1 diff -urN linux-2.4.21/Documentation/Configure.help linux-2.4.21/Documentation/Configure.help
2 --- linux-2.4.21/Documentation/Configure.help 2003-06-23 11:42:34.000000000 -0400
3 +++ linux-2.4.21/Documentation/Configure.help 2003-06-23 11:49:15.000000000 -0400
5 If you want to compile it as a module, say M here and read
6 Documentation/modules.txt. If unsure, say `N'.
8 +stealth networking support
9 +CONFIG_IP_NF_MATCH_STEALTH
10 + Enabling this option will drop all syn packets coming to unserved tcp
11 + ports as well as all packets coming to unserved udp ports. If you
12 + are using your system to route any type of packets (ie. via NAT)
13 + you should put this module at the end of your ruleset, since it will
14 + drop packets that aren't going to ports that are listening on your
15 + machine itself, it doesn't take into account that the packet might be
16 + destined for someone on your internal network if you're using NAT for
19 + If you want to compile it as a module, say M here and read
20 + Documentation/modules.txt. If unsure, say `N'.
22 MAC address match support
23 CONFIG_IP_NF_MATCH_MAC
24 MAC matching allows you to match packets based on the source
25 @@ -21729,6 +21743,612 @@
27 "Area6" will work for most boards. For ADX, select "Area5".
31 + If you say Y here, you will be able to configure many features that
32 + will enhance the security of your system. It is highly recommended
33 + that you say Y here and read through the help for each option so
34 + you fully understand the features and can evaluate their usefulness
37 +Additional security levels
40 + Low additional security
41 + -----------------------------------------------------------------------
42 + If you choose this option, several of the grsecurity options will
43 + be enabled that will give you greater protection against a number
44 + of attacks, while assuring that none of your software will have any
45 + conflicts with the additional security measures. If you run a lot of
46 + unusual software, or you are having problems with the higher security
47 + levels, you should say Y here. With this option, the following features
50 + linking restrictions
53 + enforcing nproc on execve()
56 + enforced chdir("/") on chroot
58 + Medium additional security
59 + -----------------------------------------------------------------------
60 + If you say Y here, several features in addition to those included in the
61 + low additional security level will be enabled. These features provide
62 + even more security to your system, though in rare cases they may
63 + be incompatible with very old or poorly written software. If you
64 + enable this option, make sure that your auth service (identd) is
65 + running as gid 10 (usually group wheel). With this option the following
66 + features (in addition to those provided in the low additional security
67 + level) will be enabled:
69 + random tcp source ports
74 + deny mounts in chroot
75 + deny double chrooting
76 + deny sysctl writes in chroot
77 + deny mknod in chroot
78 + deny access to abstract AF_UNIX sockets out of chroot
79 + deny pivot_root in chroot
80 + denied writes of /dev/kmem, /dev/mem, and /dev/port
81 + /proc restrictions with special gid set to 10 (usually wheel)
82 + address space layout randomization
84 + High additional security
85 + ----------------------------------------------------------------------
86 + If you say Y here, many of the features of grsecurity will be enabled,
87 + that will protect you against virtually all kinds of attacks against
88 + your system. The much hightened security comes at a cost of an
89 + increased chance of incompatabilities with rare software on your
90 + machine. It is highly recommended that you view
91 + <http://grsecurity.net/features.htm> and read about each option.
92 + Also remember that since the /proc restrictions are
93 + enabled, you must run your identd as group wheel (gid 10).
94 + This security level enables the following features in addition to those
95 + listed in the low and medium security levels:
97 + additional /proc restrictions
98 + chmod restrictions in chroot
99 + no signals, ptrace, or viewing processes outside of chroot
100 + capability restrictions in chroot
101 + deny fchdir out of chroot
102 + priority restrictions in chroot
103 + mprotect restrictions
104 + removal of /proc/<pid>/[maps|mem]
105 + kernel stack randomization
106 + mount/unmount/remount logging
107 + kernel symbol hiding
109 +Customized additional security
110 +CONFIG_GRKERNSEC_CUSTOM
111 + If you say Y here, you will be able to configure every grsecurity
112 + option, which allows you to enable many more features that aren't
113 + covered in the basic security levels. These additional features include
114 + TPE, socket restrictions, and the sysctl system for grsecurity. It is
115 + advised that you read through the help for each option to determine its
116 + usefulness in your situation.
118 +Deny writing to /dev/kmem, /dev/mem, and /dev/port
119 +CONFIG_GRKERNSEC_KMEM
120 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
121 + be written to via mmap or otherwise to modify the running kernel.
122 + /dev/port will also not be allowed to be opened. If you have module
123 + support disabled, enabling this will close up four ways that are
124 + currently used to insert malicious code into the running kernel.
125 + Even with all these features enabled, we still highly recommend that
126 + you use the ACL system, as it is still possible for an attacker to
127 + modify the running kernel through privileged I/O granted by ioperm/iopl.
128 + If you are not using XFree86, you may be able to stop this additional
129 + case by enabling the 'Disable privileged I/O' option. Though nothing
130 + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
131 + but only to video memory, which is the only writing we allow in this
132 + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
133 + not be allowed to mprotect it with PROT_WRITE later.
134 + Enabling this feature could make certain apps like VMWare stop working,
135 + as they need to write to other locations in /dev/mem.
136 + There are a few video cards that require write access to the BIOS,
137 + one of which is the Savage. If you have this video card, you must say
138 + N here, or Xfree86 will not function.
139 + It is highly recommended that you say Y here if you meet all the
142 +Disable privileged I/O
144 + If you say Y here, all ioperm and iopl calls will return an error.
145 + Ioperm and iopl can be used to modify the running kernel.
146 + Unfortunately, some problems need this access to operate properly,
147 + the most notable of which are XFree86 and hwclock. hwclock can be
148 + remedied by having RTC support in the kernel, so CONFIG_RTC is
149 + enabled if this option is enabled, to ensure that hwclock operates
150 + correctly. XFree86 still will not operate correctly with this option
151 + enabled, so DO NOT CHOOSE Y IF YOU USE XFree86. If you use XFree86
152 + and you still want to protect your kernel against modification,
153 + use the ACL system.
156 +CONFIG_GRKERNSEC_HIDESYM
157 + If you say Y here, getting information on loaded modules, and
158 + displaying all kernel symbols through a syscall will be restricted
159 + to users with CAP_SYS_MODULE. This option is only effective
160 + provided the following conditions are met:
161 + 1) The kernel using grsecurity is not precompiled by some distribution
162 + 2) You are using the ACL system and hiding other files such as your
163 + kernel image and System.map
164 + 3) You have the additional /proc restrictions enabled, which removes
166 + If the above conditions are met, this option will aid to provide a
167 + useful protection against local and remote kernel exploitation of
168 + overflows and arbitrary read/write vulnerabilities.
170 +/proc/<pid>/ipaddr support
171 +CONFIG_GRKERNSEC_PROC_IPADDR
172 + If you say Y here, a new entry will be added to each /proc/<pid>
173 + directory that contains the IP address of the person using the task.
174 + The IP is carried across local TCP and AF_UNIX stream sockets.
175 + This information can be useful for IDS/IPSes to perform remote response
176 + to a local attack. The entry is readable by only the owner of the
177 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
178 + the RBAC system), and thus does not create privacy concerns.
181 +CONFIG_GRKERNSEC_PROC
182 + If you say Y here, the permissions of the /proc filesystem
183 + will be altered to enhance system security and privacy. Depending
184 + upon the options you choose, you can either restrict users to see
185 + only the processes they themselves run, or choose a group that can
186 + view all processes and files normally restricted to root if you choose
187 + the "restrict to user only" option. NOTE: If you're running identd as
188 + a non-root user, you will have to run it as the group you specify here.
190 +Restrict /proc to user only
191 +CONFIG_GRKERNSEC_PROC_USER
192 + If you say Y here, non-root users will only be able to view their own
193 + processes, and restricts them from viewing network-related information,
194 + and viewing kernel symbol and module information.
196 +Restrict /proc to user and group
197 +CONFIG_GRKERNSEC_PROC_USERGROUP
198 + If you say Y here, you will be able to select a group that will be
199 + able to view all processes, network-related information, and
200 + kernel and symbol information. This option is useful if you want
201 + to run identd as a non-root user.
203 +Additional proc restrictions
204 +CONFIG_GRKERNSEC_PROC_ADD
205 + If you say Y here, additional restrictions will be placed on
206 + /proc that keep normal users from viewing cpu and device information.
208 +Dmesg(8) Restriction
209 +CONFIG_GRKERNSEC_DMESG
210 + If you say Y here, non-root users will not be able to use dmesg(8)
211 + to view up to the last 4kb of messages in the kernel's log buffer.
212 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
215 +Linking restrictions
216 +CONFIG_GRKERNSEC_LINK
217 + If you say Y here, /tmp race exploits will be prevented, since users
218 + will no longer be able to follow symlinks owned by other users in
219 + world-writeable +t directories (i.e. /tmp), unless the owner of the
220 + symlink is the owner of the directory. users will also not be
221 + able to hardlink to files they do not own. If the sysctl option is
222 + enabled, a sysctl option with name "linking_restrictions" is created.
225 +CONFIG_GRKERNSEC_FIFO
226 + If you say Y here, users will not be able to write to FIFOs they don't
227 + own in world-writeable +t directories (i.e. /tmp), unless the owner of
228 + the FIFO is the same owner of the directory it's held in. If the sysctl
229 + option is enabled, a sysctl option with name "fifo_restrictions" is
232 +Enforce RLIMIT_NPROC on execs
233 +CONFIG_GRKERNSEC_EXECVE
234 + If you say Y here, users with a resource limit on processes will
235 + have the value checked during execve() calls. The current system
236 + only checks the system limit during fork() calls. If the sysctl option
237 + is enabled, a sysctl option with name "execve_limiting" is created.
239 +Single group for auditing
240 +CONFIG_GRKERNSEC_AUDIT_GROUP
241 + If you say Y here, the exec, chdir, (un)mount, and ipc logging features
242 + will only operate on a group you specify. This option is recommended
243 + if you only want to watch certain users instead of having a large
244 + amount of logs from the entire system. If the sysctl option is enabled,
245 + a sysctl option with name "audit_group" is created.
248 +CONFIG_GRKERNSEC_AUDIT_GID
249 + Here you can choose the GID that will be the target of kernel auditing.
250 + Remember to add the users you want to log to the GID specified here.
251 + If the sysctl option is enabled, whatever you choose here won't matter.
252 + You'll have to specify the GID in your bootup script by echoing the GID
253 + to the proper /proc entry. View the help on the sysctl option for more
254 + information. If the sysctl option is enabled, a sysctl option with name
255 + "audit_gid" is created.
258 +CONFIG_GRKERNSEC_AUDIT_CHDIR
259 + If you say Y here, all chdir() calls will be logged. If the sysctl
260 + option is enabled, a sysctl option with name "audit_chdir" is created.
263 +CONFIG_GRKERNSEC_AUDIT_MOUNT
264 + If you say Y here, all mounts and unmounts will be logged. If the
265 + sysctl option is enabled, a sysctl option with name "audit_mount" is
269 +CONFIG_GRKERNSEC_AUDIT_IPC
270 + If you say Y here, creation and removal of message queues, semaphores,
271 + and shared memory will be logged. If the sysctl option is enabled, a
272 + sysctl option with name "audit_ipc" is created.
275 +CONFIG_GRKERNSEC_EXECLOG
276 + If you say Y here, all execve() calls will be logged (since the
277 + other exec*() calls are frontends to execve(), all execution
278 + will be logged). Useful for shell-servers that like to keep track
279 + of their users. If the sysctl option is enabled, a sysctl option with
280 + name "exec_logging" is created.
281 + WARNING: This option when enabled will produce a LOT of logs, especially
282 + on an active system.
285 +CONFIG_GRKERNSEC_RESLOG
286 + If you say Y here, all attempts to overstep resource limits will
287 + be logged with the resource name, the requested size, and the current
288 + limit. It is highly recommended that you say Y here.
291 +CONFIG_GRKERNSEC_SIGNAL
292 + If you say Y here, certain important signals will be logged, such as
293 + SIGSEGV, which will as a result inform you of when a error in a program
294 + occurred, which in some cases could mean a possible exploit attempt.
295 + If the sysctl option is enabled, a sysctl option with name
296 + "signal_logging" is created.
298 +Fork failure logging
299 +CONFIG_GRKERNSEC_FORKFAIL
300 + If you say Y here, all failed fork() attempts will be logged.
301 + This could suggest a fork bomb, or someone attempting to overstep
302 + their process limit. If the sysctl option is enabled, a sysctl option
303 + with name "forkfail_logging" is created.
306 +CONFIG_GRKERNSEC_TIME
307 + If you say Y here, any changes of the system clock will be logged.
308 + If the sysctl option is enabled, a sysctl option with name
309 + "timechange_logging" is created.
311 +Chroot jail restrictions
312 +CONFIG_GRKERNSEC_CHROOT
313 + If you say Y here, you will be able to choose several options that will
314 + make breaking out of a chrooted jail much more difficult. If you
315 + encounter no software incompatibilities with the following options, it
316 + is recommended that you enable each one.
318 +Deny access to abstract AF_UNIX sockets out of chroot
319 +CONFIG_GRKERNSEC_CHROOT_UNIX
320 + If you say Y here, processes inside a chroot will not be able to
321 + connect to abstract (meaning not belonging to a filesystem) Unix
322 + domain sockets that were bound outside of a chroot. It is recommended
323 + that you say Y here. If the sysctl option is enabled, a sysctl option
324 + with name "chroot_deny_unix" is created.
326 +Deny shmat() out of chroot
327 +CONFIG_GRKERNSEC_CHROOT_SHMAT
328 + If you say Y here, processes inside a chroot will not be able to attach
329 + to shared memory segments that were created outside of the chroot jail.
330 + It is recommended that you say Y here. If the sysctl option is enabled,
331 + a sysctl option with name "chroot_deny_shmat" is created.
333 +Protect outside processes
334 +CONFIG_GRKERNSEC_CHROOT_FINDTASK
335 + If you say Y here, processes inside a chroot will not be able to
336 + kill, send signals with fcntl, ptrace, capget, setpgid, getpgid,
337 + getsid, or view any process outside of the chroot. If the sysctl
338 + option is enabled, a sysctl option with name "chroot_findtask" is
341 +Deny mounts in chroot
342 +CONFIG_GRKERNSEC_CHROOT_MOUNT
343 + If you say Y here, processes inside a chroot will not be able to
344 + mount or remount filesystems. If the sysctl option is enabled, a
345 + sysctl option with name "chroot_deny_mount" is created.
347 +Deny pivot_root in chroot
348 +CONFIG_GRKERNSEC_CHROOT_PIVOT
349 + If you say Y here, processes inside a chroot will not be able to use
350 + a function called pivot_root() that was introduced in Linux 2.3.41. It
351 + works similar to chroot in that it changes the root filesystem. This
352 + function could be misused in a chrooted process to attempt to break out
353 + of the chroot, and therefore should not be allowed. If the sysctl
354 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
358 +CONFIG_GRKERNSEC_CHROOT_DOUBLE
359 + If you say Y here, processes inside a chroot will not be able to chroot
360 + again. This is a widely used method of breaking out of a chroot jail
361 + and should not be allowed. If the sysctl option is enabled, a sysctl
362 + option with name "chroot_deny_chroot" is created.
364 +Deny fchdir outside of chroot
365 +CONFIG_GRKERNSEC_CHROOT_FCHDIR
366 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
367 + to a file descriptor of the chrooting process that points to a directory
368 + outside the filesystem will be stopped. If the sysctl option
369 + is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
371 +Enforce chdir("/") on all chroots
372 +CONFIG_GRKERNSEC_CHROOT_CHDIR
373 + If you say Y here, the current working directory of all newly-chrooted
374 + applications will be set to the the root directory of the chroot.
375 + The man page on chroot(2) states:
376 + Note that this call does not change the current working
377 + directory, so that `.' can be outside the tree rooted at
378 + `/'. In particular, the super-user can escape from a
379 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
381 + It is recommended that you say Y here, since it's not known to break
382 + any software. If the sysctl option is enabled, a sysctl option with
383 + name "chroot_enforce_chdir" is created.
385 +Deny (f)chmod +s in chroot
386 +CONFIG_GRKERNSEC_CHROOT_CHMOD
387 + If you say Y here, processes inside a chroot will not be able to chmod
388 + or fchmod files to make them have suid or sgid bits. This protects
389 + against another published method of breaking a chroot. If the sysctl
390 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
393 +Deny mknod in chroot
394 +CONFIG_GRKERNSEC_CHROOT_MKNOD
395 + If you say Y here, processes inside a chroot will not be allowed to
396 + mknod. The problem with using mknod inside a chroot is that it
397 + would allow an attacker to create a device entry that is the same
398 + as one on the physical root of your system, which could range from
399 + anyhing from the console device to a device for your harddrive (which
400 + they could then use to wipe the drive or steal data). It is recommended
401 + that you say Y here, unless you run into software incompatibilities.
402 + If the sysctl option is enabled, a sysctl option with name
403 + "chroot_deny_mknod" is created.
405 +Restrict priority changes in chroot
406 +CONFIG_GRKERNSEC_CHROOT_NICE
407 + If you say Y here, processes inside a chroot will not be able to raise
408 + the priority of processes in the chroot, or alter the priority of
409 + processes outside the chroot. This provides more security than simply
410 + removing CAP_SYS_NICE from the process' capability set. If the
411 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
414 +Log all execs within chroot
415 +CONFIG_GRKERNSEC_CHROOT_EXECLOG
416 + If you say Y here, all executions inside a chroot jail will be logged
417 + to syslog. This can cause a large amount of logs if certain
418 + applications (eg. djb's daemontools) are installed on the system, and
419 + is therefore left as an option. If the sysctl option is enabled, a
420 + sysctl option with name "chroot_execlog" is created.
422 +Deny sysctl writes in chroot
423 +CONFIG_GRKERNSEC_CHROOT_SYSCTL
424 + If you say Y here, an attacker in a chroot will not be able to
425 + write to sysctl entries, either by sysctl(2) or through a /proc
426 + interface. It is strongly recommended that you say Y here. If the
427 + sysctl option is enabled, a sysctl option with name
428 + "chroot_deny_sysctl" is created.
430 +Chroot jail capability restrictions
431 +CONFIG_GRKERNSEC_CHROOT_CAPS
432 + If you say Y here, the capabilities on all root processes within a
433 + chroot jail will be lowered to stop module insertion, raw i/o,
434 + system and net admin tasks, rebooting the system, modifying immutable
435 + files, modifying IPC owned by another, and changing the system time.
436 + This is left an option because it can break some apps. Disable this
437 + if your chrooted apps are having problems performing those kinds of
438 + tasks. If the sysctl option is enabled, a sysctl option with
439 + name "chroot_caps" is created.
441 +Trusted path execution
442 +CONFIG_GRKERNSEC_TPE
443 + If you say Y here, you will be able to choose a gid to add to the
444 + supplementary groups of users you want to mark as "untrusted."
445 + These users will not be able to execute any files that are not in
446 + root-owned directories writeable only by root. If the sysctl option
447 + is enabled, a sysctl option with name "tpe" is created.
449 +Group for trusted path execution
450 +CONFIG_GRKERNSEC_TPE_GID
451 + Here you can choose the GID to enable trusted path protection for.
452 + Remember to add the users you want protection enabled for to the GID
453 + specified here. If the sysctl option is enabled, whatever you choose
454 + here won't matter. You'll have to specify the GID in your bootup
455 + script by echoing the GID to the proper /proc entry. View the help
456 + on the sysctl option for more information. If the sysctl option is
457 + enabled, a sysctl option with name "tpe_gid" is created.
459 +Partially restrict non-root users
460 +CONFIG_GRKERNSEC_TPE_ALL
461 + If you say Y here, All non-root users other than the ones in the
462 + group specified in the main TPE option will only be allowed to
463 + execute files in directories they own that are not group or
464 + world-writeable, or in directories owned by root and writeable only by
465 + root. If the sysctl option is enabled, a sysctl option with name
466 + "tpe_restrict_all" is created.
469 +CONFIG_GRKERNSEC_RANDPID
470 + If you say Y here, all PIDs created on the system will be
471 + pseudo-randomly generated. This is extremely effective along
472 + with the /proc restrictions to disallow an attacker from guessing
473 + pids of daemons, etc. PIDs are also used in some cases as part
474 + of a naming system for temporary files, so this option would keep
475 + those filenames from being predicted as well. We also use code
476 + to make sure that PID numbers aren't reused too soon. If the sysctl
477 + option is enabled, a sysctl option with name "rand_pids" is created.
479 +Larger entropy pools
480 +CONFIG_GRKERNSEC_RANDNET
481 + If you say Y here, the entropy pools used for many features of Linux
482 + and grsecurity will be doubled in size. Since several grsecurity
483 + features use additional randomness, it is recommended that you say Y
484 + here. Saying Y here has a similar effect as modifying
485 + /proc/sys/kernel/random/poolsize.
487 +Truly random TCP ISN selection
488 +CONFIG_GRKERNSEC_RANDISN
489 + If you say Y here, Linux's default selection of TCP Initial Sequence
490 + Numbers (ISNs) will be replaced with that of OpenBSD. Linux uses
491 + an MD4 hash based on the connection plus a time value to create the
492 + ISN, while OpenBSD's selection is random. If the sysctl option is
493 + enabled, a sysctl option with name "rand_isns" is created.
496 +CONFIG_GRKERNSEC_RANDID
497 + If you say Y here, all the id field on all outgoing packets
498 + will be randomized. This hinders os fingerprinters and
499 + keeps your machine from being used as a bounce for an untraceable
500 + portscan. Ids are used for fragmented packets, fragments belonging
501 + to the same packet have the same id. By default linux only
502 + increments the id value on each packet sent to an individual host.
503 + We use a port of the OpenBSD random ip id code to achieve the
504 + randomness, while keeping the possibility of id duplicates to
505 + near none. If the sysctl option is enabled, a sysctl option with name
506 + "rand_ip_ids" is created.
508 +Randomized TCP source ports
509 +CONFIG_GRKERNSEC_RANDSRC
510 + If you say Y here, situations where a source port is generated on the
511 + fly for the TCP protocol (ie. with connect() ) will be altered so that
512 + the source port is generated at random, instead of a simple incrementing
513 + algorithm. If the sysctl option is enabled, a sysctl option with name
514 + "rand_tcp_src_ports" is created.
517 +CONFIG_GRKERNSEC_RANDRPC
518 + If you say Y here, the method of determining XIDs for RPC requests will
519 + be randomized, instead of using linux's default behavior of simply
520 + incrementing the XID. If you want your RPC connections to be more
521 + secure, say Y here. If the sysctl option is enabled, a sysctl option
522 + with name "rand_rpc" is created.
525 +CONFIG_GRKERNSEC_SOCKET
526 + If you say Y here, you will be able to choose from several options.
527 + If you assign a GID on your system and add it to the supplementary
528 + groups of users you want to restrict socket access to, this patch
529 + will perform up to three things, based on the option(s) you choose.
531 +Deny all socket access
532 +CONFIG_GRKERNSEC_SOCKET_ALL
533 + If you say Y here, you will be able to choose a GID of whose users will
534 + be unable to connect to other hosts from your machine or run server
535 + applications from your machine. If the sysctl option is enabled, a
536 + sysctl option with name "socket_all" is created.
538 +Group for disabled socket access
539 +CONFIG_GRKERNSEC_SOCKET_ALL_GID
540 + Here you can choose the GID to disable socket access for. Remember to
541 + add the users you want socket access disabled for to the GID
542 + specified here. If the sysctl option is enabled, whatever you choose
543 + here won't matter. You'll have to specify the GID in your bootup
544 + script by echoing the GID to the proper /proc entry. View the help
545 + on the sysctl option for more information. If the sysctl option is
546 + enabled, a sysctl option with name "socket_all_gid" is created.
548 +Deny all client socket access
549 +CONFIG_GRKERNSEC_SOCKET_CLIENT
550 + If you say Y here, you will be able to choose a GID of whose users will
551 + be unable to connect to other hosts from your machine, but will be
552 + able to run servers. If this option is enabled, all users in the group
553 + you specify will have to use passive mode when initiating ftp transfers
554 + from the shell on your machine. If the sysctl option is enabled, a
555 + sysctl option with name "socket_client" is created.
557 +Group for disabled client socket access
558 +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID
559 + Here you can choose the GID to disable client socket access for.
560 + Remember to add the users you want client socket access disabled for to
561 + the GID specified here. If the sysctl option is enabled, whatever you
562 + choose here won't matter. You'll have to specify the GID in your bootup
563 + script by echoing the GID to the proper /proc entry. View the help
564 + on the sysctl option for more information. If the sysctl option is
565 + enabled, a sysctl option with name "socket_client_gid" is created.
567 +Deny all server socket access
568 +CONFIG_GRKERNSEC_SOCKET_SERVER
569 + If you say Y here, you will be able to choose a GID of whose users will
570 + be unable to run server applications from your machine. If the sysctl
571 + option is enabled, a sysctl option with name "socket_server" is created.
573 +Group for disabled server socket access
574 +CONFIG_GRKERNSEC_SOCKET_SERVER_GID
575 + Here you can choose the GID to disable server socket access for.
576 + Remember to add the users you want server socket access disabled for to
577 + the GID specified here. If the sysctl option is enabled, whatever you
578 + choose here won't matter. You'll have to specify the GID in your bootup
579 + script by echoing the GID to the proper /proc entry. View the help
580 + on the sysctl option for more information. If the sysctl option is
581 + enabled, a sysctl option with name "socket_server_gid" is created.
584 +CONFIG_GRKERNSEC_SYSCTL
585 + If you say Y here, you will be able to change the options that
586 + grsecurity runs with at bootup, without having to recompile your
587 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
588 + to enable (1) or disable (0) various features. All the sysctl entries
589 + are mutable until the "grsec_lock" entry is set to a non-zero value.
590 + All features are disabled by default. Please note that this option could
591 + reduce the effectiveness of the added security of this patch if an ACL
592 + system is not put in place. Your init scripts should be read-only, and
593 + root should not have access to adding modules or performing raw i/o
594 + operations. All options should be set at startup, and the grsec_lock
595 + entry should be set to a non-zero value after all the options are set.
596 + *THIS IS EXTREMELY IMPORTANT*
598 +Number of burst messages
599 +CONFIG_GRKERNSEC_FLOODBURST
600 + This option allows you to choose the maximum number of messages allowed
601 + within the flood time interval you chose in a separate option. The
602 + default should be suitable for most people, however if you find that
603 + many of your logs are being interpreted as flooding, you may want to
606 +Seconds in between log messages
607 +CONFIG_GRKERNSEC_FLOODTIME
608 + This option allows you to enforce the number of seconds between
609 + grsecurity log messages. The default should be suitable for most
610 + people, however, if you choose to change it, choose a value small enough
611 + to allow informative logs to be produced, but large enough to
614 +Hide kernel processes
615 +CONFIG_GRKERNSEC_ACL_HIDEKERN
616 + If you say Y here, when the ACL system is enabled via gradm -E,
617 + an additional ACL will be passed to the kernel that hides all kernel
618 + processes. These processes will only be viewable by the authenticated
619 + admin, or processes that have viewing access set.
621 +Maximum tries before password lockout
622 +CONFIG_GRKERNSEC_ACL_MAXTRIES
623 + This option enforces the maximum number of times a user can attempt
624 + to authorize themselves with the grsecurity ACL system before being
625 + denied the ability to attempt authorization again for a specified time.
626 + The lower the number, the harder it will be to brute-force a password.
