt, const char *to)
8117 +gr_acl_handle_rename(const struct dentry *new_dentry,
8118 + const struct dentry *parent_dentry,
8119 + const struct vfsmount *parent_mnt,
8120 + const struct dentry *old_dentry,
8121 + const struct inode *old_parent_inode,
8122 + const struct vfsmount *old_mnt, const char *newname)
8128 +gr_acl_handle_filldir(const struct dentry * dentry,
8129 + const struct vfsmount * mnt, const ino_t ino)
8135 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
8136 + const time_t shm_createtime, const uid_t cuid, const int shmid)
8142 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
8148 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
8154 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
8160 +gr_acl_handle_creat(const struct dentry * dentry,
8161 + const struct dentry * p_dentry,
8162 + const struct vfsmount * p_mnt, const int fmode,
8169 +gr_acl_handle_exit(void)
8175 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
8181 +gr_set_role_label(const uid_t uid, const gid_t gid)
8187 +gr_acl_handle_procpidmem(const struct task_struct *task)
8193 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
8199 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
8205 +gr_set_kernel_label(struct task_struct *task)
8209 diff -urN linux-2.4.21/grsecurity/grsec_exec.c linux-2.4.21/grsecurity/grsec_exec.c
8210 --- linux-2.4.21/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
8211 +++ linux-2.4.21/grsecurity/grsec_exec.c 2003-06-23 11:49:16.000000000 -0400
8213 +#include <linux/kernel.h>
8214 +#include <linux/sched.h>
8215 +#include <linux/file.h>
8216 +#include <linux/fs.h>
8217 +#include <linux/types.h>
8218 +#include <linux/grdefs.h>
8219 +#include <linux/grinternal.h>
8220 +#include <linux/capability.h>
8222 +#include <asm/uaccess.h>
8225 +gr_handle_nproc(void)
8227 +#ifdef CONFIG_GRKERNSEC_EXECVE
8228 + if (grsec_enable_execve && current->user &&
8229 + (atomic_read(¤t->user->processes) >
8230 + current->rlim[RLIMIT_NPROC].rlim_cur) &&
8231 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
8232 + security_alert(GR_NPROC_MSG, DEFAULTSECARGS);
8240 +gr_handle_exec_args(struct linux_binprm *bprm, char **argv)
8242 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8243 + char grarg[64] = { 0 };
8247 + if (!((grsec_enable_execlog && grsec_enable_group &&
8248 + in_group_p(grsec_audit_gid))
8249 + || (grsec_enable_execlog && !grsec_enable_group)))
8252 + if (unlikely(!argv))
8255 + for (i = 0; i < bprm->argc && execlen < 62; i++) {
8259 + if (get_user(p, argv + i))
8263 + len = strnlen_user(p, 62 - execlen);
8264 + if (len > 62 - execlen)
8265 + len = 62 - execlen;
8268 + if (copy_from_user(grarg + execlen, p, len))
8271 + *(grarg + execlen) = ' ';
8272 + *(grarg + execlen + 1) = '\0';
8277 + security_audit(GR_EXEC_AUDIT_MSG, gr_to_filename(bprm->file->f_dentry,
8278 + bprm->file->f_vfsmnt),
8279 + grarg, DEFAULTSECARGS);
8283 diff -urN linux-2.4.21/grsecurity/grsec_fifo.c linux-2.4.21/grsecurity/grsec_fifo.c
8284 --- linux-2.4.21/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
8285 +++ linux-2.4.21/grsecurity/grsec_fifo.c 2003-06-23 11:49:16.000000000 -0400
8287 +#include <linux/kernel.h>
8288 +#include <linux/sched.h>
8289 +#include <linux/fs.h>
8290 +#include <linux/file.h>
8291 +#include <linux/grinternal.h>
8294 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
8295 + const struct dentry *dir, const int flag, const int acc_mode)
8297 +#ifdef CONFIG_GRKERNSEC_FIFO
8298 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
8299 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
8300 + (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
8301 + (current->fsuid != dentry->d_inode->i_uid)) {
8302 + if (!permission(dentry->d_inode, acc_mode))
8303 + security_alert(GR_FIFO_MSG, gr_to_filename(dentry, mnt),
8304 + dentry->d_inode->i_uid,
8305 + dentry->d_inode->i_gid, DEFAULTSECARGS);
8311 diff -urN linux-2.4.21/grsecurity/grsec_fork.c linux-2.4.21/grsecurity/grsec_fork.c
8312 --- linux-2.4.21/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
8313 +++ linux-2.4.21/grsecurity/grsec_fork.c 2003-06-23 11:49:16.000000000 -0400
8315 +#include <linux/kernel.h>
8316 +#include <linux/sched.h>
8317 +#include <linux/grsecurity.h>
8318 +#include <linux/grinternal.h>
8321 +gr_log_forkfail(const int retval)
8323 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8324 + if (grsec_enable_forkfail)
8325 + security_alert(GR_FAILFORK_MSG, retval, DEFAULTSECARGS);
8329 diff -urN linux-2.4.21/grsecurity/grsec_init.c linux-2.4.21/grsecurity/grsec_init.c
8330 --- linux-2.4.21/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
8331 +++ linux-2.4.21/grsecurity/grsec_init.c 2003-06-23 11:49:16.000000000 -0400
8333 +#include <linux/kernel.h>
8334 +#include <linux/sched.h>
8335 +#include <linux/mm.h>
8336 +#include <linux/smp_lock.h>
8338 +int grsec_enable_link;
8339 +int grsec_enable_dmesg;
8340 +int grsec_enable_fifo;
8341 +int grsec_enable_execve;
8342 +int grsec_enable_execlog;
8343 +int grsec_enable_signal;
8344 +int grsec_enable_forkfail;
8345 +int grsec_enable_time;
8346 +int grsec_enable_group;
8347 +int grsec_audit_gid;
8348 +int grsec_enable_chdir;
8349 +int grsec_enable_audit_ipc;
8350 +int grsec_enable_mount;
8351 +int grsec_enable_chroot_findtask;
8352 +int grsec_enable_chroot_mount;
8353 +int grsec_enable_chroot_shmat;
8354 +int grsec_enable_chroot_fchdir;
8355 +int grsec_enable_chroot_double;
8356 +int grsec_enable_chroot_pivot;
8357 +int grsec_enable_chroot_chdir;
8358 +int grsec_enable_chroot_chmod;
8359 +int grsec_enable_chroot_mknod;
8360 +int grsec_enable_chroot_nice;
8361 +int grsec_enable_chroot_execlog;
8362 +int grsec_enable_chroot_caps;
8363 +int grsec_enable_chroot_sysctl;
8364 +int grsec_enable_chroot_unix;
8365 +int grsec_enable_tpe;
8367 +int grsec_enable_tpe_all;
8368 +int grsec_enable_randpid;
8369 +int grsec_enable_randid;
8370 +int grsec_enable_randisn;
8371 +int grsec_enable_randsrc;
8372 +int grsec_enable_randrpc;
8373 +int grsec_enable_randping;
8374 +int grsec_enable_socket_all;
8375 +int grsec_socket_all_gid;
8376 +int grsec_enable_socket_client;
8377 +int grsec_socket_client_gid;
8378 +int grsec_enable_socket_server;
8379 +int grsec_socket_server_gid;
8382 +spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
8383 +unsigned long grsec_alert_wtime = 0;
8384 +unsigned long grsec_alert_fyet = 0;
8386 +spinlock_t grsec_alertgood_lock = SPIN_LOCK_UNLOCKED;
8387 +unsigned long grsec_alertgood_wtime = 0;
8388 +unsigned long grsec_alertgood_fyet = 0;
8390 +spinlock_t grsec_audit_lock = SPIN_LOCK_UNLOCKED;
8392 +char *gr_shared_page[2][NR_CPUS];
8394 +extern void arc4_init(void);
8397 +grsecurity_init(void)
8400 + /* create the per-cpu shared pages */
8402 + for (j = 0; j < 2; j++) {
8403 + for (i = 0; i < NR_CPUS; i++) {
8404 + gr_shared_page[j][i] = (char *) get_zeroed_page(GFP_KERNEL);
8405 + if (!gr_shared_page[j][i]) {
8406 + panic("Unable to allocate grsecurity shared page");
8414 +#ifndef CONFIG_GRKERNSEC_SYSCTL
8416 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
8417 + grsec_enable_group = 1;
8418 + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
8420 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
8421 + grsec_enable_chdir = 1;
8423 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8424 + grsec_enable_audit_ipc = 1;
8426 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8427 + grsec_enable_mount = 1;
8429 +#ifdef CONFIG_GRKERNSEC_LINK
8430 + grsec_enable_link = 1;
8432 +#ifdef CONFIG_GRKERNSEC_DMESG
8433 + grsec_enable_dmesg = 1;
8435 +#ifdef CONFIG_GRKERNSEC_FIFO
8436 + grsec_enable_fifo = 1;
8438 +#ifdef CONFIG_GRKERNSEC_EXECVE
8439 + grsec_enable_execve = 1;
8441 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8442 + grsec_enable_execlog = 1;
8444 +#ifdef CONFIG_GRKERNSEC_SIGNAL
8445 + grsec_enable_signal = 1;
8447 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8448 + grsec_enable_forkfail = 1;
8450 +#ifdef CONFIG_GRKERNSEC_TIME
8451 + grsec_enable_time = 1;
8453 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
8454 + grsec_enable_chroot_findtask = 1;
8456 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
8457 + grsec_enable_chroot_unix = 1;
8459 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
8460 + grsec_enable_chroot_mount = 1;
8462 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
8463 + grsec_enable_chroot_fchdir = 1;
8465 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
8466 + grsec_enable_chroot_shmat = 1;
8468 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
8469 + grsec_enable_chroot_double = 1;
8471 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
8472 + grsec_enable_chroot_pivot = 1;
8474 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
8475 + grsec_enable_chroot_chdir = 1;
8477 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
8478 + grsec_enable_chroot_chmod = 1;
8480 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
8481 + grsec_enable_chroot_mknod = 1;
8483 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
8484 + grsec_enable_chroot_nice = 1;
8486 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
8487 + grsec_enable_chroot_execlog = 1;
8489 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
8490 + grsec_enable_chroot_caps = 1;
8492 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
8493 + grsec_enable_chroot_sysctl = 1;
8495 +#ifdef CONFIG_GRKERNSEC_TPE
8496 + grsec_enable_tpe = 1;
8497 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
8498 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
8499 + grsec_enable_tpe_all = 1;
8502 +#ifdef CONFIG_GRKERNSEC_RANDPID
8503 + grsec_enable_randpid = 1;
8505 +#ifdef CONFIG_GRKERNSEC_RANDID
8506 + grsec_enable_randid = 1;
8508 +#ifdef CONFIG_GRKERNSEC_RANDISN
8509 + grsec_enable_randisn = 1;
8511 +#ifdef CONFIG_GRKERNSEC_RANDSRC
8512 + grsec_enable_randsrc = 1;
8514 +#ifdef CONFIG_GRKERNSEC_RANDRPC
8515 + grsec_enable_randrpc = 1;
8517 +#ifdef CONFIG_GRKERNSEC_RANDPING
8518 + grsec_enable_randping = 1;
8520 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
8521 + grsec_enable_socket_all = 1;
8522 + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
8524 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
8525 + grsec_enable_socket_client = 1;
8526 + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
8528 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
8529 + grsec_enable_socket_server = 1;
8530 + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
8536 diff -urN linux-2.4.21/grsecurity/grsec_ipc.c linux-2.4.21/grsecurity/grsec_ipc.c
8537 --- linux-2.4.21/grsecurity/grsec_ipc.c 1969-12-31 19:00:00.000000000 -0500
8538 +++ linux-2.4.21/grsecurity/grsec_ipc.c 2003-06-23 11:49:16.000000000 -0400
8540 +#include <linux/kernel.h>
8541 +#include <linux/sched.h>
8542 +#include <linux/types.h>
8543 +#include <linux/ipc.h>
8544 +#include <linux/grsecurity.h>
8545 +#include <linux/grinternal.h>
8548 +gr_log_msgget(const int ret, const int msgflg)
8550 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8551 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8552 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8553 + !grsec_enable_group)) && (ret >= 0)
8554 + && (msgflg & IPC_CREAT))
8555 + security_audit(GR_MSGQ_AUDIT_MSG, DEFAULTSECARGS);
8561 +gr_log_msgrm(const uid_t uid, const uid_t cuid)
8563 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8564 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8565 + grsec_enable_audit_ipc) ||
8566 + (grsec_enable_audit_ipc && !grsec_enable_group))
8567 + security_audit(GR_MSGQR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8573 +gr_log_semget(const int err, const int semflg)
8575 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8576 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8577 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8578 + !grsec_enable_group)) && (err >= 0)
8579 + && (semflg & IPC_CREAT))
8580 + security_audit(GR_SEM_AUDIT_MSG, DEFAULTSECARGS);
8586 +gr_log_semrm(const uid_t uid, const uid_t cuid)
8588 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8589 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8590 + grsec_enable_audit_ipc) ||
8591 + (grsec_enable_audit_ipc && !grsec_enable_group))
8592 + security_audit(GR_SEMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8598 +gr_log_shmget(const int err, const int shmflg, const size_t size)
8600 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8601 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8602 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8603 + !grsec_enable_group)) && (err >= 0)
8604 + && (shmflg & IPC_CREAT))
8605 + security_audit(GR_SHM_AUDIT_MSG, size, DEFAULTSECARGS);
8611 +gr_log_shmrm(const uid_t uid, const uid_t cuid)
8613 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8614 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8615 + grsec_enable_audit_ipc) ||
8616 + (grsec_enable_audit_ipc && !grsec_enable_group))
8617 + security_audit(GR_SHMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8621 diff -urN linux-2.4.21/grsecurity/grsec_link.c linux-2.4.21/grsecurity/grsec_link.c
8622 --- linux-2.4.21/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
8623 +++ linux-2.4.21/grsecurity/grsec_link.c 2003-06-23 11:49:16.000000000 -0400
8625 +#include <linux/kernel.h>
8626 +#include <linux/sched.h>
8627 +#include <linux/fs.h>
8628 +#include <linux/file.h>
8629 +#include <linux/grinternal.h>
8632 +gr_handle_follow_link(const struct inode *parent,
8633 + const struct inode *inode,
8634 + const struct dentry *dentry, const struct vfsmount *mnt)
8636 +#ifdef CONFIG_GRKERNSEC_LINK
8637 + if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
8638 + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
8639 + (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) {
8640 + security_alert(GR_SYMLINK_MSG, gr_to_filename(dentry, mnt),
8641 + inode->i_uid, inode->i_gid, DEFAULTSECARGS);
8649 +gr_handle_hardlink(const struct dentry *dentry,
8650 + const struct vfsmount *mnt,
8651 + struct inode *inode, const int mode, const char *to)
8653 +#ifdef CONFIG_GRKERNSEC_LINK
8654 + if (grsec_enable_link && current->fsuid != inode->i_uid &&
8655 + (!S_ISREG(mode) || (mode & S_ISUID) ||
8656 + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
8657 + (permission(inode, MAY_READ | MAY_WRITE))) &&
8658 + !capable(CAP_FOWNER) && current->uid) {
8659 + security_alert(GR_HARDLINK_MSG, gr_to_filename(dentry, mnt),
8660 + inode->i_uid, inode->i_gid, to, DEFAULTSECARGS);
8666 diff -urN linux-2.4.21/grsecurity/grsec_mem.c linux-2.4.21/grsecurity/grsec_mem.c
8667 --- linux-2.4.21/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
8668 +++ linux-2.4.21/grsecurity/grsec_mem.c 2003-06-23 11:49:16.000000000 -0400
8670 +#include <linux/kernel.h>
8671 +#include <linux/sched.h>
8672 +#include <linux/mm.h>
8673 +#include <linux/mman.h>
8674 +#include <linux/grinternal.h>
8677 +gr_handle_ioperm(void)
8679 + security_alert(GR_IOPERM_MSG, DEFAULTSECARGS);
8684 +gr_handle_iopl(void)
8686 + security_alert(GR_IOPL_MSG, DEFAULTSECARGS);
8691 +gr_handle_mem_write(void)
8693 + security_alert(GR_MEM_WRITE_MSG, DEFAULTSECARGS);
8698 +gr_handle_kmem_write(void)
8700 + security_alert(GR_KMEM_MSG, DEFAULTSECARGS);
8705 +gr_handle_open_port(void)
8707 + security_alert(GR_PORT_OPEN_MSG, DEFAULTSECARGS);
8712 +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
8714 + if (offset < __pa(high_memory) &&
8715 + (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
8716 + (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) {
8717 + security_alert(GR_MEM_MMAP_MSG, DEFAULTSECARGS);
8719 + } else if (offset < __pa(high_memory))
8720 + vma->vm_flags &= ~VM_MAYWRITE;
8724 diff -urN linux-2.4.21/grsecurity/grsec_mount.c linux-2.4.21/grsecurity/grsec_mount.c
8725 --- linux-2.4.21/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
8726 +++ linux-2.4.21/grsecurity/grsec_mount.c 2003-06-23 11:49:16.000000000 -0400
8728 +#include <linux/kernel.h>
8729 +#include <linux/sched.h>
8730 +#include <linux/grsecurity.h>
8731 +#include <linux/grinternal.h>
8734 +gr_log_remount(const char *devname, const int retval)
8736 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8737 + if (grsec_enable_mount && (retval >= 0))
8738 + security_audit(GR_REMOUNT_AUDIT_MSG, devname, DEFAULTSECARGS);
8744 +gr_log_unmount(const char *devname, const int retval)
8746 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8747 + if (grsec_enable_mount && (retval >= 0))
8748 + security_audit(GR_UNMOUNT_AUDIT_MSG, devname, DEFAULTSECARGS);
8754 +gr_log_mount(const char *from, const char *to, const int retval)
8756 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8757 + if (grsec_enable_mount && (retval >= 0))
8758 + security_audit(GR_MOUNT_AUDIT_MSG, from, to, DEFAULTSECARGS);
8762 diff -urN linux-2.4.21/grsecurity/grsec_rand.c linux-2.4.21/grsecurity/grsec_rand.c
8763 --- linux-2.4.21/grsecurity/grsec_rand.c 1969-12-31 19:00:00.000000000 -0500
8764 +++ linux-2.4.21/grsecurity/grsec_rand.c 2003-06-23 11:49:16.000000000 -0400
8766 +#include <linux/kernel.h>
8767 +#include <linux/sched.h>
8768 +#include <linux/smp_lock.h>
8769 +#include <linux/grsecurity.h>
8770 +#include <linux/grinternal.h>
8772 +extern int last_pid;
8775 +gr_random_pid(spinlock_t * pid_lock)
8777 +#ifdef CONFIG_GRKERNSEC_RANDPID
8778 + struct task_struct *p;
8781 + if (grsec_enable_randpid && current->fs->root) {
8782 + read_lock(&tasklist_lock);
8783 + spin_lock(pid_lock);
8787 + pid = 1 + (arc4random() % PID_MAX);
8789 + for_each_task(p) {
8790 + if (p->pid == pid || p->pgrp == pid ||
8791 + p->tgid == pid || p->session == pid)
8795 + spin_unlock(pid_lock);
8796 + read_unlock(&tasklist_lock);
8802 diff -urN linux-2.4.21/grsecurity/grsec_sig.c linux-2.4.21/grsecurity/grsec_sig.c
8803 --- linux-2.4.21/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
8804 +++ linux-2.4.21/grsecurity/grsec_sig.c 2003-06-23 11:49:16.000000000 -0400
8806 +#include <linux/kernel.h>
8807 +#include <linux/sched.h>
8808 +#include <linux/grinternal.h>
8811 +gr_log_signal(const int sig, const struct task_struct *t)
8813 +#ifdef CONFIG_GRKERNSEC_SIGNAL
8814 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
8815 + (sig == SIGABRT) || (sig == SIGBUS))) {
8816 + if (t->pid == current->pid) {
8817 + security_alert_good(GR_UNISIGLOG_MSG, sig,
8820 + security_alert_good(GR_DUALSIGLOG_MSG, sig, t->comm,
8821 + t->pid, t->uid, t->euid, t->gid,
8822 + t->egid, t->p_pptr->comm,
8823 + t->p_pptr->pid, t->p_pptr->uid,
8824 + t->p_pptr->euid, t->p_pptr->gid,
8825 + t->p_pptr->egid, DEFAULTSECARGS);
8833 +gr_handle_signal(const struct task_struct *p, const int sig)
8835 +#ifdef CONFIG_GRKERNSEC
8836 + if (current->pid > 1 && gr_check_protected_task(p)) {
8837 + security_alert(GR_SIG_ACL_MSG, sig, p->comm, p->pid, p->uid,
8838 + p->euid, p->gid, p->egid, p->p_pptr->comm,
8839 + p->p_pptr->pid, p->p_pptr->uid,
8840 + p->p_pptr->euid, p->p_pptr->gid,
8841 + p->p_pptr->egid, DEFAULTSECARGS);
8843 + } else if (gr_pid_is_chrooted(p)) {
8849 diff -urN linux-2.4.21/grsecurity/grsec_sock.c linux-2.4.21/grsecurity/grsec_sock.c
8850 --- linux-2.4.21/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
8851 +++ linux-2.4.21/grsecurity/grsec_sock.c 2003-06-23 11:49:16.000000000 -0400
8853 +#include <linux/kernel.h>
8854 +#include <linux/sched.h>
8855 +#include <linux/file.h>
8856 +#include <linux/net.h>
8857 +#include <net/sock.h>
8858 +#include <linux/grsecurity.h>
8859 +#include <linux/grinternal.h>
8860 +#include <linux/gracl.h>
8863 +gr_attach_curr_ip(const struct sock *sk)
8865 +#ifdef CONFIG_GRKERNSEC
8866 + struct task_struct *p;
8868 + struct inode *inode;
8869 + struct file *filp;
8870 + struct socket *connect_sock;
8872 + if (unlikely(sk->protocol != IPPROTO_TCP))
8875 + read_lock(&tasklist_lock);
8876 + for_each_task(p) {
8877 + if (!p->used_connect)
8880 + if (unlikely(!p->files)) {
8884 + read_lock(&p->files->file_lock);
8885 + for (i = 0; i < p->files->max_fds; i++) {
8886 + filp = fcheck_files(p->files, i);
8887 + if (likely(!filp))
8889 + inode = filp->f_dentry->d_inode;
8890 + if (likely(!inode || !inode->i_sock))
8892 + connect_sock = &inode->u.socket_i;
8893 + if (unlikely(!connect_sock ||
8894 + connect_sock->sk->protocol != IPPROTO_TCP))
8896 + if (unlikely(sk->rcv_saddr == connect_sock->sk->daddr &&
8897 + sk->daddr == connect_sock->sk->rcv_saddr &&
8898 + ntohs(sk->sport) ==
8899 + ntohs(connect_sock->sk->dport)
8900 + && ntohs(sk->dport) ==
8901 + ntohs(connect_sock->sk->sport))) {
8902 + current->curr_ip = p->curr_ip;
8903 + current->used_accept = 1;
8904 + read_unlock(&p->files->file_lock);
8906 + read_unlock(&tasklist_lock);
8910 + read_unlock(&p->files->file_lock);
8913 + read_unlock(&tasklist_lock);
8915 + current->curr_ip = sk->daddr;
8916 + current->used_accept = 1;
8922 +gr_handle_sock_all(const int family, const int type, const int protocol)
8924 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
8925 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
8926 + (family != AF_UNIX) && (family != AF_LOCAL)) {
8927 + security_alert(GR_SOCK_MSG, family, type, protocol,
8936 +gr_handle_sock_server(const struct sockaddr *sck)
8938 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
8939 + if (grsec_enable_socket_server &&
8940 + in_group_p(grsec_socket_server_gid) &&
8941 + sck && (sck->sa_family != AF_UNIX) &&
8942 + (sck->sa_family != AF_LOCAL)) {
8943 + security_alert(GR_BIND_MSG, DEFAULTSECARGS);
8951 +gr_handle_sock_client(const struct sockaddr *sck)
8953 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
8954 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
8955 + sck && (sck->sa_family != AF_UNIX) &&
8956 + (sck->sa_family != AF_LOCAL)) {
8957 + security_alert(GR_CONNECT_MSG, DEFAULTSECARGS);
8965 +gr_cap_rtnetlink(void)
8967 +#ifdef CONFIG_GRKERNSEC
8968 + if (!gr_acl_is_enabled())
8969 + return current->cap_effective;
8971 + return (current->cap_effective & ~(current->acl->cap_lower));
8973 + return current->cap_effective;
8976 diff -urN linux-2.4.21/grsecurity/grsec_sysctl.c linux-2.4.21/grsecurity/grsec_sysctl.c
8977 --- linux-2.4.21/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
8978 +++ linux-2.4.21/grsecurity/grsec_sysctl.c 2003-06-23 11:49:16.000000000 -0400
8980 +#include <linux/kernel.h>
8981 +#include <linux/sched.h>
8982 +#include <linux/sysctl.h>
8983 +#include <linux/grinternal.h>
8986 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
8988 +#ifdef CONFIG_GRKERNSEC_SYSCTL
8989 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & 002)) {
8990 + security_alert(GR_SYSCTL_MSG, name, DEFAULTSECARGS);
8996 diff -urN linux-2.4.21/grsecurity/grsec_time.c linux-2.4.21/grsecurity/grsec_time.c
8997 --- linux-2.4.21/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
8998 +++ linux-2.4.21/grsecurity/grsec_time.c 2003-06-23 11:49:16.000000000 -0400
9000 +#include <linux/kernel.h>
9001 +#include <linux/sched.h>
9002 +#include <linux/grinternal.h>
9005 +gr_log_timechange(void)
9007 +#ifdef CONFIG_GRKERNSEC_TIME
9008 + if (grsec_enable_time)
9009 + security_alert_good(GR_TIME_MSG, DEFAULTSECARGS);
9013 diff -urN linux-2.4.21/grsecurity/grsec_tpe.c linux-2.4.21/grsecurity/grsec_tpe.c
9014 --- linux-2.4.21/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
9015 +++ linux-2.4.21/grsecurity/grsec_tpe.c 2003-06-23 11:49:16.000000000 -0400
9017 +#include <linux/kernel.h>
9018 +#include <linux/sched.h>
9019 +#include <linux/file.h>
9020 +#include <linux/fs.h>
9021 +#include <linux/grinternal.h>
9024 +gr_tpe_allow(const struct file *file)
9026 +#ifdef CONFIG_GRKERNSEC_TPE
9027 + struct inode *inode = file->f_dentry->d_parent->d_inode;
9029 + if (current->uid && grsec_enable_tpe && in_group_p(grsec_tpe_gid) &&
9030 + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
9031 + (inode->i_mode & S_IWOTH))))) {
9032 + security_alert(GR_EXEC_TPE_MSG,
9033 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
9037 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
9038 + if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
9039 + ((inode->i_uid && (inode->i_uid != current->uid)) ||
9040 + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
9041 + security_alert(GR_EXEC_TPE_MSG,
9042 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
9050 diff -urN linux-2.4.21/grsecurity/grsum.c linux-2.4.21/grsecurity/grsum.c
9051 --- linux-2.4.21/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
9052 +++ linux-2.4.21/grsecurity/grsum.c 2003-06-23 11:49:16.000000000 -0400
9054 +#include <linux/kernel.h>
9055 +#include <linux/sched.h>
9056 +#include <linux/gracl.h>
9058 +/* digest-sha256.c,v 1.13 2002/10/02 22:02:08 hvr Exp $
9060 + * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>.
9062 + * Glue code originally by Andrew McDonald and Alan Smithee, mailed
9063 + * to maintainer on pulped trees.
9065 + * This program is free software; you can redistribute it and/or modify it
9066 + * under the terms of the GNU General Public License as published by the
9067 + * Free Software Foundation; either version 2, or (at your option) any
9078 +static __inline__ __u32
9079 +generic_rotr32(const __u32 x, const unsigned bits)
9081 + const unsigned n = bits % 32;
9082 + return (x >> n) | (x << (32 - n));
9085 +#define Ch(x,y,z) ((x & y) ^ (~x & z))
9086 +#define Maj(x,y,z) ((x & y) ^ ( x & z) ^ (y & z))
9087 +#define RORu32(x,y) generic_rotr32(x, y)
9088 +#define e0(x) (RORu32(x, 2) ^ RORu32(x,13) ^ RORu32(x,22))
9089 +#define e1(x) (RORu32(x, 6) ^ RORu32(x,11) ^ RORu32(x,25))
9090 +#define s0(x) (RORu32(x, 7) ^ RORu32(x,18) ^ (x >> 3))
9091 +#define s1(x) (RORu32(x,17) ^ RORu32(x,19) ^ (x >> 10))
9093 +#define H0 0x6a09e667
9094 +#define H1 0xbb67ae85
9095 +#define H2 0x3c6ef372
9096 +#define H3 0xa54ff53a
9097 +#define H4 0x510e527f
9098 +#define H5 0x9b05688c
9099 +#define H6 0x1f83d9ab
9100 +#define H7 0x5be0cd19
9102 +const static __u32 sha256_K[64] = {
9103 + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
9104 + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
9105 + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
9106 + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
9107 + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
9108 + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
9109 + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
9110 + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
9111 + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
9112 + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
9113 + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
9114 + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
9115 + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
9116 + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
9117 + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
9118 + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
9121 +#define LOAD_OP(I)\
9123 + t1 = input[(4*I) ] & 0xff; t1<<=8;\
9124 + t1 |= input[(4*I)+1] & 0xff; t1<<=8;\
9125 + t1 |= input[(4*I)+2] & 0xff; t1<<=8;\
9126 + t1 |= input[(4*I)+3] & 0xff;\
9130 +#define BLEND_OP(I) W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
9133 +SHA256Transform(__u32 * state, const __u8 * input)
9135 + __u32 a, b, c, d, e, f, g, h, t1, t2;
9140 + /* load the input */
9159 + for (i = 16; i < 64; i += 8) {
9170 + /* load the state into our registers */
9181 + for (i = 0; i < 64; i += 8) {
9182 + t1 = h + e1(e) + Ch(e, f, g) + sha256_K[i] + W[i];
9183 + t2 = e0(a) + Maj(a, b, c);
9186 + t1 = g + e1(d) + Ch(d, e, f) + sha256_K[i + 1] + W[i + 1];
9187 + t2 = e0(h) + Maj(h, a, b);
9190 + t1 = f + e1(c) + Ch(c, d, e) + sha256_K[i + 2] + W[i + 2];
9191 + t2 = e0(g) + Maj(g, h, a);
9194 + t1 = e + e1(b) + Ch(b, c, d) + sha256_K[i + 3] + W[i + 3];
9195 + t2 = e0(f) + Maj(f, g, h);
9198 + t1 = d + e1(a) + Ch(a, b, c) + sha256_K[i + 4] + W[i + 4];
9199 + t2 = e0(e) + Maj(e, f, g);
9202 + t1 = c + e1(h) + Ch(h, a, b) + sha256_K[i + 5] + W[i + 5];
9203 + t2 = e0(d) + Maj(d, e, f);
9206 + t1 = b + e1(g) + Ch(g, h, a) + sha256_K[i + 6] + W[i + 6];
9207 + t2 = e0(c) + Maj(c, d, e);
9210 + t1 = a + e1(f) + Ch(f, g, h) + sha256_K[i + 7] + W[i + 7];
9211 + t2 = e0(b) + Maj(b, c, d);
9225 + /* clear any sensitive info... */
9226 + a = b = c = d = e = f = g = h = t1 = t2 = 0;
9227 + memset(W, 0, 64 * sizeof (__u32));
9231 +SHA256Init(sha256_ctx_t * C)
9241 + C->count[0] = C->count[1] = 0;
9242 + memset(C->buf, 0, 128);
9246 +SHA256Update(sha256_ctx_t * C, const __u8 * input, __u32 inputLen)
9248 + __u32 i, index, partLen;
9250 + /* Compute number of bytes mod 128 */
9251 + index = (__u32) ((C->count[0] >> 3) & 0x3f);
9253 + /* Update number of bits */
9254 + if ((C->count[0] += (inputLen << 3)) < (inputLen << 3)) {
9256 + C->count[1] += (inputLen >> 29);
9259 + partLen = 64 - index;
9261 + /* Transform as many times as possible. */
9262 + if (inputLen >= partLen) {
9263 + memcpy(&C->buf[index], input, partLen);
9264 + SHA256Transform(C->state, C->buf);
9266 + for (i = partLen; i + 63 < inputLen; i += 64)
9267 + SHA256Transform(C->state, &input[i]);
9273 + /* Buffer remaining input */
9274 + memcpy(&C->buf[index], &input[i], inputLen - i);
9278 +SHA256Final(sha256_ctx_t * C, __u8 * digest)
9280 + const static __u8 padding[64] = { 0x80, };
9282 + __u32 t, index, padLen;
9285 + /* Save number of bits */
9303 + /* Pad out to 56 mod 64. */
9304 + index = (C->count[0] >> 3) & 0x3f;
9305 + padLen = (index < 56) ? (56 - index) : ((64 + 56) - index);
9306 + SHA256Update(C, padding, padLen);
9308 + /* Append length (before padding) */
9309 + SHA256Update(C, bits, sizeof (bits));
9311 + /* Store state in digest */
9312 + for (i = j = 0; i < 8; i++, j += 4) {
9314 + digest[j + 3] = t;
9316 + digest[j + 2] = t;
9318 + digest[j + 1] = t;
9323 + /* Zeroize sensitive information. */
9324 + memset(C, 0, sizeof (sha256_ctx_t));
9328 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
9330 + sha256_ctx_t context;
9331 + unsigned char temp_sum[GR_SHA_LEN];
9332 + volatile int retval = 0;
9333 + volatile int dummy = 0;
9336 + SHA256Init(&context);
9337 + SHA256Update(&context, salt, GR_SALT_LEN);
9338 + SHA256Update(&context, entry->pw, strlen(entry->pw));
9339 + SHA256Final(&context, temp_sum);
9341 + memset(entry->pw, 0, GR_PW_LEN);
9343 + for (i = 0; i < GR_SHA_LEN; i++)
9344 + if (sum[i] != temp_sum[i])
9347 + dummy = 1; // waste a cycle
9351 diff -urN linux-2.4.21/grsecurity/obsd_rand.c linux-2.4.21/grsecurity/obsd_rand.c
9352 --- linux-2.4.21/grsecurity/obsd_rand.c 1969-12-31 19:00:00.000000000 -0500
9353 +++ linux-2.4.21/grsecurity/obsd_rand.c 2003-06-23 11:49:16.000000000 -0400
9357 + * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff.
9359 + * Version 1.89, last modified 19-Sep-99
9361 + * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999.
9362 + * All rights reserved.
9364 + * Copyright 1998 Niels Provos <provos@citi.umich.edu>
9365 + * All rights reserved.
9366 + * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
9367 + * such a mathematical system to generate more random (yet non-repeating)
9368 + * ids to solve the resolver/named problem. But Niels designed the
9369 + * actual system based on the constraints.
9371 + * Redistribution and use in source and binary forms, with or without
9372 + * modification, are permitted provided that the following conditions
9374 + * 1. Redistributions of source code must retain the above copyright
9375 + * notice, this list of conditions and the following disclaimer,
9376 + * 2. Redistributions in binary form must reproduce the above copyright
9377 + * notice, this list of conditions and the following disclaimer in the
9378 + * documentation and/or other materials provided with the distribution.
9379 + * 3. All advertising materials mentioning features or use of this software
9380 + * must display the following acknowledgement:
9381 + * This product includes software developed by Niels Provos.
9382 + * 4. The name of the author may not be used to endorse or promote products
9383 + * derived from this software without specific prior written permission.