628 +Time to wait after max password tries, in seconds
629 +CONFIG_GRKERNSEC_ACL_TIMEOUT
630 + This option specifies the time the user must wait after attempting to
631 + authorize to the ACL system with the maximum number of invalid
632 + passwords. The higher the number, the harder it will be to brute-force
636 CONFIG_DCACHE_DISABLE
637 This option allows you to run the kernel with data cache disabled.
638 diff -urN linux-2.4.21/Makefile linux-2.4.21/Makefile
639 --- linux-2.4.21/Makefile 2003-06-23 11:41:28.000000000 -0400
640 +++ linux-2.4.21/Makefile 2003-06-23 11:49:15.000000000 -0400
642 CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o
643 NETWORKS =net/network.o
644 CRYPTO =crypto/crypto.o
645 +GRSECURITY =grsecurity/grsec.o
647 LIBS =$(TOPDIR)/lib/lib.a
648 -SUBDIRS =kernel drivers mm fs net ipc lib crypto
649 +SUBDIRS =kernel drivers mm fs net ipc lib crypto grsecurity
655 export CPPFLAGS CFLAGS CFLAGS_KERNEL AFLAGS AFLAGS_KERNEL
657 -export NETWORKS CRYPTO DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS
658 +export NETWORKS CRYPTO DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS GRSECURITY
661 $(CPP) $(AFLAGS) $(AFLAGS_KERNEL) -traditional -o $*.s $<
671 diff -urN linux-2.4.21/arch/alpha/config.in linux-2.4.21/arch/alpha/config.in
672 --- linux-2.4.21/arch/alpha/config.in 2003-06-23 11:42:24.000000000 -0400
673 +++ linux-2.4.21/arch/alpha/config.in 2003-06-23 11:49:15.000000000 -0400
679 +mainmenu_option next_comment
680 +comment 'Grsecurity'
681 +bool 'Grsecurity' CONFIG_GRKERNSEC
682 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
683 + source grsecurity/Config.in
687 diff -urN linux-2.4.21/arch/alpha/kernel/osf_sys.c linux-2.4.21/arch/alpha/kernel/osf_sys.c
688 --- linux-2.4.21/arch/alpha/kernel/osf_sys.c 2003-06-23 11:42:24.000000000 -0400
689 +++ linux-2.4.21/arch/alpha/kernel/osf_sys.c 2003-06-23 11:49:15.000000000 -0400
691 #include <linux/file.h>
692 #include <linux/types.h>
693 #include <linux/ipc.h>
694 +#include <linux/grsecurity.h>
703 + if(gr_handle_mmap(file, prot)) {
709 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
710 down_write(¤t->mm->mmap_sem);
711 ret = do_mmap(file, addr, len, prot, flags, off);
712 diff -urN linux-2.4.21/arch/alpha/kernel/ptrace.c linux-2.4.21/arch/alpha/kernel/ptrace.c
713 --- linux-2.4.21/arch/alpha/kernel/ptrace.c 2003-06-23 11:42:24.000000000 -0400
714 +++ linux-2.4.21/arch/alpha/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
716 #include <linux/ptrace.h>
717 #include <linux/user.h>
718 #include <linux/slab.h>
719 +#include <linux/grsecurity.h>
721 #include <asm/uaccess.h>
722 #include <asm/pgtable.h>
724 read_unlock(&tasklist_lock);
728 + if(gr_handle_ptrace(child, request))
731 if (request == PTRACE_ATTACH) {
732 ret = ptrace_attach(child);
734 diff -urN linux-2.4.21/arch/arm/config.in linux-2.4.21/arch/arm/config.in
735 --- linux-2.4.21/arch/arm/config.in 2003-06-23 11:42:30.000000000 -0400
736 +++ linux-2.4.21/arch/arm/config.in 2003-06-23 11:49:15.000000000 -0400
742 +mainmenu_option next_comment
743 +comment 'Grsecurity'
744 +bool 'Grsecurity' CONFIG_GRKERNSEC
745 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
746 + source grsecurity/Config.in
749 diff -urN linux-2.4.21/arch/cris/config.in linux-2.4.21/arch/cris/config.in
750 --- linux-2.4.21/arch/cris/config.in 2003-06-23 11:42:34.000000000 -0400
751 +++ linux-2.4.21/arch/cris/config.in 2003-06-23 11:49:15.000000000 -0400
757 +mainmenu_option next_comment
758 +comment 'Grsecurity'
759 +bool 'Grsecurity' CONFIG_GRKERNSEC
760 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
761 + source grsecurity/Config.in
765 diff -urN linux-2.4.21/arch/i386/config.in linux-2.4.21/arch/i386/config.in
766 --- linux-2.4.21/arch/i386/config.in 2003-06-23 11:42:23.000000000 -0400
767 +++ linux-2.4.21/arch/i386/config.in 2003-06-23 11:49:15.000000000 -0400
773 +mainmenu_option next_comment
774 +comment 'Grsecurity'
775 +bool 'Grsecurity' CONFIG_GRKERNSEC
776 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
777 + source grsecurity/Config.in
780 diff -urN linux-2.4.21/arch/i386/kernel/i387.c linux-2.4.21/arch/i386/kernel/i387.c
781 --- linux-2.4.21/arch/i386/kernel/i387.c 2003-06-23 11:42:24.000000000 -0400
782 +++ linux-2.4.21/arch/i386/kernel/i387.c 2003-06-23 11:49:15.000000000 -0400
783 @@ -373,13 +373,16 @@
785 static inline int restore_i387_fxsave( struct _fpstate *buf )
788 struct task_struct *tsk = current;
790 - if ( __copy_from_user( &tsk->thread.i387.fxsave, &buf->_fxsr_env[0],
791 - sizeof(struct i387_fxsave_struct) ) )
793 + err = __copy_from_user( &tsk->thread.i387.fxsave, &buf->_fxsr_env[0],
794 + sizeof(struct i387_fxsave_struct) );
795 /* mxcsr bit 6 and 31-16 must be zero for security reasons */
796 tsk->thread.i387.fxsave.mxcsr &= 0xffbf;
800 return convert_fxsr_from_user( &tsk->thread.i387.fxsave, buf );
803 diff -urN linux-2.4.21/arch/i386/kernel/ioport.c linux-2.4.21/arch/i386/kernel/ioport.c
804 --- linux-2.4.21/arch/i386/kernel/ioport.c 2003-06-23 11:42:23.000000000 -0400
805 +++ linux-2.4.21/arch/i386/kernel/ioport.c 2003-06-23 11:49:15.000000000 -0400
807 #include <linux/smp.h>
808 #include <linux/smp_lock.h>
809 #include <linux/stddef.h>
810 +#include <linux/grsecurity.h>
812 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
813 static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
816 if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
818 +#ifdef CONFIG_GRKERNSEC_IO
820 + gr_handle_ioperm();
822 if (turn_on && !capable(CAP_SYS_RAWIO))
825 +#ifdef CONFIG_GRKERNSEC_IO
829 * If it's the first ioperm() call in this thread's lifetime, set the
830 * IO bitmap up. ioperm() is much less timing critical than clone(),
833 /* Trying to gain more privileges? */
835 +#ifdef CONFIG_GRKERNSEC_IO
839 if (!capable(CAP_SYS_RAWIO))
843 regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
845 diff -urN linux-2.4.21/arch/i386/kernel/ptrace.c linux-2.4.21/arch/i386/kernel/ptrace.c
846 --- linux-2.4.21/arch/i386/kernel/ptrace.c 2003-06-23 11:42:24.000000000 -0400
847 +++ linux-2.4.21/arch/i386/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
849 #include <linux/errno.h>
850 #include <linux/ptrace.h>
851 #include <linux/user.h>
852 +#include <linux/grsecurity.h>
854 #include <asm/uaccess.h>
855 #include <asm/pgtable.h>
857 if (pid == 1) /* you may not mess with init */
860 + if(gr_handle_ptrace(child, request))
863 if (request == PTRACE_ATTACH) {
864 ret = ptrace_attach(child);
867 if(addr < (long) &dummy->u_debugreg[4] &&
868 ((unsigned long) data) >= TASK_SIZE-3) break;
870 +#ifdef CONFIG_GRKERNSEC
871 + if(addr >= (long) &dummy->u_debugreg[0] &&
872 + addr <= (long) &dummy->u_debugreg[3]){
873 + long reg = (addr - (long) &dummy->u_debugreg[0]) >> 2;
874 + long type = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 4*reg)) & 3;
875 + long align = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 2 + 4*reg)) & 3;
876 + if((type & 1) && (data & align))
881 if(addr == (long) &dummy->u_debugreg[7]) {
882 data &= ~DR_CONTROL_RESERVED;
884 diff -urN linux-2.4.21/arch/i386/kernel/sys_i386.c linux-2.4.21/arch/i386/kernel/sys_i386.c
885 --- linux-2.4.21/arch/i386/kernel/sys_i386.c 2003-06-23 11:42:24.000000000 -0400
886 +++ linux-2.4.21/arch/i386/kernel/sys_i386.c 2003-06-23 11:49:15.000000000 -0400
888 #include <linux/mman.h>
889 #include <linux/file.h>
890 #include <linux/utsname.h>
891 +#include <linux/grsecurity.h>
893 #include <asm/uaccess.h>
899 + if(gr_handle_mmap(file, prot)) {
905 down_write(&mm->mmap_sem);
906 error = do_mmap_pgoff(mm, file, addr, len, prot, flags, pgoff);
907 up_write(&mm->mmap_sem);
910 diff -urN linux-2.4.21/arch/ia64/config.in linux-2.4.21/arch/ia64/config.in
911 --- linux-2.4.21/arch/ia64/config.in 2003-06-23 11:42:33.000000000 -0400
912 +++ linux-2.4.21/arch/ia64/config.in 2003-06-23 11:49:15.000000000 -0400
918 +mainmenu_option next_comment
919 +comment 'Grsecurity'
920 +bool 'Grsecurity' CONFIG_GRKERNSEC
921 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
922 + source grsecurity/Config.in
926 diff -urN linux-2.4.21/arch/ia64/kernel/ptrace.c linux-2.4.21/arch/ia64/kernel/ptrace.c
927 --- linux-2.4.21/arch/ia64/kernel/ptrace.c 2003-06-23 11:42:33.000000000 -0400
928 +++ linux-2.4.21/arch/ia64/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
930 #include <linux/ptrace.h>
931 #include <linux/smp_lock.h>
932 #include <linux/user.h>
933 +#include <linux/grsecurity.h>
935 #include <asm/pgtable.h>
936 #include <asm/processor.h>
937 @@ -1179,6 +1180,9 @@
938 if (pid == 1) /* no messing around with init! */
941 + if (gr_handle_ptrace(child, request))
944 if (request == PTRACE_ATTACH) {
945 ret = ptrace_attach(child);
947 diff -urN linux-2.4.21/arch/ia64/kernel/sys_ia64.c linux-2.4.21/arch/ia64/kernel/sys_ia64.c
948 --- linux-2.4.21/arch/ia64/kernel/sys_ia64.c 2003-06-23 11:42:33.000000000 -0400
949 +++ linux-2.4.21/arch/ia64/kernel/sys_ia64.c 2003-06-23 11:49:15.000000000 -0400
951 #include <linux/smp.h>
952 #include <linux/smp_lock.h>
953 #include <linux/highuid.h>
954 +#include <linux/grsecurity.h>
956 #include <asm/shmparam.h>
957 #include <asm/uaccess.h>
962 + if (gr_handle_mmap(file, prot)) {
967 down_write(¤t->mm->mmap_sem);
968 addr = do_mmap_pgoff(current->mm, file, addr, len, prot, flags, pgoff);
969 up_write(¤t->mm->mmap_sem);
970 diff -urN linux-2.4.21/arch/m68k/config.in linux-2.4.21/arch/m68k/config.in
971 --- linux-2.4.21/arch/m68k/config.in 2003-06-23 11:42:29.000000000 -0400
972 +++ linux-2.4.21/arch/m68k/config.in 2003-06-23 11:49:15.000000000 -0400
978 +mainmenu_option next_comment
979 +comment 'Grsecurity'
980 +bool 'Grsecurity' CONFIG_GRKERNSEC
981 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
982 + source grsecurity/Config.in
985 diff -urN linux-2.4.21/arch/mips/config.in linux-2.4.21/arch/mips/config.in
986 --- linux-2.4.21/arch/mips/config.in 2003-06-23 11:42:24.000000000 -0400
987 +++ linux-2.4.21/arch/mips/config.in 2003-06-23 11:49:15.000000000 -0400
989 define_bool CONFIG_MIPS64 n
991 source arch/mips/config-shared.in
993 +mainmenu_option next_comment
994 +comment 'Grsecurity'
995 +bool 'Grsecurity' CONFIG_GRKERNSEC
996 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
997 + source grsecurity/Config.in
1000 diff -urN linux-2.4.21/arch/mips64/config.in linux-2.4.21/arch/mips64/config.in
1001 --- linux-2.4.21/arch/mips64/config.in 2003-06-23 11:42:33.000000000 -0400
1002 +++ linux-2.4.21/arch/mips64/config.in 2003-06-23 11:49:15.000000000 -0400
1004 define_bool CONFIG_MIPS64 y
1006 source arch/mips/config-shared.in
1008 +mainmenu_option next_comment
1009 +comment 'Grsecurity'
1010 +bool 'Grsecurity' CONFIG_GRKERNSEC
1011 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1012 + source grsecurity/Config.in
1015 diff -urN linux-2.4.21/arch/parisc/config.in linux-2.4.21/arch/parisc/config.in
1016 --- linux-2.4.21/arch/parisc/config.in 2003-06-23 11:42:33.000000000 -0400
1017 +++ linux-2.4.21/arch/parisc/config.in 2003-06-23 11:49:15.000000000 -0400
1018 @@ -197,3 +197,11 @@
1021 source lib/Config.in
1023 +mainmenu_option next_comment
1024 +comment 'Grsecurity'
1025 +bool 'Grsecurity' CONFIG_GRKERNSEC
1026 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1027 + source grsecurity/Config.in
1030 diff -urN linux-2.4.21/arch/parisc/kernel/ioctl32.c linux-2.4.21/arch/parisc/kernel/ioctl32.c
1031 --- linux-2.4.21/arch/parisc/kernel/ioctl32.c 2003-06-23 11:42:33.000000000 -0400
1032 +++ linux-2.4.21/arch/parisc/kernel/ioctl32.c 2003-06-23 11:49:15.000000000 -0400
1033 @@ -1434,7 +1434,11 @@
1034 * To have permissions to do most of the vt ioctls, we either have
1035 * to be the owner of the tty, or super-user.
1037 +#ifdef CONFIG_GRKERNSEC
1038 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1040 if (current->tty == tty || suser())
1045 diff -urN linux-2.4.21/arch/parisc/kernel/ptrace.c linux-2.4.21/arch/parisc/kernel/ptrace.c
1046 --- linux-2.4.21/arch/parisc/kernel/ptrace.c 2003-06-23 11:42:34.000000000 -0400
1047 +++ linux-2.4.21/arch/parisc/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1049 #include <linux/ptrace.h>
1050 #include <linux/user.h>
1051 #include <linux/personality.h>
1053 +#include <linux/grsecurity.h>
1054 #include <asm/uaccess.h>
1055 #include <asm/pgtable.h>
1056 #include <asm/system.h>
1058 if (pid == 1) /* no messing around with init! */
1061 + if (gr_handle_ptrace(child, request))
1064 if (request == PTRACE_ATTACH) {
1065 ret = ptrace_attach(child);
1067 diff -urN linux-2.4.21/arch/parisc/kernel/sys_parisc.c linux-2.4.21/arch/parisc/kernel/sys_parisc.c
1068 --- linux-2.4.21/arch/parisc/kernel/sys_parisc.c 2003-06-23 11:42:33.000000000 -0400
1069 +++ linux-2.4.21/arch/parisc/kernel/sys_parisc.c 2003-06-23 11:49:15.000000000 -0400
1071 #include <linux/mman.h>
1072 #include <linux/shm.h>
1073 #include <linux/smp_lock.h>
1074 +#include <linux/grsecurity.h>
1076 int sys_pipe(int *fildes)
1078 @@ -104,6 +110,11 @@
1082 + if (gr_handle_mmap(file, prot)) {
1087 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1089 down_write(¤t->mm->mmap_sem);
1090 diff -urN linux-2.4.21/arch/parisc/kernel/sys_parisc32.c linux-2.4.21/arch/parisc/kernel/sys_parisc32.c
1091 --- linux-2.4.21/arch/parisc/kernel/sys_parisc32.c 2003-06-23 11:42:33.000000000 -0400
1092 +++ linux-2.4.21/arch/parisc/kernel/sys_parisc32.c 2003-06-23 11:49:15.000000000 -0400
1094 #include <linux/highmem.h>
1095 #include <linux/highuid.h>
1096 #include <linux/mman.h>
1097 +#include <linux/grsecurity.h>
1099 #include <asm/types.h>
1100 #include <asm/uaccess.h>
1101 @@ -177,6 +178,11 @@
1105 +#ifdef CONFIG_GRKERNSEC
1106 + struct file *old_exec_file;
1107 + struct acl_subject_label *old_acl;
1108 + struct rlimit old_rlim[RLIM_NLIMITS];
1111 file = open_exec(filename);
1113 @@ -184,6 +190,20 @@
1117 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1119 + if (gr_handle_nproc()) {
1120 + allow_write_access(file);
1125 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1126 + allow_write_access(file);
1131 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1132 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
1134 @@ -209,11 +238,24 @@
1138 + if (!gr_tpe_allow(file)) {
1143 + if (gr_check_crash_exec(file)) {
1148 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
1154 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
1156 retval = copy_strings32(bprm.envc, envp, &bprm);
1159 @@ -222,11 +264,31 @@
1163 +#ifdef CONFIG_GRKERNSEC
1164 + old_acl = current->acl;
1165 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
1166 + old_exec_file = current->exec_file;
1168 + current->exec_file = file;
1171 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
1173 retval = search_binary_handler(&bprm,regs);
1175 + if (retval >= 0) {
1176 +#ifdef CONFIG_GRKERNSEC
1177 + if (old_exec_file)
1178 + fput(old_exec_file);
1180 /* execve success */
1183 +#ifdef CONFIG_GRKERNSEC
1184 + current->acl = old_acl;
1185 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
1186 + fput(current->exec_file);
1187 + current->exec_file = old_exec_file;
1190 /* Something went wrong, return the inode and free the argument pages*/
1191 allow_write_access(bprm.file);
1192 diff -urN linux-2.4.21/arch/ppc/config.in linux-2.4.21/arch/ppc/config.in
1193 --- linux-2.4.21/arch/ppc/config.in 2003-06-23 11:42:28.000000000 -0400
1194 +++ linux-2.4.21/arch/ppc/config.in 2003-06-23 11:49:15.000000000 -0400
1195 @@ -461,3 +461,12 @@
1196 bool 'Support for early boot texts over serial port' CONFIG_SERIAL_TEXT_DEBUG
1200 +mainmenu_option next_comment
1201 +comment 'Grsecurity'
1202 +bool 'Grsecurity' CONFIG_GRKERNSEC
1203 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1204 + source grsecurity/Config.in
1208 diff -urN linux-2.4.21/arch/ppc/kernel/ptrace.c linux-2.4.21/arch/ppc/kernel/ptrace.c
1209 --- linux-2.4.21/arch/ppc/kernel/ptrace.c 2003-06-23 11:42:28.000000000 -0400
1210 +++ linux-2.4.21/arch/ppc/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1212 #include <linux/errno.h>
1213 #include <linux/ptrace.h>
1214 #include <linux/user.h>
1215 +#include <linux/grsecurity.h>
1217 #include <asm/uaccess.h>
1218 #include <asm/page.h>
1220 if (pid == 1) /* you may not mess with init */
1223 + if (gr_handle_ptrace(child, request))
1226 if (request == PTRACE_ATTACH) {
1227 ret = ptrace_attach(child);
1229 diff -urN linux-2.4.21/arch/ppc/kernel/syscalls.c linux-2.4.21/arch/ppc/kernel/syscalls.c
1230 --- linux-2.4.21/arch/ppc/kernel/syscalls.c 2003-06-23 11:42:28.000000000 -0400
1231 +++ linux-2.4.21/arch/ppc/kernel/syscalls.c 2003-06-23 11:49:15.000000000 -0400
1233 #include <linux/ipc.h>
1234 #include <linux/utsname.h>
1235 #include <linux/file.h>
1236 +#include <linux/grsecurity.h>
1238 #include <asm/uaccess.h>
1239 #include <asm/ipc.h>
1240 @@ -181,8 +182,14 @@
1244 + if (gr_handle_mmap(file, prot)) {
1250 down_write(¤t->mm->mmap_sem);
1251 ret = do_mmap_pgoff(current->mm, file, addr, len, prot, flags, pgoff);
1252 up_write(¤t->mm->mmap_sem);
1255 diff -urN linux-2.4.21/arch/ppc64/kernel/ioctl32.c linux-2.4.21/arch/ppc64/kernel/ioctl32.c
1256 --- linux-2.4.21/arch/ppc64/kernel/ioctl32.c 2003-06-23 11:42:23.000000000 -0400
1257 +++ linux-2.4.21/arch/ppc64/kernel/ioctl32.c 2003-06-23 11:49:15.000000000 -0400
1258 @@ -1789,7 +1789,11 @@
1259 * To have permissions to do most of the vt ioctls, we either have
1260 * to be the owner of the tty, or super-user.
1262 +#ifdef CONFIG_GRKERNSEC
1263 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1265 if (current->tty == tty || suser())
1270 diff -urN linux-2.4.21/arch/s390/config.in linux-2.4.21/arch/s390/config.in
1271 --- linux-2.4.21/arch/s390/config.in 2003-06-23 11:42:33.000000000 -0400
1272 +++ linux-2.4.21/arch/s390/config.in 2003-06-23 11:49:15.000000000 -0400
1276 source lib/Config.in
1278 +mainmenu_option next_comment
1279 +comment 'Grsecurity'
1280 +bool 'Grsecurity' CONFIG_GRKERNSEC
1281 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1282 + source grsecurity/Config.in
1285 diff -urN linux-2.4.21/arch/s390x/config.in linux-2.4.21/arch/s390x/config.in
1286 --- linux-2.4.21/arch/s390x/config.in 2003-06-23 11:42:34.000000000 -0400
1287 +++ linux-2.4.21/arch/s390x/config.in 2003-06-23 11:49:15.000000000 -0400
1291 source lib/Config.in
1293 +mainmenu_option next_comment
1294 +comment 'Grsecurity'
1295 +bool 'Grsecurity' CONFIG_GRKERNSEC
1296 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1297 + source grsecurity/Config.in
1300 diff -urN linux-2.4.21/arch/sh/config.in linux-2.4.21/arch/sh/config.in
1301 --- linux-2.4.21/arch/sh/config.in 2003-06-23 11:42:32.000000000 -0400
1302 +++ linux-2.4.21/arch/sh/config.in 2003-06-23 11:49:15.000000000 -0400
1303 @@ -388,3 +388,11 @@
1306 source lib/Config.in
1308 +mainmenu_option next_comment
1309 +comment 'Grsecurity'
1310 +bool 'Grsecurity' CONFIG_GRKERNSEC
1311 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1312 + source grsecurity/Config.in
1315 diff -urN linux-2.4.21/arch/sparc/boot/Makefile linux-2.4.21/arch/sparc/boot/Makefile
1316 --- linux-2.4.21/arch/sparc/boot/Makefile 2003-06-23 11:42:24.000000000 -0400
1317 +++ linux-2.4.21/arch/sparc/boot/Makefile 2003-06-23 11:49:15.000000000 -0400
1320 BTOBJS := $(HEAD) init/main.o init/version.o init/do_mounts.o
1321 BTLIBS := $(CORE_FILES_NO_BTFIX) $(FILESYSTEMS) \
1322 - $(DRIVERS) $(NETWORKS)
1323 + $(DRIVERS) $(NETWORKS) $(GRSECURITY)
1325 # I wanted to make this depend upon BTOBJS so that a parallel
1326 # build would work, but this fails because $(HEAD) cannot work
1327 diff -urN linux-2.4.21/arch/sparc/config.in linux-2.4.21/arch/sparc/config.in
1328 --- linux-2.4.21/arch/sparc/config.in 2003-06-23 11:42:24.000000000 -0400
1329 +++ linux-2.4.21/arch/sparc/config.in 2003-06-23 11:49:15.000000000 -0400
1330 @@ -276,3 +276,11 @@
1333 source lib/Config.in
1335 +mainmenu_option next_comment
1336 +comment 'Grsecurity'
1337 +bool 'Grsecurity' CONFIG_GRKERNSEC
1338 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1339 + source grsecurity/Config.in
1342 diff -urN linux-2.4.21/arch/sparc/kernel/ptrace.c linux-2.4.21/arch/sparc/kernel/ptrace.c
1343 --- linux-2.4.21/arch/sparc/kernel/ptrace.c 2003-06-23 11:42:24.000000000 -0400
1344 +++ linux-2.4.21/arch/sparc/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1346 #include <linux/user.h>
1347 #include <linux/smp.h>
1348 #include <linux/smp_lock.h>
1349 +#include <linux/grsecurity.h>
1351 #include <asm/pgtable.h>
1352 #include <asm/system.h>
1357 + if(gr_handle_ptrace(child, request))
1360 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1361 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1362 if (ptrace_attach(child)) {
1363 diff -urN linux-2.4.21/arch/sparc/kernel/sys_sparc.c linux-2.4.21/arch/sparc/kernel/sys_sparc.c
1364 --- linux-2.4.21/arch/sparc/kernel/sys_sparc.c 2003-06-23 11:42:24.000000000 -0400
1365 +++ linux-2.4.21/arch/sparc/kernel/sys_sparc.c 2003-06-23 11:49:15.000000000 -0400
1367 #include <linux/utsname.h>
1368 #include <linux/smp.h>
1369 #include <linux/smp_lock.h>
1370 +#include <linux/grsecurity.h>
1372 #include <asm/uaccess.h>
1373 #include <asm/ipc.h>
1374 @@ -240,6 +253,12 @@
1375 if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE)
1378 + if (gr_handle_mmap(file, prot)) {
1384 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1386 down_write(¤t->mm->mmap_sem);
1387 diff -urN linux-2.4.21/arch/sparc64/config.in linux-2.4.21/arch/sparc64/config.in
1388 --- linux-2.4.21/arch/sparc64/config.in 2003-06-23 11:42:30.000000000 -0400
1389 +++ linux-2.4.21/arch/sparc64/config.in 2003-06-23 11:49:15.000000000 -0400
1390 @@ -310,3 +310,11 @@
1393 source lib/Config.in
1395 +mainmenu_option next_comment
1396 +comment 'Grsecurity'
1397 +bool 'Grsecurity' CONFIG_GRKERNSEC
1398 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1399 + source grsecurity/Config.in
1402 diff -urN linux-2.4.21/arch/sparc64/kernel/ioctl32.c linux-2.4.21/arch/sparc64/kernel/ioctl32.c
1403 --- linux-2.4.21/arch/sparc64/kernel/ioctl32.c 2003-06-23 11:42:30.000000000 -0400
1404 +++ linux-2.4.21/arch/sparc64/kernel/ioctl32.c 2003-06-23 11:49:15.000000000 -0400
1405 @@ -2046,7 +2046,11 @@
1406 * To have permissions to do most of the vt ioctls, we either have
1407 * to be the owner of the tty, or super-user.
1409 +#ifdef CONFIG_GRKERNSEC
1410 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1412 if (current->tty == tty || suser())
1417 diff -urN linux-2.4.21/arch/sparc64/kernel/ptrace.c linux-2.4.21/arch/sparc64/kernel/ptrace.c
1418 --- linux-2.4.21/arch/sparc64/kernel/ptrace.c 2003-06-23 11:42:30.000000000 -0400
1419 +++ linux-2.4.21/arch/sparc64/kernel/ptrace.c 2003-06-23 11:49:15.000000000 -0400
1421 #include <linux/user.h>
1422 #include <linux/smp.h>
1423 #include <linux/smp_lock.h>
1424 +#include <linux/grsecurity.h>
1426 #include <asm/asi.h>
1427 #include <asm/pgtable.h>
1428 @@ -161,6 +162,11 @@
1432 + if (gr_handle_ptrace(child, (long)request)) {
1433 + pt_error_return(regs, EPERM);
1437 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1438 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1439 if (ptrace_attach(child)) {
1440 diff -urN linux-2.4.21/arch/sparc64/kernel/sys_sparc.c linux-2.4.21/arch/sparc64/kernel/sys_sparc.c
1441 --- linux-2.4.21/arch/sparc64/kernel/sys_sparc.c 2003-06-23 11:42:30.000000000 -0400
1442 +++ linux-2.4.21/arch/sparc64/kernel/sys_sparc.c 2003-06-23 11:49:15.000000000 -0400
1444 #include <linux/slab.h>
1445 #include <linux/ipc.h>
1446 #include <linux/personality.h>
1447 +#include <linux/grsecurity.h>
1449 #include <asm/uaccess.h>
1450 #include <asm/ipc.h>
1451 @@ -280,6 +288,12 @@
1456 + if (gr_handle_mmap(file, prot)) {
1461 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1462 len = PAGE_ALIGN(len);
1464 diff -urN linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c
1465 --- linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c 2003-06-23 11:42:30.000000000 -0400
1466 +++ linux-2.4.21/arch/sparc64/kernel/sys_sparc32.c 2003-06-23 11:49:15.000000000 -0400
1468 #include <linux/sysctl.h>
1469 #include <linux/dnotify.h>
1470 #include <linux/netfilter_ipv4/ip_tables.h>
1471 +#include <linux/random.h>
1472 +#include <linux/grsecurity.h>
1474 #include <asm/types.h>
1475 #include <asm/ipc.h>
1476 @@ -3203,6 +3205,11 @@
1480 +#ifdef CONFIG_GRKERNSEC
1481 + struct file *old_exec_file;
1482 + struct acl_subject_label *old_acl;
1483 + struct rlimit old_rlim[RLIM_NLIMITS];
1486 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1487 memset(bprm.page, 0, MAX_ARG_PAGES * sizeof(bprm.page[0]));
1488 @@ -3213,6 +3229,20 @@
1492 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1494 + if (gr_handle_nproc()) {
1495 + allow_write_access(file);
1500 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1501 + allow_write_access(file);
1507 bprm.filename = filename;
1509 @@ -3233,11 +3263,24 @@
1513 + if(!gr_tpe_allow(file)) {
1518 + if (gr_check_crash_exec(file)) {
1523 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
1529 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
1531 retval = copy_strings32(bprm.envc, envp, &bprm);
1534 @@ -3246,11 +3289,32 @@
1538 +#ifdef CONFIG_GRKERNSEC
1539 + old_acl = current->acl;
1540 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
1541 + old_exec_file = current->exec_file;
1543 + current->exec_file = file;
1546 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
1548 retval = search_binary_handler(&bprm, regs);
1550 + if (retval >= 0) {
1551 +#ifdef CONFIG_GRKERNSEC
1552 + if (old_exec_file)
1553 + fput(old_exec_file);
1555 /* execve success */
1559 +#ifdef CONFIG_GRKERNSEC
1560 + current->acl = old_acl;
1561 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
1562 + fput(current->exec_file);
1563 + current->exec_file = old_exec_file;
1566 /* Something went wrong, return the inode and free the argument pages*/
1567 allow_write_access(bprm.file);
1568 diff -urN linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c
1569 --- linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c 2003-06-23 11:42:23.000000000 -0400
1570 +++ linux-2.4.21/arch/x86_64/ia32/ia32_ioctl.c 2003-06-23 11:49:15.000000000 -0400
1571 @@ -1932,7 +1932,11 @@
1572 * To have permissions to do most of the vt ioctls, we either have
1573 * to be the owner of the tty, or super-user.
1575 +#ifdef CONFIG_GRKERNSEC
1576 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1578 if (current->tty == tty || suser())
1583 diff -urN linux-2.4.21/drivers/char/keyboard.c linux-2.4.21/drivers/char/keyboard.c
1584 --- linux-2.4.21/drivers/char/keyboard.c 2003-07-29 17:57:21.000000000 -0400
1585 +++ linux-2.4.21/drivers/char/keyboard.c 2003-07-29 17:58:19.000000000 -0400
1586 @@ -549,6 +549,16 @@
1587 if ((kbd->kbdmode == VC_RAW || kbd->kbdmode == VC_MEDIUMRAW) &&
1588 !(SPECIALS_ALLOWED_IN_RAW_MODE & (1 << value)))
1591 +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
1593 + void *func = spec_fn_table[value];
1594 + if (func == show_state || func == show_ptregs ||
1600 spec_fn_table[value]();
1603 diff -urN linux-2.4.21/drivers/char/mem.c linux-2.4.21/drivers/char/mem.c
1604 --- linux-2.4.21/drivers/char/mem.c 2003-07-29 17:57:21.000000000 -0400
1605 +++ linux-2.4.21/drivers/char/mem.c 2003-07-29 17:58:19.000000000 -0400
1607 #include <linux/raw.h>
1608 #include <linux/tty.h>
1609 #include <linux/capability.h>
1610 +#include <linux/grsecurity.h>
1612 #include <asm/uaccess.h>
1615 #if defined(CONFIG_S390_TAPE) && defined(CONFIG_S390_TAPE_CHAR)
1616 extern void tapechar_init(void);
1619 +#ifdef CONFIG_GRKERNSEC
1620 +extern struct file_operations grsec_fops;
1623 static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp,
1624 const char * buf, size_t count, loff_t *ppos)
1625 @@ -114,6 +119,11 @@
1626 unsigned long p = *ppos;
1627 unsigned long end_mem;
1629 +#ifdef CONFIG_GRKERNSEC_KMEM
1630 + gr_handle_mem_write();
1634 end_mem = __pa(high_memory);
1637 @@ -186,6 +196,12 @@
1639 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
1641 +#ifdef CONFIG_GRKERNSEC_KMEM
1642 + if (gr_handle_mem_mmap(offset, vma))
1648 * Accessing memory above the top the kernel knows about or
1649 * through a file pointer that was marked O_SYNC will be
1650 @@ -285,6 +301,11 @@
1652 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
1654 +#ifdef CONFIG_GRKERNSEC_KMEM
1655 + gr_handle_kmem_write();
1659 if (p < (unsigned long) high_memory) {
1661 if (count > (unsigned long) high_memory - p)
1662 @@ -517,6 +538,15 @@
1664 static int open_port(struct inode * inode, struct file * filp)
1666 +#ifdef CONFIG_GRKERNSEC_KMEM
1667 + gr_handle_open_port();
1670 + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
1673 +static int open_mem(struct inode * inode, struct file * filp)
1675 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
1679 #define full_lseek null_lseek
1680 #define write_zero write_null
1681 #define read_full read_zero
1682 -#define open_mem open_port
1683 #define open_kmem open_mem
1685 static struct file_operations mem_fops = {
1686 @@ -685,6 +714,11 @@
1688 filp->f_op = &urandom_fops;
1690 +#ifdef CONFIG_GRKERNSEC
1692 + filp->f_op = &grsec_fops;
1698 @@ -711,7 +745,10 @@
1699 {5, "zero", S_IRUGO | S_IWUGO, &zero_fops},
1700 {7, "full", S_IRUGO | S_IWUGO, &full_fops},
1701 {8, "random", S_IRUGO | S_IWUSR, &random_fops},
1702 - {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}
1703 + {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
1704 +#ifdef CONFIG_GRKERNSEC
1705 + {10,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}
1710 diff -urN linux-2.4.21/drivers/char/random.c linux-2.4.21/drivers/char/random.c
1711 --- linux-2.4.21/drivers/char/random.c 2003-06-23 11:42:01.000000000 -0400
1712 +++ linux-2.4.21/drivers/char/random.c 2003-06-23 11:49:15.000000000 -0400
1713 @@ -260,9 +260,15 @@
1715 * Configuration information
1717 +#ifdef CONFIG_GRKERNSEC_RANDNET
1718 +#define DEFAULT_POOL_SIZE 1024
1719 +#define SECONDARY_POOL_SIZE 256
1720 +#define BATCH_ENTROPY_SIZE 512
1722 #define DEFAULT_POOL_SIZE 512
1723 #define SECONDARY_POOL_SIZE 128
1724 #define BATCH_ENTROPY_SIZE 256
1731 * Static global variables
1734 static struct entropy_store *random_state; /* The default global store */
1735 static struct entropy_store *sec_random_state; /* secondary store */
1736 static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
1737 diff -urN linux-2.4.21/drivers/char/tty_io.c linux-2.4.21/drivers/char/tty_io.c
1738 --- linux-2.4.21/drivers/char/tty_io.c 2003-06-23 11:42:01.000000000 -0400
1739 +++ linux-2.4.21/drivers/char/tty_io.c 2003-06-23 11:49:15.000000000 -0400
1741 #include <linux/vt_kern.h>
1742 #include <linux/selection.h>
1743 #include <linux/devfs_fs_kernel.h>
1745 +#include <linux/grsecurity.h>
1746 #include <linux/kmod.h>
1749 @@ -1397,7 +1397,11 @@
1751 filp->f_flags = saved_flags;
1753 +#ifdef CONFIG_GRKERNSEC
1754 + if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
1756 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
1761 @@ -1499,7 +1503,11 @@
1765 +#ifdef CONFIG_GRKERNSEC
1766 + if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
1768 if ((current->tty != tty) && !suser())
1771 if (get_user(ch, arg))
1773 @@ -1537,7 +1545,11 @@
1774 if (inode->i_rdev == SYSCONS_DEV ||
1775 inode->i_rdev == CONSOLE_DEV) {
1777 +#ifdef CONFIG_GRKERNSEC
1778 + if (!capable(CAP_SYS_TTY_CONFIG))
1783 spin_lock(&redirect_lock);
1785 @@ -1589,7 +1601,11 @@
1786 * This tty is already the controlling
1787 * tty for another session group!
1789 +#ifdef CONFIG_GRKERNSEC
1790 + if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
1792 if ((arg == 1) && suser()) {
1797 diff -urN linux-2.4.21/drivers/char/vt.c linux-2.4.21/drivers/char/vt.c
1798 --- linux-2.4.21/drivers/char/vt.c 2003-06-23 11:42:01.000000000 -0400
1799 +++ linux-2.4.21/drivers/char/vt.c 2003-06-23 11:49:15.000000000 -0400
1801 #include <linux/vt_kern.h>
1802 #include <linux/kbd_diacr.h>
1803 #include <linux/selection.h>
1804 +#include <linux/grsecurity.h>
1806 #ifdef CONFIG_FB_COMPAT_XPMAC
1807 #include <asm/vc_ioctl.h>
1808 @@ -443,7 +444,11 @@
1809 * to be the owner of the tty, or super-user.
1812 +#ifdef CONFIG_GRKERNSEC
1813 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1815 if (current->tty == tty || suser())
1819 kbd = kbd_table + console;
1820 @@ -1038,12 +1043,20 @@
1821 return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
1824 +#ifdef CONFIG_GRKERNSEC
1825 + if (!capable(CAP_SYS_TTY_CONFIG))
1832 case VT_UNLOCKSWITCH:
1833 +#ifdef CONFIG_GRKERNSEC
1834 + if (!capable(CAP_SYS_TTY_CONFIG))
1841 diff -urN linux-2.4.21/drivers/pci/proc.c linux-2.4.21/drivers/pci/proc.c
1842 --- linux-2.4.21/drivers/pci/proc.c 2003-06-23 11:42:12.000000000 -0400
1843 +++ linux-2.4.21/drivers/pci/proc.c 2003-06-23 11:49:15.000000000 -0400
1844 @@ -562,7 +562,15 @@
1845 pci_for_each_dev(dev) {
1846 pci_proc_attach_device(dev);
1848 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
1849 +#ifdef CONFIG_GRKERNSEC_PROC_USER
1850 + entry = create_proc_entry("pci", S_IRUSR, NULL);
1851 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
1852 + entry = create_proc_entry("pci", S_IRUSR | S_IRGRP, NULL);
1855 entry = create_proc_entry("pci", 0, NULL);
1858 entry->proc_fops = &proc_pci_operations;
1860 diff -urN linux-2.4.21/fs/binfmt_aout.c linux-2.4.21/fs/binfmt_aout.c
1861 --- linux-2.4.21/fs/binfmt_aout.c 2003-06-23 11:41:29.000000000 -0400
1862 +++ linux-2.4.21/fs/binfmt_aout.c 2003-06-23 11:49:16.000000000 -0400
1866 #include <linux/module.h>
1867 +#include <linux/config.h>
1869 #include <linux/sched.h>
1870 #include <linux/kernel.h>
1871 @@ -113,10 +114,12 @@
1872 /* If the size of the dump file exceeds the rlimit, then see what would happen
1873 if we wrote the stack, but not the data area. */
1875 + gr_learn_resource(current, RLIMIT_CORE, dump.u_dsize+dump.u_ssize);
1876 if ((dump.u_dsize+dump.u_ssize) >
1877 current->rlim[RLIMIT_CORE].rlim_cur)
1880 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE);
1881 if ((dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE >
1882 current->rlim[RLIMIT_CORE].rlim_cur)
1884 @@ -124,10 +127,12 @@
1886 /* Make sure we have enough room to write the stack and data areas. */
1888 + gr_learn_resource(current, RLIMIT_CORE, dump.u_ssize);
1889 if ((dump.u_ssize) >
1890 current->rlim[RLIMIT_CORE].rlim_cur)
1893 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize+1) * PAGE_SIZE);
1894 if ((dump.u_ssize+1) * PAGE_SIZE >
1895 current->rlim[RLIMIT_CORE].rlim_cur)
1898 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
1899 if (rlim >= RLIM_INFINITY)
1902 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss);
1903 if (ex.a_data + ex.a_bss > rlim)
1906 diff -urN linux-2.4.21/fs/binfmt_elf.c linux-2.4.21/fs/binfmt_elf.c
1907 --- linux-2.4.21/fs/binfmt_elf.c 2003-06-23 11:41:29.000000000 -0400
1908 +++ linux-2.4.21/fs/binfmt_elf.c 2003-06-23 11:49:16.000000000 -0400
1911 #include <linux/module.h>
1913 +#include <linux/config.h>
1914 #include <linux/fs.h>
1915 #include <linux/stat.h>
1916 #include <linux/sched.h>
1918 #include <linux/smp_lock.h>
1919 #include <linux/compiler.h>
1920 #include <linux/highmem.h>
1921 +#include <linux/grsecurity.h>
1923 #include <asm/uaccess.h>
1924 #include <asm/param.h>
1925 @@ -1003,8 +1163,11 @@
1928 #define DUMP_WRITE(addr, nr) \
1930 + gr_learn_resource(current, RLIMIT_CORE, size + (nr)); \
1931 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
1932 - goto end_coredump;
1933 + goto end_coredump; \
1935 #define DUMP_SEEK(off) \
1936 if (!dump_seek(file, (off))) \
1938 diff -urN linux-2.4.21/fs/buffer.c linux-2.4.21/fs/buffer.c
1939 --- linux-2.4.21/fs/buffer.c 2003-06-23 11:41:28.000000000 -0400
1940 +++ linux-2.4.21/fs/buffer.c 2003-06-23 11:49:16.000000000 -0400
1941 @@ -1781,6 +1781,9 @@
1946 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size);
1948 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
1949 if (limit != RLIM_INFINITY && size > (loff_t)limit) {
1950 send_sig(SIGXFSZ, current, 0);
1951 diff -urN linux-2.4.21/fs/exec.c linux-2.4.21/fs/exec.c
1952 --- linux-2.4.21/fs/exec.c 2003-06-23 11:41:28.000000000 -0400
1953 +++ linux-2.4.21/fs/exec.c 2003-06-23 11:49:16.000000000 -0400
1955 #include <asm/uaccess.h>
1956 #include <asm/pgalloc.h>
1957 #include <asm/mmu_context.h>
1958 +#include <linux/major.h>
1959 +#include <linux/grsecurity.h>
1962 #include <linux/kmod.h>
1964 cap_set_full(bprm->cap_effective);
1967 + if (gr_handle_ptrace_exec(bprm->file->f_dentry, bprm->file->f_vfsmnt))
1970 memset(bprm->buf,0,BINPRM_BUF_SIZE);
1971 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
1974 current->suid = current->euid = current->fsuid = bprm->e_uid;
1975 current->sgid = current->egid = current->fsgid = bprm->e_gid;
1977 + gr_handle_chroot_caps(current);
1981 current->keep_capabilities = 0;
1982 @@ -885,6 +928,11 @@
1986 +#ifdef CONFIG_GRKERNSEC
1987 + struct file *old_exec_file;
1988 + struct acl_subject_label *old_acl;
1989 + struct rlimit old_rlim[RLIM_NLIMITS];
1992 file = open_exec(filename);
1994 @@ -892,7 +940,21 @@
1998 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
2000 + if (gr_handle_nproc()) {
2001 + allow_write_access(file);
2006 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
2007 + allow_write_access(file);
2012 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
2013 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
2016 @@ -916,11 +987,26 @@
2020 + if (!gr_tpe_allow(file)) {
2025 + if(gr_check_crash_exec(file)) {
2030 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
2036 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
2038 + gr_handle_exec_args(&bprm, argv);
2040 retval = copy_strings(bprm.envc, envp, &bprm);
2043 @@ -929,11 +1015,32 @@
2047 +#ifdef CONFIG_GRKERNSEC
2048 + old_acl = current->acl;
2049 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
2050 + old_exec_file = current->exec_file;
2052 + current->exec_file = file;
2055 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
2057 retval = search_binary_handler(&bprm,regs);
2059 + if (retval >= 0) {
2060 +#ifdef CONFIG_GRKERNSEC
2061 + if (old_exec_file)
2062 + fput(old_exec_file);
2064 /* execve success */
2068 +#ifdef CONFIG_GRKERNSEC
2069 + current->acl = old_acl;
2070 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
2071 + fput(current->exec_file);
2072 + current->exec_file = old_exec_file;
2075 /* Something went wrong, return the inode and free the argument pages*/
2076 allow_write_access(bprm.file);
2077 @@ -1090,6 +1234,7 @@
2078 if (!is_dumpable(current))
2080 current->mm->dumpable = 0;
2081 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump);
2082 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
2085 @@ -1109,7 +1254,7 @@
2087 if (!file->f_op->write)
2089 - if (do_truncate(file->f_dentry, 0) != 0)
2090 + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)
2093 retval = binfmt->core_dump(signr, regs, file);
2094 diff -urN linux-2.4.21/fs/fcntl.c linux-2.4.21/fs/fcntl.c
2095 --- linux-2.4.21/fs/fcntl.c 2003-06-23 11:41:29.000000000 -0400
2096 +++ linux-2.4.21/fs/fcntl.c 2003-06-23 11:49:16.000000000 -0400
2098 #include <linux/smp_lock.h>
2099 #include <linux/slab.h>
2100 #include <linux/iobuf.h>
2101 +#include <linux/grsecurity.h>
2103 #include <asm/poll.h>
2104 #include <asm/siginfo.h>
2109 + gr_learn_resource(current, RLIMIT_NOFILE, orig_start);
2111 write_lock(&files->file_lock);
2118 + gr_learn_resource(current, RLIMIT_NOFILE, newfd);
2119 if (newfd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2123 struct file * file, *tofree;
2124 struct files_struct * files = current->files;
2126 + gr_learn_resource(current, RLIMIT_NOFILE, newfd);
2128 write_lock(&files->file_lock);
2129 if (!(file = fcheck(oldfd)))
2131 @@ -448,6 +454,10 @@
2135 + if (gr_check_protected_task(p))
2137 + if (gr_pid_is_chrooted(p))
2139 send_sigio_to_task(p, fown, fd, band);
2142 diff -urN linux-2.4.21/fs/locks.c linux-2.4.21/fs/locks.c
2143 --- linux-2.4.21/fs/locks.c 2003-06-23 11:41:28.000000000 -0400
2144 +++ linux-2.4.21/fs/locks.c 2003-06-23 11:49:16.000000000 -0400
2146 static struct file_lock *locks_alloc_lock(int account)
2148 struct file_lock *fl;
2149 + if(account) gr_learn_resource(current, RLIMIT_LOCKS, current->locks);
2150 if (account && current->locks >= current->rlim[RLIMIT_LOCKS].rlim_cur)
2152 fl = kmem_cache_alloc(filelock_cache, SLAB_KERNEL);
2153 diff -urN linux-2.4.21/fs/namei.c linux-2.4.21/fs/namei.c
2154 --- linux-2.4.21/fs/namei.c 2003-06-23 11:41:28.000000000 -0400
2155 +++ linux-2.4.21/fs/namei.c 2003-06-23 11:49:16.000000000 -0400
2157 #include <linux/dnotify.h>
2158 #include <linux/smp_lock.h>
2159 #include <linux/personality.h>
2160 +#include <linux/grsecurity.h>
2162 #include <asm/namei.h>
2163 #include <asm/uaccess.h>
2164 @@ -343,6 +344,13 @@
2165 current->state = TASK_RUNNING;
2169 + if (gr_handle_follow_link(dentry->d_parent->d_inode,
2170 + dentry->d_inode, dentry, nd->mnt)) {
2175 current->link_count++;
2176 current->total_link_count++;
2177 UPDATE_ATIME(dentry->d_inode);
2178 @@ -641,6 +649,10 @@
2182 + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) {
2189 @@ -1013,7 +1025,21 @@
2190 error = path_lookup(pathname, lookup_flags(flag), nd);
2194 + if (gr_acl_is_enabled() && nd->dentry->d_inode &&
2195 + S_ISBLK(nd->dentry->d_inode->i_mode) &&
2196 + !capable(CAP_SYS_RAWIO)) {
2201 + if (!gr_acl_handle_open(nd->dentry, nd->mnt, flag)) {
2206 dentry = nd->dentry;
2211 @@ -1046,7 +1072,16 @@
2212 if (!dentry->d_inode) {
2213 if (!IS_POSIXACL(dir->d_inode))
2214 mode &= ~current->fs->umask;
2215 + if (!gr_acl_handle_creat(dentry, nd->dentry, nd->mnt, flag, mode)) {
2217 + up(&dir->d_inode->i_sem);
2221 error = vfs_create(dir->d_inode, dentry, mode);
2223 + gr_handle_create(dentry, nd->mnt);
2225 up(&dir->d_inode->i_sem);
2227 nd->dentry = dentry;
2228 @@ -1056,12 +1091,35 @@
2229 /* Don't check for write permission, don't truncate */
2237 * It already exists.
2240 + if (gr_acl_is_enabled() && S_ISBLK(dentry->d_inode->i_mode) &&
2241 + !capable(CAP_SYS_RAWIO)) {
2243 + up(&dir->d_inode->i_sem);
2247 + if (!gr_acl_handle_open(dentry, nd->mnt, flag)) {
2249 + up(&dir->d_inode->i_sem);
2253 + inode = dentry->d_inode;
2255 + if (gr_handle_fifo(dentry, nd->mnt, dir, flag, acc_mode)) {
2256 + up(&dir->d_inode->i_sem);
2261 up(&dir->d_inode->i_sem);
2264 @@ -1151,7 +1209,7 @@
2268 - error = do_truncate(dentry, 0);
2269 + error = do_truncate(dentry,0,nd->mnt);
2271 put_write_access(inode);
2273 @@ -1182,6 +1240,13 @@
2274 * stored in nd->last.name and we will have to putname() it when we
2275 * are done. Procfs-like symlinks just set LAST_BIND.
2278 + if (gr_handle_follow_link(dentry->d_parent->d_inode, dentry->d_inode,
2279 + dentry, nd->mnt)) {
2284 UPDATE_ATIME(dentry->d_inode);
2285 error = dentry->d_inode->i_op->follow_link(dentry, nd);
2287 @@ -1280,6 +1345,18 @@
2289 mode &= ~current->fs->umask;
2290 if (!IS_ERR(dentry)) {
2291 + if (gr_handle_chroot_mknod(dentry, nd.mnt, mode)) {
2297 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
2303 switch (mode & S_IFMT) {
2304 case 0: case S_IFREG:
2305 error = vfs_create(nd.dentry->d_inode,dentry,mode);
2306 @@ -1293,8 +1370,13 @@
2312 + gr_handle_create(dentry, nd.mnt);
2317 up(&nd.dentry->d_inode->i_sem);
2320 @@ -1346,7 +1428,16 @@
2321 if (!IS_ERR(dentry)) {
2322 if (!IS_POSIXACL(nd.dentry->d_inode))
2323 mode &= ~current->fs->umask;
2324 - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
2327 + if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
2331 + error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
2333 + gr_handle_create(dentry, nd.mnt);
2337 up(&nd.dentry->d_inode->i_sem);
2338 @@ -1431,6 +1522,8 @@
2340 struct dentry *dentry;
2341 struct nameidata nd;
2342 + ino_t saved_ino = 0;
2343 + kdev_t saved_dev = 0;
2345 name = getname(pathname);
2347 @@ -1455,7 +1548,22 @@
2348 dentry = lookup_hash(&nd.last, nd.dentry);
2349 error = PTR_ERR(dentry);
2350 if (!IS_ERR(dentry)) {
2351 - error = vfs_rmdir(nd.dentry->d_inode, dentry);
2353 + if (dentry->d_inode) {
2354 + if (dentry->d_inode->i_nlink <= 1) {
2355 + saved_ino = dentry->d_inode->i_ino;
2356 + saved_dev = dentry->d_inode->i_dev;
2359 + if (!gr_acl_handle_rmdir(dentry, nd.mnt))
2364 + error = vfs_rmdir(nd.dentry->d_inode, dentry);
2365 + if (!error && (saved_dev || saved_ino))
2366 + gr_handle_delete(saved_ino,saved_dev);
2370 up(&nd.dentry->d_inode->i_sem);
2371 @@ -1499,6 +1607,8 @@
2373 struct dentry *dentry;
2374 struct nameidata nd;
2375 + ino_t saved_ino = 0;
2376 + kdev_t saved_dev = 0;
2378 name = getname(pathname);
2380 @@ -1517,7 +1627,21 @@
2381 /* Why not before? Because we want correct error value */
2382 if (nd.last.name[nd.last.len])
2384 - error = vfs_unlink(nd.dentry->d_inode, dentry);
2386 + if (dentry->d_inode) {
2387 + if (dentry->d_inode->i_nlink <= 1) {
2388 + saved_ino = dentry->d_inode->i_ino;
2389 + saved_dev = dentry->d_inode->i_dev;
2392 + if (!gr_acl_handle_unlink(dentry, nd.mnt))
2397 + error = vfs_unlink(nd.dentry->d_inode, dentry);
2398 + if (!error && (saved_ino || saved_dev))
2399 + gr_handle_delete(saved_ino,saved_dev);
2403 @@ -1581,7 +1705,15 @@
2404 dentry = lookup_create(&nd, 0);
2405 error = PTR_ERR(dentry);
2406 if (!IS_ERR(dentry)) {
2407 - error = vfs_symlink(nd.dentry->d_inode, dentry, from);
2410 + if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from))
2414 + error = vfs_symlink(nd.dentry->d_inode, dentry, from);
2416 + gr_handle_create(dentry, nd.mnt);
2419 up(&nd.dentry->d_inode->i_sem);
2420 @@ -1665,7 +1797,27 @@
2421 new_dentry = lookup_create(&nd, 0);
2422 error = PTR_ERR(new_dentry);
2423 if (!IS_ERR(new_dentry)) {
2424 - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
2427 + if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
2428 + old_nd.dentry->d_inode,
2429 + old_nd.dentry->d_inode->i_mode, to)) {
2434 + if (!gr_acl_handle_link(new_dentry, nd.dentry, nd.mnt,
2435 + old_nd.dentry, old_nd.mnt, to)) {
2440 + error = vfs_link(old_nd.dentry,
2441 + nd.dentry->d_inode, new_dentry);
2444 + gr_handle_create(new_dentry, nd.mnt);
2448 up(&nd.dentry->d_inode->i_sem);
2449 @@ -1896,10 +2048,15 @@
2450 if (IS_ERR(new_dentry))
2454 - error = vfs_rename(old_dir->d_inode, old_dentry,
2455 + error = gr_acl_handle_rename(new_dentry, newnd.dentry, newnd.mnt,
2456 + old_dentry, old_dir->d_inode, oldnd.mnt, newname);
2460 + error = vfs_rename(old_dir->d_inode, old_dentry,
2461 new_dir->d_inode, new_dentry);
2468 diff -urN linux-2.4.21/fs/namespace.c linux-2.4.21/fs/namespace.c
2469 --- linux-2.4.21/fs/namespace.c 2003-06-23 11:41:28.000000000 -0400
2470 +++ linux-2.4.21/fs/namespace.c 2003-06-23 11:49:16.000000000 -0400
2472 #include <linux/quotaops.h>
2473 #include <linux/acct.h>
2474 #include <linux/module.h>
2475 +#include <linux/sched.h>
2476 +#include <linux/grsecurity.h>
2478 #include <asm/uaccess.h>
2482 retval = do_remount_sb(sb, MS_RDONLY, 0);
2485 + gr_log_remount(mnt->mnt_devname, retval);
2487 up_write(&sb->s_umount);
2491 spin_unlock(&dcache_lock);
2492 up_write(¤t->namespace->sem);
2494 + gr_log_unmount(mnt->mnt_devname, retval);
2499 @@ -729,6 +736,12 @@
2503 + if (gr_handle_chroot_mount(nd.dentry, nd.mnt, dev_name)) {
2505 + path_release(&nd);
2509 if (flags & MS_REMOUNT)
2510 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
2513 retval = do_add_mount(&nd, type_page, flags, mnt_flags,
2514 dev_name, data_page);
2517 + gr_log_mount(dev_name, dir_name, retval);
2523 if (!capable(CAP_SYS_ADMIN))
2526 + if (gr_handle_chroot_pivot())
2531 error = __user_walk(new_root, LOOKUP_POSITIVE|LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd);
2532 diff -urN linux-2.4.21/fs/open.c linux-2.4.21/fs/open.c
2533 --- linux-2.4.21/fs/open.c 2003-06-23 11:41:28.000000000 -0400
2534 +++ linux-2.4.21/fs/open.c 2003-06-23 11:49:16.000000000 -0400
2536 #include <linux/slab.h>
2537 #include <linux/tty.h>
2538 #include <linux/iobuf.h>
2539 +#include <linux/grsecurity.h>
2541 #include <asm/uaccess.h>
2544 write_unlock(&files->file_lock);
2547 -int do_truncate(struct dentry *dentry, loff_t length)
2548 +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)
2550 struct inode *inode = dentry->d_inode;
2556 + if (!gr_acl_handle_truncate(dentry, mnt))
2559 down(&inode->i_sem);
2560 newattrs.ia_size = length;
2561 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
2563 error = locks_verify_truncate(inode, NULL, length);
2566 - error = do_truncate(nd.dentry, length);
2567 + error = do_truncate(nd.dentry, length, nd.mnt);
2569 put_write_access(inode);
2573 error = locks_verify_truncate(inode, file, length);
2575 - error = do_truncate(dentry, length);
2576 + error = do_truncate(dentry, length, file->f_vfsmnt);
2580 @@ -284,6 +288,12 @@
2581 (error = permission(inode,MAY_WRITE)) != 0)
2585 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
2587 + goto dput_and_out;
2590 error = notify_change(nd.dentry, &newattrs);
2593 @@ -329,6 +339,12 @@
2594 (error = permission(inode,MAY_WRITE)) != 0)
2598 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
2600 + goto dput_and_out;
2603 error = notify_change(nd.dentry, &newattrs);
2606 @@ -371,6 +387,10 @@
2607 if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
2608 && !special_file(nd.dentry->d_inode->i_mode))
2611 + if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode))
2621 + gr_log_chdir(nd.dentry, nd.mnt);
2623 set_fs_pwd(current->fs, nd.mnt, nd.dentry);
2626 @@ -424,6 +446,13 @@
2629 error = permission(inode, MAY_EXEC);
2631 + if (!error && !gr_chroot_fchdir(dentry, mnt))
2635 + gr_log_chdir(dentry, mnt);
2638 set_fs_pwd(current->fs, mnt, dentry);
2640 @@ -450,8 +479,16 @@
2641 if (!capable(CAP_SYS_CHROOT))
2644 + if (gr_handle_chroot_chroot(nd.dentry, nd.mnt))
2645 + goto dput_and_out;
2647 set_fs_root(current->fs, nd.mnt, nd.dentry);
2650 + gr_handle_chroot_caps(current);
2652 + gr_handle_chroot_chdir(nd.dentry, nd.mnt);
2657 @@ -480,8 +517,20 @@
2659 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2662 + if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) {
2667 if (mode == (mode_t) -1)
2668 mode = inode->i_mode;
2670 + if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) {
2675 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
2676 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
2677 err = notify_change(dentry, &newattrs);
2678 @@ -512,8 +561,19 @@
2679 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2682 + if (!gr_acl_handle_chmod(nd.dentry, nd.mnt, mode)) {
2684 + goto dput_and_out;
2687 if (mode == (mode_t) -1)
2688 mode = inode->i_mode;
2690 + if (gr_handle_chroot_chmod(nd.dentry, nd.mnt, mode)) {
2692 + goto dput_and_out;
2695 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
2696 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
2697 error = notify_change(nd.dentry, &newattrs);
2702 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
2703 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
2705 struct inode * inode;
2707 @@ -541,6 +601,12 @@
2709 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2712 + if (!gr_acl_handle_chown(dentry, mnt)) {
2717 if (user == (uid_t) -1)
2718 user = inode->i_uid;
2719 if (group == (gid_t) -1)
2722 error = user_path_walk(filename, &nd);
2724 - error = chown_common(nd.dentry, user, group);
2725 + error = chown_common(nd.dentry, user, group, nd.mnt);
2731 error = user_path_walk_link(filename, &nd);
2733 - error = chown_common(nd.dentry, user, group);
2734 + error = chown_common(nd.dentry, user, group, nd.mnt);
2742 - error = chown_common(file->f_dentry, user, group);
2743 + error = chown_common(file->f_dentry, user,
2744 + group, file->f_vfsmnt);
2749 * N.B. For clone tasks sharing a files structure, this test
2750 * will limit the total number of files that can be opened.
2752 + gr_learn_resource(current, RLIMIT_NOFILE, fd);
2753 if (fd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2756 diff -urN linux-2.4.21/fs/proc/array.c linux-2.4.21/fs/proc/array.c
2757 --- linux-2.4.21/fs/proc/array.c 2003-06-23 11:41:29.000000000 -0400
2758 +++ linux-2.4.21/fs/proc/array.c 2003-06-23 11:49:16.000000000 -0400
2759 @@ -334,6 +340,12 @@
2761 wchan = get_wchan(task);
2763 +#ifdef CONFIG_GRKERNSEC_HIDESYM
2769 collect_sigign_sigcatch(task, &sigign, &sigcatch);
2771 /* scale priority and nice values from timeslices to -20..20 */
2772 @@ -684,6 +727,16 @@
2776 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2777 +int proc_pid_ipaddr(struct task_struct *task, char * buffer)
2781 + len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->curr_ip));
2787 int proc_pid_cpu(struct task_struct *task, char * buffer)
2789 diff -urN linux-2.4.21/fs/proc/base.c linux-2.4.21/fs/proc/base.c
2790 --- linux-2.4.21/fs/proc/base.c 2003-06-23 11:41:29.000000000 -0400
2791 +++ linux-2.4.21/fs/proc/base.c 2003-06-23 11:49:16.000000000 -0400
2793 #include <linux/string.h>
2794 #include <linux/seq_file.h>
2795 #include <linux/namespace.h>
2796 +#include <linux/grsecurity.h>
2799 * For hysterical raisins we keep the same inumbers as in the old procfs.