9385 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9386 + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
9387 + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
9388 + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
9389 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9390 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
9391 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
9392 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
9393 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
9394 + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9397 +#include <linux/kernel.h>
9398 +#include <linux/sched.h>
9399 +#include <linux/timer.h>
9400 +#include <linux/smp_lock.h>
9401 +#include <linux/random.h>
9404 +#define RU_MAX 30000
9410 +const static __u16 pfacts[PFAC_N] = { 2, 3, 2729 };
9413 +static __u16 ru_seed, ru_seed2;
9414 +static __u16 ru_a, ru_b;
9416 +static __u16 ru_counter = 0;
9417 +static __u16 ru_msb = 0;
9418 +static unsigned long ru_reseed = 0;
9421 +static struct arc4_stream {
9426 +} arc4random_state[NR_CPUS];
9428 +#define TCP_RNDISS_ROUNDS 15
9429 +#define TCP_RNDISS_OUT 7200
9430 +#define TCP_RNDISS_MAX 30000
9432 +static __u8 tcp_rndiss_sbox[NR_CPUS][128];
9433 +static __u16 tcp_rndiss_msb[NR_CPUS];
9434 +static __u16 tcp_rndiss_cnt[NR_CPUS];
9435 +static unsigned long tcp_rndiss_reseed[NR_CPUS];
9437 +static unsigned long arc4random_reseed[NR_CPUS];
9439 +static int arc4random_initialized[NR_CPUS];
9441 +static __u16 pmod(__u16, __u16, __u16);
9442 +static void ip_initid(void);
9443 +__u16 ip_randomid(void);
9445 +static __inline__ __u8 arc4_getbyte(void);
9446 +static __inline__ void arc4_stir(void);
9447 +static void arc4maybeinit(void);
9448 +__u32 arc4random(void);
9450 +static __inline__ __u8
9453 + register __u8 si, sj;
9454 + int cpu = smp_processor_id();
9456 + arc4random_state[cpu].cnt++;
9457 + arc4random_state[cpu].i++;
9458 + si = arc4random_state[cpu].s[arc4random_state[cpu].i];
9459 + arc4random_state[cpu].j += si;
9460 + sj = arc4random_state[cpu].s[arc4random_state[cpu].j];
9461 + arc4random_state[cpu].s[arc4random_state[cpu].i] = sj;
9462 + arc4random_state[cpu].s[arc4random_state[cpu].j] = si;
9463 + return arc4random_state[cpu].s[(si + sj) & 0xff];
9466 +static __inline__ void
9472 + int len = sizeof (buf);
9473 + int cpu = smp_processor_id();
9474 + unsigned long flags;
9476 + do_gettimeofday((struct timeval *) buf);
9477 + get_random_bytes(buf + sizeof (struct timeval),
9478 + len - sizeof (struct timeval));
9480 + save_flags(flags);
9483 + arc4random_state[cpu].i--;
9484 + for (n = 0; n < 256; n++) {
9485 + arc4random_state[cpu].i++;
9486 + si = arc4random_state[cpu].s[arc4random_state[cpu].i];
9487 + arc4random_state[cpu].j += si + buf[n % len];
9488 + arc4random_state[cpu].s[arc4random_state[cpu].i] =
9489 + arc4random_state[cpu].s[arc4random_state[cpu].j];
9490 + arc4random_state[cpu].s[arc4random_state[cpu].j] = si;
9492 + arc4random_state[cpu].j = arc4random_state[cpu].i;
9493 + arc4random_state[cpu].cnt = 0;
9495 + restore_flags(flags);
9497 + for (n = 0; n < 256 * 4; n++)
9508 + for (n = 0; n < NR_CPUS; n++) {
9509 + for (i = 0; i < 256; i++)
9510 + arc4random_state[n].s[i] = i;
9511 + arc4random_initialized[n] = 0;
9516 +arc4maybeinit(void)
9518 + int cpu = smp_processor_id();
9520 + if (arc4random_initialized[cpu] &&
9521 + time_after(xtime.tv_sec, arc4random_reseed[cpu]))
9522 + arc4random_initialized[cpu] = 0;
9524 + if (!arc4random_initialized[cpu]) {
9525 + arc4random_initialized[cpu]++;
9527 + arc4random_reseed[cpu] = xtime.tv_sec + (10 * 60);
9535 + return ((arc4_getbyte() << 24) | (arc4_getbyte() << 16)
9536 + | (arc4_getbyte() << 8) | arc4_getbyte());
9540 +pmod(__u16 gen, __u16 exp, __u16 mod)
9550 + s = (s * t) % mod;
9552 + t = (t * t) % mod;
9563 + ru_x = ((tmp = arc4random()) & 0xFFFF) % RU_M;
9565 + ru_seed = (tmp >> 16) & 0x7FFF;
9566 + ru_seed2 = arc4random() & 0x7FFF;
9568 + ru_b = ((tmp = arc4random()) & 0xfffe) | 1;
9569 + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);
9570 + while (ru_b % 3 == 0)
9573 + j = (tmp = arc4random()) % RU_N;
9577 + for (i = 0; i < PFAC_N; i++)
9578 + if (j % pfacts[i] == 0)
9584 + j = (j + 1) % RU_N;
9587 + ru_g = pmod(RU_GEN, j, RU_N);
9590 + ru_reseed = xtime.tv_sec + RU_OUT;
9591 + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;
9599 + if (ru_counter >= RU_MAX || time_after(xtime.tv_sec, ru_reseed))
9603 + tmp = arc4random();
9607 + if (ru_counter + n >= RU_MAX)
9609 + for (i = 0; i <= n; i++)
9610 + ru_x = (ru_a * ru_x + ru_b) % RU_M;
9613 + return ((ru_seed ^ pmod(ru_g, ru_seed2 ^ ru_x, RU_N)) | ru_msb);
9617 +tcp_rndiss_encrypt(__u16 val)
9620 + int cpu = smp_processor_id();
9622 + for (i = 0; i < TCP_RNDISS_ROUNDS; i++) {
9624 + val ^= ((__u16) tcp_rndiss_sbox[cpu][(val ^ sum) ^ 0x7f]) << 7;
9625 + val = ((val & 0xff) << 7) | (val >> 8);
9632 +tcp_rndiss_init(void)
9634 + int cpu = smp_processor_id();
9636 + get_random_bytes(tcp_rndiss_sbox[cpu], sizeof (tcp_rndiss_sbox));
9637 + tcp_rndiss_reseed[cpu] = xtime.tv_sec + TCP_RNDISS_OUT;
9638 + tcp_rndiss_msb[cpu] = tcp_rndiss_msb[cpu] == 0x8000 ? 0 : 0x8000;
9639 + tcp_rndiss_cnt[cpu] = 0;
9645 + int cpu = smp_processor_id();
9647 + if (tcp_rndiss_cnt[cpu] >= TCP_RNDISS_MAX ||
9648 + time_after(xtime.tv_sec, tcp_rndiss_reseed[cpu]))
9649 + tcp_rndiss_init();
9651 + return (((tcp_rndiss_encrypt(tcp_rndiss_cnt[cpu]++) |
9652 + tcp_rndiss_msb[cpu]) << 16) | (arc4random() & 0x7fff));
9654 diff -urN linux-2.4.21/include/linux/fs.h linux-2.4.21/include/linux/fs.h
9655 --- linux-2.4.21/include/linux/fs.h 2003-06-23 11:41:32.000000000 -0400
9656 +++ linux-2.4.21/include/linux/fs.h 2003-06-23 11:49:17.000000000 -0400
9657 @@ -1070,7 +1070,7 @@
9659 asmlinkage long sys_open(const char *, int, int);
9660 asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */
9661 -extern int do_truncate(struct dentry *, loff_t start);
9662 +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);
9664 extern struct file *filp_open(const char *, int, int);
9665 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
9666 diff -urN linux-2.4.21/include/linux/gracl.h linux-2.4.21/include/linux/gracl.h
9667 --- linux-2.4.21/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
9668 +++ linux-2.4.21/include/linux/gracl.h 2003-06-23 11:49:17.000000000 -0400
9673 +#include <linux/grdefs.h>
9674 +#include <linux/resource.h>
9676 +#include <asm/resource.h>
9678 +/* * * * * * * * * * * * * * * * * * * * *
9679 + * grsecurity ACL System
9680 + * Main header file
9681 + * Purpose: define most gracl data structures
9682 + * * * * * * * * * * * * * * * * * * * * */
9684 +/* Major status information */
9686 +#define GR_VERSION "grsecurity 2.0"
9697 +/* Password setup definitions
9698 + * kernel/grhash.c */
9706 + GR_SPROLE_LEN = 64,
9709 +/* Begin Data Structures */
9712 + unsigned char *rolename;
9713 + unsigned char salt[GR_SALT_LEN];
9714 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
9717 +struct name_entry {
9723 +struct acl_role_db {
9724 + struct acl_role_label **r_hash;
9729 + struct name_entry **n_hash;
9735 + unsigned long expires;
9738 +/* Userspace Grsecurity ACL data structures */
9739 +struct acl_subject_label {
9747 + struct rlimit res[RLIM_NLIMITS + 1];
9750 + __u32 ip_proto[8];
9752 + struct acl_ip_label **ips;
9756 + unsigned long expires;
9758 + struct acl_subject_label *parent_subject;
9759 + struct acl_object_label *proc_object;
9760 + struct acl_ip_label *ip_object;
9761 + struct acl_subject_label *prev;
9762 + struct acl_subject_label *next;
9764 + struct acl_object_label **obj_hash;
9765 + __u32 obj_hash_size;
9768 +struct role_allowed_ip {
9772 + struct role_allowed_ip *prev;
9773 + struct role_allowed_ip *next;
9776 +struct role_transition {
9779 + struct role_transition *prev;
9780 + struct role_transition *next;
9783 +struct acl_role_label {
9788 + __u16 auth_attempts;
9789 + unsigned long expires;
9791 + struct acl_subject_label *root_label;
9792 + struct acl_subject_label *proc_subject;
9794 + struct acl_role_label *prev;
9795 + struct acl_role_label *next;
9797 + struct role_transition *transitions;
9798 + struct role_allowed_ip *allowed_ips;
9799 + struct acl_subject_label **subj_hash;
9800 + __u32 subj_hash_size;
9803 +struct user_acl_role_db {
9804 + struct acl_role_label **r_table;
9805 + __u32 r_entries; /* number of entries in table */
9806 + __u32 s_entries; /* total number of subject acls */
9807 + __u32 i_entries; /* total number of ip acls */
9808 + __u32 o_entries; /* Total number of object acls */
9809 + __u32 a_entries; /* total number of allowed ips */
9810 + __u32 t_entries; /* total number of transitions */
9813 +struct acl_object_label {
9819 + struct acl_subject_label *nested;
9821 + /* next two structures not used */
9823 + struct acl_object_label *prev;
9824 + struct acl_object_label *next;
9827 +struct acl_ip_label {
9835 + /* next two structures not used */
9837 + struct acl_ip_label *prev;
9838 + struct acl_ip_label *next;
9842 + struct user_acl_role_db role_db;
9843 + unsigned char pw[GR_PW_LEN];
9844 + unsigned char salt[GR_SALT_LEN];
9845 + unsigned char sum[GR_SHA_LEN];
9846 + unsigned char sp_role[GR_SPROLE_LEN];
9847 + struct sprole_pw *sprole_pws;
9848 + __u16 num_sprole_pws;
9849 + kdev_t segv_device;
9855 +/* End Data Structures Section */
9857 +/* Hash functions generated by empirical testing by Brad Spengler
9858 + Makes good use of the low bits of the inode. Generally 0-1 times
9859 + in loop for successful match. 0-3 for unsuccessful match.
9860 + Shift/add algorithm with modulus of table size and an XOR*/
9862 +static __inline__ unsigned long
9863 +rhash(const uid_t uid, const __u16 type, const unsigned long sz)
9865 + return (((uid << type) + (uid ^ type)) % sz);
9868 +static __inline__ unsigned long
9869 +fhash(const ino_t ino, const kdev_t dev, const unsigned long sz)
9871 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
9874 +static __inline__ unsigned long
9875 +nhash(const char *name, const unsigned long sz)
9877 + return full_name_hash(name, strlen(name)) % sz;
9879 diff -urN linux-2.4.21/include/linux/gralloc.h linux-2.4.21/include/linux/gralloc.h
9880 --- linux-2.4.21/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
9881 +++ linux-2.4.21/include/linux/gralloc.h 2003-06-23 11:49:17.000000000 -0400
9883 +#ifndef __GRALLOC_H
9884 +#define __GRALLOC_H
9886 +void acl_free_all(void);
9887 +int acl_alloc_stack_init(unsigned long size);
9888 +void *acl_alloc(unsigned long len);
9891 diff -urN linux-2.4.21/include/linux/grdefs.h linux-2.4.21/include/linux/grdefs.h
9892 --- linux-2.4.21/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
9893 +++ linux-2.4.21/include/linux/grdefs.h 2003-06-23 11:49:17.000000000 -0400
9898 +/* Begin grsecurity status declarations */
9902 + GR_STATUS_INIT = 0x00 // disabled state
9905 +/* Begin ACL declarations */
9910 + GR_ROLE_USER = 0x0001,
9911 + GR_ROLE_GROUP = 0x0002,
9912 + GR_ROLE_DEFAULT = 0x0004,
9913 + GR_ROLE_SPECIAL = 0x0008,
9914 + GR_ROLE_AUTH = 0x0010,
9915 + GR_ROLE_NOPW = 0x0020,
9916 + GR_ROLE_GOD = 0x0040
9919 +/* ACL Subject and Object mode flags */
9921 + GR_DELETED = 0x00000080
9924 +/* ACL Object-only mode flags */
9926 + GR_READ = 0x00000001,
9927 + GR_APPEND = 0x00000002,
9928 + GR_WRITE = 0x00000004,
9929 + GR_EXEC = 0x00000008,
9930 + GR_FIND = 0x00000010,
9931 + GR_INHERIT = 0x00000040,
9932 + GR_PTRACERD = 0x00000100,
9933 + GR_SETID = 0x00000200,
9934 + GR_CREATE = 0x00000400,
9935 + GR_DELETE = 0x00000800,
9936 + GR_AUDIT_READ = 0x00001000,
9937 + GR_AUDIT_APPEND = 0x00002000,
9938 + GR_AUDIT_WRITE = 0x0004000,
9939 + GR_AUDIT_EXEC = 0x00008000,
9940 + GR_AUDIT_FIND = 0x00010000,
9941 + GR_AUDIT_INHERIT = 0x00020000,
9942 + GR_AUDIT_SETID = 0x00400000,
9943 + GR_AUDIT_CREATE = 0x00800000,
9944 + GR_AUDIT_DELETE = 0x01000000,
9945 + GR_SUPPRESS = 0x02000000,
9946 + GR_NOLEARN = 0x04000000
9949 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
9950 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
9951 + GR_AUDIT_CREATE | GR_AUDIT_DELETE)
9953 +/* ACL subject-only mode flags */
9955 + GR_KILL = 0x00000001,
9956 + GR_VIEW = 0x00000002,
9957 + GR_PROTECTED = 0x00000100,
9958 + GR_LEARN = 0x00000200,
9959 + GR_OVERRIDE = 0x00000400,
9960 + /* just a placeholder, this mode is only used in userspace */
9961 + GR_DUMMY = 0x00000800,
9963 + GR_PROTSHM = 0x00040000,
9964 + GR_KILLPROC = 0x00080000,
9965 + GR_KILLIPPROC = 0x00100000,
9966 + /* just a placeholder, this mode is only used in userspace */
9967 + GR_NOTROJAN = 0x00200000,
9968 + GR_PROTPROCFD = 0x00400000,
9969 + GR_PROCACCT = 0x00800000
9972 +#define GR_CRASH_RES 11
9973 +#define GR_UIDTABLE_MAX 500
9975 +/* begin resource learning section */
9977 + GR_RLIM_CPU_BUMP = 60,
9978 + GR_RLIM_FSIZE_BUMP = 50000,
9979 + GR_RLIM_DATA_BUMP = 10000,
9980 + GR_RLIM_STACK_BUMP = 1000,
9981 + GR_RLIM_CORE_BUMP = 10000,
9982 + GR_RLIM_RSS_BUMP = 500000,
9983 + GR_RLIM_NPROC_BUMP = 1,
9984 + GR_RLIM_NOFILE_BUMP = 5,
9985 + GR_RLIM_MEMLOCK_BUMP = 50000,
9986 + GR_RLIM_AS_BUMP = 500000,
9987 + GR_RLIM_LOCKS_BUMP = 2
9991 diff -urN linux-2.4.21/include/linux/grinternal.h linux-2.4.21/include/linux/grinternal.h
9992 --- linux-2.4.21/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
9993 +++ linux-2.4.21/include/linux/grinternal.h 2003-06-23 11:49:17.000000000 -0400
9995 +#ifndef __GRINTERNAL_H
9996 +#define __GRINTERNAL_H
9998 +#ifdef CONFIG_GRKERNSEC
10000 +#include <linux/grdefs.h>
10001 +#include <linux/grmsg.h>
10003 +extern void gr_add_learn_entry(const char *fmt, ...);
10004 +extern __u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
10005 + const struct vfsmount *mnt);
10006 +extern __u32 gr_check_create(const struct dentry *new_dentry,
10007 + const struct dentry *parent,
10008 + const struct vfsmount *mnt, const __u32 mode);
10009 +extern int gr_check_protected_task(const struct task_struct *task);
10010 +extern __inline__ __u32 to_gr_audit(const __u32 reqmode);
10011 +extern int gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
10012 + struct dentry *old_dentry,
10013 + struct dentry *new_dentry,
10014 + struct vfsmount *mnt, const __u8 replace);
10015 +extern int gr_set_acls(const int type);
10017 +extern void gr_handle_alertkill(void);
10018 +extern char *gr_to_filename(const struct dentry *dentry,
10019 + const struct vfsmount *mnt);
10021 +extern int grsec_enable_link;
10022 +extern int grsec_enable_fifo;
10023 +extern int grsec_enable_execve;
10024 +extern int grsec_enable_forkbomb;
10025 +extern int grsec_forkbomb_gid;
10026 +extern int grsec_forkbomb_sec;
10027 +extern int grsec_forkbomb_max;
10028 +extern int grsec_enable_execlog;
10029 +extern int grsec_enable_signal;
10030 +extern int grsec_enable_forkfail;
10031 +extern int grsec_enable_time;
10032 +extern int grsec_enable_chroot_shmat;
10033 +extern int grsec_enable_chroot_findtask;
10034 +extern int grsec_enable_chroot_mount;
10035 +extern int grsec_enable_chroot_double;
10036 +extern int grsec_enable_chroot_pivot;
10037 +extern int grsec_enable_chroot_chdir;
10038 +extern int grsec_enable_chroot_chmod;
10039 +extern int grsec_enable_chroot_mknod;
10040 +extern int grsec_enable_chroot_fchdir;
10041 +extern int grsec_enable_chroot_nice;
10042 +extern int grsec_enable_chroot_execlog;
10043 +extern int grsec_enable_chroot_caps;
10044 +extern int grsec_enable_chroot_sysctl;
10045 +extern int grsec_enable_chroot_unix;
10046 +extern int grsec_enable_tpe;
10047 +extern int grsec_tpe_gid;
10048 +extern int grsec_enable_tpe_all;
10049 +extern int grsec_enable_sidcaps;
10050 +extern int grsec_enable_randpid;
10051 +extern int grsec_enable_socket_all;
10052 +extern int grsec_socket_all_gid;
10053 +extern int grsec_enable_socket_client;
10054 +extern int grsec_socket_client_gid;
10055 +extern int grsec_enable_socket_server;
10056 +extern int grsec_socket_server_gid;
10057 +extern int grsec_audit_gid;
10058 +extern int grsec_enable_group;
10059 +extern int grsec_enable_audit_ipc;
10060 +extern int grsec_enable_mount;
10061 +extern int grsec_enable_chdir;
10062 +extern int grsec_lock;
10064 +extern struct task_struct *child_reaper;
10066 +extern spinlock_t grsec_alert_lock;
10067 +extern unsigned long grsec_alert_wtime;
10068 +extern unsigned long grsec_alert_fyet;
10070 +extern spinlock_t grsec_alertgood_lock;
10071 +extern unsigned long grsec_alertgood_wtime;
10072 +extern unsigned long grsec_alertgood_fyet;
10074 +extern spinlock_t grsec_audit_lock;
10076 +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && \
10077 + ((tsk_a->fs->root->d_inode->i_dev != \
10078 + child_reaper->fs->root->d_inode->i_dev) || \
10079 + (tsk_a->fs->root->d_inode->i_ino != \
10080 + child_reaper->fs->root->d_inode->i_ino)))
10082 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_dev == \
10083 + tsk_b->fs->root->d_inode->i_dev) && \
10084 + (tsk_a->fs->root->d_inode->i_ino == \
10085 + tsk_b->fs->root->d_inode->i_ino))
10087 +#define DEFAULTSECARGS current->comm, current->pid, current->uid, \
10088 + current->euid, current->gid, current->egid, \
10089 + current->p_pptr->comm, current->p_pptr->pid, \
10090 + current->p_pptr->uid, current->p_pptr->euid, \
10091 + current->p_pptr->gid, current->p_pptr->egid
10093 +#define GR_CHROOT_CAPS ( \
10094 + CAP_TO_MASK(CAP_FOWNER) | \
10095 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
10096 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
10097 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
10098 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
10099 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
10100 + CAP_TO_MASK(CAP_IPC_OWNER))
10102 +#define security_alert_good(normal_msg,args...) \
10104 + spin_lock(&grsec_alertgood_lock); \
10106 + if (!grsec_alertgood_wtime || jiffies - grsec_alertgood_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { \
10107 + grsec_alertgood_wtime = jiffies; grsec_alertgood_fyet = 0; \
10108 + if (current->curr_ip) \
10109 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10111 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10112 + } else if((jiffies - grsec_alertgood_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alertgood_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \
10113 + grsec_alertgood_fyet++; \
10114 + if (current->curr_ip) \
10115 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10117 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10118 + } else if (grsec_alertgood_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \
10119 + grsec_alertgood_wtime = jiffies; grsec_alertgood_fyet++; \
10120 + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \
10121 + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \
10124 + spin_unlock(&grsec_alertgood_lock); \
10127 +#define security_alert(normal_msg,args...) \
10129 + spin_lock(&grsec_alert_lock); \
10131 + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { \
10132 + grsec_alert_wtime = jiffies; grsec_alert_fyet = 0; \
10133 + if (current->curr_ip) \
10134 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10136 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10137 + } else if((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \
10138 + grsec_alert_fyet++; \
10139 + if (current->curr_ip) \
10140 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10142 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10143 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \
10144 + grsec_alert_wtime = jiffies; grsec_alert_fyet++; \
10145 + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \
10146 + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \
10149 + gr_handle_alertkill(); \
10150 + spin_unlock(&grsec_alert_lock); \
10153 +#define security_audit(normal_msg,args...) \
10155 + spin_lock(&grsec_audit_lock); \
10156 + if (current->curr_ip) \
10157 + printk(KERN_INFO "grsec: From %u.%u.%u.%u: " normal_msg "\n", \
10158 + NIPQUAD(current->curr_ip) , ## args); \
10160 + printk(KERN_INFO "grsec: " normal_msg "\n", ## args); \
10161 + spin_unlock(&grsec_audit_lock); \
10164 +#define security_learn(normal_msg,args...) \
10166 + gr_add_learn_entry(normal_msg "\n", ## args); \
10172 diff -urN linux-2.4.21/include/linux/grmsg.h linux-2.4.21/include/linux/grmsg.h
10173 --- linux-2.4.21/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
10174 +++ linux-2.4.21/include/linux/grmsg.h 2003-06-23 11:49:17.000000000 -0400
10176 +#define DEFAULTSECMSG "(%.16s:%d) uid/euid:%d/%d gid/egid:%d/%d, parent (%.16s:%d) uid/euid:%d/%d gid/egid:%d/%d"
10177 +#define GR_ACL_PROCACCT_MSG "(%.16s:%d) IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent (%.16s:%d) IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d"
10178 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " DEFAULTSECMSG
10179 +#define GR_IOPERM_MSG "denied use of ioperm() by " DEFAULTSECMSG
10180 +#define GR_IOPL_MSG "denied use of iopl() by " DEFAULTSECMSG
10181 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " DEFAULTSECMSG
10182 +#define GR_UNIX_CHROOT_MSG "denied connect to abstract AF_UNIX socket outside of chroot by " DEFAULTSECMSG
10183 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " DEFAULTSECMSG
10184 +#define GR_KMEM_MSG "attempted write to /dev/kmem by " DEFAULTSECMSG
10185 +#define GR_PORT_OPEN_MSG "attempted open of /dev/port by " DEFAULTSECMSG
10186 +#define GR_MEM_WRITE_MSG "attempted write of /dev/mem by " DEFAULTSECMSG
10187 +#define GR_MEM_MMAP_MSG "attempted mmap write of /dev/[k]mem by " DEFAULTSECMSG
10188 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " DEFAULTSECMSG
10189 +#define GR_LEARN_AUDIT_MSG "%s:%u:%u:%u:%.4095s:%.4095s:%lu:%lu:%.4095s:%lu:%u.%u.%u.%u"
10190 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " DEFAULTSECMSG
10191 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " DEFAULTSECMSG
10192 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " DEFAULTSECMSG
10193 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " DEFAULTSECMSG
10194 +#define GR_MKNOD_CHROOT_MSG "refused attempt to mknod %.950s from chroot by " DEFAULTSECMSG
10195 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " DEFAULTSECMSG
10196 +#define GR_UNIXCONNECT_ACL_MSG "%s connect to the unix domain socket %.950s by " DEFAULTSECMSG
10197 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " DEFAULTSECMSG
10198 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " DEFAULTSECMSG
10199 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " DEFAULTSECMSG
10200 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " DEFAULTSECMSG
10201 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " DEFAULTSECMSG
10202 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " DEFAULTSECMSG
10203 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " DEFAULTSECMSG
10204 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " DEFAULTSECMSG
10205 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " DEFAULTSECMSG
10206 +#define GR_NPROC_MSG "attempt to overstep process limit by " DEFAULTSECMSG
10207 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " DEFAULTSECMSG
10208 +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " DEFAULTSECMSG
10209 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning uid %u from login for %lu seconds"
10210 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning execution of [%.16s:%lu] for %lu seconds"
10211 +#define GR_MOUNT_CHROOT_MSG "denied attempt to mount %.30s as %.930s from chroot by " DEFAULTSECMSG
10212 +#define GR_PIVOT_CHROOT_MSG "denied attempt to pivot_root from chroot by " DEFAULTSECMSG
10213 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " DEFAULTSECMSG
10214 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " DEFAULTSECMSG
10215 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " DEFAULTSECMSG
10216 +#define GR_CHROOT_CHROOT_MSG "denied attempt to double chroot to %.950s by " DEFAULTSECMSG
10217 +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by " DEFAULTSECMSG
10218 +#define GR_CHMOD_CHROOT_MSG "denied attempt to chmod +s %.950s by " DEFAULTSECMSG
10219 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " DEFAULTSECMSG
10220 +#define GR_CHROOT_FCHDIR_MSG "attempted fchdir outside of chroot to %.950s by " DEFAULTSECMSG
10221 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " DEFAULTSECMSG
10222 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " DEFAULTSECMSG
10223 +#define GR_INITF_ACL_MSG "init_variables() failed %s"
10224 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
10225 +#define GR_DEV_ACL_MSG "/dev/grsec: being fed garbage %d bytes sent %d required"
10226 +#define GR_SHUTS_ACL_MSG "shutdown auth success for " DEFAULTSECMSG
10227 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " DEFAULTSECMSG
10228 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " DEFAULTSECMSG
10229 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " DEFAULTSECMSG
10230 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " DEFAULTSECMSG
10231 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " DEFAULTSECMSG
10232 +#define GR_ENABLE_ACL_MSG "Loaded %s"
10233 +#define GR_ENABLEF_ACL_MSG "Unable to load %s for " DEFAULTSECMSG " RBAC system may already be enabled."
10234 +#define GR_RELOADI_ACL_MSG "Ignoring reload request for disabled RBAC system"
10235 +#define GR_RELOAD_ACL_MSG "Reloaded %s"
10236 +#define GR_RELOADF_ACL_MSG "Failed reload of %s for " DEFAULTSECMSG
10237 +#define GR_SPROLEI_ACL_MSG "Ignoring change to special role for disabled RBAC system for " DEFAULTSECMSG
10238 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " DEFAULTSECMSG
10239 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " DEFAULTSECMSG
10240 +#define GR_SPROLEF_ACL_MSG "special role %s failure for " DEFAULTSECMSG
10241 +#define GR_INVMODE_ACL_MSG "Invalid mode %d by " DEFAULTSECMSG
10242 +#define GR_MAXPW_ACL_MSG "Maximum pw attempts reached (%d), locking password authentication"
10243 +#define GR_MAXROLEPW_ACL_MSG "Maximum pw attempts reached (%d) trying to auth to special role %s, locking auth for role of " DEFAULTSECMSG
10244 +#define GR_PRIORITY_CHROOT_MSG "attempted priority change of process (%.16s:%d) by " DEFAULTSECMSG
10245 +#define GR_CAPSET_CHROOT_MSG "denied capset of (%.16s:%d) within chroot by " DEFAULTSECMSG
10246 +#define GR_FAILFORK_MSG "failed fork with errno %d by " DEFAULTSECMSG
10247 +#define GR_NICE_CHROOT_MSG "attempted priority change by " DEFAULTSECMSG
10248 +#define GR_UNISIGLOG_MSG "signal %d sent to " DEFAULTSECMSG
10249 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " DEFAULTSECMSG
10250 +#define GR_SIG_ACL_MSG "Attempted send of signal %d to protected task " DEFAULTSECMSG " by " DEFAULTSECMSG
10251 +#define GR_SYSCTL_MSG "attempt to modify grsecurity sysctl value : %.32s by " DEFAULTSECMSG
10252 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " DEFAULTSECMSG
10253 +#define GR_TIME_MSG "time set by " DEFAULTSECMSG
10254 +#define GR_DEFACL_MSG "Fatal: Unable to find ACL for (%.16s:%d)"
10255 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " DEFAULTSECMSG
10256 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " DEFAULTSECMSG
10257 +#define GR_SOCK_MSG "attempted socket(%d,%d,%d) by " DEFAULTSECMSG
10258 +#define GR_BIND_MSG "attempted bind() by " DEFAULTSECMSG
10259 +#define GR_CONNECT_MSG "attempted connect by " DEFAULTSECMSG
10260 +#define GR_BIND_ACL_MSG "attempted bind to %u.%u.%u.%u port %u sock type %u protocol %u by " DEFAULTSECMSG
10261 +#define GR_CONNECT_ACL_MSG "attempted connect to %u.%u.%u.%u port %u sock type %u protocol %u by " DEFAULTSECMSG
10262 +#define GR_IP_LEARN_MSG "%s:%u:%u:%u:%.4095s:%.4095s:%u.%u.%u.%u:%u:%u:%u:%u:%u.%u.%u.%u"
10263 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " DEFAULTSECMSG
10264 +#define GR_CAP_ACL_MSG "use of %s denied for " DEFAULTSECMSG
10265 +#define GR_REMOUNT_AUDIT_MSG "remount of %.30s by " DEFAULTSECMSG
10266 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.30s by " DEFAULTSECMSG
10267 +#define GR_MOUNT_AUDIT_MSG "mount %.30s to %.64s by " DEFAULTSECMSG
10268 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " DEFAULTSECMSG
10269 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.63s) by " DEFAULTSECMSG
10270 +#define GR_MSGQ_AUDIT_MSG "message queue created by " DEFAULTSECMSG
10271 +#define GR_MSGQR_AUDIT_MSG "message queue of uid:%d euid:%d removed by " DEFAULTSECMSG
10272 +#define GR_SEM_AUDIT_MSG "semaphore created by " DEFAULTSECMSG
10273 +#define GR_SEMR_AUDIT_MSG "semaphore of uid:%d euid:%d removed by " DEFAULTSECMSG
10274 +#define GR_SHM_AUDIT_MSG "shared memory of size %d created by " DEFAULTSECMSG
10275 +#define GR_SHMR_AUDIT_MSG "shared memory of uid:%d euid:%d removed by " DEFAULTSECMSG
10276 +#define GR_RESOURCE_MSG "attempted resource overstep by requesting %lu for %.16s against limit %lu by " DEFAULTSECMSG