2801 int proc_pid_status(struct task_struct*,char*);
2802 int proc_pid_statm(struct task_struct*,char*);
2803 int proc_pid_cpu(struct task_struct*,char*);
2804 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2805 +int proc_pid_ipaddr(struct task_struct*,char*);
2808 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
2810 @@ -228,9 +232,22 @@
2812 static int proc_permission(struct inode *inode, int mask)
2815 + struct task_struct *task;
2817 if (vfs_permission(inode, mask) != 0)
2819 - return proc_check_root(inode);
2820 + ret = proc_check_root(inode);
2825 + task = inode->u.proc_i.task;
2830 + return gr_acl_handle_procpidmem(task);
2833 static ssize_t pid_maps_read(struct file * file, char * buf,
2838 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2842 PROC_PID_FD_DIR = 0x8000, /* 0x8000-0xffff */
2846 E(PROC_PID_CPU, "cpu", S_IFREG|S_IRUGO),
2848 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2849 + E(PROC_PID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
2851 E(PROC_PID_MAPS, "maps", S_IFREG|S_IRUGO),
2852 E(PROC_PID_MEM, "mem", S_IFREG|S_IRUSR|S_IWUSR),
2853 E(PROC_PID_CWD, "cwd", S_IFLNK|S_IRWXUGO),
2854 @@ -717,10 +740,17 @@
2855 get_task_struct(task);
2856 inode->u.proc_i.task = task;
2858 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2859 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
2864 if (ino == PROC_PID_INO || task_dumpable(task)) {
2865 inode->i_uid = task->euid;
2866 +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP
2867 inode->i_gid = task->egid;
2872 @@ -928,6 +958,12 @@
2873 inode->u.proc_i.op.proc_read = proc_pid_cpu;
2876 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2877 + case PROC_PID_IPADDR:
2878 + inode->i_fop = &proc_info_file_operations;
2879 + inode->u.proc_i.op.proc_read = proc_pid_ipaddr;
2883 inode->i_op = &proc_mem_inode_operations;
2884 inode->i_fop = &proc_mem_operations;
2885 @@ -1026,13 +1062,34 @@
2889 + if(gr_check_hidden_task(task)) {
2890 + free_task_struct(task);
2894 +#ifdef CONFIG_GRKERNSEC_PROC
2895 + if (current->uid && (task->uid != current->uid)
2896 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2897 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
2900 + free_task_struct(task);
2904 inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);
2906 free_task_struct(task);
2910 +#ifdef CONFIG_GRKERNSEC_PROC_USER
2911 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
2912 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
2913 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
2915 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
2917 inode->i_op = &proc_base_inode_operations;
2918 inode->i_fop = &proc_base_operations;
2920 @@ -1072,6 +1129,18 @@
2924 + if(gr_pid_is_chrooted(p))
2926 + if(gr_check_hidden_task(p))
2928 +#ifdef CONFIG_GRKERNSEC_PROC
2929 + if (current->uid && (p->uid != current->uid)
2930 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2931 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
2938 pids[nr_pids] = pid;
2939 diff -urN linux-2.4.21/fs/proc/generic.c linux-2.4.21/fs/proc/generic.c
2940 --- linux-2.4.21/fs/proc/generic.c 2003-07-29 17:57:01.000000000 -0400
2941 +++ linux-2.4.21/fs/proc/generic.c 2003-07-29 17:58:19.000000000 -0400
2942 @@ -503,6 +503,32 @@
2946 +#ifdef CONFIG_GRKERNSEC_PROC
2947 +struct proc_dir_entry *proc_priv_mkdir(const char *name, struct proc_dir_entry *parent)
2949 + struct proc_dir_entry *ent;
2952 +#ifdef CONFIG_GRKERNSEC_PROC_USER
2953 + mode = S_IFDIR | S_IRUSR | S_IXUSR;
2954 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
2955 + mode = S_IFDIR | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP;
2958 + ent = proc_create(&parent, name, mode, 2);
2960 + ent->proc_fops = &proc_dir_operations;
2961 + ent->proc_iops = &proc_dir_inode_operations;
2963 + if (proc_register(parent, ent) < 0) {
2972 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
2973 struct proc_dir_entry *parent)
2975 diff -urN linux-2.4.21/fs/proc/inode.c linux-2.4.21/fs/proc/inode.c
2976 --- linux-2.4.21/fs/proc/inode.c 2003-06-23 11:41:29.000000000 -0400
2977 +++ linux-2.4.21/fs/proc/inode.c 2003-06-23 11:49:16.000000000 -0400
2978 @@ -152,7 +152,11 @@
2980 inode->i_mode = de->mode;
2981 inode->i_uid = de->uid;
2982 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2983 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
2985 inode->i_gid = de->gid;
2989 inode->i_size = de->size;
2990 diff -urN linux-2.4.21/fs/proc/proc_misc.c linux-2.4.21/fs/proc/proc_misc.c
2991 --- linux-2.4.21/fs/proc/proc_misc.c 2003-06-23 11:41:29.000000000 -0400
2992 +++ linux-2.4.21/fs/proc/proc_misc.c 2003-06-23 11:49:16.000000000 -0400
2994 void __init proc_misc_init(void)
2996 struct proc_dir_entry *entry;
3000 int (*read_proc)(char*,char**,off_t,int,int*,void*);
3001 @@ -582,48 +583,81 @@
3002 #ifdef CONFIG_STRAM_PROC
3003 {"stram", stram_read_proc},
3005 -#ifdef CONFIG_MODULES
3006 +#if defined(CONFIG_MODULES) && !defined(CONFIG_GRKERNSEC_PROC)
3007 {"modules", modules_read_proc},
3009 {"stat", kstat_read_proc},
3010 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3011 {"devices", devices_read_proc},
3012 -#if !defined(CONFIG_ARCH_S390)
3014 +#if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
3015 {"interrupts", interrupts_read_proc},
3017 {"filesystems", filesystems_read_proc},
3018 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3019 {"dma", dma_read_proc},
3020 {"ioports", ioports_read_proc},
3021 {"cmdline", cmdline_read_proc},
3023 #ifdef CONFIG_SGI_DS1286
3024 {"rtc", ds1286_read_proc},
3026 {"locks", locks_read_proc},
3027 {"swaps", swaps_read_proc},
3028 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3029 {"iomem", memory_read_proc},
3031 {"execdomains", execdomains_read_proc},
3034 for (p = simple_ones; p->name; p++)
3035 create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
3037 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3038 + gr_mode = S_IRUSR;
3039 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3040 + gr_mode = S_IRUSR | S_IRGRP;
3043 +#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)
3044 + create_proc_read_entry("modules", gr_mode, NULL, &modules_read_proc, NULL);
3046 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3047 + create_proc_read_entry("devices", gr_mode, NULL, &devices_read_proc, NULL);
3048 + create_proc_read_entry("dma", gr_mode, NULL, &dma_read_proc, NULL);
3049 + create_proc_read_entry("ioports", gr_mode, NULL, &ioports_read_proc, NULL);
3050 + create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL);
3051 + create_proc_read_entry("iomem", gr_mode, NULL, &memory_read_proc, NULL);
3052 +#if !defined(CONFIG_ARCH_S390)
3053 + create_proc_read_entry("interrupts", gr_mode, NULL, &interrupts_read_proc, NULL);
3057 proc_symlink("mounts", NULL, "self/mounts");
3059 /* And now for trickier ones */
3060 entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
3062 entry->proc_fops = &proc_kmsg_operations;
3063 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3064 + create_seq_entry("cpuinfo", gr_mode, &proc_cpuinfo_operations);
3065 + create_seq_entry("slabinfo", gr_mode,&proc_slabinfo_operations);
3067 create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
3068 - create_seq_entry("partitions", 0, &proc_partitions_operations);
3069 create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations);
3071 + create_seq_entry("partitions", 0, &proc_partitions_operations);
3072 #ifdef CONFIG_MODULES
3073 - create_seq_entry("ksyms", 0, &proc_ksyms_operations);
3074 + create_seq_entry("ksyms", gr_mode, &proc_ksyms_operations);
3076 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3077 proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
3078 if (proc_root_kcore) {
3079 proc_root_kcore->proc_fops = &proc_kcore_operations;
3080 proc_root_kcore->size =
3081 (size_t)high_memory - PAGE_OFFSET + PAGE_SIZE;
3085 entry = create_proc_entry("profile", S_IWUSR | S_IRUGO, NULL);
3087 diff -urN linux-2.4.21/fs/proc/proc_tty.c linux-2.4.21/fs/proc/proc_tty.c
3088 --- linux-2.4.21/fs/proc/proc_tty.c 2003-06-23 11:41:29.000000000 -0400
3089 +++ linux-2.4.21/fs/proc/proc_tty.c 2003-06-23 11:49:16.000000000 -0400
3090 @@ -174,7 +174,11 @@
3091 * password lengths and inter-keystroke timings during password
3094 +#ifdef CONFIG_GRKERNSEC_PROC
3095 + proc_tty_driver = proc_priv_mkdir("tty/driver", 0);
3097 proc_tty_driver = proc_mkdir_mode("tty/driver", S_IRUSR | S_IXUSR, 0);
3100 create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
3101 create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);
3102 diff -urN linux-2.4.21/fs/proc/root.c linux-2.4.21/fs/proc/root.c
3103 --- linux-2.4.21/fs/proc/root.c 2003-06-23 11:41:29.000000000 -0400
3104 +++ linux-2.4.21/fs/proc/root.c 2003-06-23 11:49:16.000000000 -0400
3109 +#ifdef CONFIG_GRKERNSEC_PROC
3110 + proc_net = proc_priv_mkdir("net", 0);
3112 proc_net = proc_mkdir("net", 0);
3114 #ifdef CONFIG_SYSVIPC
3115 proc_mkdir("sysvipc", 0);
3117 #ifdef CONFIG_SYSCTL
3118 +#ifdef CONFIG_GRKERNSEC_PROC
3119 + proc_sys_root = proc_priv_mkdir("sys", 0);
3121 proc_sys_root = proc_mkdir("sys", 0);
3124 #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE)
3125 proc_mkdir("sys/fs", 0);
3126 proc_mkdir("sys/fs/binfmt_misc", 0);
3128 #ifdef CONFIG_PPC_RTAS
3132 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3133 + proc_bus = proc_priv_mkdir("bus", 0);
3135 proc_bus = proc_mkdir("bus", 0);
3139 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry)
3140 diff -urN linux-2.4.21/fs/readdir.c linux-2.4.21/fs/readdir.c
3141 --- linux-2.4.21/fs/readdir.c 2003-06-23 11:41:29.000000000 -0400
3142 +++ linux-2.4.21/fs/readdir.c 2003-06-23 11:49:16.000000000 -0400
3144 #include <linux/stat.h>
3145 #include <linux/file.h>
3146 #include <linux/smp_lock.h>
3147 +#include <linux/grsecurity.h>
3149 #include <asm/uaccess.h>
3152 struct readdir_callback {
3153 struct old_linux_dirent * dirent;
3155 + struct nameidata nd;
3158 static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset,
3159 @@ -191,6 +193,10 @@
3164 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3168 dirent = buf->dirent;
3169 put_user(ino, &dirent->d_ino);
3172 buf.dirent = dirent;
3174 + buf.nd.dentry = file->f_dentry;
3175 + buf.nd.mnt = file->f_vfsmnt;
3177 error = vfs_readdir(file, fillonedir, &buf);
3181 struct linux_dirent * previous;
3184 + struct nameidata nd;
3187 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
3188 @@ -254,6 +264,10 @@
3189 buf->error = -EINVAL; /* only used if we fail.. */
3190 if (reclen > buf->count)
3193 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3196 dirent = buf->previous;
3198 put_user(offset, &dirent->d_off);
3203 + buf.nd.dentry = file->f_dentry;
3204 + buf.nd.mnt = file->f_vfsmnt;
3206 error = vfs_readdir(file, filldir, &buf);
3210 struct linux_dirent64 * previous;
3213 + struct nameidata nd;
3216 static int filldir64(void * __buf, const char * name, int namlen, loff_t offset,
3217 @@ -332,6 +350,10 @@
3218 buf->error = -EINVAL; /* only used if we fail.. */
3219 if (reclen > buf->count)
3222 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3225 dirent = buf->previous;
3232 + buf.nd.mnt = file->f_vfsmnt;
3233 + buf.nd.dentry = file->f_dentry;
3235 error = vfs_readdir(file, filldir64, &buf);
3238 diff -urN linux-2.4.21/grsecurity/Config.in linux-2.4.21/grsecurity/Config.in
3239 --- linux-2.4.21/grsecurity/Config.in 1969-12-31 19:00:00.000000000 -0500
3240 +++ linux-2.4.21/grsecurity/Config.in 2003-07-29 17:58:19.000000000 -0400
3242 +choice 'Security level' \
3243 + "Low CONFIG_GRKERNSEC_LOW \
3244 + Medium CONFIG_GRKERNSEC_MID \
3245 + High CONFIG_GRKERNSEC_HI \
3246 + Customized CONFIG_GRKERNSEC_CUSTOM" Customized
3247 +if [ "$CONFIG_GRKERNSEC_LOW" = "y" ]; then
3248 +define_bool CONFIG_GRKERNSEC_RANDSRC n
3249 +define_bool CONFIG_GRKERNSEC_RANDRPC n
3250 +define_bool CONFIG_GRKERNSEC_FORKFAIL n
3251 +define_bool CONFIG_GRKERNSEC_TIME n
3252 +define_bool CONFIG_GRKERNSEC_SIGNAL n
3253 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
3254 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT n
3255 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
3256 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE n
3257 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT n
3258 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD n
3259 +define_bool CONFIG_GRKERNSEC_PROC n
3260 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3261 +define_bool CONFIG_GRKERNSEC_HIDESYM n
3262 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
3263 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL n
3264 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP n
3265 +define_bool CONFIG_GRKERNSEC_KMEM n
3266 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
3267 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
3268 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
3269 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
3270 +if [ "$CONFIG_X86" = "y" ]; then
3271 +define_bool CONFIG_GRKERNSEC_IO n
3273 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3274 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3275 +define_bool CONFIG_GRKERNSEC_RESLOG n
3276 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3277 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3279 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3280 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3281 +define_bool CONFIG_GRKERNSEC_LINK y
3282 +define_bool CONFIG_GRKERNSEC_FIFO y
3283 +define_bool CONFIG_GRKERNSEC_RANDPID y
3284 +define_bool CONFIG_GRKERNSEC_EXECVE y
3285 +define_bool CONFIG_GRKERNSEC_RANDNET y
3286 +define_bool CONFIG_GRKERNSEC_RANDISN n
3287 +define_bool CONFIG_GRKERNSEC_DMESG y
3288 +define_bool CONFIG_GRKERNSEC_RANDID y
3289 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3291 +if [ "$CONFIG_GRKERNSEC_MID" = "y" ]; then
3292 +define_bool CONFIG_GRKERNSEC_KMEM n
3293 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3294 +define_bool CONFIG_GRKERNSEC_HIDESYM n
3295 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
3296 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
3297 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
3298 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
3299 +if [ "$CONFIG_X86" = "y" ]; then
3300 +define_bool CONFIG_GRKERNSEC_IO n
3302 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3303 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
3304 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
3305 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3306 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
3307 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3308 +define_bool CONFIG_GRKERNSEC_RESLOG n
3309 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3310 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3312 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3313 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3314 +define_bool CONFIG_GRKERNSEC_LINK y
3315 +define_bool CONFIG_GRKERNSEC_FIFO y
3316 +define_bool CONFIG_GRKERNSEC_RANDPID y
3317 +define_bool CONFIG_GRKERNSEC_EXECVE y
3318 +define_bool CONFIG_GRKERNSEC_DMESG y
3319 +define_bool CONFIG_GRKERNSEC_RANDID y
3320 +define_bool CONFIG_GRKERNSEC_RANDNET y
3321 +define_bool CONFIG_GRKERNSEC_RANDISN y
3322 +define_bool CONFIG_GRKERNSEC_RANDSRC y
3323 +define_bool CONFIG_GRKERNSEC_RANDRPC y
3324 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
3325 +define_bool CONFIG_GRKERNSEC_TIME y
3326 +define_bool CONFIG_GRKERNSEC_SIGNAL y
3327 +define_bool CONFIG_GRKERNSEC_CHROOT y
3328 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
3329 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
3330 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
3331 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
3332 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
3333 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3334 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
3335 +define_bool CONFIG_GRKERNSEC_PROC y
3336 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
3337 +define_int CONFIG_GRKERNSEC_PROC_GID 10
3339 +if [ "$CONFIG_GRKERNSEC_HI" = "y" ]; then
3340 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3341 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3342 +define_bool CONFIG_GRKERNSEC_LINK y
3343 +define_bool CONFIG_GRKERNSEC_FIFO y
3344 +define_bool CONFIG_GRKERNSEC_RANDPID y
3345 +define_bool CONFIG_GRKERNSEC_EXECVE y
3346 +define_bool CONFIG_GRKERNSEC_DMESG y
3347 +define_bool CONFIG_GRKERNSEC_RANDID y
3348 +define_bool CONFIG_GRKERNSEC_RANDSRC y
3349 +define_bool CONFIG_GRKERNSEC_RANDRPC y
3350 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
3351 +define_bool CONFIG_GRKERNSEC_TIME y
3352 +define_bool CONFIG_GRKERNSEC_SIGNAL y
3353 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT y
3354 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
3355 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
3356 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR y
3357 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
3358 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
3359 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3360 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
3361 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS y
3362 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
3363 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK y
3364 +define_bool CONFIG_GRKERNSEC_PROC y
3365 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3366 +define_bool CONFIG_GRKERNSEC_HIDESYM y
3367 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
3368 +define_int CONFIG_GRKERNSEC_PROC_GID 10
3369 +define_bool CONFIG_GRKERNSEC_KMEM y
3370 +define_bool CONFIG_GRKERNSEC_RESLOG y
3371 +define_bool CONFIG_GRKERNSEC_RANDNET y
3372 +define_bool CONFIG_GRKERNSEC_RANDISN y
3374 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3375 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3376 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3377 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3379 +define_bool CONFIG_GRKERNSEC_PROC_ADD y
3380 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD y
3381 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE y
3382 +if [ "$CONFIG_X86" = "y" ]; then
3383 +define_bool CONFIG_GRKERNSEC_IO n
3385 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT y
3387 +if [ "$CONFIG_GRKERNSEC_CUSTOM" = "y" ]; then
3388 +mainmenu_option next_comment
3389 +comment 'Address Space Protection'
3390 +bool 'Deny writing to /dev/kmem, /dev/mem, and /dev/port' CONFIG_GRKERNSEC_KMEM
3391 +if [ "$CONFIG_X86" = "y" ]; then
3392 + bool 'Disable privileged I/O' CONFIG_GRKERNSEC_IO
3393 + if [ "$CONFIG_GRKERNSEC_IO" = "y" ]; then
3394 + define_bool CONFIG_RTC y
3397 +bool 'Hide kernel symbols' CONFIG_GRKERNSEC_HIDESYM
3399 +mainmenu_option next_comment
3400 +comment 'Role Based Access Control Options'
3401 +bool 'Hide kernel processes' CONFIG_GRKERNSEC_ACL_HIDEKERN
3402 +int 'Maximum tries before password lockout' CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3403 +int 'Time to wait after max password tries, in seconds' CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3405 +mainmenu_option next_comment
3406 +comment 'Filesystem Protections'
3407 +bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC
3408 +if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then
3409 + bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER
3410 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then
3411 + bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP
3412 + if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
3413 + int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001
3416 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "n" -o "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
3417 + bool ' Additional restrictions' CONFIG_GRKERNSEC_PROC_ADD
3420 +bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK
3421 +bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO
3422 +bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT
3423 +if [ "$CONFIG_GRKERNSEC_CHROOT" != "n" ]; then
3424 +bool ' Deny mounts' CONFIG_GRKERNSEC_CHROOT_MOUNT
3425 +bool ' Deny double-chroots' CONFIG_GRKERNSEC_CHROOT_DOUBLE
3426 +bool ' Deny pivot_root in chroot' CONFIG_GRKERNSEC_CHROOT_PIVOT
3427 +bool ' Enforce chdir("/") on all chroots' CONFIG_GRKERNSEC_CHROOT_CHDIR
3428 +bool ' Deny (f)chmod +s' CONFIG_GRKERNSEC_CHROOT_CHMOD
3429 +bool ' Deny fchdir out of chroot' CONFIG_GRKERNSEC_CHROOT_FCHDIR
3430 +bool ' Deny mknod' CONFIG_GRKERNSEC_CHROOT_MKNOD
3431 +bool ' Deny shmat() out of chroot' CONFIG_GRKERNSEC_CHROOT_SHMAT
3432 +bool ' Deny access to abstract AF_UNIX sockets out of chroot' CONFIG_GRKERNSEC_CHROOT_UNIX
3433 +bool ' Protect outside processes' CONFIG_GRKERNSEC_CHROOT_FINDTASK
3434 +bool ' Restrict priority changes' CONFIG_GRKERNSEC_CHROOT_NICE
3435 +bool ' Deny sysctl writes in chroot' CONFIG_GRKERNSEC_CHROOT_SYSCTL
3436 +bool ' Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS
3439 +mainmenu_option next_comment
3440 +comment 'Kernel Auditing'
3441 +bool 'Single group for auditing' CONFIG_GRKERNSEC_AUDIT_GROUP
3442 +if [ "$CONFIG_GRKERNSEC_AUDIT_GROUP" != "n" ]; then
3443 +int ' GID for auditing' CONFIG_GRKERNSEC_AUDIT_GID 1007
3445 +bool 'Exec logging' CONFIG_GRKERNSEC_EXECLOG
3446 +bool 'Resource logging' CONFIG_GRKERNSEC_RESLOG
3447 +bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG
3448 +bool 'Chdir logging' CONFIG_GRKERNSEC_AUDIT_CHDIR
3449 +bool '(Un)Mount logging' CONFIG_GRKERNSEC_AUDIT_MOUNT
3450 +bool 'IPC logging' CONFIG_GRKERNSEC_AUDIT_IPC
3451 +bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL
3452 +bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL
3453 +bool 'Time change logging' CONFIG_GRKERNSEC_TIME
3454 +bool '/proc/<pid>/ipaddr support' CONFIG_GRKERNSEC_PROC_IPADDR
3456 +mainmenu_option next_comment
3457 +comment 'Executable Protections'
3458 +bool 'Enforce RLIMIT_NPROC on execs' CONFIG_GRKERNSEC_EXECVE
3459 +bool 'Dmesg(8) restriction' CONFIG_GRKERNSEC_DMESG
3460 +bool 'Randomized PIDs' CONFIG_GRKERNSEC_RANDPID
3461 +bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE
3462 +if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then
3463 +bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL
3464 +int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005
3467 +mainmenu_option next_comment
3468 +comment 'Network Protections'
3469 +bool 'Larger entropy pools' CONFIG_GRKERNSEC_RANDNET
3470 +bool 'Truly random TCP ISN selection' CONFIG_GRKERNSEC_RANDISN
3471 +bool 'Randomized IP IDs' CONFIG_GRKERNSEC_RANDID
3472 +bool 'Randomized TCP source ports' CONFIG_GRKERNSEC_RANDSRC
3473 +bool 'Randomized RPC XIDs' CONFIG_GRKERNSEC_RANDRPC
3474 +bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET
3475 +if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then
3476 +bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL
3477 +if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then
3478 +int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004
3480 +bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT
3481 +if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then
3482 +int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003
3484 +bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER
3485 +if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then
3486 +int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002
3490 +if [ "$CONFIG_SYSCTL" != "n" ]; then
3491 +mainmenu_option next_comment
3492 +comment 'Sysctl support'
3493 +bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL
3496 +mainmenu_option next_comment
3497 +comment 'Logging options'
3498 +int 'Seconds in between log messages (minimum)' CONFIG_GRKERNSEC_FLOODTIME 10
3499 +int 'Number of messages in a burst (maximum)' CONFIG_GRKERNSEC_FLOODBURST 4
3502 diff -urN linux-2.4.21/grsecurity/Makefile linux-2.4.21/grsecurity/Makefile
3503 --- linux-2.4.21/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
3504 +++ linux-2.4.21/grsecurity/Makefile 2003-06-23 11:49:16.000000000 -0400
3506 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
3507 +# during 2001, 2002, and 2003 it has been completely redesigned by
3510 +# All code in this directory and various hooks inserted throughout the kernel
3511 +# are copyright Brad Spengler, and released under the GPL, unless otherwise
3512 +# noted (as in obsd_rand.c)
3514 +O_TARGET := grsec.o
3516 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
3517 + grsec_mount.o grsec_rand.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
3518 + grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o
3520 +ifeq ($(CONFIG_GRKERNSEC),y)
3521 +obj-y += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o obsd_rand.o \
3522 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
3524 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
3526 +obj-y += grsec_disabled.o
3529 +include $(TOPDIR)/Rules.make
3530 diff -urN linux-2.4.21/grsecurity/gracl.c linux-2.4.21/grsecurity/gracl.c
3531 --- linux-2.4.21/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
3532 +++ linux-2.4.21/grsecurity/gracl.c 2003-07-29 17:58:19.000000000 -0400
3535 + * grsecurity/gracl.c
3536 + * Copyright Brad Spengler 2001, 2002, 2003
3540 +#include <linux/kernel.h>
3541 +#include <linux/sched.h>
3542 +#include <linux/mm.h>
3543 +#include <linux/file.h>
3544 +#include <linux/fs.h>
3545 +#include <linux/proc_fs.h>
3546 +#include <linux/smp_lock.h>
3547 +#include <linux/slab.h>
3548 +#include <linux/vmalloc.h>
3549 +#include <linux/types.h>
3550 +#include <linux/capability.h>
3551 +#include <linux/sysctl.h>
3552 +#include <linux/gracl.h>
3553 +#include <linux/gralloc.h>
3554 +#include <linux/grsecurity.h>
3555 +#include <linux/grinternal.h>
3557 +#include <asm/uaccess.h>
3558 +#include <asm/errno.h>
3559 +#include <asm/mman.h>
3561 +static struct acl_role_db acl_role_set;
3562 +static struct acl_role_label *role_list_head;
3563 +static struct name_db name_set;
3564 +static struct name_db inodev_set;
3566 +static struct acl_role_label *default_role;
3568 +static u16 acl_sp_role_value;
3570 +static DECLARE_MUTEX(gr_dev_sem);
3571 +rwlock_t gr_inode_lock = RW_LOCK_UNLOCKED;
3573 +extern char *gr_shared_page[2][NR_CPUS];
3575 +static unsigned long gr_status = GR_STATUS_INIT;
3577 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
3578 +extern void gr_clear_learn_entries(void);
3580 +#ifdef CONFIG_GRKERNSEC_RESLOG
3581 +extern __inline__ void gr_log_resource(const struct task_struct *task,
3583 + const unsigned long wanted);
3586 +static unsigned char system_salt[GR_SALT_LEN];
3587 +static unsigned char system_sum[GR_SHA_LEN];
3589 +static struct sprole_pw **acl_special_roles = NULL;
3590 +static __u16 num_sprole_pws = 0;
3592 +static struct acl_role_label *kernel_role = NULL;
3594 +/* The following are used to keep a place held in the hash table when we move
3595 + entries around. They can be replaced during insert. */
3597 +static struct acl_subject_label *deleted_subject;
3598 +static struct acl_object_label *deleted_object;
3599 +static struct name_entry *deleted_inodev;
3601 +/* for keeping track of the last and final allocated subjects, since
3602 + nested subject parsing is tricky
3604 +static struct acl_subject_label *s_last = NULL;
3605 +static struct acl_subject_label *s_final = NULL;
3607 +static unsigned int gr_auth_attempts = 0;
3608 +static unsigned long gr_auth_expires = 0UL;
3610 +extern int gr_init_uidset(void);
3611 +extern void gr_free_uidset(void);
3612 +extern void gr_remove_uid(uid_t uid);
3613 +extern int gr_find_uid(uid_t uid);
3616 +gr_acl_is_enabled(void)
3618 + return (gr_status & GR_READY);
3621 +static __inline__ int
3622 +gr_streq(const char *a, const char *b, const __u16 lena, const __u16 lenb)
3625 + unsigned long *l1;
3626 + unsigned long *l2;
3627 + unsigned char *c1;
3628 + unsigned char *c2;
3631 + if (likely(lena != lenb))
3634 + l1 = (unsigned long *)a;
3635 + l2 = (unsigned long *)b;
3637 + num_longs = lena / sizeof(unsigned long);
3639 + for (i = num_longs; i--; l1++, l2++) {
3640 + if (unlikely(*l1 != *l2))
3644 + c1 = (unsigned char *) l1;
3645 + c2 = (unsigned char *) l2;
3647 + i = lena - (num_longs * sizeof(unsigned long));
3649 + for (; i--; c1++, c2++) {
3650 + if (unlikely(*c1 != *c2))
3657 +static __inline__ char *
3658 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
3659 + char *buf, int buflen)
3662 + struct dentry *our_dentry;
3663 + struct vfsmount *our_mount;
3664 + struct vfsmount *rootmnt;
3665 + struct dentry *root;
3667 + our_dentry = (struct dentry *) dentry;
3668 + our_mount = (struct vfsmount *) vfsmnt;
3670 + read_lock(&child_reaper->fs->lock);
3671 + rootmnt = mntget(child_reaper->fs->rootmnt);
3672 + root = dget(child_reaper->fs->root);
3673 + read_unlock(&child_reaper->fs->lock);
3675 + spin_lock(&dcache_lock);
3676 + res = __d_path(our_dentry, our_mount, root, rootmnt, buf, buflen);
3677 + spin_unlock(&dcache_lock);
3684 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
3686 + return d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
3691 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
3693 + return d_real_path(dentry, mnt, gr_shared_page[1][smp_processor_id()],
3698 +to_gr_audit(const __u32 reqmode)
3700 + __u32 retmode = 0;
3702 + retmode |= (reqmode & GR_READ) ? GR_AUDIT_READ : 0;
3703 + retmode |= (reqmode & GR_WRITE) ? GR_AUDIT_WRITE | GR_AUDIT_APPEND : 0;
3704 + retmode |= (reqmode & GR_APPEND) ? GR_AUDIT_APPEND : 0;
3705 + retmode |= (reqmode & GR_EXEC) ? GR_AUDIT_EXEC : 0;
3706 + retmode |= (reqmode & GR_INHERIT) ? GR_AUDIT_INHERIT : 0;
3707 + retmode |= (reqmode & GR_FIND) ? GR_AUDIT_FIND : 0;
3708 + retmode |= (reqmode & GR_SETID) ? GR_AUDIT_SETID : 0;
3709 + retmode |= (reqmode & GR_CREATE) ? GR_AUDIT_CREATE : 0;
3710 + retmode |= (reqmode & GR_DELETE) ? GR_AUDIT_DELETE : 0;
3715 +__inline__ struct acl_role_label *
3716 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
3719 + unsigned long index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
3720 + struct acl_role_label *match;
3721 + struct role_allowed_ip *ipp;
3724 + match = acl_role_set.r_hash[index];
3727 + && (match->uidgid != uid || !(match->roletype & GR_ROLE_USER))) {
3728 + index = (index + (1 << i)) % acl_role_set.r_size;
3729 + match = acl_role_set.r_hash[index];
3733 + if (!match || match->uidgid != uid || !(match->roletype & GR_ROLE_USER)) {
3735 + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
3736 + match = acl_role_set.r_hash[index];
3740 + && (match->uidgid != gid
3741 + || !(match->roletype & GR_ROLE_GROUP))) {
3742 + index = (index + (1 << i)) % acl_role_set.r_size;
3743 + match = acl_role_set.r_hash[index];
3747 + if (!match || match->uidgid != gid
3748 + || !(match->roletype & GR_ROLE_GROUP))
3749 + match = default_role;
3750 + else if (likely(!match->allowed_ips)) {
3753 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
3755 + ((task->curr_ip & ipp->netmask) ==
3756 + (ipp->addr & ipp->netmask)))
3759 + match = default_role;
3761 + } else if (likely(!match->allowed_ips)) {
3764 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
3766 + ((task->curr_ip & ipp->netmask) ==
3767 + (ipp->addr & ipp->netmask)))
3776 +__inline__ struct acl_subject_label *
3777 +lookup_acl_subj_label(const ino_t ino, const kdev_t dev,
3778 + const struct acl_role_label *role)
3780 + unsigned long subj_size = role->subj_hash_size;
3781 + struct acl_subject_label **s_hash = role->subj_hash;
3782 + unsigned long index = fhash(ino, dev, subj_size);
3783 + struct acl_subject_label *match;
3786 + match = s_hash[index];
3788 + while (match && (match->inode != ino || match->device != dev ||
3789 + (match->mode & GR_DELETED))) {
3790 + index = (index + (1 << i)) % subj_size;
3791 + match = s_hash[index];
3795 + if (unlikely(match && (match != deleted_subject) &&
3796 + (match->inode == ino) && (match->device == dev) &&
3797 + !(match->mode & GR_DELETED)))
3803 +static __inline__ struct acl_object_label *
3804 +lookup_acl_obj_label(const ino_t ino, const kdev_t dev,
3805 + const struct acl_subject_label *subj)
3807 + unsigned long obj_size = subj->obj_hash_size;
3808 + struct acl_object_label **o_hash = subj->obj_hash;
3809 + unsigned long index = fhash(ino, dev, obj_size);
3810 + struct acl_object_label *match;
3813 + match = o_hash[index];
3815 + while (match && (match->inode != ino || match->device != dev ||
3816 + (match->mode & GR_DELETED))) {
3817 + index = (index + (1 << i)) % obj_size;
3818 + match = o_hash[index];
3822 + if (unlikely(match && (match != deleted_object) &&
3823 + (match->inode == ino) && (match->device == dev) &&
3824 + !(match->mode & GR_DELETED)))
3830 +static __inline__ struct acl_object_label *
3831 +lookup_acl_obj_label_create(const ino_t ino, const kdev_t dev,
3832 + const struct acl_subject_label *subj)
3834 + unsigned long obj_size = subj->obj_hash_size;
3835 + struct acl_object_label **o_hash = subj->obj_hash;
3836 + unsigned long index = fhash(ino, dev, obj_size);
3837 + struct acl_object_label *match;
3840 + match = o_hash[index];
3842 + while (match && (match->inode != ino || match->device != dev ||
3843 + !(match->mode & GR_DELETED))) {
3844 + index = (index + (1 << i)) % obj_size;
3845 + match = o_hash[index];
3849 + if (unlikely(match && (match != deleted_object) &&
3850 + (match->inode == ino) && (match->device == dev) &&
3851 + (match->mode & GR_DELETED)))
3855 + index = fhash(ino, dev, obj_size);
3856 + match = o_hash[index];
3858 + while (match && (match->inode != ino || match->device != dev ||
3859 + (match->mode & GR_DELETED))) {
3860 + index = (index + (1 << i)) % obj_size;
3861 + match = o_hash[index];
3865 + if (unlikely(match && (match != deleted_object) &&
3866 + (match->inode == ino) && (match->device == dev) &&
3867 + !(match->mode & GR_DELETED)))
3873 +static __inline__ struct name_entry *
3874 +lookup_name_entry(const char *name)
3876 + __u16 len = strlen(name);
3877 + unsigned long index = nhash(name, len, name_set.n_size);
3878 + struct name_entry *match;
3881 + match = name_set.n_hash[index];
3883 + while (match && !gr_streq(match->name, name, match->len, len)) {
3884 + index = (index + (1 << i)) % name_set.n_size;
3885 + match = name_set.n_hash[index];
3889 + if (unlikely(!match || !gr_streq(match->name, name, match->len, len)))
3895 +static __inline__ struct name_entry *
3896 +lookup_inodev_entry(const ino_t ino, const kdev_t dev)
3898 + unsigned long index = fhash(ino, dev, inodev_set.n_size);
3899 + struct name_entry *match;
3902 + match = inodev_set.n_hash[index];
3904 + while (match && (match->inode != ino || match->device != dev)) {
3905 + index = (index + (1 << i)) % inodev_set.n_size;
3906 + match = inodev_set.n_hash[index];
3910 + if (unlikely(match && (match != deleted_inodev) &&
3911 + (match->inode == ino) && (match->device == dev)))
3918 +insert_inodev_entry(struct name_entry *nentry)
3920 + unsigned long index = fhash(nentry->inode, nentry->device,
3921 + inodev_set.n_size);
3922 + struct name_entry **curr;
3925 + curr = &inodev_set.n_hash[index];
3927 + while (*curr && *curr != deleted_inodev) {
3928 + index = (index + (1 << i)) % inodev_set.n_size;
3929 + curr = &inodev_set.n_hash[index];
3939 +insert_acl_role_label(struct acl_role_label *role)
3941 + unsigned long index =
3942 + rhash(role->uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
3943 + struct acl_role_label **curr;
3946 + curr = &acl_role_set.r_hash[index];
3949 + index = (index + (1 << i)) % acl_role_set.r_size;
3950 + curr = &acl_role_set.r_hash[index];
3960 +insert_name_entry(char *name, const ino_t inode, const kdev_t device)
3962 + struct name_entry **curr;
3964 + __u16 len = strlen(name);
3965 + unsigned long index = nhash(name, len, name_set.n_size);
3967 + curr = &name_set.n_hash[index];
3969 + while (*curr && !gr_streq((*curr)->name, name, (*curr)->len, len)) {
3970 + index = (index + (1 << i)) % name_set.n_size;
3971 + curr = &name_set.n_hash[index];
3976 + struct name_entry *nentry =
3977 + acl_alloc(sizeof (struct name_entry));
3980 + nentry->name = name;
3981 + nentry->inode = inode;
3982 + nentry->device = device;
3983 + nentry->len = len;
3985 + /* insert us into the table searchable by inode/dev */
3986 + insert_inodev_entry(nentry);
3993 +insert_acl_obj_label(struct acl_object_label *obj,
3994 + struct acl_subject_label *subj)
3996 + unsigned long index =
3997 + fhash(obj->inode, obj->device, subj->obj_hash_size);
3998 + struct acl_object_label **curr;
4001 + curr = &subj->obj_hash[index];
4003 + while (*curr && *curr != deleted_object) {
4004 + index = (index + (1 << i)) % subj->obj_hash_size;
4005 + curr = &subj->obj_hash[index];
4015 +insert_acl_subj_label(struct acl_subject_label *obj,
4016 + struct acl_role_label *role)
4018 + unsigned long subj_size = role->subj_hash_size;
4019 + struct acl_subject_label **s_hash = role->subj_hash;
4020 + unsigned long index = fhash(obj->inode, obj->device, subj_size);
4021 + struct acl_subject_label **curr;
4024 + curr = &s_hash[index];
4026 + while (*curr && *curr != deleted_subject) {
4027 + index = (index + (1 << i)) % subj_size;
4028 + curr = &s_hash[index];
4038 +create_table(__u32 * len)
4040 + unsigned long table_sizes[] = {
4041 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
4042 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
4043 + 4194301, 8388593, 16777213, 33554393, 67108859, 134217689,
4044 + 268435399, 536870909, 1073741789, 2147483647
4046 + void *newtable = NULL;
4047 + unsigned int pwr = 0;
4049 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
4050 + table_sizes[pwr] <= (2 * (*len)))
4053 + if (table_sizes[pwr] <= (2 * (*len)))
4056 + if ((table_sizes[pwr] * sizeof (void *)) <= PAGE_SIZE)
4058 + kmalloc(table_sizes[pwr] * sizeof (void *), GFP_KERNEL);
4060 + newtable = vmalloc(table_sizes[pwr] * sizeof (void *));
4062 + *len = table_sizes[pwr];
4068 +init_variables(const unsigned long acl_obj_size,
4069 + const unsigned long acl_subj_size,
4070 + const unsigned long acl_ip_size,
4071 + const unsigned long acl_role_size,
4072 + const unsigned long allowed_ip_size,
4073 + const unsigned long acl_trans_size,
4074 + const __u16 num_sprole_pws)
4076 + unsigned long stacksize;
4078 + acl_role_set.r_size = acl_role_size;
4079 + name_set.n_size = (acl_obj_size + acl_subj_size);
4080 + inodev_set.n_size = (acl_obj_size + acl_subj_size);
4082 + if (!gr_init_uidset())
4085 + /* set up the stack that holds allocation info */
4087 + stacksize = (3 * acl_obj_size) + (2 * acl_role_size) +
4088 + (4 * acl_subj_size) + acl_ip_size + (2 * acl_trans_size) +
4089 + allowed_ip_size + (2 * num_sprole_pws) + 5;
4091 + if (!acl_alloc_stack_init(stacksize))
4094 + /* create our empty, fake deleted acls */
4096 + (struct acl_subject_label *)
4097 + acl_alloc(sizeof (struct acl_subject_label));
4099 + (struct acl_object_label *)
4100 + acl_alloc(sizeof (struct acl_object_label));
4102 + (struct name_entry *) acl_alloc(sizeof (struct name_entry));
4104 + if (!deleted_subject || !deleted_object || !deleted_inodev)
4107 + memset(deleted_subject, 0, sizeof (struct acl_subject_label));
4108 + memset(deleted_object, 0, sizeof (struct acl_object_label));
4109 + memset(deleted_inodev, 0, sizeof (struct name_entry));
4111 + /* We only want 50% full tables for now */
4113 + acl_role_set.r_hash =
4114 + (struct acl_role_label **) create_table(&acl_role_set.r_size);
4115 + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size);
4116 + inodev_set.n_hash =
4117 + (struct name_entry **) create_table(&inodev_set.n_size);
4119 + if (!acl_role_set.r_hash || !name_set.n_hash || !inodev_set.n_hash)
4121 + memset(acl_role_set.r_hash, 0,
4122 + sizeof (struct acl_role_label *) * acl_role_set.r_size);
4123 + memset(name_set.n_hash, 0,
4124 + sizeof (struct name_entry *) * name_set.n_size);
4125 + memset(inodev_set.n_hash, 0,
4126 + sizeof (struct name_entry *) * inodev_set.n_size);
4132 +free_variables(void)
4134 + struct acl_subject_label *s;
4135 + struct acl_role_label *r;
4136 + struct task_struct *task;
4138 + gr_clear_learn_entries();
4140 + read_lock(&tasklist_lock);
4141 + for_each_task(task) {
4142 + task->acl_sp_role = 0;
4143 + task->acl_role_id = 0;
4145 + task->role = NULL;
4147 + read_unlock(&tasklist_lock);
4149 + /* free all object hash tables */
4151 + if (role_list_head) {
4152 + for (r = role_list_head; r; r = r->next) {
4153 + if (!r->subj_hash)
4155 + for (s = r->proc_subject; s; s = s->next) {
4158 + if ((s->obj_hash_size *
4159 + sizeof (struct acl_object_label *)) <=
4161 + kfree(s->obj_hash);
4163 + vfree(s->obj_hash);
4165 + if ((r->subj_hash_size *
4166 + sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
4167 + kfree(r->subj_hash);
4169 + vfree(r->subj_hash);
4175 + if (acl_role_set.r_hash) {
4176 + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
4178 + kfree(acl_role_set.r_hash);
4180 + vfree(acl_role_set.r_hash);
4182 + if (name_set.n_hash) {
4183 + if ((name_set.n_size * sizeof (struct name_entry *)) <=
4185 + kfree(name_set.n_hash);
4187 + vfree(name_set.n_hash);
4190 + if (inodev_set.n_hash) {
4191 + if ((inodev_set.n_size * sizeof (struct name_entry *)) <=
4193 + kfree(inodev_set.n_hash);
4195 + vfree(inodev_set.n_hash);
4200 + memset(&name_set, 0, sizeof (struct name_db));
4201 + memset(&inodev_set, 0, sizeof (struct name_db));
4202 + memset(&acl_role_set, 0, sizeof (struct acl_role_db));
4204 + role_list_head = NULL;
4205 + default_role = NULL;
4211 +count_user_objs(struct acl_object_label *userp)
4213 + struct acl_object_label o_tmp;
4217 + if (copy_from_user(&o_tmp, userp,
4218 + sizeof (struct acl_object_label)))
4221 + userp = o_tmp.prev;
4228 +static struct acl_subject_label *
4229 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
4232 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
4233 + struct acl_role_label *role)
4235 + struct acl_object_label *o_tmp;
4240 + if ((o_tmp = (struct acl_object_label *)
4241 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
4244 + if (copy_from_user(o_tmp, userp,
4245 + sizeof (struct acl_object_label)))
4248 + userp = o_tmp->prev;
4250 + len = strnlen_user(o_tmp->filename, PATH_MAX);
4252 + if (!len || len >= PATH_MAX)
4255 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4258 + if (copy_from_user(tmp, o_tmp->filename, len))
4261 + o_tmp->filename = tmp;
4263 + insert_acl_obj_label(o_tmp, subj);
4264 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
4268 + if (o_tmp->nested) {
4269 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
4270 + if (IS_ERR(o_tmp->nested))
4271 + return PTR_ERR(o_tmp->nested);
4273 + s_final = o_tmp->nested;
4281 +count_user_subjs(struct acl_subject_label *userp)
4283 + struct acl_subject_label s_tmp;
4287 + if (copy_from_user(&s_tmp, userp,
4288 + sizeof (struct acl_subject_label)))
4291 + userp = s_tmp.prev;
4292 + /* do not count nested subjects against this count, since
4293 + they are not included in the hash table, but are
4294 + attached to objects. We have already counted
4295 + the subjects in userspace for the allocation
4298 + if (!s_tmp.parent_subject)
4306 +copy_user_allowedips(struct acl_role_label *rolep)
4308 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
4310 + ruserip = rolep->allowed_ips;
4315 + if ((rtmp = (struct role_allowed_ip *)
4316 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
4319 + if (copy_from_user(rtmp, ruserip,
4320 + sizeof (struct role_allowed_ip)))
4323 + ruserip = rtmp->prev;
4326 + rtmp->prev = NULL;
4327 + rolep->allowed_ips = rtmp;
4329 + rlast->next = rtmp;
4330 + rtmp->prev = rlast;
4334 + rtmp->next = NULL;
4341 +copy_user_transitions(struct acl_role_label *rolep)
4343 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
4347 + rusertp = rolep->transitions;
4352 + if ((rtmp = (struct role_transition *)
4353 + acl_alloc(sizeof (struct role_transition))) == NULL)
4356 + if (copy_from_user(rtmp, rusertp,
4357 + sizeof (struct role_transition)))
4360 + rusertp = rtmp->prev;
4362 + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
4364 + if (!len || len >= GR_SPROLE_LEN)
4367 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4370 + if (copy_from_user(tmp, rtmp->rolename, len))
4373 + rtmp->rolename = tmp;
4376 + rtmp->prev = NULL;
4377 + rolep->transitions = rtmp;
4379 + rlast->next = rtmp;
4380 + rtmp->prev = rlast;
4384 + rtmp->next = NULL;
4390 +static struct acl_subject_label *
4391 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
4393 + struct acl_subject_label *s_tmp = NULL;
4397 + struct acl_ip_label **i_tmp, *i_utmp2;
4398 + unsigned long i_num;
4402 + if ((s_tmp = (struct acl_subject_label *)
4403 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
4404 + return ERR_PTR(-ENOMEM);
4406 + if (copy_from_user(s_tmp, userp,
4407 + sizeof (struct acl_subject_label)))
4408 + return ERR_PTR(-EFAULT);
4411 + s_tmp->prev = NULL;
4412 + role->proc_subject = s_tmp;
4414 + s_last->next = s_tmp;
4415 + s_tmp->prev = s_last;
4420 + len = strnlen_user(s_tmp->filename, PATH_MAX);
4422 + if (!len || len >= PATH_MAX)
4423 + return ERR_PTR(-EINVAL);
4425 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4426 + return ERR_PTR(-ENOMEM);
4428 + if (copy_from_user(tmp, s_tmp->filename, len))
4429 + return ERR_PTR(-EFAULT);
4431 + s_tmp->filename = tmp;
4433 + if (!strcmp(s_tmp->filename, "/"))
4434 + role->root_label = s_tmp;
4436 + /* set up object hash table */
4437 + num_objs = count_user_objs(s_tmp->proc_object);
4439 + s_tmp->obj_hash_size = num_objs;
4441 + (struct acl_object_label **)
4442 + create_table(&(s_tmp->obj_hash_size));
4444 + if (!s_tmp->obj_hash)
4445 + return ERR_PTR(-ENOMEM);
4447 + memset(s_tmp->obj_hash, 0,
4448 + s_tmp->obj_hash_size *
4449 + sizeof (struct acl_object_label *));
4451 + /* copy before adding in objects, since a nested
4452 + acl could be found and be the final subject
4458 + /* add in objects */
4459 + err = copy_user_objs(s_tmp->proc_object, s_tmp, role);
4462 + return ERR_PTR(err);
4464 + /* add in ip acls */
4466 + if (!s_tmp->ip_num) {
4467 + s_tmp->ips = NULL;
4472 + (struct acl_ip_label **) acl_alloc(s_tmp->ip_num *
4477 + return ERR_PTR(-ENOMEM);
4479 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
4480 + *(i_tmp + i_num) =
4481 + (struct acl_ip_label *)
4482 + acl_alloc(sizeof (struct acl_ip_label));
4483 + if (!*(i_tmp + i_num))
4484 + return ERR_PTR(-ENOMEM);
4486 + if (copy_from_user
4487 + (&i_utmp2, s_tmp->ips + i_num,
4488 + sizeof (struct acl_ip_label *)))
4489 + return ERR_PTR(-EFAULT);
4491 + if (copy_from_user
4492 + (*(i_tmp + i_num), i_utmp2,
4493 + sizeof (struct acl_ip_label)))
4494 + return ERR_PTR(-EFAULT);
4497 + s_tmp->ips = i_tmp;
4500 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
4502 + return ERR_PTR(-ENOMEM);
4508 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
4510 + struct acl_subject_label s_pre;
4511 + struct acl_subject_label * ret;
4515 + if (copy_from_user(&s_pre, userp,
4516 + sizeof (struct acl_subject_label)))
4519 + /* do not add nested subjects here, add
4520 + while parsing objects
4523 + if (s_pre.parent_subject) {
4524 + userp = s_pre.prev;
4528 + ret = do_copy_user_subj(userp, role);
4530 + err = PTR_ERR(ret);
4534 + insert_acl_subj_label(ret, role);
4536 + userp = s_pre.prev;
4539 + s_final->next = NULL;
4545 +copy_user_acl(struct gr_arg *arg)
4547 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2, *r_last;
4548 + struct sprole_pw *sptmp;
4549 + unsigned long r_num;
4556 + /* we need a default and kernel role */
4557 + if (arg->role_db.r_entries < 2)
4560 + /* copy special role authentication info from userspace */
4562 + num_sprole_pws = arg->num_sprole_pws;
4563 + acl_special_roles = (struct sprole_pw **) acl_alloc(num_sprole_pws * sizeof(struct sprole_pw *));
4565 + if (!acl_special_roles) {
4570 + for (i = 0; i < num_sprole_pws; i++) {
4571 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
4576 + if (copy_from_user(sptmp, arg->sprole_pws + i,
4577 + sizeof (struct sprole_pw))) {
4583 + strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
4585 + if (!len || len >= GR_SPROLE_LEN) {
4590 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
4595 + if (copy_from_user(tmp, sptmp->rolename, len)) {
4600 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
4601 + printk(KERN_ALERT "Copying special role %s\n", tmp);
4603 + sptmp->rolename = tmp;
4604 + acl_special_roles[i] = sptmp;
4607 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
4609 + for (r_num = 0; r_num < arg->role_db.r_entries; r_num++) {
4612 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
4619 + if (copy_from_user(&r_utmp2, r_utmp + r_num,
4620 + sizeof (struct acl_role_label *))) {
4625 + if (copy_from_user(r_tmp, r_utmp2,
4626 + sizeof (struct acl_role_label))) {
4632 + r_tmp->prev = NULL;
4633 + role_list_head = r_tmp;
4635 + r_last->next = r_tmp;
4636 + r_tmp->prev = r_last;
4639 + if (r_num == (arg->role_db.r_entries - 1))
4640 + r_tmp->next = NULL;
4642 + len = strnlen_user(r_tmp->rolename, PATH_MAX);
4644 + if (!len || len >= PATH_MAX) {
4649 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
4653 + if (copy_from_user(tmp, r_tmp->rolename, len)) {
4657 + r_tmp->rolename = tmp;
4659 + if (!strcmp(r_tmp->rolename, "default")
4660 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
4661 + default_role = r_tmp;
4662 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
4663 + kernel_role = r_tmp;
4666 + num_subjs = count_user_subjs(r_tmp->proc_subject);
4668 + r_tmp->subj_hash_size = num_subjs;
4669 + r_tmp->subj_hash =
4670 + (struct acl_subject_label **)
4671 + create_table(&(r_tmp->subj_hash_size));
4673 + if (!r_tmp->subj_hash) {
4678 + err = copy_user_allowedips(r_tmp);
4682 + err = copy_user_transitions(r_tmp);
4686 + memset(r_tmp->subj_hash, 0,
4687 + r_tmp->subj_hash_size *
4688 + sizeof (struct acl_subject_label *));
4692 + err = copy_user_subjs(r_tmp->proc_subject, r_tmp);
4697 + insert_acl_role_label(r_tmp);
4709 +gracl_init(struct gr_arg *args)
4713 + memcpy(&system_salt, args->salt, sizeof (system_salt));
4714 + memcpy(&system_sum, args->sum, sizeof (system_sum));
4716 + if (init_variables(args->role_db.o_entries, args->role_db.s_entries,
4717 + args->role_db.i_entries, args->role_db.r_entries,
4718 + args->role_db.a_entries, args->role_db.t_entries,
4719 + args->num_sprole_pws)) {
4720 + security_alert_good(GR_INITF_ACL_MSG, GR_VERSION);
4726 + error = copy_user_acl(args);
4730 + if ((error = gr_set_acls(0))) {
4735 + gr_status |= GR_READY;
4740 +static struct acl_object_label *
4741 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
4742 + const struct acl_subject_label *subj)
4744 + struct dentry *dentry = (struct dentry *) l_dentry;
4745 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
4746 + struct dentry *root;
4747 + struct vfsmount *rootmnt;
4748 + struct acl_object_label *retval;
4750 + read_lock(&child_reaper->fs->lock);
4751 + rootmnt = mntget(child_reaper->fs->rootmnt);
4752 + root = dget(child_reaper->fs->root);
4753 + read_unlock(&child_reaper->fs->lock);
4754 + spin_lock(&dcache_lock);
4757 + if (unlikely(dentry == root && mnt == rootmnt))
4759 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
4760 + if (mnt->mnt_parent == mnt)
4763 + read_lock(&gr_inode_lock);
4765 + lookup_acl_obj_label(dentry->d_inode->i_ino,
4766 + dentry->d_inode->i_dev, subj);
4767 + read_unlock(&gr_inode_lock);
4768 + if (unlikely(retval != NULL))
4771 + dentry = mnt->mnt_mountpoint;
4772 + mnt = mnt->mnt_parent;
4776 + read_lock(&gr_inode_lock);
4778 + lookup_acl_obj_label(dentry->d_inode->i_ino,
4779 + dentry->d_inode->i_dev, subj);
4780 + read_unlock(&gr_inode_lock);
4781 + if (unlikely(retval != NULL))
4784 + dentry = dentry->d_parent;
4787 + read_lock(&gr_inode_lock);
4789 + lookup_acl_obj_label(dentry->d_inode->i_ino, dentry->d_inode->i_dev,
4791 + read_unlock(&gr_inode_lock);
4793 + if (unlikely(retval == NULL)) {
4794 + read_lock(&gr_inode_lock);
4796 + lookup_acl_obj_label(root->d_inode->i_ino,
4797 + root->d_inode->i_dev, subj);
4798 + read_unlock(&gr_inode_lock);
4801 + spin_unlock(&dcache_lock);
4808 +static struct acl_subject_label *
4809 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
4810 + const struct acl_role_label *role)
4812 + struct dentry *dentry = (struct dentry *) l_dentry;
4813 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
4814 + struct dentry *root;
4815 + struct vfsmount *rootmnt;
4816 + struct acl_subject_label *retval;
4818 + read_lock(&child_reaper->fs->lock);
4819 + rootmnt = mntget(child_reaper->fs->rootmnt);
4820 + root = dget(child_reaper->fs->root);
4821 + read_unlock(&child_reaper->fs->lock);
4822 + spin_lock(&dcache_lock);
4825 + if (unlikely(dentry == root && mnt == rootmnt))
4827 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
4828 + if (mnt->mnt_parent == mnt)
4831 + read_lock(&gr_inode_lock);
4833 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4834 + dentry->d_inode->i_dev, role);
4835 + read_unlock(&gr_inode_lock);
4836 + if (unlikely(retval != NULL))
4839 + dentry = mnt->mnt_mountpoint;
4840 + mnt = mnt->mnt_parent;
4844 + read_lock(&gr_inode_lock);
4846 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4847 + dentry->d_inode->i_dev, role);
4848 + read_unlock(&gr_inode_lock);
4849 + if (unlikely(retval != NULL))
4852 + dentry = dentry->d_parent;
4855 + read_lock(&gr_inode_lock);
4857 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4858 + dentry->d_inode->i_dev, role);
4859 + read_unlock(&gr_inode_lock);
4861 + if (unlikely(retval == NULL)) {
4862 + read_lock(&gr_inode_lock);
4864 + lookup_acl_subj_label(root->d_inode->i_ino,
4865 + root->d_inode->i_dev, role);
4866 + read_unlock(&gr_inode_lock);
4869 + spin_unlock(&dcache_lock);
4876 +static __inline__ void
4877 +gr_log_learn(const struct acl_role_label *role, const uid_t uid, const gid_t gid,
4878 + const struct task_struct *task, const char *pathname,
4881 + security_learn(GR_LEARN_AUDIT_MSG, role->rolename, role->roletype,
4882 + uid, gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry,
4883 + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename,
4884 + 1, 1, pathname, (unsigned long) mode, NIPQUAD(task->curr_ip));
4890 +gr_check_link(const struct dentry * new_dentry,
4891 + const struct dentry * parent_dentry,
4892 + const struct vfsmount * parent_mnt,
4893 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
4895 + struct acl_object_label *obj;
4896 + __u32 oldmode, newmode;
4898 + if (unlikely(!(gr_status & GR_READY)))
4899 + return (GR_WRITE | GR_CREATE);
4901 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
4902 + oldmode = obj->mode;
4904 + if (current->acl->mode & GR_LEARN)
4905 + oldmode |= (GR_WRITE | GR_CREATE);
4907 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
4908 + oldmode | GR_CREATE | GR_AUDIT_CREATE |
4909 + GR_AUDIT_WRITE | GR_SUPPRESS);
4911 + if ((newmode & oldmode) == oldmode)
4913 + else if (current->acl->mode & GR_LEARN) {
4914 + gr_log_learn(current->role, current->uid, current->gid,
4915 + current, gr_to_filename(old_dentry, old_mnt), oldmode);
4916 + return (GR_WRITE | GR_CREATE);
4917 + } else if (newmode & GR_SUPPRESS)
4918 + return GR_SUPPRESS;
4924 +gr_search_file(const struct dentry * dentry, const __u32 mode,
4925 + const struct vfsmount * mnt)
4927 + __u32 retval = mode;
4928 + struct acl_subject_label *curracl;
4929 + struct acl_object_label *currobj;
4931 + if (unlikely(!(gr_status & GR_READY)))
4932 + return (mode & ~GR_AUDITS);
4934 + curracl = current->acl;
4936 + currobj = chk_obj_label(dentry, mnt, curracl);
4937 + retval = currobj->mode & mode;
4940 + ((curracl->mode & GR_LEARN) && (mode != GR_PTRACERD)
4941 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
4942 + __u32 new_mode = mode;
4944 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
4946 + retval = new_mode;
4948 + if (!(mode & GR_NOLEARN))
4949 + gr_log_learn(current->role, current->uid, current->gid,
4950 + current, gr_to_filename(dentry, mnt), new_mode);
4957 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
4958 + const struct vfsmount * mnt, const __u32 mode)
4960 + struct name_entry *match;
4961 + struct acl_object_label *matchpo;
4962 + struct acl_subject_label *curracl;
4965 + if (unlikely(!(gr_status & GR_READY)))
4966 + return (mode & ~GR_AUDITS);
4968 + match = lookup_name_entry(gr_to_filename(new_dentry, mnt));
4971 + goto check_parent;
4973 + curracl = current->acl;
4975 + read_lock(&gr_inode_lock);
4976 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
4977 + read_unlock(&gr_inode_lock);
4980 + if ((matchpo->mode & mode) !=
4981 + (mode & ~(GR_AUDITS | GR_SUPPRESS))
4982 + && curracl->mode & GR_LEARN) {
4983 + __u32 new_mode = mode;
4985 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
4987 + gr_log_learn(current->role, current->uid, current->gid,
4988 + current, gr_to_filename(new_dentry, mnt), new_mode);
4992 + return (matchpo->mode & mode);
4996 + curracl = current->acl;
4998 + matchpo = chk_obj_label(parent, mnt, curracl);
4999 + retval = matchpo->mode & mode;
5001 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
5002 + && (curracl->mode & GR_LEARN)) {
5003 + __u32 new_mode = mode;
5005 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
5007 + gr_log_learn(current->role, current->uid, current->gid,
5008 + current, gr_to_filename(new_dentry, mnt), new_mode);
5016 +gr_check_hidden_task(const struct task_struct *task)
5018 + if (unlikely(!(gr_status & GR_READY)))
5021 + if (!(task->acl->mode & GR_FIND) && !(current->acl->mode & GR_VIEW))
5028 +gr_check_protected_task(const struct task_struct *task)
5030 + if (unlikely(!(gr_status & GR_READY) || !task))
5033 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL))
5040 +gr_copy_label(struct task_struct *tsk)
5042 + tsk->used_accept = 0;
5043 + tsk->used_connect = 0;
5044 + tsk->acl_sp_role = 0;
5045 + tsk->acl_role_id = current->acl_role_id;