10277 diff -urN linux-2.4.21/include/linux/grsecurity.h linux-2.4.21/include/linux/grsecurity.h
10278 --- linux-2.4.21/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
10279 +++ linux-2.4.21/include/linux/grsecurity.h 2003-06-23 11:49:17.000000000 -0400
10281 +#ifndef GR_SECURITY_H
10282 +#define GR_SECURITY_H
10284 +extern int gr_pid_is_chrooted(const struct task_struct *p);
10285 +extern int gr_handle_chroot_nice(void);
10286 +extern int gr_handle_chroot_sysctl(const int op);
10287 +extern int gr_handle_chroot_capset(const struct task_struct *target);
10288 +extern int gr_handle_chroot_setpriority(const struct task_struct *p,
10289 + const int niceval);
10290 +extern int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
10291 +extern int gr_handle_chroot_chroot(const struct dentry *dentry,
10292 + const struct vfsmount *mnt);
10293 +extern void gr_handle_chroot_caps(struct task_struct *task);
10294 +extern void gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt);
10295 +extern int gr_handle_chroot_chmod(const struct dentry *dentry,
10296 + const struct vfsmount *mnt, const int mode);
10297 +extern int gr_handle_chroot_mknod(const struct dentry *dentry,
10298 + const struct vfsmount *mnt, const int mode);
10299 +extern int gr_handle_chroot_mount(const struct dentry *dentry,
10300 + const struct vfsmount *mnt,
10301 + const char *dev_name);
10302 +extern int gr_handle_chroot_pivot(void);
10303 +extern int gr_handle_chroot_unix(const pid_t pid);
10305 +extern int gr_handle_nproc(void);
10307 +extern void gr_handle_ioperm(void);
10308 +extern void gr_handle_iopl(void);
10310 +extern int gr_tpe_allow(const struct file *file);
10312 +extern int gr_random_pid(spinlock_t * pid_lock);
10314 +extern void gr_log_forkfail(const int retval);
10315 +extern void gr_log_timechange(void);
10316 +extern void gr_log_signal(const int sig, const struct task_struct *t);
10317 +extern void gr_log_chdir(const struct dentry *dentry,
10318 + const struct vfsmount *mnt);
10319 +extern void gr_log_chroot_exec(const struct dentry *dentry,
10320 + const struct vfsmount *mnt);
10321 +extern void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
10322 +extern void gr_log_remount(const char *devname, const int retval);
10323 +extern void gr_log_unmount(const char *devname, const int retval);
10324 +extern void gr_log_mount(const char *from, const char *to, const int retval);
10325 +extern void gr_log_msgget(const int ret, const int msgflg);
10326 +extern void gr_log_msgrm(const uid_t uid, const uid_t cuid);
10327 +extern void gr_log_semget(const int err, const int semflg);
10328 +extern void gr_log_semrm(const uid_t uid, const uid_t cuid);
10329 +extern void gr_log_shmget(const int err, const int shmflg, const size_t size);
10330 +extern void gr_log_shmrm(const uid_t uid, const uid_t cuid);
10332 +extern int gr_handle_follow_link(const struct inode *parent,
10333 + const struct inode *inode,
10334 + const struct dentry *dentry,
10335 + const struct vfsmount *mnt);
10336 +extern int gr_handle_fifo(const struct dentry *dentry,
10337 + const struct vfsmount *mnt,
10338 + const struct dentry *dir, const int flag,
10339 + const int acc_mode);
10340 +extern int gr_handle_hardlink(const struct dentry *dentry,
10341 + const struct vfsmount *mnt,
10342 + struct inode *inode,
10343 + const int mode, const char *to);
10345 +extern int gr_is_capable(const int cap);
10346 +extern void gr_learn_resource(const struct task_struct *task, const int limit,
10347 + const unsigned long wanted);
10348 +extern void gr_copy_label(struct task_struct *tsk);
10349 +extern void gr_handle_crash(struct task_struct *task, const int sig);
10350 +extern int gr_handle_signal(const struct task_struct *p, const int sig);
10351 +extern int gr_check_crash_uid(const uid_t uid);
10352 +extern int gr_check_protected_task(const struct task_struct *task);
10353 +extern int gr_acl_handle_mmap(const struct file *file,
10354 + const unsigned long prot);
10355 +extern int gr_acl_handle_mprotect(const struct file *file,
10356 + const unsigned long prot);
10357 +extern int gr_check_hidden_task(const struct task_struct *tsk);
10358 +extern __u32 gr_acl_handle_truncate(const struct dentry *dentry,
10359 + const struct vfsmount *mnt);
10360 +extern __u32 gr_acl_handle_utime(const struct dentry *dentry,
10361 + const struct vfsmount *mnt);
10362 +extern __u32 gr_acl_handle_access(const struct dentry *dentry,
10363 + const struct vfsmount *mnt, const int fmode);
10364 +extern __u32 gr_acl_handle_fchmod(const struct dentry *dentry,
10365 + const struct vfsmount *mnt, mode_t mode);
10366 +extern __u32 gr_acl_handle_chmod(const struct dentry *dentry,
10367 + const struct vfsmount *mnt, mode_t mode);
10368 +extern __u32 gr_acl_handle_chown(const struct dentry *dentry,
10369 + const struct vfsmount *mnt);
10370 +extern int gr_handle_ptrace_exec(const struct dentry *dentry,
10371 + const struct vfsmount *mnt);
10372 +extern int gr_handle_ptrace(struct task_struct *task, const long request);
10373 +extern int gr_handle_mmap(const struct file *filp, const unsigned long prot);
10374 +extern __u32 gr_acl_handle_execve(const struct dentry *dentry,
10375 + const struct vfsmount *mnt);
10376 +extern int gr_check_crash_exec(const struct file *filp);
10377 +extern int gr_acl_is_enabled(void);
10378 +extern void gr_set_kernel_label(struct task_struct *task);
10379 +extern void gr_set_role_label(struct task_struct *task, const uid_t uid,
10380 + const gid_t gid);
10381 +extern void gr_set_proc_label(const struct dentry *dentry,
10382 + const struct vfsmount *mnt);
10383 +extern __u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
10384 + const struct vfsmount *mnt);
10385 +extern __u32 gr_acl_handle_open(const struct dentry *dentry,
10386 + const struct vfsmount *mnt, const int fmode);
10387 +extern __u32 gr_acl_handle_creat(const struct dentry *dentry,
10388 + const struct dentry *p_dentry,
10389 + const struct vfsmount *p_mnt, const int fmode,
10390 + const int imode);
10391 +extern void gr_handle_create(const struct dentry *dentry,
10392 + const struct vfsmount *mnt);
10393 +extern __u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
10394 + const struct dentry *parent_dentry,
10395 + const struct vfsmount *parent_mnt,
10397 +extern __u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
10398 + const struct dentry *parent_dentry,
10399 + const struct vfsmount *parent_mnt);
10400 +extern __u32 gr_acl_handle_rmdir(const struct dentry *dentry,
10401 + const struct vfsmount *mnt);
10402 +extern void gr_handle_delete(const ino_t ino, const kdev_t dev);
10403 +extern __u32 gr_acl_handle_unlink(const struct dentry *dentry,
10404 + const struct vfsmount *mnt);
10405 +extern __u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
10406 + const struct dentry *parent_dentry,
10407 + const struct vfsmount *parent_mnt,
10408 + const char *from);
10409 +extern __u32 gr_acl_handle_link(const struct dentry *new_dentry,
10410 + const struct dentry *parent_dentry,
10411 + const struct vfsmount *parent_mnt,
10412 + const struct dentry *old_dentry,
10413 + const struct vfsmount *old_mnt, const char *to);
10414 +extern int gr_acl_handle_rename(struct dentry *new_dentry,
10415 + struct dentry *parent_dentry,
10416 + const struct vfsmount *parent_mnt,
10417 + struct dentry *old_dentry,
10418 + struct inode *old_parent_inode,
10419 + struct vfsmount *old_mnt, const char *newname);
10420 +extern __u32 gr_check_link(const struct dentry *new_dentry,
10421 + const struct dentry *parent_dentry,
10422 + const struct vfsmount *parent_mnt,
10423 + const struct dentry *old_dentry,
10424 + const struct vfsmount *old_mnt);
10425 +extern __u32 gr_acl_handle_filldir(const struct dentry *dentry,
10426 + const struct vfsmount *mnt, const ino_t ino);
10427 +extern __u32 gr_acl_handle_unix(const struct dentry *dentry,
10428 + const struct vfsmount *mnt);
10429 +extern void gr_acl_handle_exit(void);
10430 +extern void gr_acl_handle_psacct(struct task_struct *task, const long code);
10431 +extern int gr_acl_handle_procpidmem(const struct task_struct *task);
10432 +extern __u32 gr_cap_rtnetlink(void);
10434 +#ifdef CONFIG_GRKERNSEC
10435 +extern void gr_handle_mem_write(void);
10436 +extern void gr_handle_kmem_write(void);
10437 +extern void gr_handle_open_port(void);
10438 +extern int gr_handle_mem_mmap(const unsigned long offset,
10439 + struct vm_area_struct *vma);
10441 +extern __u16 ip_randomid(void);
10442 +extern __u32 ip_randomisn(void);
10443 +extern __u32 arc4random(void);
10445 +extern int grsec_enable_dmesg;
10446 +extern int grsec_enable_randid;
10447 +extern int grsec_enable_randisn;
10448 +extern int grsec_enable_randsrc;
10449 +extern int grsec_enable_randping;
10450 +extern int grsec_enable_randrpc;
10454 diff -urN linux-2.4.21/include/linux/mm.h linux-2.4.21/include/linux/mm.h
10455 --- linux-2.4.21/include/linux/mm.h 2003-06-23 11:41:32.000000000 -0400
10456 +++ linux-2.4.21/include/linux/mm.h 2003-06-23 11:49:17.000000000 -0400
10458 extern struct list_head active_list;
10459 extern struct list_head inactive_list;
10461 +extern void gr_learn_resource(const struct task_struct * task, const int limit,
10462 + const unsigned long wanted);
10464 #include <asm/page.h>
10465 #include <asm/pgtable.h>
10466 #include <asm/atomic.h>
10467 @@ -639,6 +704,8 @@
10468 address &= PAGE_MASK;
10469 spin_lock(&vma->vm_mm->page_table_lock);
10470 grow = (vma->vm_start - address) >> PAGE_SHIFT;
10471 + gr_learn_resource(current, RLIMIT_STACK, vma->vm_end - address);
10472 + gr_learn_resource(current, RLIMIT_AS, (vma->vm_mm->total_vm + grow) << PAGE_SHIFT);
10473 if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
10474 ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) {
10475 spin_unlock(&vma->vm_mm->page_table_lock);
10476 diff -urN linux-2.4.21/include/linux/proc_fs.h linux-2.4.21/include/linux/proc_fs.h
10477 --- linux-2.4.21/include/linux/proc_fs.h 2003-06-23 11:41:32.000000000 -0400
10478 +++ linux-2.4.21/include/linux/proc_fs.h 2003-06-23 11:49:17.000000000 -0400
10479 @@ -143,6 +143,9 @@
10480 extern struct proc_dir_entry *proc_mknod(const char *,mode_t,
10481 struct proc_dir_entry *,kdev_t);
10482 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);
10483 +#ifdef CONFIG_GRKERNSEC_PROC
10484 +extern struct proc_dir_entry *proc_priv_mkdir(const char *, struct proc_dir_entry *);
10487 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
10488 mode_t mode, struct proc_dir_entry *base,
10489 diff -urN linux-2.4.21/include/linux/sched.h linux-2.4.21/include/linux/sched.h
10490 --- linux-2.4.21/include/linux/sched.h 2003-06-23 11:41:32.000000000 -0400
10491 +++ linux-2.4.21/include/linux/sched.h 2003-06-23 11:49:17.000000000 -0400
10493 #include <linux/securebits.h>
10494 #include <linux/fs_struct.h>
10496 +extern int gr_is_capable(const int cap);
10497 +extern int gr_pid_is_chrooted(const struct task_struct *p);
10499 struct exec_domain;
10502 @@ -415,6 +432,19 @@
10504 /* journalling filesystem info */
10505 void *journal_info;
10507 +#ifdef CONFIG_GRKERNSEC
10508 +/* added by grsecurity's ACL system */
10509 + struct acl_subject_label *acl;
10510 + struct acl_role_label *role;
10511 + struct file *exec_file;
10514 + u8 acl_sp_role:1;
10515 + u8 used_accept:1;
10516 + u8 used_connect:1;
10517 + u8 is_writable:1;
10522 @@ -549,6 +586,8 @@
10523 *p->pidhash_pprev = p->pidhash_next;
10526 +#include <asm/current.h>
10528 static inline task_t *find_task_by_pid(int pid)
10530 task_t *p, **htable = &pidhash[pid_hashfn(pid)];
10531 @@ -556,6 +595,8 @@
10532 for(p = *htable; p && p->pid != pid; p = p->pidhash_next)
10535 + if(gr_pid_is_chrooted(p)) p = NULL;
10540 @@ -576,8 +617,6 @@
10541 extern struct user_struct * alloc_uid(uid_t);
10542 extern void free_uid(struct user_struct *);
10544 -#include <asm/current.h>
10546 extern unsigned long volatile jiffies;
10547 extern unsigned long itimer_ticks;
10548 extern unsigned long itimer_next;
10549 @@ -741,7 +780,7 @@
10550 static inline int capable(int cap)
10553 - if (cap_raised(current->cap_effective, cap))
10554 + if (cap_raised(current->cap_effective, cap) && gr_is_capable(cap))
10556 if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid == 0)
10558 diff -urN linux-2.4.21/include/linux/sysctl.h linux-2.4.21/include/linux/sysctl.h
10559 --- linux-2.4.21/include/linux/sysctl.h 2003-06-23 11:41:32.000000000 -0400
10560 +++ linux-2.4.21/include/linux/sysctl.h 2003-06-23 11:49:17.000000000 -0400
10561 @@ -125,6 +125,7 @@
10562 KERN_CADPID=54, /* int: PID of the process to notify on CAD */
10563 KERN_KDB=55, /* int: kdb on/off */
10564 KERN_CORE_PATTERN=56, /* string: pattern for core-files */
10565 + KERN_GRSECURITY=68, /* grsecurity */
10569 diff -urN linux-2.4.21/include/net/inetpeer.h linux-2.4.21/include/net/inetpeer.h
10570 --- linux-2.4.21/include/net/inetpeer.h 2003-06-23 11:41:37.000000000 -0400
10571 +++ linux-2.4.21/include/net/inetpeer.h 2003-06-23 11:49:17.000000000 -0400
10573 #include <linux/init.h>
10574 #include <linux/sched.h>
10575 #include <linux/spinlock.h>
10577 #include <asm/atomic.h>
10581 /* can be called with or without local BH being disabled */
10582 struct inet_peer *inet_getpeer(__u32 daddr, int create);
10584 +#ifdef CONFIG_GRKERNSEC_RANDID
10585 +extern int grsec_enable_randid;
10586 +extern __u16 ip_randomid(void);
10589 extern spinlock_t inet_peer_unused_lock;
10590 extern struct inet_peer *inet_peer_unused_head;
10591 extern struct inet_peer **inet_peer_unused_tailp;
10595 spin_lock_bh(&inet_peer_idlock);
10596 - id = p->ip_id_count++;
10598 +#ifdef CONFIG_GRKERNSEC_RANDID
10599 + if(grsec_enable_randid)
10600 + id = htons(ip_randomid());
10603 + id = p->ip_id_count++;
10605 spin_unlock_bh(&inet_peer_idlock);
10608 diff -urN linux-2.4.21/include/net/ip.h linux-2.4.21/include/net/ip.h
10609 --- linux-2.4.21/include/net/ip.h 2003-06-23 11:41:37.000000000 -0400
10610 +++ linux-2.4.21/include/net/ip.h 2003-06-23 11:49:17.000000000 -0400
10612 void (*destructor)(struct sock *);
10615 +#ifdef CONFIG_GRKERNSEC_RANDID
10616 +extern int grsec_enable_randid;
10617 +extern __u16 ip_randomid(void);
10620 extern struct ip_ra_chain *ip_ra_chain;
10621 extern rwlock_t ip_ra_lock;
10623 @@ -196,7 +201,13 @@
10624 * does not change, they drop every other packet in
10625 * a TCP stream using header compression.
10627 - iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
10629 +#ifdef CONFIG_GRKERNSEC_RANDID
10630 + if(grsec_enable_randid)
10631 + iph->id = htons(ip_randomid());
10634 + iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
10636 __ip_select_ident(iph, dst);
10638 diff -urN linux-2.4.21/init/main.c linux-2.4.21/init/main.c
10639 --- linux-2.4.21/init/main.c 2003-06-23 11:41:31.000000000 -0400
10640 +++ linux-2.4.21/init/main.c 2003-06-23 11:49:17.000000000 -0400
10642 #include <linux/iobuf.h>
10643 #include <linux/bootmem.h>
10644 #include <linux/tty.h>
10645 +#include <linux/grsecurity.h>
10647 #include <asm/io.h>
10648 #include <asm/bugs.h>
10649 @@ -107,6 +108,8 @@
10650 extern void ipc_init(void);
10653 +extern void grsecurity_init(void);
10656 * Boot command-line arguments
10658 @@ -546,6 +549,7 @@
10661 prepare_namespace();
10662 + grsecurity_init();
10665 * Ok, we have completed the initial bootup, and
10666 diff -urN linux-2.4.21/ipc/msg.c linux-2.4.21/ipc/msg.c
10667 --- linux-2.4.21/ipc/msg.c 2003-06-23 11:41:59.000000000 -0400
10668 +++ linux-2.4.21/ipc/msg.c 2003-06-23 11:49:17.000000000 -0400
10670 #include <linux/init.h>
10671 #include <linux/proc_fs.h>
10672 #include <linux/list.h>
10673 +#include <linux/grsecurity.h>
10674 #include <asm/uaccess.h>
10677 @@ -326,6 +327,9 @@
10682 + gr_log_msgget(ret, msgflg);
10687 @@ -560,6 +564,8 @@
10691 + gr_log_msgrm(ipcp->uid, ipcp->cuid);
10696 diff -urN linux-2.4.21/ipc/sem.c linux-2.4.21/ipc/sem.c
10697 --- linux-2.4.21/ipc/sem.c 2003-06-23 11:41:59.000000000 -0400
10698 +++ linux-2.4.21/ipc/sem.c 2003-06-23 11:49:17.000000000 -0400
10700 #include <linux/spinlock.h>
10701 #include <linux/init.h>
10702 #include <linux/proc_fs.h>
10703 +#include <linux/grsecurity.h>
10704 #include <asm/uaccess.h>
10707 @@ -181,6 +182,9 @@
10712 + gr_log_semget(err, semflg);
10717 @@ -728,6 +732,8 @@
10721 + gr_log_semrm(ipcp->uid, ipcp->cuid);
10726 diff -urN linux-2.4.21/ipc/shm.c linux-2.4.21/ipc/shm.c
10727 --- linux-2.4.21/ipc/shm.c 2003-06-23 11:41:59.000000000 -0400
10728 +++ linux-2.4.21/ipc/shm.c 2003-06-23 11:49:17.000000000 -0400
10730 #include <linux/mman.h>
10731 #include <linux/proc_fs.h>
10732 #include <asm/uaccess.h>
10733 +#include <linux/grsecurity.h>
10742 +#ifdef CONFIG_GRKERNSEC
10743 + time_t shm_createtime;
10748 +#ifdef CONFIG_GRKERNSEC
10749 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
10750 + const time_t shm_createtime, const uid_t cuid,
10751 + const int shmid);
10752 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
10753 + const time_t shm_createtime);
10756 #define shm_flags shm_perm.mode
10758 static struct file_operations shm_file_operations;
10759 @@ -209,6 +223,9 @@
10760 shp->shm_lprid = 0;
10761 shp->shm_atim = shp->shm_dtim = 0;
10762 shp->shm_ctim = CURRENT_TIME;
10763 +#ifdef CONFIG_GRKERNSEC
10764 + shp->shm_createtime = CURRENT_TIME;
10766 shp->shm_segsz = size;
10767 shp->shm_nattch = 0;
10768 shp->id = shm_buildid(id,shp->shm_perm.seq);
10769 @@ -254,6 +271,9 @@
10774 + gr_log_shmget(err, shmflg, size);
10779 @@ -509,6 +529,9 @@
10781 goto out_unlock_up;
10784 + gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid);
10786 if (shp->shm_nattch){
10787 shp->shm_flags |= SHM_DEST;
10788 /* Do not find it any more */
10789 @@ -622,9 +645,28 @@
10794 +#ifdef CONFIG_GRKERNSEC
10795 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
10796 + shp->shm_perm.cuid, shmid)) {
10797 + shm_unlock(shmid);
10801 + if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
10802 + shm_unlock(shmid);
10807 file = shp->shm_file;
10808 size = file->f_dentry->d_inode->i_size;
10811 +#ifdef CONFIG_GRKERNSEC
10812 + shp->shm_lapid = current->pid;
10817 down_write(¤t->mm->mmap_sem);
10818 diff -urN linux-2.4.21/kernel/capability.c linux-2.4.21/kernel/capability.c
10819 --- linux-2.4.21/kernel/capability.c 2003-06-23 11:41:31.000000000 -0400
10820 +++ linux-2.4.21/kernel/capability.c 2003-06-23 11:49:17.000000000 -0400
10823 #include <linux/mm.h>
10824 #include <asm/uaccess.h>
10825 +#include <linux/grsecurity.h>
10827 kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
10829 @@ -168,6 +169,10 @@
10833 + if (gr_handle_chroot_capset(target)) {
10838 /* verify restrictions on target's new Inheritable set */
10839 if (!cap_issubset(inheritable,
10840 diff -urN linux-2.4.21/kernel/exit.c linux-2.4.21/kernel/exit.c
10841 --- linux-2.4.21/kernel/exit.c 2003-06-23 11:41:31.000000000 -0400
10842 +++ linux-2.4.21/kernel/exit.c 2003-06-23 11:49:17.000000000 -0400
10844 #ifdef CONFIG_BSD_PROCESS_ACCT
10845 #include <linux/acct.h>
10847 +#include <linux/grsecurity.h>
10849 #include <asm/uaccess.h>
10850 #include <asm/pgtable.h>
10851 @@ -165,12 +165,21 @@
10853 write_lock_irq(&tasklist_lock);
10855 +#ifdef CONFIG_GRKERNSEC
10856 + if (current->exec_file) {
10857 + fput(current->exec_file);
10858 + current->exec_file = NULL;
10862 /* Reparent to init */
10863 REMOVE_LINKS(current);
10864 current->p_pptr = child_reaper;
10865 current->p_opptr = child_reaper;
10866 SET_LINKS(current);
10868 + gr_set_kernel_label(current);
10870 /* Set the exit signal to SIGCHLD so we signal init on exit */
10871 current->exit_signal = SIGCHLD;
10873 @@ -439,6 +440,10 @@
10874 #ifdef CONFIG_BSD_PROCESS_ACCT
10875 acct_process(code);
10878 + gr_acl_handle_psacct(tsk, code);
10879 + gr_acl_handle_exit();
10884 diff -urN linux-2.4.21/kernel/fork.c linux-2.4.21/kernel/fork.c
10885 --- linux-2.4.21/kernel/fork.c 2003-06-23 11:41:31.000000000 -0400
10886 +++ linux-2.4.21/kernel/fork.c 2003-06-23 11:49:17.000000000 -0400
10888 #include <linux/personality.h>
10889 #include <linux/compiler.h>
10890 #include <linux/mman.h>
10891 +#include <linux/grsecurity.h>
10893 #include <asm/pgtable.h>
10894 #include <asm/pgalloc.h>
10896 if (flags & CLONE_PID)
10897 return current->pid;
10899 + pid = gr_random_pid(&lastpid_lock);
10903 spin_lock(&lastpid_lock);
10904 beginpid = last_pid;
10905 if((++last_pid) & 0xffff8000) {
10906 @@ -635,6 +640,9 @@
10907 * friends to set the per-user process limit to something lower
10908 * than the amount of processes root is running. -- Rik
10911 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes));
10913 if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur
10914 && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
10915 goto bad_fork_free;
10916 @@ -719,6 +727,7 @@
10917 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
10919 goto bad_fork_cleanup_namespace;
10920 + gr_copy_label(p);
10923 /* Our parent execution domain becomes current domain
10924 @@ -804,6 +813,9 @@
10927 free_task_struct(p);
10929 + gr_log_forkfail(retval);
10934 diff -urN linux-2.4.21/kernel/ksyms.c linux-2.4.21/kernel/ksyms.c
10935 --- linux-2.4.21/kernel/ksyms.c 2003-06-23 11:41:31.000000000 -0400
10936 +++ linux-2.4.21/kernel/ksyms.c 2003-06-23 11:49:17.000000000 -0400
10938 #include <linux/completion.h>
10939 #include <linux/seq_file.h>
10940 #include <linux/dnotify.h>
10941 +#include <linux/grsecurity.h>
10942 #include <asm/checksum.h>
10944 #if defined(CONFIG_PROC_FS)
10945 @@ -585,3 +586,9 @@
10948 EXPORT_SYMBOL(dump_stack);
10951 +EXPORT_SYMBOL(gr_is_capable);
10952 +EXPORT_SYMBOL(gr_pid_is_chrooted);
10953 +EXPORT_SYMBOL(gr_learn_resource);
10954 +EXPORT_SYMBOL(gr_set_kernel_label);
10955 diff -urN linux-2.4.21/kernel/module.c linux-2.4.21/kernel/module.c
10956 --- linux-2.4.21/kernel/module.c 2003-06-23 11:41:31.000000000 -0400
10957 +++ linux-2.4.21/kernel/module.c 2003-06-23 11:49:17.000000000 -0400
10958 @@ -887,6 +887,11 @@
10959 struct module *mod;
10962 +#ifdef CONFIG_GRKERNSEC_HIDESYM
10963 + if (!capable(CAP_SYS_MODULE))
10968 if (name_user == NULL)
10969 mod = &kernel_module;
10970 @@ -956,6 +961,11 @@
10972 struct kernel_sym ksym;
10974 +#ifdef CONFIG_GRKERNSEC_HIDESYM
10975 + if (!capable(CAP_SYS_MODULE))
10980 for (mod = module_list, i = 0; mod; mod = mod->next) {
10981 /* include the count for the module name! */
10982 diff -urN linux-2.4.21/kernel/printk.c linux-2.4.21/kernel/printk.c
10983 --- linux-2.4.21/kernel/printk.c 2003-06-23 11:41:31.000000000 -0400
10984 +++ linux-2.4.21/kernel/printk.c 2003-06-23 11:49:17.000000000 -0400
10986 #include <linux/interrupt.h> /* For in_interrupt() */
10987 #include <linux/config.h>
10988 #include <linux/delay.h>
10989 +#include <linux/grsecurity.h>
10991 #include <asm/uaccess.h>
10993 @@ -294,6 +295,11 @@
10995 asmlinkage long sys_syslog(int type, char * buf, int len)
10997 +#ifdef CONFIG_GRKERNSEC_DMESG
10998 + if (!capable(CAP_SYS_ADMIN) && grsec_enable_dmesg)
11002 if ((type != 3) && !capable(CAP_SYS_ADMIN))
11004 return do_syslog(type, buf, len);
11005 diff -urN linux-2.4.21/kernel/sched.c linux-2.4.21/kernel/sched.c
11006 --- linux-2.4.21/kernel/sched.c 2003-06-23 11:41:31.000000000 -0400
11007 +++ linux-2.4.21/kernel/sched.c 2003-06-23 11:49:17.000000000 -0400
11008 @@ -29,11 +30,13 @@
11009 #include <linux/nmi.h>
11010 #include <linux/interrupt.h>
11011 #include <linux/init.h>
11012 +#include <linux/file.h>
11013 #include <asm/uaccess.h>
11014 #include <linux/smp_lock.h>
11015 #include <asm/mmu_context.h>
11016 #include <linux/kernel_stat.h>
11017 #include <linux/completion.h>
11018 +#include <linux/grsecurity.h>
11021 * Convert user-nice values [ -20 ... 0 ... 19 ]
11022 @@ -910,6 +912,9 @@
11024 if (increment < -40)
11027 + if (gr_handle_chroot_nice())
11030 if (increment > 40)
11032 diff -urN linux-2.4.21/kernel/signal.c linux-2.4.21/kernel/signal.c
11033 --- linux-2.4.21/kernel/signal.c 2003-06-23 11:41:31.000000000 -0400
11034 +++ linux-2.4.21/kernel/signal.c 2003-06-23 11:49:17.000000000 -0400
11036 #include <linux/smp_lock.h>
11037 #include <linux/init.h>
11038 #include <linux/sched.h>
11039 +#include <linux/fs.h>
11040 +#include <linux/grsecurity.h>
11042 #include <asm/uaccess.h>
11044 @@ -554,6 +556,8 @@
11045 if (!sig || !t->sig)
11048 + gr_log_signal(sig, t);
11050 spin_lock_irqsave(&t->sigmask_lock, flags);
11051 handle_stop_signal(sig, t);
11053 @@ -603,6 +607,8 @@
11054 recalc_sigpending(t);
11055 spin_unlock_irqrestore(&t->sigmask_lock, flags);
11057 + gr_handle_crash(t, sig);
11059 return send_sig_info(sig, info, t);
11062 @@ -622,9 +628,13 @@
11063 read_lock(&tasklist_lock);
11065 if (p->pgrp == pgrp && thread_group_leader(p)) {
11066 - int err = send_sig_info(sig, info, p);
11069 + if (gr_handle_signal(p, sig))
11072 + int err = send_sig_info(sig, info, p);
11078 read_unlock(&tasklist_lock);
11079 @@ -675,7 +685,10 @@
11083 - error = send_sig_info(sig, info, p);
11084 + if (gr_handle_signal(p, sig))
11087 + error = send_sig_info(sig, info, p);
11089 read_unlock(&tasklist_lock);
11091 @@ -700,10 +713,14 @@
11092 read_lock(&tasklist_lock);
11094 if (p->pid > 1 && p != current && thread_group_leader(p)) {
11095 - int err = send_sig_info(sig, info, p);
11097 - if (err != -EPERM)
11099 + if (gr_handle_signal(p, sig))
11102 + int err = send_sig_info(sig, info, p);
11104 + if (err != -EPERM)
11109 read_unlock(&tasklist_lock);
11110 diff -urN linux-2.4.21/kernel/sys.c linux-2.4.21/kernel/sys.c
11111 --- linux-2.4.21/kernel/sys.c 2003-06-23 11:41:31.000000000 -0400
11112 +++ linux-2.4.21/kernel/sys.c 2003-06-23 11:49:17.000000000 -0400
11114 * Copyright (C) 1991, 1992 Linus Torvalds
11117 +#include <linux/config.h>
11118 #include <linux/module.h>
11119 #include <linux/mm.h>
11120 #include <linux/utsname.h>
11122 #include <linux/prctl.h>
11123 #include <linux/init.h>
11124 #include <linux/highuid.h>
11125 +#include <linux/grsecurity.h>
11127 #include <asm/uaccess.h>
11128 #include <asm/io.h>
11129 @@ -239,6 +241,12 @@
11131 if (error == -ESRCH)
11134 + if (gr_handle_chroot_setpriority(p, niceval)) {
11135 + read_unlock(&tasklist_lock);
11139 if (niceval < task_nice(p) && !capable(CAP_SYS_NICE))
11142 @@ -425,6 +433,9 @@
11143 if (rgid != (gid_t) -1 ||
11144 (egid != (gid_t) -1 && egid != old_rgid))
11145 current->sgid = new_egid;
11147 + gr_set_role_label(current, current->uid, new_rgid);
11149 current->fsgid = new_egid;
11150 current->egid = new_egid;
11151 current->gid = new_rgid;
11152 @@ -447,6 +458,9 @@
11153 current->mm->dumpable=0;
11157 + gr_set_role_label(current, current->uid, gid);
11159 current->gid = current->egid = current->sgid = current->fsgid = gid;
11161 else if ((gid == current->gid) || (gid == current->sgid))
11162 @@ -530,6 +544,9 @@
11163 current->mm->dumpable = 0;
11167 + gr_set_role_label(current, new_ruid, current->gid);
11169 current->uid = new_ruid;
11170 current->user = new_user;
11171 free_uid(old_user);
11172 @@ -626,6 +643,9 @@
11173 } else if ((uid != current->uid) && (uid != new_suid))
11176 + if (gr_check_crash_uid(uid))
11179 if (old_euid != uid)
11181 current->mm->dumpable = 0;
11182 @@ -722,8 +742,10 @@
11183 current->egid = egid;
11185 current->fsgid = current->egid;
11186 - if (rgid != (gid_t) -1)
11187 + if (rgid != (gid_t) -1) {
11188 + gr_set_role_label(current, current->uid, rgid);
11189 current->gid = rgid;
11191 if (sgid != (gid_t) -1)
11192 current->sgid = sgid;
11194 @@ -1140,6 +1162,10 @@
11195 if(copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
11197 old_rlim = current->rlim + resource;
11199 + if (old_rlim->rlim_max < old_rlim->rlim_cur)
11202 if (((new_rlim.rlim_cur > old_rlim->rlim_max) ||
11203 (new_rlim.rlim_max > old_rlim->rlim_max)) &&
11204 !capable(CAP_SYS_RESOURCE))
11205 diff -urN linux-2.4.21/kernel/sysctl.c linux-2.4.21/kernel/sysctl.c
11206 --- linux-2.4.21/kernel/sysctl.c 2003-06-23 11:41:31.000000000 -0400
11207 +++ linux-2.4.21/kernel/sysctl.c 2003-06-23 11:49:17.000000000 -0400
11211 #if defined(CONFIG_SYSCTL)
11212 +#include <linux/grsecurity.h>
11213 +#include <linux/grinternal.h>
11215 +extern __u32 gr_handle_sysctl(const ctl_table * table, const void *oldval,
11216 + const void *newval);
11217 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, const int op);
11218 +extern int gr_handle_chroot_sysctl(const int op);
11220 /* External variables not in a header file. */
11221 extern int panic_timeout;
11222 @@ -119,6 +126,8 @@
11223 static ctl_table dev_table[];
11224 extern ctl_table random_table[];
11226 +static ctl_table grsecurity_table[];
11228 /* /proc declarations: */
11230 #ifdef CONFIG_PROC_FS
11231 @@ -259,8 +268,195 @@
11232 {KERN_S390_USER_DEBUG_LOGGING,"userprocess_debug",
11233 &sysctl_userprocess_debug,sizeof(int),0644,NULL,&proc_dointvec},
11235 +#ifdef CONFIG_GRKERNSEC_SYSCTL
11236 + {KERN_GRSECURITY, "grsecurity", NULL, 0, 0555, grsecurity_table},
11241 +#ifdef CONFIG_GRKERNSEC_SYSCTL
11242 +enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL,
11243 +GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT,
11244 +GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM,
11245 +GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS,
11246 +GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, GS_SIDCAPS,
11247 +GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDISN,
11248 +GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
11249 +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
11250 +GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
11251 +GS_FINDTASK, GS_LOCK};
11253 +static ctl_table grsecurity_table[] = {
11254 +#ifdef CONFIG_GRKERNSEC_LINK
11255 + {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),
11256 + 0600, NULL, &proc_dointvec},
11258 +#ifdef CONFIG_GRKERNSEC_FIFO
11259 + {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),
11260 + 0600, NULL, &proc_dointvec},
11262 +#ifdef CONFIG_GRKERNSEC_EXECVE
11263 + {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),
11264 + 0600, NULL, &proc_dointvec},
11266 +#ifdef CONFIG_GRKERNSEC_EXECLOG
11267 + {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),
11268 + 0600, NULL, &proc_dointvec},
11270 +#ifdef CONFIG_GRKERNSEC_SIGNAL
11271 + {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),
11272 + 0600, NULL, &proc_dointvec},
11274 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
11275 + {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),
11276 + 0600, NULL, &proc_dointvec},
11278 +#ifdef CONFIG_GRKERNSEC_TIME
11279 + {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),
11280 + 0600, NULL, &proc_dointvec},
11282 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
11283 + {GS_CHROOT_SHMAT, "chroot_deny_shmat", &grsec_enable_chroot_shmat, sizeof (int),
11284 + 0600, NULL, &proc_dointvec},
11286 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
11287 + {GS_CHROOT_UNIX, "chroot_deny_unix", &grsec_enable_chroot_unix, sizeof(int),
11288 + 0600, NULL, &proc_dointvec},
11290 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
11291 + {GS_CHROOT_MNT, "chroot_deny_mount", &grsec_enable_chroot_mount, sizeof (int),
11292 + 0600, NULL, &proc_dointvec},
11294 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
11295 + {GS_CHROOT_FCHDIR, "chroot_deny_fchdir", &grsec_enable_chroot_fchdir, sizeof (int),
11296 + 0600, NULL, &proc_dointvec},
11298 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
11299 + {GS_CHROOT_DBL, "chroot_deny_chroot", &grsec_enable_chroot_double, sizeof (int),
11300 + 0600, NULL, &proc_dointvec},
11302 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
11303 + {GS_CHROOT_PVT, "chroot_deny_pivot", &grsec_enable_chroot_pivot, sizeof (int),
11304 + 0600, NULL, &proc_dointvec},
11306 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
11307 + {GS_CHROOT_CD, "chroot_enforce_chdir", &grsec_enable_chroot_chdir, sizeof (int),
11308 + 0600, NULL, &proc_dointvec},
11310 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
11311 + {GS_CHROOT_CM, "chroot_deny_chmod", &grsec_enable_chroot_chmod, sizeof (int),
11312 + 0600, NULL, &proc_dointvec},
11314 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
11315 + {GS_CHROOT_MK, "chroot_deny_mknod", &grsec_enable_chroot_mknod, sizeof (int),
11316 + 0600, NULL, &proc_dointvec},
11318 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
11319 + {GS_CHROOT_NI, "chroot_restrict_nice", &grsec_enable_chroot_nice, sizeof (int),
11320 + 0600, NULL, &proc_dointvec},
11322 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
11323 + {GS_CHROOT_EXECLOG, "chroot_execlog",
11324 + &grsec_enable_chroot_execlog, sizeof (int),
11325 + 0600, NULL, &proc_dointvec},
11327 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
11328 + {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),
11329 + 0600, NULL, &proc_dointvec},
11331 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
11332 + {GS_CHROOT_SYSCTL, "chroot_deny_sysctl", &grsec_enable_chroot_sysctl, sizeof (int),
11333 + 0600, NULL, &proc_dointvec},
11335 +#ifdef CONFIG_GRKERNSEC_TPE
11336 + {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),
11337 + 0600, NULL, &proc_dointvec},
11338 + {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),
11339 + 0600, NULL, &proc_dointvec},
11341 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
11342 + {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),
11343 + 0600, NULL, &proc_dointvec},
11345 +#ifdef CONFIG_GRKERNSEC_RANDPID
11346 + {GS_RANDPID, "rand_pids", &grsec_enable_randpid, sizeof (int),
11347 + 0600, NULL, &proc_dointvec},
11349 +#ifdef CONFIG_GRKERNSEC_RANDID
11350 + {GS_RANDID, "rand_ip_ids", &grsec_enable_randid, sizeof (int),
11351 + 0600, NULL, &proc_dointvec},
11353 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11354 + {GS_RANDSRC, "rand_tcp_src_ports", &grsec_enable_randsrc, sizeof (int),
11355 + 0600, NULL, &proc_dointvec},
11357 +#ifdef CONFIG_GRKERNSEC_RANDISN
11358 + {GS_RANDISN, "rand_isns", &grsec_enable_randisn, sizeof (int),
11359 + 0600, NULL, &proc_dointvec},
11361 +#ifdef CONFIG_GRKERNSEC_RANDPING
11362 + {GS_RANDPING, "altered_pings", &grsec_enable_randping, sizeof (int),
11363 + 0600, NULL, &proc_dointvec},
11365 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
11366 + {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),
11367 + 0600, NULL, &proc_dointvec},
11368 + {GS_SOCKET_ALL_GID, "socket_all_gid",
11369 + &grsec_socket_all_gid, sizeof (int),
11370 + 0600, NULL, &proc_dointvec},
11372 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
11373 + {GS_SOCKET_CLIENT, "socket_client",
11374 + &grsec_enable_socket_client, sizeof (int),
11375 + 0600, NULL, &proc_dointvec},
11376 + {GS_SOCKET_CLIENT_GID, "socket_client_gid",
11377 + &grsec_socket_client_gid, sizeof (int),
11378 + 0600, NULL, &proc_dointvec},
11380 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
11381 + {GS_SOCKET_SERVER, "socket_server",
11382 + &grsec_enable_socket_server, sizeof (int),
11383 + 0600, NULL, &proc_dointvec},
11384 + {GS_SOCKET_SERVER_GID, "socket_server_gid",
11385 + &grsec_socket_server_gid, sizeof (int),
11386 + 0600, NULL, &proc_dointvec},
11388 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
11389 + {GS_GROUP, "audit_group", &grsec_enable_group, sizeof (int),
11390 + 0600, NULL, &proc_dointvec},
11391 + {GS_GID, "audit_gid",
11392 + &grsec_audit_gid, sizeof (int),
11393 + 0600, NULL, &proc_dointvec},
11395 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
11396 + {GS_ACHDIR, "audit_chdir", &grsec_enable_chdir, sizeof (int),
11397 + 0600, NULL, &proc_dointvec},
11399 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
11400 + {GS_AMOUNT, "audit_mount", &grsec_enable_mount, sizeof (int),
11401 + 0600, NULL, &proc_dointvec},
11403 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
11404 + {GS_AIPC, "audit_ipc", &grsec_enable_audit_ipc, sizeof (int),
11405 + 0600, NULL, &proc_dointvec},
11407 +#ifdef CONFIG_GRKERNSEC_DMESG
11408 + {GS_AIPC, "dmesg", &grsec_enable_dmesg, sizeof (int),
11409 + 0600, NULL, &proc_dointvec},
11411 +#ifdef CONFIG_GRKERNSEC_RANDRPC
11412 + {GS_RANDRPC, "rand_rpc", &grsec_enable_randrpc, sizeof (int),
11413 + 0600, NULL, &proc_dointvec},
11415 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
11416 + {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
11417 + sizeof (int), 0600, NULL, &proc_dointvec},
11419 + {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
11425 static ctl_table vm_table[] = {
11426 {VM_BDFLUSH, "bdflush", &bdf_prm, 9*sizeof(int), 0644, NULL,
11427 @@ -395,6 +591,11 @@
11429 static inline int ctl_perm(ctl_table *table, int op)
11431 + if (gr_handle_sysctl_mod(table->de->parent->name, table->de->name, op))
11433 + if (gr_handle_chroot_sysctl(op))
11436 return test_perm(table->mode, op);
11439 @@ -428,6 +629,10 @@
11440 table = table->child;
11444 + if (!gr_handle_sysctl(table, oldval, newval))
11447 error = do_sysctl_strategy(table, name, nlen,
11449 newval, newlen, context);
11450 diff -urN linux-2.4.21/kernel/time.c linux-2.4.21/kernel/time.c
11451 --- linux-2.4.21/kernel/time.c 2003-06-23 11:41:31.000000000 -0400
11452 +++ linux-2.4.21/kernel/time.c 2003-06-23 11:49:17.000000000 -0400
11454 #include <linux/mm.h>
11455 #include <linux/timex.h>
11456 #include <linux/smp_lock.h>
11457 +#include <linux/grsecurity.h>
11459 #include <asm/uaccess.h>
11462 time_maxerror = NTP_PHASE_LIMIT;
11463 time_esterror = NTP_PHASE_LIMIT;
11464 write_unlock_irq(&xtime_lock);
11466 + gr_log_timechange();
11471 @@ -167,6 +171,8 @@
11472 * globally block out interrupts when it runs.