5046 + tsk->acl = current->acl;
5047 + tsk->role = current->role;
5048 + tsk->curr_ip = current->curr_ip;
5049 + if (current->exec_file)
5050 + get_file(current->exec_file);
5051 + tsk->exec_file = current->exec_file;
5052 + tsk->is_writable = current->is_writable;
5053 + if (unlikely(current->used_accept))
5054 + current->curr_ip = 0;
5059 +static __inline__ void
5060 +gr_set_proc_res(void)
5062 + struct acl_subject_label *proc;
5065 + proc = current->acl;
5067 + if (proc->mode & GR_LEARN)
5070 + for (i = 0; i < RLIM_NLIMITS; i++) {
5071 + if (!(proc->resmask & (1 << i)))
5074 + current->rlim[i].rlim_cur = proc->res[i].rlim_cur;
5075 + current->rlim[i].rlim_max = proc->res[i].rlim_max;
5081 +static __inline__ void
5082 +do_set_role_label(struct task_struct *task, const uid_t uid, const gid_t gid)
5084 + task->role = lookup_acl_role_label(task, uid, gid);
5090 +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
5092 + struct acl_object_label *obj;
5093 + struct file *filp;
5095 + if (unlikely(!(gr_status & GR_READY)))
5098 + filp = task->exec_file;
5100 + /* kernel process, we'll give them the kernel role */
5101 + if (unlikely(!filp)) {
5102 + task->role = kernel_role;
5103 + task->acl = kernel_role->root_label;
5105 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
5106 + do_set_role_label(task, uid, gid);
5109 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, task->role);
5111 + task->is_writable = 0;
5113 + /* ignore additional mmap checks for processes that are writable
5114 + by the default ACL */
5115 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5116 + if (unlikely(obj->mode & GR_WRITE))
5117 + task->is_writable = 1;
5118 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
5119 + if (unlikely(obj->mode & GR_WRITE))
5120 + task->is_writable = 1;
5122 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5123 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
5126 + gr_set_proc_res();
5132 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
5134 + struct acl_subject_label *newacl;
5135 + struct acl_object_label *obj;
5138 + if (unlikely(!(gr_status & GR_READY)))
5141 + newacl = chk_subj_label(dentry, mnt, current->role);
5143 + obj = chk_obj_label(dentry, mnt, current->acl);
5144 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
5146 + if ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT)) {
5148 + current->acl = obj->nested;
5150 + current->acl = newacl;
5151 + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
5152 + security_audit(GR_INHERIT_ACL_MSG, current->acl->filename,
5153 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
5155 + current->is_writable = 0;
5157 + /* ignore additional mmap checks for processes that are writable
5158 + by the default ACL */
5159 + obj = chk_obj_label(dentry, mnt, default_role->root_label);
5160 + if (unlikely(obj->mode & GR_WRITE))
5161 + current->is_writable = 1;
5162 + obj = chk_obj_label(dentry, mnt, current->role->root_label);
5163 + if (unlikely(obj->mode & GR_WRITE))
5164 + current->is_writable = 1;
5166 + gr_set_proc_res();
5168 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5169 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", current->comm, current->pid, current->role->rolename, current->acl->filename);
5174 +static __inline__ void
5175 +do_handle_delete(const ino_t ino, const kdev_t dev)
5177 + struct acl_object_label *matchpo;
5178 + struct acl_subject_label *matchps;
5179 + struct acl_subject_label *i;
5180 + struct acl_role_label *role;
5182 + for (role = role_list_head; role; role = role->next) {
5183 + for (i = role->proc_subject; i; i = i->next) {
5184 + if (unlikely(i->parent_subject &&
5185 + (i->inode == ino) &&
5186 + (i->device == dev)))
5187 + i->mode |= GR_DELETED;
5188 + if (unlikely((matchpo =
5189 + lookup_acl_obj_label(ino, dev, i)) != NULL))
5190 + matchpo->mode |= GR_DELETED;
5193 + if (unlikely((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL))
5194 + matchps->mode |= GR_DELETED;
5201 +gr_handle_delete(const ino_t ino, const kdev_t dev)
5203 + if (unlikely(!(gr_status & GR_READY)))
5206 + write_lock(&gr_inode_lock);
5207 + if (unlikely((unsigned long)lookup_inodev_entry(ino, dev)))
5208 + do_handle_delete(ino, dev);
5209 + write_unlock(&gr_inode_lock);
5214 +static __inline__ void
5215 +update_acl_obj_label(const ino_t oldinode, const kdev_t olddevice,
5216 + const ino_t newinode, const kdev_t newdevice,
5217 + struct acl_subject_label *subj)
5219 + unsigned long index = fhash(oldinode, olddevice, subj->obj_hash_size);
5220 + struct acl_object_label **match;
5221 + struct acl_object_label *tmp;
5224 + match = &subj->obj_hash[index];
5226 + while (*match && ((*match)->inode != oldinode ||
5227 + (*match)->device != olddevice ||
5228 + !((*match)->mode & GR_DELETED))) {
5229 + index = (index + (1 << i)) % subj->obj_hash_size;
5230 + match = &subj->obj_hash[index];
5234 + if (*match && ((*match) != deleted_object)
5235 + && ((*match)->inode == oldinode)
5236 + && ((*match)->device == olddevice)
5237 + && ((*match)->mode & GR_DELETED)) {
5239 + tmp->inode = newinode;
5240 + tmp->device = newdevice;
5241 + tmp->mode &= ~GR_DELETED;
5243 + *match = deleted_object;
5245 + insert_acl_obj_label(tmp, subj);
5251 +static __inline__ void
5252 +update_acl_subj_label(const ino_t oldinode, const kdev_t olddevice,
5253 + const ino_t newinode, const kdev_t newdevice,
5254 + struct acl_role_label *role)
5256 + struct acl_subject_label **s_hash = role->subj_hash;
5257 + unsigned long subj_size = role->subj_hash_size;
5258 + unsigned long index = fhash(oldinode, olddevice, subj_size);
5259 + struct acl_subject_label **match;
5260 + struct acl_subject_label *tmp;
5263 + match = &s_hash[index];
5265 + while (*match && ((*match)->inode != oldinode ||
5266 + (*match)->device != olddevice ||
5267 + !((*match)->mode & GR_DELETED))) {
5268 + index = (index + (1 << i)) % subj_size;
5270 + match = &s_hash[index];
5273 + if (*match && (*match != deleted_subject)
5274 + && ((*match)->inode == oldinode)
5275 + && ((*match)->device == olddevice)
5276 + && ((*match)->mode & GR_DELETED)) {
5279 + tmp->inode = newinode;
5280 + tmp->device = newdevice;
5281 + tmp->mode &= ~GR_DELETED;
5283 + *match = deleted_subject;
5285 + insert_acl_subj_label(tmp, role);
5291 +static __inline__ void
5292 +update_inodev_entry(const ino_t oldinode, const kdev_t olddevice,
5293 + const ino_t newinode, const kdev_t newdevice)
5295 + unsigned long index = fhash(oldinode, olddevice, inodev_set.n_size);
5296 + struct name_entry **match;
5297 + struct name_entry *tmp;
5300 + match = &inodev_set.n_hash[index];
5303 + && ((*match)->inode != oldinode
5304 + || (*match)->device != olddevice)) {
5305 + index = (index + (1 << i)) % inodev_set.n_size;
5307 + match = &inodev_set.n_hash[index];
5310 + if (*match && (*match != deleted_inodev)
5311 + && ((*match)->inode == oldinode)
5312 + && ((*match)->device == olddevice)) {
5315 + tmp->inode = newinode;
5316 + tmp->device = newdevice;
5318 + *match = deleted_inodev;
5320 + insert_inodev_entry(tmp);
5326 +static __inline__ void
5327 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
5328 + const struct vfsmount *mnt)
5330 + struct acl_subject_label *i;
5331 + struct acl_role_label *role;
5333 + for (role = role_list_head; role; role = role->next) {
5334 + update_acl_subj_label(matchn->inode, matchn->device,
5335 + dentry->d_inode->i_ino,
5336 + dentry->d_inode->i_dev, role);
5338 + for (i = role->proc_subject; i; i = i->next) {
5339 + if (unlikely(i->parent_subject &&
5340 + (i->inode == dentry->d_inode->i_ino) &&
5341 + (i->device == dentry->d_inode->i_dev))) {
5342 + i->inode = dentry->d_inode->i_ino;
5343 + i->device = dentry->d_inode->i_dev;
5345 + update_acl_obj_label(matchn->inode, matchn->device,
5346 + dentry->d_inode->i_ino,
5347 + dentry->d_inode->i_dev, i);
5351 + update_inodev_entry(matchn->inode, matchn->device,
5352 + dentry->d_inode->i_ino, dentry->d_inode->i_dev);
5358 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
5360 + struct name_entry *matchn;
5362 + if (unlikely(!(gr_status & GR_READY)))
5365 + matchn = lookup_name_entry(gr_to_filename(dentry, mnt));
5367 + if (unlikely((unsigned long)matchn)) {
5368 + write_lock(&gr_inode_lock);
5369 + do_handle_create(matchn, dentry, mnt);
5370 + write_unlock(&gr_inode_lock);
5377 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
5378 + struct dentry *old_dentry,
5379 + struct dentry *new_dentry,
5380 + struct vfsmount *mnt, const __u8 replace)
5382 + struct name_entry *matchn;
5385 + matchn = lookup_name_entry(gr_to_filename(new_dentry, mnt));
5388 + error = vfs_rename(old_dir, old_dentry, new_dir, new_dentry);
5391 + if (unlikely(error))
5394 + /* we wouldn't have to check d_inode if it weren't for
5395 + NFS silly-renaming
5398 + write_lock(&gr_inode_lock);
5399 + if (unlikely(replace && new_dentry->d_inode)) {
5400 + if (unlikely(lookup_inodev_entry(new_dentry->d_inode->i_ino,
5401 + new_dentry->d_inode->i_dev) &&
5402 + (old_dentry->d_inode->i_nlink <= 1)))
5403 + do_handle_delete(new_dentry->d_inode->i_ino,
5404 + new_dentry->d_inode->i_dev);
5407 + if (unlikely(lookup_inodev_entry(old_dentry->d_inode->i_ino,
5408 + old_dentry->d_inode->i_dev) &&
5409 + (old_dentry->d_inode->i_nlink <= 1)))
5410 + do_handle_delete(old_dentry->d_inode->i_ino,
5411 + old_dentry->d_inode->i_dev);
5413 + if (unlikely((unsigned long)matchn))
5414 + do_handle_create(matchn, old_dentry, mnt);
5415 + write_unlock(&gr_inode_lock);
5421 +lookup_special_role_auth(const char *rolename, unsigned char **salt,
5422 + unsigned char **sum)
5424 + struct acl_role_label *r;
5425 + struct role_transition *trans;
5429 + /* check transition table */
5431 + for (trans = current->role->transitions; trans; trans = trans->next) {
5432 + if (!strcmp(rolename, trans->rolename)) {
5441 + /* handle special roles that do not require authentication */
5443 + for (r = role_list_head; r; r = r->next) {
5444 + if (!strcmp(rolename, r->rolename)
5445 + && (r->roletype & GR_ROLE_NOPW)) {
5452 + for (i = 0; i < num_sprole_pws; i++) {
5453 + if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
5454 + *salt = acl_special_roles[i]->salt;
5455 + *sum = acl_special_roles[i]->sum;
5464 +assign_special_role(char *rolename)
5466 + struct acl_object_label *obj;
5467 + struct acl_role_label *r;
5468 + struct acl_role_label *assigned = NULL;
5469 + struct task_struct *tsk;
5470 + struct file *filp;
5472 + for (r = role_list_head; r; r = r->next)
5473 + if (!strcmp(rolename, r->rolename) &&
5474 + (r->roletype & GR_ROLE_SPECIAL))
5480 + tsk = current->p_pptr;
5481 + filp = tsk->exec_file;
5483 + if (tsk && filp) {
5484 + tsk->is_writable = 0;
5486 + acl_sp_role_value = (acl_sp_role_value % 65535) + 1;
5487 + tsk->acl_sp_role = 1;
5488 + tsk->acl_role_id = acl_sp_role_value;
5489 + tsk->role = assigned;
5491 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role);
5493 + /* ignore additional mmap checks for processes that are writable
5494 + by the default ACL */
5495 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5496 + if (unlikely(obj->mode & GR_WRITE))
5497 + tsk->is_writable = 1;
5498 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role->root_label);
5499 + if (unlikely(obj->mode & GR_WRITE))
5500 + tsk->is_writable = 1;
5502 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5503 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
5511 +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
5513 + struct gr_arg *arg;
5514 + struct gr_arg usermode;
5515 + unsigned char *sprole_salt;
5516 + unsigned char *sprole_sum;
5517 + int error = sizeof (struct gr_arg);
5520 + down(&gr_dev_sem);
5522 + arg = (struct gr_arg *) buf;
5524 + if (count != sizeof (struct gr_arg)) {
5525 + security_alert_good(GR_DEV_ACL_MSG, count,
5526 + (int) sizeof (struct gr_arg));
5531 + if ((gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5532 + && time_before_eq(gr_auth_expires, jiffies)) {
5533 + gr_auth_expires = 0;
5534 + gr_auth_attempts = 0;
5537 + if (copy_from_user(&usermode, arg, sizeof (struct gr_arg))) {
5542 + if (usermode.mode != SPROLE && time_after(gr_auth_expires, jiffies)) {
5547 + /* if non-root trying to do anything other than use a special role,
5548 + do not attempt authentication, do not count towards authentication
5552 + if (usermode.mode != SPROLE && current->uid) {
5557 + /* ensure pw and special role name are null terminated */
5559 + usermode.pw[GR_PW_LEN - 1] = '\0';
5560 + usermode.sp_role[GR_SPROLE_LEN - 1] = '\0';
5563 + * We have our enough of the argument structure..(we have yet
5564 + * to copy_from_user the tables themselves) . Copy the tables
5565 + * only if we need them, i.e. for loading operations. */
5567 + switch (usermode.mode) {
5569 + if (gr_status & GR_READY)
5575 + if ((gr_status & GR_READY)
5576 + && !(chkpw(&usermode, system_salt, system_sum))) {
5577 + gr_status &= ~GR_READY;
5578 + security_alert_good(GR_SHUTS_ACL_MSG, DEFAULTSECARGS);
5580 + memset(&usermode, 0, sizeof (struct gr_arg));
5581 + memset(&system_salt, 0, sizeof (system_salt));
5582 + memset(&system_sum, 0, sizeof (system_sum));
5583 + } else if (gr_status & GR_READY) {
5584 + security_alert(GR_SHUTF_ACL_MSG, DEFAULTSECARGS);
5587 + security_alert_good(GR_SHUTI_ACL_MSG, DEFAULTSECARGS);
5592 + if (!(gr_status & GR_READY) && !(error2 = gracl_init(&usermode)))
5593 + security_alert_good(GR_ENABLE_ACL_MSG, GR_VERSION);
5595 + if (gr_status & GR_READY)
5599 + security_alert(GR_ENABLEF_ACL_MSG, GR_VERSION,
5604 + if (!(gr_status & GR_READY)) {
5605 + security_alert_good(GR_RELOADI_ACL_MSG);
5607 + } else if (!(chkpw(&usermode, system_salt, system_sum))) {
5609 + gr_status &= ~GR_READY;
5611 + if (!(error2 = gracl_init(&usermode))) {
5613 + security_alert_good(GR_RELOAD_ACL_MSG,
5618 + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION,
5622 + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION,
5628 + if (unlikely(!(gr_status & GR_READY))) {
5629 + security_alert_good(GR_SEGVMODI_ACL_MSG,
5635 + if (!(chkpw(&usermode, system_salt, system_sum))) {
5636 + security_alert_good(GR_SEGVMODS_ACL_MSG,
5638 + if (usermode.segv_device && usermode.segv_inode) {
5639 + struct acl_subject_label *segvacl;
5641 + lookup_acl_subj_label(usermode.segv_inode,
5642 + usermode.segv_device,
5645 + segvacl->crashes = 0;
5646 + segvacl->expires = 0;
5648 + } else if (gr_find_uid(usermode.segv_uid) >= 0) {
5649 + gr_remove_uid(usermode.segv_uid);
5652 + security_alert(GR_SEGVMODF_ACL_MSG, DEFAULTSECARGS);
5657 + if (unlikely(!(gr_status & GR_READY))) {
5658 + security_alert_good(GR_SPROLEI_ACL_MSG, DEFAULTSECARGS);
5663 + if ((current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5664 + && time_before_eq(current->role->expires, jiffies)) {
5665 + current->role->expires = 0;
5666 + current->role->auth_attempts = 0;
5669 + if (time_after(current->role->expires, jiffies)) {
5674 + if (lookup_special_role_auth
5675 + (usermode.sp_role, &sprole_salt, &sprole_sum)
5676 + && ((!sprole_salt && !sprole_sum)
5677 + || !(chkpw(&usermode, sprole_salt, sprole_sum)))) {
5678 + assign_special_role(usermode.sp_role);
5679 + security_alert_good(GR_SPROLES_ACL_MSG,
5680 + (current->p_pptr) ? current->
5681 + p_pptr->role->rolename : "",
5682 + acl_sp_role_value, DEFAULTSECARGS);
5684 + security_alert(GR_SPROLEF_ACL_MSG, usermode.sp_role,
5687 + current->role->auth_attempts++;
5688 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5689 + current->role->expires =
5690 + jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5691 + security_alert(GR_MAXROLEPW_ACL_MSG,
5692 + CONFIG_GRKERNSEC_ACL_MAXTRIES,
5693 + usermode.sp_role, DEFAULTSECARGS);
5700 + security_alert(GR_INVMODE_ACL_MSG, usermode.mode,
5706 + if (error != -EPERM)
5709 + gr_auth_attempts++;
5711 + if (gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5712 + security_alert(GR_MAXPW_ACL_MSG, CONFIG_GRKERNSEC_ACL_MAXTRIES);
5713 + gr_auth_expires = jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5722 +gr_set_acls(const int type)
5724 + struct acl_object_label *obj;
5725 + struct task_struct *task;
5726 + struct file *filp;
5729 + read_lock(&tasklist_lock);
5730 + for_each_task(task) {
5731 + /* check to see if we're called from the exit handler,
5732 + if so, only replace ACLs that have inherited the admin
5735 + if (type && (task->role != current->role ||
5736 + task->acl_role_id != current->acl_role_id))
5739 + task->acl_role_id = 0;
5741 + if ((filp = task->exec_file)) {
5742 + do_set_role_label(task, task->uid, task->gid);
5745 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt,
5748 + struct acl_subject_label *curr;
5751 + task->is_writable = 0;
5752 + /* ignore additional mmap checks for processes that are writable
5753 + by the default ACL */
5754 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5755 + if (unlikely(obj->mode & GR_WRITE))
5756 + task->is_writable = 1;
5757 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
5758 + if (unlikely(obj->mode & GR_WRITE))
5759 + task->is_writable = 1;
5761 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5762 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
5764 + if (!(curr->mode & GR_LEARN))
5765 + for (i = 0; i < RLIM_NLIMITS; i++) {
5766 + if (!(curr->resmask & (1 << i)))
5769 + task->rlim[i].rlim_cur =
5770 + curr->res[i].rlim_cur;
5771 + task->rlim[i].rlim_max =
5772 + curr->res[i].rlim_max;
5775 + read_unlock(&tasklist_lock);
5776 + security_alert_good(GR_DEFACL_MSG, task->comm,
5781 + // it's a kernel process
5782 + task->role = kernel_role;
5783 + task->acl = kernel_role->root_label;
5784 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
5785 + task->acl->mode &= ~GR_FIND;
5789 + read_unlock(&tasklist_lock);
5794 +gr_learn_resource(const struct task_struct *task,
5795 + const int res, const unsigned long wanted)
5797 + struct acl_subject_label *acl;
5799 + if (unlikely((gr_status & GR_READY) &&
5800 + task->acl && (task->acl->mode & GR_LEARN)))
5803 +#ifdef CONFIG_GRKERNSEC_RESLOG
5804 + gr_log_resource(task, res, wanted);
5808 + if (unlikely(!(gr_status & GR_READY) || !wanted))
5813 + if (likely(!acl || !(acl->mode & GR_LEARN) ||
5814 + !(acl->resmask & (1 << (unsigned short) res))))
5817 + if (wanted >= acl->res[res].rlim_cur) {
5818 + unsigned long res_add;
5823 + res_add += GR_RLIM_CPU_BUMP;
5825 + case RLIMIT_FSIZE:
5826 + res_add += GR_RLIM_FSIZE_BUMP;
5829 + res_add += GR_RLIM_DATA_BUMP;
5831 + case RLIMIT_STACK:
5832 + res_add += GR_RLIM_STACK_BUMP;
5835 + res_add += GR_RLIM_CORE_BUMP;
5838 + res_add += GR_RLIM_RSS_BUMP;
5840 + case RLIMIT_NPROC:
5841 + res_add += GR_RLIM_NPROC_BUMP;
5843 + case RLIMIT_NOFILE:
5844 + res_add += GR_RLIM_NOFILE_BUMP;
5846 + case RLIMIT_MEMLOCK:
5847 + res_add += GR_RLIM_MEMLOCK_BUMP;
5850 + res_add += GR_RLIM_AS_BUMP;
5852 + case RLIMIT_LOCKS:
5853 + res_add += GR_RLIM_LOCKS_BUMP;
5857 + acl->res[res].rlim_cur = res_add;
5859 + if (wanted > acl->res[res].rlim_max)
5860 + acl->res[res].rlim_max = res_add;
5862 + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename,
5863 + current->role->roletype, acl->filename,
5864 + acl->res[res].rlim_cur, acl->res[res].rlim_max,
5865 + "", (unsigned long) res);
5871 +#ifdef CONFIG_SYSCTL
5872 +extern struct proc_dir_entry *proc_sys_root;
5875 +gr_handle_sysctl(const struct ctl_table *table, const void *oldval,
5876 + const void *newval)
5878 + struct proc_dir_entry *tmp;
5879 + struct nameidata nd;
5880 + const char *proc_sys = "/proc/sys";
5881 + char *path = gr_shared_page[0][smp_processor_id()];
5882 + struct acl_object_label *obj;
5883 + unsigned short len = 0, pos = 0, depth = 0, i;
5887 + if (unlikely(!(gr_status & GR_READY)))
5895 + /* convert the requested sysctl entry into a pathname */
5897 + for (tmp = table->de; tmp != proc_sys_root; tmp = tmp->parent) {
5898 + len += strlen(tmp->name);
5903 + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE)
5906 + memset(path, 0, PAGE_SIZE);
5908 + memcpy(path, proc_sys, strlen(proc_sys));
5910 + pos += strlen(proc_sys);
5912 + for (; depth > 0; depth--) {
5915 + for (i = 1, tmp = table->de; tmp != proc_sys_root;
5916 + tmp = tmp->parent) {
5918 + memcpy(path + pos, tmp->name,
5919 + strlen(tmp->name));
5920 + pos += strlen(tmp->name);
5926 + if (path_init(path, LOOKUP_FOLLOW, &nd))
5927 + err = path_walk(path, &nd);
5932 + obj = chk_obj_label(nd.dentry, nd.mnt, current->acl);
5933 + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
5935 + if (unlikely((current->acl->mode & GR_LEARN) && ((err & mode) != mode))) {
5936 + __u32 new_mode = mode;
5938 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
5941 + gr_log_learn(current->role, current->uid, current->gid,
5942 + current, path, new_mode);
5943 + } else if ((err & mode) != mode && !(err & GR_SUPPRESS)) {
5944 + security_alert(GR_SYSCTL_ACL_MSG, "denied", path,
5945 + (mode & GR_READ) ? " reading" : "",
5946 + (mode & GR_WRITE) ? " writing" : "",
5949 + } else if ((err & mode) != mode) {
5951 + } else if (((err & mode) == mode) && (err & GR_AUDITS)) {
5952 + security_audit(GR_SYSCTL_ACL_MSG, "successful",
5953 + path, (mode & GR_READ) ? " reading" : "",
5954 + (mode & GR_WRITE) ? " writing" : "",
5958 + path_release(&nd);
5966 +gr_handle_ptrace(struct task_struct *task, const long request)
5968 + struct file *filp;
5971 + if (unlikely(!(gr_status & GR_READY)))
5974 + filp = task->exec_file;
5976 + if (unlikely(!filp))
5979 + retmode = gr_search_file(filp->f_dentry, GR_PTRACERD, filp->f_vfsmnt);
5981 + if (retmode & GR_PTRACERD) {
5982 + switch (request) {
5983 + case PTRACE_POKETEXT:
5984 + case PTRACE_POKEDATA:
5985 + case PTRACE_POKEUSR:
5986 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA)
5987 + case PTRACE_SETREGS:
5988 + case PTRACE_SETFPREGS:
5991 + case PTRACE_SETFPXREGS:
5993 +#ifdef CONFIG_ALTIVEC
5994 + case PTRACE_SETVRREGS:
6000 + } else if (!(current->acl->mode & GR_OVERRIDE) &&
6001 + !(current->role->roletype & GR_ROLE_GOD)
6002 + && (current->acl != task->acl
6003 + || (current->acl != current->role->root_label
6004 + && current->pid != task->pid))) {
6005 + security_alert(GR_PTRACE_ACL_MSG,
6006 + gr_to_filename(filp->f_dentry, filp->f_vfsmnt),
6007 + task->comm, task->pid, DEFAULTSECARGS);
6015 +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt)
6018 + struct acl_subject_label *subj;
6020 + if (unlikely(!(gr_status & GR_READY)))
6024 + ((current->ptrace & PT_PTRACED)
6025 + && !(current->acl->mode & GR_OVERRIDE)))
6026 + retmode = gr_search_file(dentry, GR_PTRACERD, mnt);
6030 + subj = chk_subj_label(dentry, mnt, current->role);
6032 + if (!(retmode & GR_PTRACERD) &&
6033 + !(current->role->roletype & GR_ROLE_GOD) &&
6034 + (current->acl != subj)) {
6035 + security_alert(GR_PTRACE_EXEC_ACL_MSG,
6036 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
6044 +gr_handle_mmap(const struct file *filp, const unsigned long prot)
6046 + struct acl_object_label *obj, *obj2;
6048 + if (unlikely(!(gr_status & GR_READY) ||
6049 + (current->acl->mode & GR_OVERRIDE) || !filp ||
6050 + !(prot & PROT_EXEC)))
6053 + if (unlikely(current->is_writable))
6056 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
6057 + obj2 = chk_obj_label(filp->f_dentry, filp->f_vfsmnt,
6058 + current->role->root_label);
6059 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
6060 + security_alert(GR_WRITLIB_ACL_MSG,
6061 + gr_to_filename(filp->f_dentry, filp->f_vfsmnt),
6070 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
6074 + if (unlikely(!file || !(prot & PROT_EXEC)))
6078 + gr_search_file(file->f_dentry,
6079 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
6082 + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) {
6083 + security_alert(GR_MMAP_ACL_MSG, "denied",
6084 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6087 + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) {
6089 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
6090 + security_audit(GR_MMAP_ACL_MSG, "successful",
6091 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6100 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
6104 + if (unlikely(!file || !(prot & PROT_EXEC)))
6108 + gr_search_file(file->f_dentry,
6109 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
6112 + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) {
6113 + security_alert(GR_MPROTECT_ACL_MSG, "denied",
6114 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6117 + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) {
6119 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
6120 + security_audit(GR_MPROTECT_ACL_MSG, "successful",
6121 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6130 +gr_acl_handle_psacct(struct task_struct *task, const long code)
6132 + unsigned long runtime;
6133 + unsigned long cputime;
6134 + unsigned int wday, cday;
6138 + char cur_tty[64] = { 0 };
6139 + char parent_tty[64] = { 0 };
6141 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
6142 + !(task->acl->mode & GR_PROCACCT)))
6145 + runtime = (jiffies - task->start_time) / HZ;
6146 + wday = runtime / (3600 * 24);
6147 + runtime -= wday * (3600 * 24);
6148 + whr = runtime / 3600;
6149 + runtime -= whr * 3600;
6150 + wmin = runtime / 60;
6151 + runtime -= wmin * 60;
6154 + cputime = (task->times.tms_utime + task->times.tms_stime) / HZ;
6155 + cday = cputime / (3600 * 24);
6156 + cputime -= cday * (3600 * 24);
6157 + chr = cputime / 3600;
6158 + cputime -= chr * 3600;
6159 + cmin = cputime / 60;
6160 + cputime -= cmin * 60;
6163 + security_audit(GR_ACL_PROCACCT_MSG, task->comm,
6164 + task->pid, NIPQUAD(task->curr_ip), tty_name(task->tty,
6166 + task->uid, task->euid, task->gid, task->egid, wday, whr,
6167 + wmin, wsec, cday, chr, cmin, csec,
6169 + flags & PF_SIGNALED) ? "killed by signal" : "exited",
6170 + code, task->p_pptr->comm, task->p_pptr->pid,
6171 + NIPQUAD(task->p_pptr->curr_ip),
6172 + tty_name(task->p_pptr->tty, parent_tty),
6173 + task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid,
6174 + task->p_pptr->egid);
6179 +void gr_set_kernel_label(struct task_struct *task)
6181 + if (gr_status & GR_READY) {
6182 + task->role = kernel_role;
6183 + task->acl = kernel_role->root_label;
6187 diff -urN linux-2.4.21/grsecurity/gracl_alloc.c linux-2.4.21/grsecurity/gracl_alloc.c
6188 --- linux-2.4.21/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
6189 +++ linux-2.4.21/grsecurity/gracl_alloc.c 2003-06-23 11:49:16.000000000 -0400
6191 +/* stack-based acl allocation tracking (c) Brad Spengler 2002,2003 */
6193 +#include <linux/kernel.h>
6194 +#include <linux/mm.h>
6195 +#include <linux/slab.h>
6196 +#include <linux/vmalloc.h>
6197 +#include <linux/gracl.h>
6198 +#include <linux/grsecurity.h>
6200 +static unsigned long alloc_stack_next = 1;
6201 +static unsigned long alloc_stack_size = 1;
6202 +static void **alloc_stack;
6204 +static __inline__ int
6207 + if ((alloc_stack_next - 1) == 0)
6210 + if (*(alloc_stack + alloc_stack_next - 2))
6211 + kfree(*(alloc_stack + alloc_stack_next - 2));
6213 + alloc_stack_next--;
6218 +static __inline__ void
6219 +alloc_push(void *buf)
6221 + if (alloc_stack_next >= alloc_stack_size)
6224 + *(alloc_stack + alloc_stack_next - 1) = buf;
6226 + alloc_stack_next++;
6232 +acl_alloc(unsigned long len)
6236 + if (len > PAGE_SIZE)
6239 + ret = kmalloc(len, GFP_KERNEL);
6250 + if (gr_acl_is_enabled() || !alloc_stack)
6253 + while (alloc_pop()) ;
6255 + if (alloc_stack) {
6256 + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
6257 + kfree(alloc_stack);
6259 + vfree(alloc_stack);
6262 + alloc_stack = NULL;
6263 + alloc_stack_size = 1;
6264 + alloc_stack_next = 1;
6270 +acl_alloc_stack_init(unsigned long size)
6272 + if ((size * sizeof (void *)) <= PAGE_SIZE)
6274 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
6276 + alloc_stack = (void **) vmalloc(size * sizeof (void *));
6278 + alloc_stack_size = size;
6285 diff -urN linux-2.4.21/grsecurity/gracl_cap.c linux-2.4.21/grsecurity/gracl_cap.c
6286 --- linux-2.4.21/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
6287 +++ linux-2.4.21/grsecurity/gracl_cap.c 2003-06-23 11:49:16.000000000 -0400
6289 +/* capability handling routines, (c) Brad Spengler 2002,2003 */
6291 +#include <linux/kernel.h>
6292 +#include <linux/sched.h>
6293 +#include <linux/capability.h>
6294 +#include <linux/gracl.h>
6295 +#include <linux/grsecurity.h>
6296 +#include <linux/grinternal.h>
6298 +static const char *captab_log[29] = {
6300 + "CAP_DAC_OVERRIDE",
6301 + "CAP_DAC_READ_SEARCH",
6308 + "CAP_LINUX_IMMUTABLE",
6309 + "CAP_NET_BIND_SERVICE",
6310 + "CAP_NET_BROADCAST",
6323 + "CAP_SYS_RESOURCE",
6325 + "CAP_SYS_TTY_CONFIG",
6331 +gr_is_capable(const int cap)
6333 + struct acl_subject_label *curracl;
6335 + if (!gr_acl_is_enabled())
6338 + curracl = current->acl;
6340 + if (!cap_raised(curracl->cap_lower, cap))
6343 + if ((curracl->mode & GR_LEARN)
6344 + && cap_raised(current->cap_effective, cap)) {
6345 + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename,
6346 + current->role->roletype, current->uid,
6347 + current->gid, current->exec_file ?