11474 do_settimeofday(tv);
11476 + gr_log_timechange();
11480 diff -urN linux-2.4.21/kernel/timer.c linux-2.4.21/kernel/timer.c
11481 --- linux-2.4.21/kernel/timer.c 2003-06-23 11:41:31.000000000 -0400
11482 +++ linux-2.4.21/kernel/timer.c 2003-06-23 11:49:17.000000000 -0400
11483 @@ -541,6 +541,9 @@
11485 psecs = (p->times.tms_utime += user);
11486 psecs += (p->times.tms_stime += system);
11488 + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ);
11490 if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
11491 /* Send SIGXCPU every second.. */
11493 diff -urN linux-2.4.21/mm/filemap.c linux-2.4.21/mm/filemap.c
11494 --- linux-2.4.21/mm/filemap.c 2003-06-23 11:41:31.000000000 -0400
11495 +++ linux-2.4.21/mm/filemap.c 2003-06-23 11:49:17.000000000 -0400
11496 @@ -2501,6 +2507,7 @@
11498 rlim_rss = current->rlim ? current->rlim[RLIMIT_RSS].rlim_cur :
11499 LONG_MAX; /* default: see resource.h */
11500 + gr_learn_resource(current, RLIMIT_RSS, vma->vm_mm->rss + (end - start));
11501 if ((vma->vm_mm->rss + (end - start)) > rlim_rss)
11504 @@ -3004,6 +3011,7 @@
11507 if (!S_ISBLK(inode->i_mode) && limit != RLIM_INFINITY) {
11508 + gr_learn_resource(current, RLIMIT_FSIZE, pos);
11509 if (pos >= limit) {
11510 send_sig(SIGXFSZ, current, 0);
11512 @@ -3039,6 +3047,7 @@
11515 if (!S_ISBLK(inode->i_mode)) {
11516 + gr_learn_resource(current, RLIMIT_FSIZE, count + (u32)pos);
11517 if (pos >= inode->i_sb->s_maxbytes)
11519 if (count || pos > inode->i_sb->s_maxbytes) {
11520 diff -urN linux-2.4.21/mm/memory.c linux-2.4.21/mm/memory.c
11521 --- linux-2.4.21/mm/memory.c 2003-06-23 11:41:31.000000000 -0400
11522 +++ linux-2.4.21/mm/memory.c 2003-06-23 11:49:17.000000000 -0400
11523 @@ -1065,6 +1129,7 @@
11526 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
11527 + gr_learn_resource(current, RLIMIT_FSIZE, offset);
11528 if (limit != RLIM_INFINITY && offset > limit)
11530 if (offset > inode->i_sb->s_maxbytes)
11531 diff -urN linux-2.4.21/mm/mlock.c linux-2.4.21/mm/mlock.c
11532 --- linux-2.4.21/mm/mlock.c 2003-06-23 11:41:31.000000000 -0400
11533 +++ linux-2.4.21/mm/mlock.c 2003-06-23 11:49:17.000000000 -0400
11534 @@ -209,6 +235,7 @@
11535 lock_limit >>= PAGE_SHIFT;
11537 /* check against resource limits */
11538 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11539 if (locked > lock_limit)
11542 @@ -276,6 +303,7 @@
11543 lock_limit >>= PAGE_SHIFT;
11546 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm);
11547 if (current->mm->total_vm > lock_limit)
11550 diff -urN linux-2.4.21/mm/mmap.c linux-2.4.21/mm/mmap.c
11551 --- linux-2.4.21/mm/mmap.c 2003-06-23 11:41:31.000000000 -0400
11552 +++ linux-2.4.21/mm/mmap.c 2003-06-23 11:49:17.000000000 -0400
11554 #include <linux/file.h>
11555 #include <linux/fs.h>
11556 #include <linux/personality.h>
11557 +#include <linux/random.h>
11558 +#include <linux/grsecurity.h>
11560 #include <asm/uaccess.h>
11561 #include <asm/pgalloc.h>
11562 @@ -168,6 +170,7 @@
11564 /* Check against rlimit.. */
11565 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
11566 + gr_learn_resource(current, RLIMIT_DATA, brk - mm->start_data);
11567 if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
11570 @@ -432,6 +462,7 @@
11571 if (vm_flags & VM_LOCKED) {
11572 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
11574 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11575 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11578 @@ -480,6 +532,9 @@
11582 + if (!gr_acl_handle_mmap(file, prot))
11585 /* Clear old maps */
11587 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
11588 @@ -490,6 +545,7 @@
11591 /* Check against address space limit. */
11592 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len);
11593 if ((mm->total_vm << PAGE_SHIFT) + len
11594 > current->rlim[RLIMIT_AS].rlim_cur)
11596 @@ -1047,6 +1255,7 @@
11597 if (mm->def_flags & VM_LOCKED) {
11598 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
11600 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11601 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11604 @@ -1063,6 +1272,7 @@
11607 /* Check against address space limits *after* clearing old maps... */
11608 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len);
11609 if ((mm->total_vm << PAGE_SHIFT) + len
11610 > current->rlim[RLIMIT_AS].rlim_cur)
11612 diff -urN linux-2.4.21/mm/mprotect.c linux-2.4.21/mm/mprotect.c
11613 --- linux-2.4.21/mm/mprotect.c 2003-06-23 11:41:31.000000000 -0400
11614 +++ linux-2.4.21/mm/mprotect.c 2003-06-23 11:49:17.000000000 -0400
11616 #include <linux/smp_lock.h>
11617 #include <linux/shm.h>
11618 #include <linux/mman.h>
11619 +#include <linux/grsecurity.h>
11621 #include <asm/uaccess.h>
11622 #include <asm/pgalloc.h>
11623 @@ -288,6 +392,11 @@
11624 if (!vma || vma->vm_start > start)
11627 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
11632 for (nstart = start ; ; ) {
11633 unsigned int newflags;
11635 diff -urN linux-2.4.21/mm/mremap.c linux-2.4.21/mm/mremap.c
11636 --- linux-2.4.21/mm/mremap.c 2003-06-23 11:41:31.000000000 -0400
11637 +++ linux-2.4.21/mm/mremap.c 2003-06-23 11:49:17.000000000 -0400
11638 @@ -278,10 +301,13 @@
11639 unsigned long locked = current->mm->locked_vm << PAGE_SHIFT;
11640 locked += new_len - old_len;
11642 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11643 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11648 + gr_learn_resource(current, RLIMIT_AS, (current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len));
11649 if ((current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len)
11650 > current->rlim[RLIMIT_AS].rlim_cur)
11652 diff -urN linux-2.4.21/mm/shmem.c linux-2.4.21/mm/shmem.c
11653 --- linux-2.4.21/mm/shmem.c 2003-06-23 11:41:31.000000000 -0400
11654 +++ linux-2.4.21/mm/shmem.c 2003-06-23 11:49:17.000000000 -0400
11655 @@ -822,6 +822,8 @@
11658 if (limit != RLIM_INFINITY) {
11659 + gr_learn_resource(current, RLIMIT_FSIZE, pos);
11661 if (pos >= limit) {
11662 send_sig(SIGXFSZ, current, 0);
11664 diff -urN linux-2.4.21/net/ipv4/af_inet.c linux-2.4.21/net/ipv4/af_inet.c
11665 --- linux-2.4.21/net/ipv4/af_inet.c 2003-06-23 11:41:55.000000000 -0400
11666 +++ linux-2.4.21/net/ipv4/af_inet.c 2003-06-23 11:49:17.000000000 -0400
11668 #include <linux/init.h>
11669 #include <linux/poll.h>
11670 #include <linux/netfilter_ipv4.h>
11671 +#include <linux/grsecurity.h>
11673 #include <asm/uaccess.h>
11674 #include <asm/system.h>
11675 @@ -374,7 +375,12 @@
11677 sk->protinfo.af_inet.pmtudisc = IP_PMTUDISC_WANT;
11679 - sk->protinfo.af_inet.id = 0;
11680 +#ifdef CONFIG_GRKERNSEC_RANDID
11681 + if(grsec_enable_randid)
11682 + sk->protinfo.af_inet.id = htons(ip_randomid());
11685 + sk->protinfo.af_inet.id = 0;
11687 sock_init_data(sock,sk);
11689 diff -urN linux-2.4.21/net/ipv4/icmp.c linux-2.4.21/net/ipv4/icmp.c
11690 --- linux-2.4.21/net/ipv4/icmp.c 2003-06-23 11:41:55.000000000 -0400
11691 +++ linux-2.4.21/net/ipv4/icmp.c 2003-06-23 11:49:17.000000000 -0400
11693 #include <linux/errno.h>
11694 #include <linux/timer.h>
11695 #include <linux/init.h>
11696 +#include <linux/grsecurity.h>
11698 #include <asm/system.h>
11699 #include <asm/uaccess.h>
11700 #include <net/checksum.h>
11701 @@ -712,6 +714,12 @@
11703 icmp_param.data.icmph=*skb->h.icmph;
11704 icmp_param.data.icmph.type=ICMP_ECHOREPLY;
11706 +#ifdef CONFIG_GRKERNSEC_RANDPING
11707 + if(grsec_enable_randping)
11708 + icmp_param.data.icmph.un.echo.id = skb->h.icmph->un.echo.id;
11711 icmp_param.skb=skb;
11712 icmp_param.offset=0;
11713 icmp_param.data_len=skb->len;
11714 diff -urN linux-2.4.21/net/ipv4/ip_output.c linux-2.4.21/net/ipv4/ip_output.c
11715 --- linux-2.4.21/net/ipv4/ip_output.c 2003-06-23 11:41:55.000000000 -0400
11716 +++ linux-2.4.21/net/ipv4/ip_output.c 2003-06-23 11:49:17.000000000 -0400
11718 #include <linux/netfilter_ipv4.h>
11719 #include <linux/mroute.h>
11720 #include <linux/netlink.h>
11721 +#include <linux/grsecurity.h>
11724 * Shall we try to damage output packets if routing dev changes?
11725 @@ -511,7 +512,13 @@
11726 * Begin outputting the bytes.
11729 - id = sk->protinfo.af_inet.id++;
11730 +#ifdef CONFIG_GRKERNSEC_RANDID
11731 + if(grsec_enable_randid) {
11732 + id = htons(ip_randomid());
11733 + sk->protinfo.af_inet.id = htons(ip_randomid());
11736 + id = sk->protinfo.af_inet.id++;
11740 diff -urN linux-2.4.21/net/ipv4/netfilter/Config.in linux-2.4.21/net/ipv4/netfilter/Config.in
11741 --- linux-2.4.21/net/ipv4/netfilter/Config.in 2003-06-23 11:41:55.000000000 -0400
11742 +++ linux-2.4.21/net/ipv4/netfilter/Config.in 2003-06-23 11:49:17.000000000 -0400
11744 dep_tristate ' address type match support' CONFIG_IP_NF_MATCH_ADDRTYPE $CONFIG_IP_NF_IPTABLES
11745 dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
11746 dep_tristate ' realm match support' CONFIG_IP_NF_MATCH_REALM $CONFIG_IP_NF_IPTABLES
11747 + dep_tristate ' stealth match support' CONFIG_IP_NF_MATCH_STEALTH $CONFIG_IP_NF_IPTABLES
11748 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
11749 dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
11751 diff -urN linux-2.4.21/net/ipv4/netfilter/Makefile linux-2.4.21/net/ipv4/netfilter/Makefile
11752 --- linux-2.4.21/net/ipv4/netfilter/Makefile 2003-06-23 11:41:55.000000000 -0400
11753 +++ linux-2.4.21/net/ipv4/netfilter/Makefile 2003-06-23 11:49:17.000000000 -0400
11755 obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o
11756 obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o
11757 obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
11758 +obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o
11759 obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
11760 obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o
11762 diff -urN linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c
11763 --- linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c 1969-12-31 19:00:00.000000000 -0500
11764 +++ linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c 2003-06-23 11:49:17.000000000 -0400
11766 +/* Kernel module to add stealth support.
11768 + * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net>
11772 +#include <linux/kernel.h>
11773 +#include <linux/module.h>
11774 +#include <linux/skbuff.h>
11775 +#include <linux/net.h>
11776 +#include <linux/sched.h>
11777 +#include <linux/inet.h>
11778 +#include <linux/stddef.h>
11780 +#include <net/ip.h>
11781 +#include <net/sock.h>
11782 +#include <net/tcp.h>
11783 +#include <net/udp.h>
11784 +#include <net/route.h>
11785 +#include <net/inet_common.h>
11787 +#include <linux/netfilter_ipv4/ip_tables.h>
11789 +MODULE_LICENSE("GPL");
11791 +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif);
11794 +match(const struct sk_buff *skb,
11795 + const struct net_device *in,
11796 + const struct net_device *out,
11797 + const void *matchinfo,
11800 + u_int16_t datalen,
11803 + struct iphdr *ip = skb->nh.iph;
11804 + struct tcphdr *th = (struct tcphdr *) hdr;
11805 + struct udphdr *uh = (struct udphdr *) hdr;
11806 + struct sock *sk = NULL;
11808 + if (!ip || !hdr || offset) return 0;
11810 + switch(ip->protocol) {
11811 + case IPPROTO_TCP:
11812 + if (datalen < sizeof(struct tcphdr)) {
11816 + if (!(th->syn && !th->ack)) return 0;
11817 + sk = tcp_v4_lookup_listener(ip->daddr, ntohs(th->dest), ((struct rtable*)skb->dst)->rt_iif);
11819 + case IPPROTO_UDP:
11820 + if (datalen < sizeof(struct udphdr)) {
11824 + sk = udp_v4_lookup(ip->saddr, uh->source, ip->daddr, uh->dest, skb->dev->ifindex);
11830 + if(!sk) // port is being listened on, match this
11838 +/* Called when user tries to insert an entry of this type. */
11840 +checkentry(const char *tablename,
11841 + const struct ipt_ip *ip,
11843 + unsigned int matchsize,
11844 + unsigned int hook_mask)
11846 + if (matchsize != IPT_ALIGN(0))
11849 + if(((ip->proto == IPPROTO_TCP && !(ip->invflags & IPT_INV_PROTO)) ||
11850 + ((ip->proto == IPPROTO_UDP) && !(ip->invflags & IPT_INV_PROTO)))
11851 + && (hook_mask & (1 << NF_IP_LOCAL_IN)))
11854 + printk("stealth: Only works on TCP and UDP for the INPUT chain.\n");
11860 +static struct ipt_match stealth_match
11861 += { { NULL, NULL }, "stealth", &match, &checkentry, NULL, THIS_MODULE };
11863 +static int __init init(void)
11865 + return ipt_register_match(&stealth_match);
11868 +static void __exit fini(void)
11870 + ipt_unregister_match(&stealth_match);
11873 +module_init(init);
11874 +module_exit(fini);
11875 diff -urN linux-2.4.21/net/ipv4/tcp_ipv4.c linux-2.4.21/net/ipv4/tcp_ipv4.c
11876 --- linux-2.4.21/net/ipv4/tcp_ipv4.c 2003-06-23 11:41:55.000000000 -0400
11877 +++ linux-2.4.21/net/ipv4/tcp_ipv4.c 2003-06-23 11:49:17.000000000 -0400
11879 #include <linux/inet.h>
11880 #include <linux/stddef.h>
11881 #include <linux/ipsec.h>
11882 +#include <linux/grsecurity.h>
11884 extern int sysctl_ip_dynaddr;
11885 extern int sysctl_ip_default_ttl;
11886 @@ -221,9 +222,18 @@
11888 spin_lock(&tcp_portalloc_lock);
11889 rover = tcp_port_rover;
11891 - if ((rover < low) || (rover > high))
11894 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11895 + if (grsec_enable_randsrc && (high > low)) {
11896 + rover = low + (arc4random() % (high - low));
11901 + if ((rover < low) || (rover > high))
11905 head = &tcp_bhash[tcp_bhashfn(rover)];
11906 spin_lock(&head->lock);
11907 for (tb = head->chain; tb; tb = tb->next)
11908 @@ -546,6 +556,11 @@
11910 static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb)
11912 +#ifdef CONFIG_GRKERNSEC_RANDISN
11913 + if (likely(grsec_enable_randisn))
11914 + return ip_randomisn();
11917 return secure_tcp_sequence_number(skb->nh.iph->daddr,
11918 skb->nh.iph->saddr,
11920 @@ -681,9 +696,16 @@
11921 rover = tcp_port_rover;
11925 - if ((rover < low) || (rover > high))
11927 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11928 + if(grsec_enable_randsrc && (high > low)) {
11929 + rover = low + (arc4random() % (high - low));
11934 + if ((rover < low) || (rover > high))
11937 head = &tcp_bhash[tcp_bhashfn(rover)];
11938 spin_lock(&head->lock);
11940 @@ -844,11 +866,22 @@
11944 - if (!tp->write_seq)
11945 + if (!tp->write_seq) {
11946 +#ifdef CONFIG_GRKERNSEC_RANDISN
11947 + if (likely(grsec_enable_randisn))
11948 + tp->write_seq = ip_randomisn();
11951 tp->write_seq = secure_tcp_sequence_number(sk->saddr, sk->daddr,
11952 sk->sport, usin->sin_port);
11955 - sk->protinfo.af_inet.id = tp->write_seq^jiffies;
11956 +#ifdef CONFIG_GRKERNSEC_RANDID
11957 + if(grsec_enable_randid)
11958 + sk->protinfo.af_inet.id = htons(ip_randomid());
11961 + sk->protinfo.af_inet.id = tp->write_seq^jiffies;
11963 err = tcp_connect(sk);
11965 @@ -1570,7 +1603,13 @@
11966 newtp->ext_header_len = 0;
11967 if (newsk->protinfo.af_inet.opt)
11968 newtp->ext_header_len = newsk->protinfo.af_inet.opt->optlen;
11969 - newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
11971 +#ifdef CONFIG_GRKERNSEC_RANDID
11972 + if(grsec_enable_randid)
11973 + newsk->protinfo.af_inet.id = htons(ip_randomid());
11976 + newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
11978 tcp_sync_mss(newsk, dst->pmtu);
11979 newtp->advmss = dst->advmss;
11980 diff -urN linux-2.4.21/net/ipv4/udp.c linux-2.4.21/net/ipv4/udp.c
11981 --- linux-2.4.21/net/ipv4/udp.c 2003-06-23 11:41:55.000000000 -0400
11982 +++ linux-2.4.21/net/ipv4/udp.c 2003-06-23 11:49:17.000000000 -0400
11984 #include <net/ipv6.h>
11985 #include <net/protocol.h>
11986 #include <linux/skbuff.h>
11987 +#include <linux/grsecurity.h>
11988 #include <net/sock.h>
11989 #include <net/udp.h>
11990 #include <net/icmp.h>
11992 #include <net/inet_common.h>
11993 #include <net/checksum.h>
11995 +extern int gr_search_udp_recvmsg(const struct sock *sk,
11996 + const struct sk_buff *skb);
11997 +extern int gr_search_udp_sendmsg(const struct sock *sk,
11998 + const struct sockaddr_in *addr);
12001 * Snmp MIB for the UDP layer
12003 @@ -474,9 +480,16 @@
12004 ufh.uh.dest = usin->sin_port;
12005 if (ufh.uh.dest == 0)
12008 + if (!gr_search_udp_sendmsg(sk, usin))
12011 if (sk->state != TCP_ESTABLISHED)
12014 + if (!gr_search_udp_sendmsg(sk, NULL))
12017 ufh.daddr = sk->daddr;
12018 ufh.uh.dest = sk->dport;
12019 /* Open fast path for connected socket.
12020 @@ -484,6 +497,7 @@
12025 ipc.addr = sk->saddr;
12026 ufh.uh.source = sk->sport;
12028 @@ -655,6 +669,11 @@
12032 + if (!gr_search_udp_recvmsg(sk, skb)) {
12037 copied = skb->len - sizeof(struct udphdr);
12038 if (copied > len) {
12040 @@ -759,7 +778,13 @@
12041 sk->daddr = rt->rt_dst;
12042 sk->dport = usin->sin_port;
12043 sk->state = TCP_ESTABLISHED;
12044 - sk->protinfo.af_inet.id = jiffies;
12046 +#ifdef CONFIG_GRKERNSEC_RANDID
12047 + if(grsec_enable_randid)
12048 + sk->protinfo.af_inet.id = htons(ip_randomid());
12051 + sk->protinfo.af_inet.id = jiffies;
12053 sk_dst_set(sk, &rt->u.dst);
12055 diff -urN linux-2.4.21/net/netlink/af_netlink.c linux-2.4.21/net/netlink/af_netlink.c
12056 --- linux-2.4.21/net/netlink/af_netlink.c 2003-06-23 11:41:58.000000000 -0400
12057 +++ linux-2.4.21/net/netlink/af_netlink.c 2003-06-23 11:49:17.000000000 -0400
12059 #include <linux/proc_fs.h>
12060 #include <linux/smp_lock.h>
12061 #include <linux/notifier.h>
12062 +#include <linux/grsecurity.h>
12063 #include <net/sock.h>
12064 #include <net/scm.h>
12066 @@ -620,7 +621,8 @@
12067 check them, when this message will be delivered
12068 to corresponding kernel module. --ANK (980802)
12070 - NETLINK_CB(skb).eff_cap = current->cap_effective;
12072 + NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink();
12075 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
12076 diff -urN linux-2.4.21/net/netsyms.c linux-2.4.21/net/netsyms.c
12077 --- linux-2.4.21/net/netsyms.c 2003-06-23 11:41:53.000000000 -0400
12078 +++ linux-2.4.21/net/netsyms.c 2003-06-23 11:49:17.000000000 -0400
12080 #include <net/checksum.h>
12081 #include <linux/etherdevice.h>
12082 #include <net/route.h>
12083 +#include <linux/grsecurity.h>
12084 #ifdef CONFIG_HIPPI
12085 #include <linux/hippidevice.h>
12087 @@ -598,6 +599,47 @@
12089 EXPORT_SYMBOL(softnet_data);
12091 +#if defined(CONFIG_IP_NF_MATCH_STEALTH_MODULE)
12092 +#if !defined (CONFIG_IPV6_MODULE) && !defined (CONFIG_KHTTPD) && !defined (CONFIG_KHTTPD_MODULE)
12093 +EXPORT_SYMBOL(tcp_v4_lookup_listener);
12097 +#if defined(CONFIG_GRKERNSEC_RANDID)
12098 +EXPORT_SYMBOL(ip_randomid);
12100 +#if defined(CONFIG_GRKERNSEC_RANDSRC) || defined(CONFIG_GRKERNSEC_RANDRPC)
12101 +EXPORT_SYMBOL(arc4random);
12103 +#ifdef CONFIG_GRKERNSEC_RANDISN
12104 +EXPORT_SYMBOL(ip_randomisn);
12105 +EXPORT_SYMBOL(grsec_enable_randisn);
12107 +#ifdef CONFIG_GRKERNSEC_RANDID
12108 +EXPORT_SYMBOL(grsec_enable_randid);
12110 +#ifdef CONFIG_GRKERNSEC_RANDSRC
12111 +EXPORT_SYMBOL(grsec_enable_randsrc);
12113 +#ifdef CONFIG_GRKERNSEC_RANDRPC
12114 +EXPORT_SYMBOL(grsec_enable_randrpc);
12117 +EXPORT_SYMBOL(gr_cap_rtnetlink);
12119 +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
12120 +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
12122 +EXPORT_SYMBOL(gr_search_udp_recvmsg);
12123 +EXPORT_SYMBOL(gr_search_udp_sendmsg);
12125 +#ifdef CONFIG_UNIX_MODULE
12126 +EXPORT_SYMBOL(gr_acl_handle_unix);
12127 +EXPORT_SYMBOL(gr_acl_handle_mknod);
12128 +EXPORT_SYMBOL(gr_handle_chroot_unix);
12129 +EXPORT_SYMBOL(gr_handle_create);
12132 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
12133 #include <net/iw_handler.h>
12134 EXPORT_SYMBOL(wireless_send_event);
12135 diff -urN linux-2.4.21/net/socket.c linux-2.4.21/net/socket.c
12136 --- linux-2.4.21/net/socket.c 2003-06-23 11:41:53.000000000 -0400
12137 +++ linux-2.4.21/net/socket.c 2003-06-23 11:49:17.000000000 -0400
12139 #include <net/scm.h>
12140 #include <linux/netfilter.h>
12142 +extern void gr_attach_curr_ip(const struct sock *sk);
12143 +extern int gr_handle_sock_all(const int family, const int type,
12144 + const int protocol);
12145 +extern int gr_handle_sock_server(const struct sockaddr *sck);
12146 +extern int gr_handle_sock_client(const struct sockaddr *sck);
12147 +extern int gr_search_connect(const struct socket * sock,
12148 + const struct sockaddr_in * addr);
12149 +extern int gr_search_bind(const struct socket * sock,
12150 + const struct sockaddr_in * addr);
12151 +extern int gr_search_socket(const int domain, const int type,
12152 + const int protocol);
12154 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
12155 static ssize_t sock_read(struct file *file, char *buf,
12156 size_t size, loff_t *ppos);
12157 @@ -699,6 +711,7 @@
12159 int sock_close(struct inode *inode, struct file *filp)
12161 + struct socket *sock;
12163 * It was possible the inode is NULL we were
12164 * closing an unfinished socket.
12165 @@ -709,8 +722,21 @@
12166 printk(KERN_DEBUG "sock_close: NULL inode\n");
12169 + sock = socki_lookup(inode);
12171 sock_fasync(-1, filp, 0);
12173 +#ifdef CONFIG_GRKERNSEC
12174 + if (unlikely(current->used_accept && sock->sk &&
12175 + (sock->sk->protocol == IPPROTO_TCP) &&
12176 + (sock->sk->daddr == current->curr_ip))) {
12177 + current->used_accept = 0;
12178 + current->curr_ip = 0;
12182 sock_release(socki_lookup(inode));
12187 @@ -903,6 +929,16 @@
12189 struct socket *sock;
12191 + if(!gr_search_socket(family, type, protocol)) {
12192 + retval = -EACCES;
12196 + if (gr_handle_sock_all(family, type, protocol)) {
12197 + retval = -EACCES;
12201 retval = sock_create(family, type, protocol, &sock);
12204 @@ -998,12 +1034,26 @@
12206 struct socket *sock;
12207 char address[MAX_SOCK_ADDR];
12208 + struct sockaddr * sck;
12211 if((sock = sockfd_lookup(fd,&err))!=NULL)
12213 - if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
12214 + if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
12215 + sck = (struct sockaddr *) address;
12217 + if(!gr_search_bind(sock, (struct sockaddr_in *) sck)) {
12218 + sockfd_put(sock);
12222 + if (gr_handle_sock_server(sck)) {
12223 + sockfd_put(sock);
12227 err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
12232 @@ -1079,6 +1129,8 @@
12233 if ((err = sock_map_fd(newsock)) < 0)
12236 + gr_attach_curr_ip(newsock->sk);
12241 @@ -1106,6 +1158,7 @@
12243 struct socket *sock;
12244 char address[MAX_SOCK_ADDR];
12245 + struct sockaddr * sck;
12248 sock = sockfd_lookup(fd, &err);
12249 @@ -1114,6 +1167,24 @@
12250 err = move_addr_to_kernel(uservaddr, addrlen, address);
12254 + sck = (struct sockaddr *) address;
12256 + if (!gr_search_connect(sock, (struct sockaddr_in *) sck)) {
12261 + if (gr_handle_sock_client(sck)) {
12266 +#ifdef CONFIG_GRKERNSEC
12267 + if (sock->sk->protocol == IPPROTO_TCP)
12268 + current->used_connect = 1;
12271 err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
12272 sock->file->f_flags);
12274 @@ -1333,6 +1404,14 @@
12275 err=sock->ops->shutdown(sock, how);
12279 +#ifdef CONFIG_GRKERNSEC
12280 + if (likely(!err && current->used_accept)) {
12281 + current->used_accept = 0;
12282 + current->curr_ip = 0;
12289 diff -urN linux-2.4.21/net/sunrpc/xprt.c linux-2.4.21/net/sunrpc/xprt.c
12290 --- linux-2.4.21/net/sunrpc/xprt.c 2003-06-23 11:41:57.000000000 -0400
12291 +++ linux-2.4.21/net/sunrpc/xprt.c 2003-06-23 11:49:17.000000000 -0400
12293 #include <linux/unistd.h>
12294 #include <linux/sunrpc/clnt.h>
12295 #include <linux/file.h>
12296 +#include <linux/grsecurity.h>
12298 #include <net/sock.h>
12299 #include <net/checksum.h>
12300 @@ -1267,6 +1268,12 @@
12303 spin_unlock(&xid_lock);
12305 +#ifdef CONFIG_GRKERNSEC_RANDRPC
12306 + if (grsec_enable_randrpc)
12307 + ret = arc4random();
12313 diff -urN linux-2.4.21/net/unix/af_unix.c linux-2.4.21/net/unix/af_unix.c
12314 --- linux-2.4.21/net/unix/af_unix.c 2003-06-23 11:41:53.000000000 -0400
12315 +++ linux-2.4.21/net/unix/af_unix.c 2003-06-23 11:49:18.000000000 -0400
12316 @@ -109,6 +109,7 @@
12317 #include <linux/poll.h>
12318 #include <linux/smp_lock.h>
12319 #include <linux/rtnetlink.h>
12320 +#include <linux/grsecurity.h>
12322 #include <asm/checksum.h>
12324 @@ -599,6 +600,11 @@
12328 + if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) {
12333 err = -ECONNREFUSED;
12334 if (!S_ISSOCK(nd.dentry->d_inode->i_mode))
12336 @@ -622,6 +628,13 @@
12338 struct dentry *dentry;
12339 dentry = u->protinfo.af_unix.dentry;
12341 + if (!gr_handle_chroot_unix(u->peercred.pid)) {
12348 UPDATE_ATIME(dentry->d_inode);
12350 @@ -720,9 +733,19 @@
12351 * All right, let's create it.
12353 mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
12355 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
12357 + goto out_mknod_dput;
12360 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
12363 goto out_mknod_dput;
12365 + gr_handle_create(dentry, nd.mnt);
12367 up(&nd.dentry->d_inode->i_sem);
12369 nd.dentry = dentry;
12370 @@ -740,6 +763,10 @@
12374 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
12375 + sk->peercred.pid = current->pid;
12378 list = &unix_socket_table[addr->hash];
12380 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
12381 @@ -866,6 +893,9 @@
12385 +#ifdef CONFIG_GRKERNSEC
12386 + struct task_struct *p, **htable;
12389 err = unix_mkname(sunaddr, addr_len, &hash);
12391 @@ -989,6 +1019,17 @@
12392 /* Set credentials */
12393 sk->peercred = other->peercred;
12395 +#ifdef CONFIG_GRKERNSEC
12396 + read_lock(&tasklist_lock);
12397 + htable = &pidhash[pid_hashfn(other->peercred.pid)];
12398 + for (p = *htable; p && p->pid != other->peercred.pid; p = p->pidhash_next);
12400 + p->curr_ip = current->curr_ip;
12401 + p->used_accept = 1;
12403 + read_unlock(&tasklist_lock);
12407 unix_peer(sk)=newsk;
12408 sock->state=SS_CONNECTED;