6348 + gr_to_filename(current->exec_file->f_dentry,
6349 + current->exec_file->f_vfsmnt) : curracl->filename,
6350 + curracl->filename, 0UL,
6351 + 0UL, "", (unsigned long) cap, NIPQUAD(current->curr_ip));
6355 + if ((cap >= 0) && (cap < 29) && cap_raised(current->cap_effective, cap))
6356 + security_alert(GR_CAP_ACL_MSG, captab_log[cap], DEFAULTSECARGS);
6360 diff -urN linux-2.4.21/grsecurity/gracl_fs.c linux-2.4.21/grsecurity/gracl_fs.c
6361 --- linux-2.4.21/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
6362 +++ linux-2.4.21/grsecurity/gracl_fs.c 2003-06-23 11:49:16.000000000 -0400
6364 +#include <linux/kernel.h>
6365 +#include <linux/sched.h>
6366 +#include <linux/types.h>
6367 +#include <linux/fs.h>
6368 +#include <linux/file.h>
6369 +#include <linux/grsecurity.h>
6370 +#include <linux/grinternal.h>
6371 +#include <linux/gracl.h>
6374 +gr_acl_handle_hidden_file(const struct dentry * dentry,
6375 + const struct vfsmount * mnt)
6379 + if (unlikely(!dentry->d_inode))
6383 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
6385 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
6386 + security_audit(GR_HIDDEN_ACL_MSG, "successful",
6387 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
6389 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
6390 + security_alert(GR_HIDDEN_ACL_MSG, "denied",
6391 + gr_to_filename(dentry, mnt),
6394 + } else if (unlikely(!(mode & GR_FIND)))
6401 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
6404 + __u32 reqmode = GR_FIND;
6407 + if (unlikely(!dentry->d_inode))
6410 + if (unlikely(fmode & O_APPEND))
6411 + reqmode |= GR_APPEND;
6412 + else if (unlikely(fmode & FMODE_WRITE))
6413 + reqmode |= GR_WRITE;
6414 + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
6415 + reqmode |= GR_READ;
6418 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
6421 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6422 + security_audit(GR_OPEN_ACL_MSG, "successful",
6423 + gr_to_filename(dentry, mnt),
6424 + reqmode & GR_READ ? " reading" : "",
6425 + reqmode & GR_WRITE ? " writing" :
6426 + reqmode & GR_APPEND ? " appending" : "",
6430 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6432 + security_alert(GR_OPEN_ACL_MSG, "denied",
6433 + gr_to_filename(dentry, mnt),
6434 + reqmode & GR_READ ? " reading" : "",
6435 + reqmode & GR_WRITE ? " writing" : reqmode &
6436 + GR_APPEND ? " appending" : "", DEFAULTSECARGS);
6438 + } else if (unlikely((mode & reqmode) != reqmode))
6445 +gr_acl_handle_creat(const struct dentry * dentry,
6446 + const struct dentry * p_dentry,
6447 + const struct vfsmount * p_mnt, const int fmode,
6450 + __u32 reqmode = GR_WRITE | GR_CREATE;
6453 + if (unlikely(fmode & O_APPEND))
6454 + reqmode |= GR_APPEND;
6455 + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
6456 + reqmode |= GR_READ;
6457 + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
6458 + reqmode |= GR_SETID;
6461 + gr_check_create(dentry, p_dentry, p_mnt,
6462 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
6464 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6465 + security_audit(GR_CREATE_ACL_MSG, "successful",
6466 + gr_to_filename(dentry, p_mnt),
6467 + reqmode & GR_READ ? " reading" : "",
6468 + reqmode & GR_WRITE ? " writing" :
6469 + reqmode & GR_APPEND ? " appending" : "",
6473 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6475 + security_alert(GR_CREATE_ACL_MSG, "denied",
6476 + gr_to_filename(dentry, p_mnt),
6477 + reqmode & GR_READ ? " reading" : "",
6478 + reqmode & GR_WRITE ? " writing" : reqmode &
6479 + GR_APPEND ? " appending" : "", DEFAULTSECARGS);
6481 + } else if (unlikely((mode & reqmode) != reqmode))
6488 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
6491 + __u32 mode, reqmode = GR_FIND;
6493 + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
6494 + reqmode |= GR_EXEC;
6495 + if (fmode & S_IWOTH)
6496 + reqmode |= GR_WRITE;
6497 + if (fmode & S_IROTH)
6498 + reqmode |= GR_READ;
6501 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
6504 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6505 + security_audit(GR_ACCESS_ACL_MSG, "successful",
6506 + gr_to_filename(dentry, mnt),
6507 + reqmode & GR_READ ? " reading" : "",
6508 + reqmode & GR_WRITE ? " writing" : "",
6509 + reqmode & GR_EXEC ? " executing" : "",
6513 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6515 + security_alert(GR_ACCESS_ACL_MSG, "denied",
6516 + gr_to_filename(dentry, mnt),
6517 + reqmode & GR_READ ? " reading" : "",
6518 + reqmode & GR_WRITE ? " writing" : "",
6519 + reqmode & GR_EXEC ? " executing" : "",
6522 + } else if (unlikely((mode & reqmode) != reqmode))
6528 +#define generic_fs_handler(dentry, mnt, reqmode, fmt) \
6532 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); \
6534 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \
6535 + security_audit(fmt, "successful", \
6536 + gr_to_filename(dentry, mnt), DEFAULTSECARGS); \
6538 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \
6539 + security_alert(fmt, "denied", gr_to_filename(dentry, mnt), \
6540 + DEFAULTSECARGS); \
6542 + } else if (unlikely((mode & (reqmode)) != (reqmode))) \
6545 + return (reqmode); \
6549 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
6551 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
6555 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
6557 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
6561 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
6563 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
6567 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
6569 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
6573 +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
6576 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
6577 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
6578 + GR_FCHMOD_ACL_MSG);
6580 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
6585 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
6588 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
6589 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
6590 + GR_CHMOD_ACL_MSG);
6592 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
6597 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
6599 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
6603 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
6605 + generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
6609 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
6611 + generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
6612 + GR_UNIXCONNECT_ACL_MSG);
6616 +gr_acl_handle_filldir(const struct dentry *dentry, const struct vfsmount *mnt,
6619 + if (likely((unsigned long)(dentry->d_inode))) {
6620 + struct dentry d = *dentry;
6621 + struct inode inode = *(dentry->d_inode);
6623 + inode.i_ino = ino;
6624 + d.d_inode = &inode;
6626 + if (unlikely(!gr_search_file(&d, GR_FIND | GR_NOLEARN, mnt)))
6634 +gr_acl_handle_link(const struct dentry * new_dentry,
6635 + const struct dentry * parent_dentry,
6636 + const struct vfsmount * parent_mnt,
6637 + const struct dentry * old_dentry,
6638 + const struct vfsmount * old_mnt, const char *to)
6640 + __u32 needmode = GR_WRITE | GR_CREATE;
6644 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
6647 + if (unlikely(((mode & needmode) == needmode) && mode & GR_AUDITS)) {
6648 + security_audit(GR_LINK_ACL_MSG, "successful",
6649 + gr_to_filename(old_dentry, old_mnt), to,
6652 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
6653 + security_alert(GR_LINK_ACL_MSG, "denied",
6654 + gr_to_filename(old_dentry, old_mnt), to,
6657 + } else if (unlikely((mode & needmode) != needmode))
6660 + return (GR_WRITE | GR_CREATE);
6664 +gr_acl_handle_symlink(const struct dentry * new_dentry,
6665 + const struct dentry * parent_dentry,
6666 + const struct vfsmount * parent_mnt, const char *from)
6668 + __u32 needmode = GR_WRITE | GR_CREATE;
6672 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
6673 + GR_CREATE | GR_AUDIT_CREATE |
6674 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
6676 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
6677 + security_audit(GR_SYMLINK_ACL_MSG, "successful",
6678 + from, gr_to_filename(new_dentry, parent_mnt),
6681 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
6682 + security_alert(GR_SYMLINK_ACL_MSG, "denied",
6683 + from, gr_to_filename(new_dentry, parent_mnt),
6686 + } else if (unlikely((mode & needmode) != needmode))
6689 + return (GR_WRITE | GR_CREATE);
6692 +#define generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, reqmode, fmt) \
6696 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); \
6698 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \
6699 + security_audit(fmt, "successful", \
6700 + gr_to_filename(new_dentry, parent_mnt), \
6701 + DEFAULTSECARGS); \
6703 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \
6704 + security_alert(fmt, "denied", \
6705 + gr_to_filename(new_dentry, parent_mnt), \
6706 + DEFAULTSECARGS); \
6708 + } else if (unlikely((mode & (reqmode)) != (reqmode))) \
6711 + return (reqmode); \
6715 +gr_acl_handle_mknod(const struct dentry * new_dentry,
6716 + const struct dentry * parent_dentry,
6717 + const struct vfsmount * parent_mnt,
6720 + __u32 reqmode = GR_WRITE | GR_CREATE;
6721 + if (unlikely(mode & (S_ISUID | S_ISGID)))
6722 + reqmode |= GR_SETID;
6724 + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6725 + reqmode, GR_MKNOD_ACL_MSG);
6729 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
6730 + const struct dentry *parent_dentry,
6731 + const struct vfsmount *parent_mnt)
6733 + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6734 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
6737 +#define RENAME_CHECK_SUCCESS(old, new) \
6738 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
6739 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
6742 +gr_acl_handle_rename(struct dentry *new_dentry,
6743 + struct dentry *parent_dentry,
6744 + const struct vfsmount *parent_mnt,
6745 + struct dentry *old_dentry,
6746 + struct inode *old_parent_inode,
6747 + struct vfsmount *old_mnt, const char *newname)
6749 + __u8 gr_replace = 1;
6750 + __u32 comp1, comp2;
6753 + if (unlikely(!gr_acl_is_enabled()))
6756 + if (!new_dentry->d_inode) {
6759 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
6760 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
6761 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
6762 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
6763 + GR_DELETE | GR_AUDIT_DELETE |
6764 + GR_AUDIT_READ | GR_AUDIT_WRITE |
6765 + GR_SUPPRESS, old_mnt);
6767 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
6768 + GR_CREATE | GR_DELETE |
6769 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
6770 + GR_AUDIT_READ | GR_AUDIT_WRITE |
6771 + GR_SUPPRESS, parent_mnt);
6773 + gr_search_file(old_dentry,
6774 + GR_READ | GR_WRITE | GR_AUDIT_READ |
6775 + GR_DELETE | GR_AUDIT_DELETE |
6776 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
6779 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
6780 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
6781 + security_audit(GR_RENAME_ACL_MSG, "successful",
6782 + gr_to_filename(old_dentry, old_mnt),
6783 + newname, DEFAULTSECARGS);
6784 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
6785 + && !(comp2 & GR_SUPPRESS)) {
6786 + security_alert(GR_RENAME_ACL_MSG, "denied",
6787 + gr_to_filename(old_dentry, old_mnt), newname,
6790 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
6796 + error = gr_handle_rename(old_parent_inode, parent_dentry->d_inode,
6797 + old_dentry, new_dentry, old_mnt, gr_replace);
6803 +gr_acl_handle_exit(void)
6808 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
6809 + id = current->acl_role_id;
6810 + rolename = current->role->rolename;
6812 + security_alert_good(GR_SPROLEL_ACL_MSG,
6813 + rolename, id, DEFAULTSECARGS);
6816 + if (current->exec_file) {
6817 + fput(current->exec_file);
6818 + current->exec_file = NULL;
6823 +gr_acl_handle_procpidmem(const struct task_struct *task)
6825 + if (unlikely(!gr_acl_is_enabled()))
6828 + if (task->acl->mode & GR_PROTPROCFD)
6833 diff -urN linux-2.4.21/grsecurity/gracl_ip.c linux-2.4.21/grsecurity/gracl_ip.c
6834 --- linux-2.4.21/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
6835 +++ linux-2.4.21/grsecurity/gracl_ip.c 2003-07-29 17:58:19.000000000 -0400
6838 + * grsecurity/gracl_ip.c
6839 + * Copyright Brad Spengler 2002, 2003
6843 +#include <linux/kernel.h>
6844 +#include <asm/uaccess.h>
6845 +#include <asm/errno.h>
6846 +#include <net/sock.h>
6847 +#include <linux/file.h>
6848 +#include <linux/fs.h>
6849 +#include <linux/net.h>
6850 +#include <linux/in.h>
6851 +#include <linux/skbuff.h>
6852 +#include <linux/ip.h>
6853 +#include <linux/udp.h>
6854 +#include <linux/smp_lock.h>
6855 +#include <linux/types.h>
6856 +#include <linux/sched.h>
6857 +#include <linux/gracl.h>
6858 +#include <linux/grsecurity.h>
6859 +#include <linux/grinternal.h>
6861 +#define GR_BIND 0x01
6862 +#define GR_CONNECT 0x02
6864 +static const char * gr_protocols[256] = {
6865 + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
6866 + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
6867 + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
6868 + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
6869 + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
6870 + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
6871 + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
6872 + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
6873 + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
6874 + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
6875 + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
6876 + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
6877 + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
6878 + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
6879 + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
6880 + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
6881 + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
6882 + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
6883 + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
6884 + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
6885 + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
6886 + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
6887 + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
6888 + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
6889 + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
6890 + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
6891 + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
6892 + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
6893 + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
6894 + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
6895 + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
6896 + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
6899 +static const char * gr_socktypes[11] = {
6900 + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
6901 + "unknown:7", "unknown:8", "unknown:9", "packet"
6904 +static __inline__ const char *
6905 +gr_proto_to_name(unsigned char proto)
6907 + return gr_protocols[proto];
6910 +static __inline__ const char *
6911 +gr_socktype_to_name(unsigned char type)
6913 + return gr_socktypes[type];
6917 +gr_search_socket(const int domain, const int type, const int protocol)
6919 + struct acl_subject_label *curr;
6921 + if (unlikely(!gr_acl_is_enabled()))
6924 + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
6925 + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
6926 + goto exit; // let the kernel handle it
6928 + curr = current->acl;
6933 + if ((curr->ip_type & (1 << type)) &&
6934 + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
6937 + if (curr->mode & GR_LEARN) {
6938 + /* we don't place acls on raw sockets , and sometimes
6939 + dgram/ip sockets are opened for ioctl and not
6940 + bind/connect, so we'll fake a bind learn log */
6941 + if (type == SOCK_RAW || type == SOCK_PACKET) {
6943 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6944 + current->role->roletype, current->uid,
6945 + current->gid, current->exec_file ?
6946 + gr_to_filename(current->exec_file->f_dentry,
6947 + current->exec_file->f_vfsmnt) :
6948 + curr->filename, curr->filename,
6949 + NIPQUAD(fakeip), 0, type,
6950 + protocol, GR_CONNECT, NIPQUAD(current->curr_ip));
6951 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
6953 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
6954 + current->role->roletype, current->uid,
6955 + current->gid, current->exec_file ?
6956 + gr_to_filename(current->exec_file->f_dentry,
6957 + current->exec_file->f_vfsmnt) :
6958 + curr->filename, curr->filename,
6959 + NIPQUAD(fakeip), 0, type,
6960 + protocol, GR_BIND, NIPQUAD(current->curr_ip));
6962 + /* we'll log when they use connect or bind */
6966 + security_alert(GR_SOCK_MSG, "inet", gr_socktype_to_name(type),
6967 + gr_proto_to_name(protocol), DEFAULTSECARGS);
6974 +static __inline__ int
6975 +gr_search_connectbind(const int mode, const struct sock *sk,
6976 + const struct sockaddr_in *addr, const int type)
6978 + struct acl_subject_label *curr;
6979 + struct acl_ip_label *ip;
6981 + __u32 ip_addr = 0;
6982 + __u16 ip_port = 0;
6984 + if (unlikely(!gr_acl_is_enabled() || sk->family != PF_INET))
6987 + curr = current->acl;
6992 + ip_addr = addr->sin_addr.s_addr;
6993 + ip_port = ntohs(addr->sin_port);
6995 + for (i = 0; i < curr->ip_num; i++) {
6996 + ip = *(curr->ips + i);
6997 + if ((ip->mode & mode) &&
6998 + (ip_port >= ip->low) &&
6999 + (ip_port <= ip->high) &&
7000 + ((ntohl(ip_addr) & ip->netmask) ==
7001 + (ntohl(ip->addr) & ip->netmask))
7003 + proto[sk->protocol / 32] & (1 << (sk->protocol % 32)))
7004 + && (ip->type & (1 << type)))
7008 + if (curr->mode & GR_LEARN) {
7009 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
7010 + current->role->roletype, current->uid,
7011 + current->gid, current->exec_file ?
7012 + gr_to_filename(current->exec_file->f_dentry,
7013 + current->exec_file->f_vfsmnt) :
7014 + curr->filename, curr->filename,
7015 + NIPQUAD(ip_addr), ip_port, type,
7016 + sk->protocol, mode, NIPQUAD(current->curr_ip));
7020 + if (mode == GR_BIND)
7021 + security_alert(GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port,
7022 + gr_socktype_to_name(type), gr_proto_to_name(sk->protocol),
7024 + else if (mode == GR_CONNECT)
7025 + security_alert(GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port,
7026 + gr_socktype_to_name(type), gr_proto_to_name(sk->protocol),
7033 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
7035 + return gr_search_connectbind(GR_CONNECT, sock->sk, addr, sock->type);
7039 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
7041 + return gr_search_connectbind(GR_BIND, sock->sk, addr, sock->type);
7045 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
7048 + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
7050 + struct sockaddr_in sin;
7052 + sin.sin_addr.s_addr = sk->daddr;
7053 + sin.sin_port = sk->dport;
7055 + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM);
7060 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
7062 + struct sockaddr_in sin;
7064 + if (unlikely(skb->len < sizeof (struct udphdr)))
7065 + return 1; // skip this packet
7067 + sin.sin_addr.s_addr = skb->nh.iph->saddr;
7068 + sin.sin_port = skb->h.uh->source;
7070 + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM);
7072 diff -urN linux-2.4.21/grsecurity/gracl_learn.c linux-2.4.21/grsecurity/gracl_learn.c
7073 --- linux-2.4.21/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
7074 +++ linux-2.4.21/grsecurity/gracl_learn.c 2003-07-29 17:58:19.000000000 -0400
7076 +#include <linux/kernel.h>
7077 +#include <linux/mm.h>
7078 +#include <linux/sched.h>
7079 +#include <linux/poll.h>
7080 +#include <linux/smp_lock.h>
7081 +#include <linux/string.h>
7082 +#include <linux/file.h>
7083 +#include <linux/types.h>
7084 +#include <linux/vmalloc.h>
7085 +#include <linux/grinternal.h>
7087 +extern ssize_t write_grsec_handler(struct file * file, const char * buf,
7088 + size_t count, loff_t *ppos);
7089 +extern int gr_acl_is_enabled(void);
7091 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
7092 +static DECLARE_WAIT_QUEUE_HEAD(input_wait);
7093 +static atomic_t learn_buffer_count = ATOMIC_INIT(0);
7094 +static int gr_learn_attached;
7096 +#define LEARN_BUFFER_SLOTS 256
7097 +#define LEARN_BUFFER_SIZE 16384
7099 +static spinlock_t learn_buffer_lock[LEARN_BUFFER_SLOTS] = { [0 ... (LEARN_BUFFER_SLOTS - 1)] = SPIN_LOCK_UNLOCKED };
7100 +static char *learn_buffer[LEARN_BUFFER_SLOTS];
7101 +static int learn_buffer_len[LEARN_BUFFER_SLOTS];
7104 +read_learn(struct file *file, char * buf, size_t count, loff_t * ppos)
7106 + DECLARE_WAITQUEUE(wait, current);
7107 + ssize_t retval = 0;
7112 + add_wait_queue(&learn_wait, &wait);
7113 + set_current_state(TASK_INTERRUPTIBLE);
7115 + if (atomic_read(&learn_buffer_count) > 1)
7118 + if (file->f_flags & O_NONBLOCK) {
7122 + if (signal_pending(current)) {
7123 + retval = -ERESTARTSYS;
7131 + for (i = 0; i < LEARN_BUFFER_SLOTS; i++) {
7132 + spin_lock(&learn_buffer_lock[i]);
7133 + len = learn_buffer_len[i];
7134 + tmp = learn_buffer[i];
7135 + if (!len || !tmp) {
7136 + spin_unlock(&learn_buffer_lock[i]);
7139 + learn_buffer[i] = NULL;
7140 + learn_buffer_len[i] = 0;
7141 + spin_unlock(&learn_buffer_lock[i]);
7143 + if (count < ((i * LEARN_BUFFER_SIZE) + len)) {
7148 + if (copy_to_user(buf + (i * LEARN_BUFFER_SIZE), tmp, len)) {
7156 + atomic_dec(&learn_buffer_count);
7157 + atomic_dec(&learn_buffer_count);
7160 + wake_up(&input_wait);
7162 + set_current_state(TASK_RUNNING);
7163 + remove_wait_queue(&learn_wait, &wait);
7167 +static unsigned int
7168 +poll_learn(struct file * file, poll_table * wait)
7170 + poll_wait(file, &learn_wait, wait);
7172 + if (atomic_read(&learn_buffer_count) > 1)
7173 + return (POLLIN | POLLRDNORM);
7179 +gr_clear_learn_entries(void)
7183 + atomic_set(&learn_buffer_count, 0);
7184 + wake_up(&input_wait);
7186 + for (i = 0; i < LEARN_BUFFER_SLOTS; i++) {
7187 + if (learn_buffer_len[i]) {
7188 + vfree(learn_buffer[i]);
7189 + learn_buffer[i] = NULL;
7190 + learn_buffer_len[i] = 0;
7198 +gr_add_learn_entry(const char *fmt, ...)
7200 + DECLARE_WAITQUEUE(wait, current);
7207 + if (!gr_learn_attached)
7210 + tmpbuf = vmalloc(LEARN_BUFFER_SIZE);
7212 + if (tmpbuf == NULL)
7215 + va_start(args, fmt);
7216 + len = vsnprintf(tmpbuf, LEARN_BUFFER_SIZE, fmt, args);
7220 + len = LEARN_BUFFER_SIZE - 1;
7222 + buf = vmalloc(len + 1);
7224 + if (buf == NULL) {
7229 + memcpy(buf, tmpbuf, len);
7233 + add_wait_queue(&input_wait, &wait);
7235 + atomic_inc(&learn_buffer_count);
7236 + while (atomic_read(&learn_buffer_count) > ((2 * (LEARN_BUFFER_SLOTS - 1)) + 1)) {
7237 + /* don't sleep under the BKL */
7238 + if (unlikely(current->lock_depth >= 0)) {
7239 + remove_wait_queue(&input_wait, &wait);
7240 + atomic_dec(&learn_buffer_count);
7244 + sleep_on(&input_wait);
7247 + if (!gr_acl_is_enabled()) {
7248 + remove_wait_queue(&input_wait, &wait);
7249 + atomic_dec(&learn_buffer_count);
7254 + for (i = 0; i < LEARN_BUFFER_SLOTS; i++) {
7255 + spin_lock(&learn_buffer_lock[i]);
7257 + if (learn_buffer_len[i]) {
7258 + spin_unlock(&learn_buffer_lock[i]);
7262 + learn_buffer[i] = buf;
7264 + learn_buffer_len[i] = len + 1;
7266 + atomic_inc(&learn_buffer_count);
7267 + spin_unlock(&learn_buffer_lock[i]);
7271 + remove_wait_queue(&input_wait, &wait);
7272 + wake_up_interruptible(&learn_wait);
7278 +open_learn(struct inode *inode, struct file *file)
7280 + if (file->f_mode & FMODE_READ && gr_learn_attached)
7282 + else if (file->f_mode & FMODE_READ)
7283 + gr_learn_attached = 1;
7289 +close_learn(struct inode *inode, struct file *file)
7291 + if (file->f_mode & FMODE_READ)
7292 + gr_learn_attached = 0;
7297 +struct file_operations grsec_fops = {
7299 + write: write_grsec_handler,
7301 + release: close_learn,
7304 diff -urN linux-2.4.21/grsecurity/gracl_res.c linux-2.4.21/grsecurity/gracl_res.c
7305 --- linux-2.4.21/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
7306 +++ linux-2.4.21/grsecurity/gracl_res.c 2003-07-29 17:58:19.000000000 -0400
7308 +/* resource handling routines (c) Brad Spengler 2002, 2003 */
7310 +#include <linux/kernel.h>
7311 +#include <linux/sched.h>
7312 +#include <linux/gracl.h>
7313 +#include <linux/grinternal.h>
7315 +static const char *restab_log[11] = {
7330 +gr_log_resource(const struct task_struct *task,
7331 + const int res, const unsigned long wanted)
7333 + if (unlikely(res == RLIMIT_NPROC &&
7334 + (cap_raised(task->cap_effective, CAP_SYS_ADMIN) ||
7335 + cap_raised(task->cap_effective, CAP_SYS_RESOURCE))))
7338 + if (unlikely(wanted >= task->rlim[res].rlim_cur &&
7339 + task->rlim[res].rlim_cur != RLIM_INFINITY))
7340 + security_alert(GR_RESOURCE_MSG, wanted, restab_log[res],
7341 + task->rlim[res].rlim_cur, task->comm,
7342 + task->pid, task->uid, task->euid,
7343 + task->gid, task->egid, task->p_pptr->comm,
7344 + task->p_pptr->pid, task->p_pptr->uid,
7345 + task->p_pptr->euid, task->p_pptr->gid,
7346 + task->p_pptr->egid);
7350 diff -urN linux-2.4.21/grsecurity/gracl_segv.c linux-2.4.21/grsecurity/gracl_segv.c
7351 --- linux-2.4.21/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
7352 +++ linux-2.4.21/grsecurity/gracl_segv.c 2003-06-23 11:49:16.000000000 -0400
7355 + * grsecurity/gracl_segv.c
7356 + * Copyright Brad Spengler 2002, 2003
7360 +#include <linux/kernel.h>
7361 +#include <linux/mm.h>
7362 +#include <asm/uaccess.h>
7363 +#include <asm/errno.h>
7364 +#include <asm/mman.h>
7365 +#include <net/sock.h>
7366 +#include <linux/file.h>
7367 +#include <linux/fs.h>
7368 +#include <linux/net.h>
7369 +#include <linux/in.h>
7370 +#include <linux/smp_lock.h>
7371 +#include <linux/slab.h>
7372 +#include <linux/types.h>
7373 +#include <linux/sched.h>
7374 +#include <linux/timer.h>
7375 +#include <linux/gracl.h>
7376 +#include <linux/grsecurity.h>
7377 +#include <linux/grinternal.h>
7379 +static struct crash_uid *uid_set;
7380 +static unsigned short uid_used;
7381 +static rwlock_t gr_uid_lock = RW_LOCK_UNLOCKED;
7382 +extern rwlock_t gr_inode_lock;
7383 +extern __inline__ struct acl_subject_label *lookup_acl_subj_label(const ino_t
7392 +gr_init_uidset(void)
7395 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
7398 + return uid_set ? 1 : 0;
7402 +gr_free_uidset(void)
7411 +gr_find_uid(const uid_t uid)
7413 + struct crash_uid *tmp = uid_set;
7415 + int low = 0, high = uid_used - 1, mid;
7417 + while (high >= low) {
7418 + mid = (low + high) >> 1;
7419 + buid = tmp[mid].uid;
7431 +static __inline__ void
7432 +gr_insertsort(void)
7434 + unsigned short i, j;
7435 + struct crash_uid index;
7437 + for (i = 1; i < uid_used; i++) {
7438 + index = uid_set[i];
7440 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
7441 + uid_set[j] = uid_set[j - 1];
7444 + uid_set[j] = index;
7450 +static __inline__ void
7451 +gr_insert_uid(const uid_t uid, const unsigned long expires)
7455 + if (uid_used == GR_UIDTABLE_MAX)
7458 + loc = gr_find_uid(uid);
7461 + uid_set[loc].expires = expires;
7465 + uid_set[uid_used].uid = uid;
7466 + uid_set[uid_used].expires = expires;
7475 +gr_remove_uid(const unsigned short loc)
7479 + for (i = loc + 1; i < uid_used; i++)
7480 + uid_set[i - i] = uid_set[i];
7488 +gr_check_crash_uid(const uid_t uid)
7492 + if (unlikely(!gr_acl_is_enabled()))
7495 + read_lock(&gr_uid_lock);
7496 + loc = gr_find_uid(uid);
7497 + read_unlock(&gr_uid_lock);
7502 + write_lock(&gr_uid_lock);
7503 + if (time_before_eq(uid_set[loc].expires, jiffies))
7504 + gr_remove_uid(loc);
7506 + write_unlock(&gr_uid_lock);
7510 + write_unlock(&gr_uid_lock);
7514 +static __inline__ int
7515 +proc_is_setxid(const struct task_struct *task)
7517 + if (task->uid != task->euid || task->uid != task->suid ||
7518 + task->uid != task->fsuid)
7520 + if (task->gid != task->egid || task->gid != task->sgid ||
7521 + task->gid != task->fsgid)
7526 +static __inline__ int
7527 +gr_fake_force_sig(int sig, struct task_struct *t)
7529 + unsigned long int flags;
7531 + spin_lock_irqsave(&t->sigmask_lock, flags);
7532 + if (t->sig == NULL) {
7533 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
7537 + if (t->sig->action[sig - 1].sa.sa_handler == SIG_IGN)
7538 + t->sig->action[sig - 1].sa.sa_handler = SIG_DFL;
7539 + sigdelset(&t->blocked, sig);
7540 + recalc_sigpending(t);
7541 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
7543 + return send_sig_info(sig, (void *) 1L, t);
7547 +gr_handle_crash(struct task_struct *task, const int sig)
7549 + struct acl_subject_label *curr;
7550 + struct acl_subject_label *curr2;
7551 + struct task_struct *tsk;
7553 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
7556 + if (unlikely(!gr_acl_is_enabled()))
7561 + if (!(curr->resmask & (1 << GR_CRASH_RES)))
7564 + if (time_before_eq(curr->expires, jiffies)) {
7565 + curr->expires = 0;
7566 + curr->crashes = 0;
7571 + if (!curr->expires)
7572 + curr->expires = jiffies + curr->res[GR_CRASH_RES].rlim_max;
7574 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
7575 + time_after(curr->expires, jiffies)) {
7576 + if (task->uid && proc_is_setxid(task)) {
7577 + security_alert(GR_SEGVSTART_ACL_MSG, task->comm,
7578 + task->pid, task->uid, task->euid,
7579 + task->gid, task->egid,
7580 + task->p_pptr->comm, task->p_pptr->pid,
7581 + task->p_pptr->uid, task->p_pptr->euid,
7582 + task->p_pptr->gid, task->p_pptr->egid,
7584 + curr->res[GR_CRASH_RES].rlim_max / HZ);
7585 + write_lock(&gr_uid_lock);
7586 + gr_insert_uid(task->uid, curr->expires);
7587 + write_unlock(&gr_uid_lock);
7588 + curr->expires = 0;
7589 + curr->crashes = 0;
7590 + read_lock(&tasklist_lock);
7591 + for_each_task(tsk) {
7592 + if (tsk != task && tsk->uid == task->uid)
7593 + gr_fake_force_sig(SIGKILL, tsk);
7595 + read_unlock(&tasklist_lock);
7597 + security_alert(GR_SEGVNOSUID_ACL_MSG, task->comm,
7598 + task->pid, task->uid, task->euid,
7599 + task->gid, task->egid,
7600 + task->p_pptr->comm, task->p_pptr->pid,
7601 + task->p_pptr->uid, task->p_pptr->euid,
7602 + task->p_pptr->gid, task->p_pptr->egid,
7603 + kdevname(curr->device), curr->inode,
7604 + curr->res[GR_CRASH_RES].rlim_max / HZ);
7605 + read_lock(&tasklist_lock);
7606 + for_each_task(tsk) {
7607 + if (likely(tsk != task)) {
7610 + if (curr2->device == curr->device &&
7611 + curr2->inode == curr->inode)
7612 + gr_fake_force_sig(SIGKILL, tsk);
7615 + read_unlock(&tasklist_lock);
7623 +gr_check_crash_exec(const struct file *filp)
7625 + struct acl_subject_label *curr;
7627 + if (unlikely(!gr_acl_is_enabled()))
7630 + read_lock(&gr_inode_lock);
7631 + curr = lookup_acl_subj_label(filp->f_dentry->d_inode->i_ino,
7632 + filp->f_dentry->d_inode->i_dev,
7634 + read_unlock(&gr_inode_lock);
7636 + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
7637 + (!curr->crashes && !curr->expires))
7640 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
7641 + time_after(curr->expires, jiffies))
7643 + else if (time_before_eq(curr->expires, jiffies)) {
7644 + curr->crashes = 0;
7645 + curr->expires = 0;
7652 +gr_handle_alertkill(void)
7654 + struct acl_subject_label *curracl;
7656 + struct task_struct *task;
7658 + if (unlikely(!gr_acl_is_enabled()))
7661 + curracl = current->acl;
7662 + curr_ip = current->curr_ip;
7664 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip &&
7665 + (curr_ip != 0xffffffff)) {
7666 + read_lock(&tasklist_lock);
7667 + for_each_task(task) {
7668 + if (task->curr_ip == curr_ip)
7669 + gr_fake_force_sig(SIGKILL, task);
7671 + read_unlock(&tasklist_lock);
7672 + } else if (curracl->mode & GR_KILLPROC)
7673 + gr_fake_force_sig(SIGKILL, current);
7677 diff -urN linux-2.4.21/grsecurity/gracl_shm.c linux-2.4.21/grsecurity/gracl_shm.c
7678 --- linux-2.4.21/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
7679 +++ linux-2.4.21/grsecurity/gracl_shm.c 2003-06-23 11:49:16.000000000 -0400
7681 +/* shared memory handling routines, (c) Brad Spengler 2002, 2003 */
7683 +#include <linux/kernel.h>
7684 +#include <linux/mm.h>
7685 +#include <linux/sched.h>
7686 +#include <linux/file.h>
7687 +#include <linux/ipc.h>
7688 +#include <linux/gracl.h>
7689 +#include <linux/grsecurity.h>
7690 +#include <linux/grinternal.h>
7693 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
7694 + const time_t shm_createtime, const uid_t cuid, const int shmid)
7696 + struct task_struct *task;
7698 + if (!gr_acl_is_enabled())
7701 + task = find_task_by_pid(shm_cprid);
7703 + if (unlikely(!task))
7704 + task = find_task_by_pid(shm_lapid);
7706 + if (unlikely(task && ((task->start_time < shm_createtime) ||
7707 + (task->pid == shm_lapid)) &&
7708 + (task->acl->mode & GR_PROTSHM) &&
7709 + (task->acl != current->acl))) {
7710 + security_alert(GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid,
7717 diff -urN linux-2.4.21/grsecurity/grsec_chdir.c linux-2.4.21/grsecurity/grsec_chdir.c
7718 --- linux-2.4.21/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
7719 +++ linux-2.4.21/grsecurity/grsec_chdir.c 2003-06-23 11:49:16.000000000 -0400
7721 +#include <linux/kernel.h>
7722 +#include <linux/sched.h>
7723 +#include <linux/fs.h>
7724 +#include <linux/file.h>
7725 +#include <linux/grsecurity.h>
7726 +#include <linux/grinternal.h>
7729 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
7731 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
7732 + if ((grsec_enable_chdir && grsec_enable_group &&
7733 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
7734 + !grsec_enable_group)) {
7735 + security_audit(GR_CHDIR_AUDIT_MSG, gr_to_filename(dentry, mnt),
7741 diff -urN linux-2.4.21/grsecurity/grsec_chroot.c linux-2.4.21/grsecurity/grsec_chroot.c
7742 --- linux-2.4.21/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
7743 +++ linux-2.4.21/grsecurity/grsec_chroot.c 2003-06-23 11:49:16.000000000 -0400
7745 +#include <linux/kernel.h>
7746 +#include <linux/sched.h>
7747 +#include <linux/file.h>
7748 +#include <linux/fs.h>
7749 +#include <linux/types.h>
7750 +#include <linux/grinternal.h>
7753 +gr_handle_chroot_unix(const pid_t pid)
7755 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
7756 + struct task_struct *p, **htable;
7758 + if (unlikely(!grsec_enable_chroot_unix))
7761 + if (likely(!proc_is_chrooted(current)))
7764 + read_lock(&tasklist_lock);
7766 + htable = &pidhash[pid_hashfn(pid)];
7768 + for (p = *htable; p && p->pid != pid; p = p->pidhash_next) ;
7770 + if (unlikely(p && !have_same_root(current, p))) {
7771 + read_unlock(&tasklist_lock);
7772 + security_alert(GR_UNIX_CHROOT_MSG, DEFAULTSECARGS);
7775 + read_unlock(&tasklist_lock);
7781 +gr_handle_chroot_nice(void)
7783 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7784 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
7785 + security_alert(GR_NICE_CHROOT_MSG, DEFAULTSECARGS);
7793 +gr_handle_chroot_setpriority(task_t *p, const int niceval)
7795 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7796 + if (grsec_enable_chroot_nice && (!have_same_root(p, current)
7797 + || (have_same_root(p, current)
7798 + && (niceval < task_nice(p))
7799 + && proc_is_chrooted(current)))) {
7800 + security_alert(GR_PRIORITY_CHROOT_MSG, p->comm, p->pid,
7809 +gr_handle_chroot_capset(const struct task_struct *target)
7811 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7812 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
7813 + !have_same_root(current, target)) {
7814 + security_alert(GR_CAPSET_CHROOT_MSG, target->comm, target->pid,
7823 +gr_pid_is_chrooted(const struct task_struct *p)
7825 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
7826 + if (!grsec_enable_chroot_findtask || (current->pid <= 1))
7829 + if (p && p->fs && p->fs->root && p->fs->root->d_inode &&
7830 + child_reaper && child_reaper->fs && child_reaper->fs->root &&
7831 + child_reaper->fs->root->d_inode && current && current->fs &&
7832 + current->fs->root && current->fs->root->d_inode) {
7833 + if (proc_is_chrooted(current) && !have_same_root(current, p))
7841 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
7843 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
7844 + if (!grsec_enable_chroot_fchdir)
7847 + if (!proc_is_chrooted(current))
7850 + struct dentry *dentry = u_dentry;
7851 + struct vfsmount *mnt = u_mnt;
7852 + struct dentry *realroot;
7853 + struct vfsmount *realrootmnt;
7854 + struct dentry *currentroot;
7855 + struct vfsmount *currentmnt;
7857 + read_lock(&child_reaper->fs->lock);
7858 + realrootmnt = mntget(child_reaper->fs->rootmnt);
7859 + realroot = dget(child_reaper->fs->root);
7860 + read_unlock(&child_reaper->fs->lock);
7862 + read_lock(¤t->fs->lock);
7863 + currentmnt = mntget(current->fs->rootmnt);
7864 + currentroot = dget(current->fs->root);
7865 + read_unlock(¤t->fs->lock);
7867 + spin_lock(&dcache_lock);
7870 + ((dentry == realroot && mnt == realrootmnt)
7871 + || (dentry == currentroot && mnt == currentmnt)))
7874 + (dentry == mnt->mnt_root || IS_ROOT(dentry))) {
7875 + if (mnt->mnt_parent == mnt)
7877 + dentry = mnt->mnt_mountpoint;
7878 + mnt = mnt->mnt_parent;
7881 + dentry = dentry->d_parent;
7883 + spin_unlock(&dcache_lock);
7885 + dput(currentroot);
7886 + mntput(currentmnt);
7888 + if (dentry == realroot && mnt == realrootmnt) {
7889 + /* ok, they're definitely trying to fchdir outside of the
7892 + mntput(realrootmnt);
7893 + security_alert(GR_CHROOT_FCHDIR_MSG,
7894 + gr_to_filename(u_dentry, u_mnt),
7899 + mntput(realrootmnt);
7908 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
7909 + const time_t shm_createtime)
7911 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
7912 + struct task_struct *p, **htable;
7914 + if (unlikely(!grsec_enable_chroot_shmat))
7917 + if (likely(!proc_is_chrooted(current)))
7920 + read_lock(&tasklist_lock);
7922 + htable = &pidhash[pid_hashfn(shm_cprid)];
7924 + for (p = *htable; p && p->pid != shm_cprid; p = p->pidhash_next) ;
7926 + if (unlikely(p && !have_same_root(current, p) &&
7927 + (p->start_time < shm_createtime))) {
7928 + read_unlock(&tasklist_lock);
7929 + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS);
7933 + if (unlikely(!p)) {
7934 + htable = &pidhash[pid_hashfn(shm_lapid)];
7935 + for (p = *htable; p && p->pid != shm_lapid;
7936 + p = p->pidhash_next) ;
7938 + if (unlikely(p && !have_same_root(current, p))) {
7939 + read_unlock(&tasklist_lock);
7940 + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS);
7945 + read_unlock(&tasklist_lock);
7951 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
7953 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
7954 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
7955 + security_audit(GR_EXEC_CHROOT_MSG, gr_to_filename(dentry, mnt),
7962 +gr_handle_chroot_mknod(const struct dentry *dentry,
7963 + const struct vfsmount *mnt, const int mode)
7965 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
7966 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) &&
7967 + proc_is_chrooted(current)) {
7968 + security_alert(GR_MKNOD_CHROOT_MSG,
7969 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
7977 +gr_handle_chroot_mount(const struct dentry *dentry,
7978 + const struct vfsmount *mnt, const char *dev_name)
7980 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
7981 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
7982 + security_alert(GR_MOUNT_CHROOT_MSG, dev_name,
7983 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
7991 +gr_handle_chroot_pivot(void)
7993 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
7994 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
7995 + security_alert(GR_PIVOT_CHROOT_MSG, DEFAULTSECARGS);
8003 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
8005 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
8006 + if (grsec_enable_chroot_double && proc_is_chrooted(current)) {
8007 + security_alert(GR_CHROOT_CHROOT_MSG,
8008 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
8016 +gr_handle_chroot_caps(struct task_struct *task)
8018 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
8019 + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
8020 + task->cap_permitted =
8021 + cap_drop(task->cap_permitted, GR_CHROOT_CAPS);
8022 + task->cap_inheritable =
8023 + cap_drop(task->cap_inheritable, GR_CHROOT_CAPS);
8024 + task->cap_effective =
8025 + cap_drop(task->cap_effective, GR_CHROOT_CAPS);
8032 +gr_handle_chroot_sysctl(const int op)
8034 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
8035 + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
8043 +gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt)
8045 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
8046 + if (grsec_enable_chroot_chdir)
8047 + set_fs_pwd(current->fs, mnt, dentry);
8053 +gr_handle_chroot_chmod(const struct dentry *dentry,
8054 + const struct vfsmount *mnt, const int mode)
8056 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
8057 + if (grsec_enable_chroot_chmod &&
8058 + ((mode & S_ISUID) || (mode & S_ISGID)) &&
8059 + proc_is_chrooted(current)) {
8060 + security_alert(GR_CHMOD_CHROOT_MSG,
8061 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
8067 diff -urN linux-2.4.21/grsecurity/grsec_disabled.c linux-2.4.21/grsecurity/grsec_disabled.c
8068 --- linux-2.4.21/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
8069 +++ linux-2.4.21/grsecurity/grsec_disabled.c 2003-06-23 11:49:16.000000000 -0400
8072 + * when grsecurity is disabled, compile all external functions into nothing
8075 +#include <linux/kernel.h>
8076 +#include <linux/config.h>
8077 +#include <linux/sched.h>
8078 +#include <linux/file.h>
8079 +#include <linux/fs.h>
8080 +#include <linux/kdev_t.h>
8081 +#include <linux/net.h>
8082 +#include <linux/in.h>
8083 +#include <linux/ip.h>
8084 +#include <linux/skbuff.h>
8085 +#include <linux/sysctl.h>
8087 +#ifdef CONFIG_SYSCTL
8089 +gr_handle_sysctl(const struct ctl_table * table, __u32 mode)
8096 +gr_acl_is_enabled(void)
8102 +gr_acl_handle_psacct(struct task_struct *task, const long code)
8108 +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt)
8114 +gr_handle_mmap(const struct file *filp, const unsigned long prot)
8120 +gr_handle_ptrace(struct task_struct *task, const long request)
8126 +gr_learn_resource(const struct task_struct *task,
8127 + const int res, const unsigned long wanted)
8133 +gr_set_acls(const int type)
8139 +gr_check_hidden_task(const struct task_struct *tsk)
8145 +gr_check_protected_task(const struct task_struct *task)
8151 +gr_copy_label(struct task_struct *tsk)
8157 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
8163 +gr_handle_delete(const ino_t ino, const kdev_t dev)
8169 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
8175 +gr_handle_crash(struct task_struct *task, const int sig)
8181 +gr_check_crash_exec(const struct file *filp)
8187 +gr_check_crash_uid(const uid_t uid)
8193 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
8194 + struct dentry *old_dentry,
8195 + struct dentry *new_dentry,
8196 + struct vfsmount *mnt, const __u8 replace)
8202 +gr_search_socket(const int family, const int type, const int protocol)
8208 +gr_search_connectbind(const int mode, const struct socket *sock,
8209 + const struct sockaddr_in *addr)
8215 +gr_is_capable(const int cap)
8221 +gr_handle_alertkill(void)
8227 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
8233 +gr_acl_handle_hidden_file(const struct dentry * dentry,
8234 + const struct vfsmount * mnt)
8240 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
8247 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
8253 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
8259 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
8260 + unsigned int *vm_flags)
8266 +gr_acl_handle_truncate(const struct dentry * dentry,
8267 + const struct vfsmount * mnt)
8273 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
8279 +gr_acl_handle_access(const struct dentry * dentry,
8280 + const struct vfsmount * mnt, const int fmode)
8286 +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
8293 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
8300 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
8306 +grsecurity_init(void)
8312 +gr_acl_handle_mknod(const struct dentry * new_dentry,
8313 + const struct dentry * parent_dentry,
8314 + const struct vfsmount * parent_mnt,
8321 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
8322 + const struct dentry * parent_dentry,
8323 + const struct vfsmount * parent_mnt)
8329 +gr_acl_handle_symlink(const struct dentry * new_dentry,
8330 + const struct dentry * parent_dentry,
8331 + const struct vfsmount * parent_mnt, const char *from)
8337 +gr_acl_handle_link(const struct dentry * new_dentry,
8338 + const struct dentry * parent_dentry,
8339 + const struct vfsmount * parent_mnt,
8340 + const struct dentry * old_dentry,
8341 + const struct vfsmount * old_mnt, const char *to)
8347 +gr_acl_handle_rename(const struct dentry *new_dentry,
8348 + const struct dentry *parent_dentry,
8349 + const struct vfsmount *parent_mnt,
8350 + const struct dentry *old_dentry,
8351 + const struct inode *old_parent_inode,
8352 + const struct vfsmount *old_mnt, const char *newname)
8358 +gr_acl_handle_filldir(const struct dentry * dentry,
8359 + const struct vfsmount * mnt, const ino_t ino)
8365 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
8366 + const time_t shm_createtime, const uid_t cuid, const int shmid)
8372 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
8378 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
8384 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
8390 +gr_acl_handle_creat(const struct dentry * dentry,
8391 + const struct dentry * p_dentry,
8392 + const struct vfsmount * p_mnt, const int fmode,
8399 +gr_acl_handle_exit(void)
8405 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
8411 +gr_set_role_label(const uid_t uid, const gid_t gid)
8417 +gr_acl_handle_procpidmem(const struct task_struct *task)
8423 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
8429 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
8435 +gr_set_kernel_label(struct task_struct *task)
8439 diff -urN linux-2.4.21/grsecurity/grsec_exec.c linux-2.4.21/grsecurity/grsec_exec.c
8440 --- linux-2.4.21/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
8441 +++ linux-2.4.21/grsecurity/grsec_exec.c 2003-06-23 11:49:16.000000000 -0400
8443 +#include <linux/kernel.h>
8444 +#include <linux/sched.h>
8445 +#include <linux/file.h>
8446 +#include <linux/fs.h>
8447 +#include <linux/types.h>
8448 +#include <linux/grdefs.h>
8449 +#include <linux/grinternal.h>
8450 +#include <linux/capability.h>
8452 +#include <asm/uaccess.h>
8455 +gr_handle_nproc(void)
8457 +#ifdef CONFIG_GRKERNSEC_EXECVE
8458 + if (grsec_enable_execve && current->user &&
8459 + (atomic_read(¤t->user->processes) >
8460 + current->rlim[RLIMIT_NPROC].rlim_cur) &&
8461 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
8462 + security_alert(GR_NPROC_MSG, DEFAULTSECARGS);
8470 +gr_handle_exec_args(struct linux_binprm *bprm, char **argv)
8472 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8473 + char grarg[64] = { 0 };
8477 + if (!((grsec_enable_execlog && grsec_enable_group &&
8478 + in_group_p(grsec_audit_gid))
8479 + || (grsec_enable_execlog && !grsec_enable_group)))
8482 + if (unlikely(!argv))
8485 + for (i = 0; i < bprm->argc && execlen < 62; i++) {
8489 + if (get_user(p, argv + i))
8493 + len = strnlen_user(p, 62 - execlen);
8494 + if (len > 62 - execlen)
8495 + len = 62 - execlen;
8498 + if (copy_from_user(grarg + execlen, p, len))
8501 + *(grarg + execlen) = ' ';
8502 + *(grarg + execlen + 1) = '\0';
8507 + security_audit(GR_EXEC_AUDIT_MSG, gr_to_filename(bprm->file->f_dentry,
8508 + bprm->file->f_vfsmnt),
8509 + grarg, DEFAULTSECARGS);
8513 diff -urN linux-2.4.21/grsecurity/grsec_fifo.c linux-2.4.21/grsecurity/grsec_fifo.c
8514 --- linux-2.4.21/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
8515 +++ linux-2.4.21/grsecurity/grsec_fifo.c 2003-06-23 11:49:16.000000000 -0400
8517 +#include <linux/kernel.h>
8518 +#include <linux/sched.h>
8519 +#include <linux/fs.h>
8520 +#include <linux/file.h>
8521 +#include <linux/grinternal.h>
8524 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
8525 + const struct dentry *dir, const int flag, const int acc_mode)
8527 +#ifdef CONFIG_GRKERNSEC_FIFO
8528 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
8529 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
8530 + (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
8531 + (current->fsuid != dentry->d_inode->i_uid)) {
8532 + if (!permission(dentry->d_inode, acc_mode))
8533 + security_alert(GR_FIFO_MSG, gr_to_filename(dentry, mnt),
8534 + dentry->d_inode->i_uid,
8535 + dentry->d_inode->i_gid, DEFAULTSECARGS);
8541 diff -urN linux-2.4.21/grsecurity/grsec_fork.c linux-2.4.21/grsecurity/grsec_fork.c
8542 --- linux-2.4.21/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
8543 +++ linux-2.4.21/grsecurity/grsec_fork.c 2003-06-23 11:49:16.000000000 -0400
8545 +#include <linux/kernel.h>
8546 +#include <linux/sched.h>
8547 +#include <linux/grsecurity.h>
8548 +#include <linux/grinternal.h>
8551 +gr_log_forkfail(const int retval)
8553 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8554 + if (grsec_enable_forkfail)
8555 + security_alert(GR_FAILFORK_MSG, retval, DEFAULTSECARGS);
8559 diff -urN linux-2.4.21/grsecurity/grsec_init.c linux-2.4.21/grsecurity/grsec_init.c
8560 --- linux-2.4.21/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
8561 +++ linux-2.4.21/grsecurity/grsec_init.c 2003-07-29 17:58:19.000000000 -0400
8563 +#include <linux/kernel.h>
8564 +#include <linux/sched.h>
8565 +#include <linux/mm.h>
8566 +#include <linux/smp_lock.h>
8568 +int grsec_enable_link;
8569 +int grsec_enable_dmesg;
8570 +int grsec_enable_fifo;
8571 +int grsec_enable_execve;
8572 +int grsec_enable_execlog;
8573 +int grsec_enable_signal;
8574 +int grsec_enable_forkfail;
8575 +int grsec_enable_time;
8576 +int grsec_enable_group;
8577 +int grsec_audit_gid;
8578 +int grsec_enable_chdir;
8579 +int grsec_enable_audit_ipc;
8580 +int grsec_enable_mount;
8581 +int grsec_enable_chroot_findtask;
8582 +int grsec_enable_chroot_mount;
8583 +int grsec_enable_chroot_shmat;
8584 +int grsec_enable_chroot_fchdir;
8585 +int grsec_enable_chroot_double;
8586 +int grsec_enable_chroot_pivot;
8587 +int grsec_enable_chroot_chdir;
8588 +int grsec_enable_chroot_chmod;
8589 +int grsec_enable_chroot_mknod;
8590 +int grsec_enable_chroot_nice;
8591 +int grsec_enable_chroot_execlog;
8592 +int grsec_enable_chroot_caps;
8593 +int grsec_enable_chroot_sysctl;
8594 +int grsec_enable_chroot_unix;
8595 +int grsec_enable_tpe;
8597 +int grsec_enable_tpe_all;
8598 +int grsec_enable_randpid;
8599 +int grsec_enable_randid;
8600 +int grsec_enable_randisn;
8601 +int grsec_enable_randsrc;
8602 +int grsec_enable_randrpc;
8603 +int grsec_enable_socket_all;
8604 +int grsec_socket_all_gid;
8605 +int grsec_enable_socket_client;
8606 +int grsec_socket_client_gid;
8607 +int grsec_enable_socket_server;
8608 +int grsec_socket_server_gid;
8611 +spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
8612 +unsigned long grsec_alert_wtime = 0;
8613 +unsigned long grsec_alert_fyet = 0;
8615 +spinlock_t grsec_alertgood_lock = SPIN_LOCK_UNLOCKED;
8616 +unsigned long grsec_alertgood_wtime = 0;
8617 +unsigned long grsec_alertgood_fyet = 0;
8619 +spinlock_t grsec_audit_lock = SPIN_LOCK_UNLOCKED;
8621 +char *gr_shared_page[2][NR_CPUS];
8623 +extern void arc4_init(void);
8626 +grsecurity_init(void)
8629 + /* create the per-cpu shared pages */
8631 + for (j = 0; j < 2; j++) {
8632 + for (i = 0; i < NR_CPUS; i++) {
8633 + gr_shared_page[j][i] = (char *) get_zeroed_page(GFP_KERNEL);
8634 + if (!gr_shared_page[j][i]) {
8635 + panic("Unable to allocate grsecurity shared page");
8643 +#ifndef CONFIG_GRKERNSEC_SYSCTL
8645 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
8646 + grsec_enable_group = 1;
8647 + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
8649 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
8650 + grsec_enable_chdir = 1;
8652 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8653 + grsec_enable_audit_ipc = 1;
8655 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8656 + grsec_enable_mount = 1;
8658 +#ifdef CONFIG_GRKERNSEC_LINK
8659 + grsec_enable_link = 1;
8661 +#ifdef CONFIG_GRKERNSEC_DMESG
8662 + grsec_enable_dmesg = 1;
8664 +#ifdef CONFIG_GRKERNSEC_FIFO
8665 + grsec_enable_fifo = 1;
8667 +#ifdef CONFIG_GRKERNSEC_EXECVE
8668 + grsec_enable_execve = 1;
8670 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8671 + grsec_enable_execlog = 1;
8673 +#ifdef CONFIG_GRKERNSEC_SIGNAL
8674 + grsec_enable_signal = 1;
8676 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8677 + grsec_enable_forkfail = 1;
8679 +#ifdef CONFIG_GRKERNSEC_TIME
8680 + grsec_enable_time = 1;
8682 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
8683 + grsec_enable_chroot_findtask = 1;
8685 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
8686 + grsec_enable_chroot_unix = 1;
8688 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
8689 + grsec_enable_chroot_mount = 1;
8691 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
8692 + grsec_enable_chroot_fchdir = 1;
8694 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
8695 + grsec_enable_chroot_shmat = 1;
8697 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
8698 + grsec_enable_chroot_double = 1;
8700 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
8701 + grsec_enable_chroot_pivot = 1;
8703 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
8704 + grsec_enable_chroot_chdir = 1;
8706 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
8707 + grsec_enable_chroot_chmod = 1;
8709 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
8710 + grsec_enable_chroot_mknod = 1;
8712 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
8713 + grsec_enable_chroot_nice = 1;
8715 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
8716 + grsec_enable_chroot_execlog = 1;
8718 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
8719 + grsec_enable_chroot_caps = 1;
8721 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
8722 + grsec_enable_chroot_sysctl = 1;
8724 +#ifdef CONFIG_GRKERNSEC_TPE
8725 + grsec_enable_tpe = 1;
8726 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
8727 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
8728 + grsec_enable_tpe_all = 1;
8731 +#ifdef CONFIG_GRKERNSEC_RANDPID
8732 + grsec_enable_randpid = 1;
8734 +#ifdef CONFIG_GRKERNSEC_RANDID
8735 + grsec_enable_randid = 1;
8737 +#ifdef CONFIG_GRKERNSEC_RANDISN
8738 + grsec_enable_randisn = 1;
8740 +#ifdef CONFIG_GRKERNSEC_RANDSRC
8741 + grsec_enable_randsrc = 1;
8743 +#ifdef CONFIG_GRKERNSEC_RANDRPC
8744 + grsec_enable_randrpc = 1;
8746 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
8747 + grsec_enable_socket_all = 1;
8748 + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
8750 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
8751 + grsec_enable_socket_client = 1;
8752 + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
8754 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
8755 + grsec_enable_socket_server = 1;
8756 + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
8762 diff -urN linux-2.4.21/grsecurity/grsec_ipc.c linux-2.4.21/grsecurity/grsec_ipc.c
8763 --- linux-2.4.21/grsecurity/grsec_ipc.c 1969-12-31 19:00:00.000000000 -0500
8764 +++ linux-2.4.21/grsecurity/grsec_ipc.c 2003-06-23 11:49:16.000000000 -0400
8766 +#include <linux/kernel.h>
8767 +#include <linux/sched.h>
8768 +#include <linux/types.h>
8769 +#include <linux/ipc.h>
8770 +#include <linux/grsecurity.h>
8771 +#include <linux/grinternal.h>
8774 +gr_log_msgget(const int ret, const int msgflg)
8776 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8777 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8778 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8779 + !grsec_enable_group)) && (ret >= 0)
8780 + && (msgflg & IPC_CREAT))
8781 + security_audit(GR_MSGQ_AUDIT_MSG, DEFAULTSECARGS);
8787 +gr_log_msgrm(const uid_t uid, const uid_t cuid)
8789 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8790 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8791 + grsec_enable_audit_ipc) ||
8792 + (grsec_enable_audit_ipc && !grsec_enable_group))
8793 + security_audit(GR_MSGQR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8799 +gr_log_semget(const int err, const int semflg)
8801 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8802 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8803 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8804 + !grsec_enable_group)) && (err >= 0)
8805 + && (semflg & IPC_CREAT))
8806 + security_audit(GR_SEM_AUDIT_MSG, DEFAULTSECARGS);
8812 +gr_log_semrm(const uid_t uid, const uid_t cuid)
8814 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8815 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8816 + grsec_enable_audit_ipc) ||
8817 + (grsec_enable_audit_ipc && !grsec_enable_group))
8818 + security_audit(GR_SEMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8824 +gr_log_shmget(const int err, const int shmflg, const size_t size)
8826 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8827 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8828 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8829 + !grsec_enable_group)) && (err >= 0)
8830 + && (shmflg & IPC_CREAT))
8831 + security_audit(GR_SHM_AUDIT_MSG, size, DEFAULTSECARGS);
8837 +gr_log_shmrm(const uid_t uid, const uid_t cuid)
8839 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8840 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8841 + grsec_enable_audit_ipc) ||
8842 + (grsec_enable_audit_ipc && !grsec_enable_group))
8843 + security_audit(GR_SHMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8847 diff -urN linux-2.4.21/grsecurity/grsec_link.c linux-2.4.21/grsecurity/grsec_link.c
8848 --- linux-2.4.21/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
8849 +++ linux-2.4.21/grsecurity/grsec_link.c 2003-06-23 11:49:16.000000000 -0400
8851 +#include <linux/kernel.h>
8852 +#include <linux/sched.h>
8853 +#include <linux/fs.h>
8854 +#include <linux/file.h>
8855 +#include <linux/grinternal.h>
8858 +gr_handle_follow_link(const struct inode *parent,
8859 + const struct inode *inode,
8860 + const struct dentry *dentry, const struct vfsmount *mnt)
8862 +#ifdef CONFIG_GRKERNSEC_LINK
8863 + if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
8864 + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
8865 + (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) {
8866 + security_alert(GR_SYMLINK_MSG, gr_to_filename(dentry, mnt),
8867 + inode->i_uid, inode->i_gid, DEFAULTSECARGS);
8875 +gr_handle_hardlink(const struct dentry *dentry,
8876 + const struct vfsmount *mnt,
8877 + struct inode *inode, const int mode, const char *to)
8879 +#ifdef CONFIG_GRKERNSEC_LINK
8880 + if (grsec_enable_link && current->fsuid != inode->i_uid &&
8881 + (!S_ISREG(mode) || (mode & S_ISUID) ||
8882 + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
8883 + (permission(inode, MAY_READ | MAY_WRITE))) &&
8884 + !capable(CAP_FOWNER) && current->uid) {
8885 + security_alert(GR_HARDLINK_MSG, gr_to_filename(dentry, mnt),
8886 + inode->i_uid, inode->i_gid, to, DEFAULTSECARGS);
8892 diff -urN linux-2.4.21/grsecurity/grsec_mem.c linux-2.4.21/grsecurity/grsec_mem.c
8893 --- linux-2.4.21/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
8894 +++ linux-2.4.21/grsecurity/grsec_mem.c 2003-06-23 11:49:16.000000000 -0400
8896 +#include <linux/kernel.h>
8897 +#include <linux/sched.h>
8898 +#include <linux/mm.h>
8899 +#include <linux/mman.h>
8900 +#include <linux/grinternal.h>
8903 +gr_handle_ioperm(void)
8905 + security_alert(GR_IOPERM_MSG, DEFAULTSECARGS);
8910 +gr_handle_iopl(void)
8912 + security_alert(GR_IOPL_MSG, DEFAULTSECARGS);
8917 +gr_handle_mem_write(void)
8919 + security_alert(GR_MEM_WRITE_MSG, DEFAULTSECARGS);
8924 +gr_handle_kmem_write(void)
8926 + security_alert(GR_KMEM_MSG, DEFAULTSECARGS);
8931 +gr_handle_open_port(void)
8933 + security_alert(GR_PORT_OPEN_MSG, DEFAULTSECARGS);
8938 +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
8940 + if (offset < __pa(high_memory) &&
8941 + (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
8942 + (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) {
8943 + security_alert(GR_MEM_MMAP_MSG, DEFAULTSECARGS);
8945 + } else if (offset < __pa(high_memory))
8946 + vma->vm_flags &= ~VM_MAYWRITE;
8950 diff -urN linux-2.4.21/grsecurity/grsec_mount.c linux-2.4.21/grsecurity/grsec_mount.c
8951 --- linux-2.4.21/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
8952 +++ linux-2.4.21/grsecurity/grsec_mount.c 2003-06-23 11:49:16.000000000 -0400
8954 +#include <linux/kernel.h>
8955 +#include <linux/sched.h>
8956 +#include <linux/grsecurity.h>
8957 +#include <linux/grinternal.h>
8960 +gr_log_remount(const char *devname, const int retval)
8962 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8963 + if (grsec_enable_mount && (retval >= 0))
8964 + security_audit(GR_REMOUNT_AUDIT_MSG, devname, DEFAULTSECARGS);
8970 +gr_log_unmount(const char *devname, const int retval)
8972 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8973 + if (grsec_enable_mount && (retval >= 0))
8974 + security_audit(GR_UNMOUNT_AUDIT_MSG, devname, DEFAULTSECARGS);
8980 +gr_log_mount(const char *from, const char *to, const int retval)
8982 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8983 + if (grsec_enable_mount && (retval >= 0))
8984 + security_audit(GR_MOUNT_AUDIT_MSG, from, to, DEFAULTSECARGS);
8988 diff -urN linux-2.4.21/grsecurity/grsec_rand.c linux-2.4.21/grsecurity/grsec_rand.c
8989 --- linux-2.4.21/grsecurity/grsec_rand.c 1969-12-31 19:00:00.000000000 -0500
8990 +++ linux-2.4.21/grsecurity/grsec_rand.c 2003-06-23 11:49:16.000000000 -0400
8992 +#include <linux/kernel.h>
8993 +#include <linux/sched.h>
8994 +#include <linux/smp_lock.h>
8995 +#include <linux/grsecurity.h>
8996 +#include <linux/grinternal.h>
8998 +extern int last_pid;
9001 +gr_random_pid(spinlock_t * pid_lock)
9003 +#ifdef CONFIG_GRKERNSEC_RANDPID
9004 + struct task_struct *p;
9007 + if (grsec_enable_randpid && current->fs->root) {
9008 + read_lock(&tasklist_lock);
9009 + spin_lock(pid_lock);
9013 + pid = 1 + (arc4random() % PID_MAX);
9015 + for_each_task(p) {
9016 + if (p->pid == pid || p->pgrp == pid ||
9017 + p->tgid == pid || p->session == pid)
9021 + spin_unlock(pid_lock);
9022 + read_unlock(&tasklist_lock);
9028 diff -urN linux-2.4.21/grsecurity/grsec_sig.c linux-2.4.21/grsecurity/grsec_sig.c
9029 --- linux-2.4.21/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
9030 +++ linux-2.4.21/grsecurity/grsec_sig.c 2003-06-23 11:49:16.000000000 -0400
9032 +#include <linux/kernel.h>
9033 +#include <linux/sched.h>
9034 +#include <linux/grinternal.h>
9037 +gr_log_signal(const int sig, const struct task_struct *t)
9039 +#ifdef CONFIG_GRKERNSEC_SIGNAL
9040 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
9041 + (sig == SIGABRT) || (sig == SIGBUS))) {
9042 + if (t->pid == current->pid) {
9043 + security_alert_good(GR_UNISIGLOG_MSG, sig,
9046 + security_alert_good(GR_DUALSIGLOG_MSG, sig, t->comm,
9047 + t->pid, t->uid, t->euid, t->gid,
9048 + t->egid, t->p_pptr->comm,
9049 + t->p_pptr->pid, t->p_pptr->uid,
9050 + t->p_pptr->euid, t->p_pptr->gid,
9051 + t->p_pptr->egid, DEFAULTSECARGS);
9059 +gr_handle_signal(const struct task_struct *p, const int sig)
9061 +#ifdef CONFIG_GRKERNSEC
9062 + if (current->pid > 1 && gr_check_protected_task(p)) {
9063 + security_alert(GR_SIG_ACL_MSG, sig, p->comm, p->pid, p->uid,
9064 + p->euid, p->gid, p->egid, p->p_pptr->comm,
9065 + p->p_pptr->pid, p->p_pptr->uid,
9066 + p->p_pptr->euid, p->p_pptr->gid,
9067 + p->p_pptr->egid, DEFAULTSECARGS);
9069 + } else if (gr_pid_is_chrooted(p)) {
9075 diff -urN linux-2.4.21/grsecurity/grsec_sock.c linux-2.4.21/grsecurity/grsec_sock.c
9076 --- linux-2.4.21/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
9077 +++ linux-2.4.21/grsecurity/grsec_sock.c 2003-06-23 11:49:16.000000000 -0400
9079 +#include <linux/kernel.h>
9080 +#include <linux/sched.h>
9081 +#include <linux/file.h>
9082 +#include <linux/net.h>
9083 +#include <net/sock.h>
9084 +#include <linux/grsecurity.h>
9085 +#include <linux/grinternal.h>
9086 +#include <linux/gracl.h>
9089 +gr_attach_curr_ip(const struct sock *sk)
9091 +#ifdef CONFIG_GRKERNSEC
9092 + struct task_struct *p;
9094 + struct inode *inode;
9095 + struct file *filp;
9096 + struct socket *connect_sock;
9098 + if (unlikely(sk->protocol != IPPROTO_TCP))
9101 + read_lock(&tasklist_lock);
9102 + for_each_task(p) {
9103 + if (!p->used_connect)
9106 + if (unlikely(!p->files)) {
9110 + read_lock(&p->files->file_lock);
9111 + for (i = 0; i < p->files->max_fds; i++) {
9112 + filp = fcheck_files(p->files, i);
9113 + if (likely(!filp))
9115 + inode = filp->f_dentry->d_inode;
9116 + if (likely(!inode || !inode->i_sock))
9118 + connect_sock = &inode->u.socket_i;
9119 + if (unlikely(!connect_sock ||
9120 + connect_sock->sk->protocol != IPPROTO_TCP))
9122 + if (unlikely(sk->rcv_saddr == connect_sock->sk->daddr &&
9123 + sk->daddr == connect_sock->sk->rcv_saddr &&
9124 + ntohs(sk->sport) ==
9125 + ntohs(connect_sock->sk->dport)
9126 + && ntohs(sk->dport) ==
9127 + ntohs(connect_sock->sk->sport))) {
9128 + current->curr_ip = p->curr_ip;
9129 + current->used_accept = 1;
9130 + read_unlock(&p->files->file_lock);
9132 + read_unlock(&tasklist_lock);
9136 + read_unlock(&p->files->file_lock);
9139 + read_unlock(&tasklist_lock);
9141 + current->curr_ip = sk->daddr;
9142 + current->used_accept = 1;
9148 +gr_handle_sock_all(const int family, const int type, const int protocol)
9150 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
9151 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
9152 + (family != AF_UNIX) && (family != AF_LOCAL)) {
9153 + security_alert(GR_SOCK_MSG, family, type, protocol,
9162 +gr_handle_sock_server(const struct sockaddr *sck)
9164 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
9165 + if (grsec_enable_socket_server &&
9166 + in_group_p(grsec_socket_server_gid) &&
9167 + sck && (sck->sa_family != AF_UNIX) &&
9168 + (sck->sa_family != AF_LOCAL)) {
9169 + security_alert(GR_BIND_MSG, DEFAULTSECARGS);
9177 +gr_handle_sock_client(const struct sockaddr *sck)
9179 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
9180 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
9181 + sck && (sck->sa_family != AF_UNIX) &&
9182 + (sck->sa_family != AF_LOCAL)) {
9183 + security_alert(GR_CONNECT_MSG, DEFAULTSECARGS);
9191 +gr_cap_rtnetlink(void)
9193 +#ifdef CONFIG_GRKERNSEC
9194 + if (!gr_acl_is_enabled())
9195 + return current->cap_effective;
9197 + return (current->cap_effective & ~(current->acl->cap_lower));
9199 + return current->cap_effective;
9202 diff -urN linux-2.4.21/grsecurity/grsec_sysctl.c linux-2.4.21/grsecurity/grsec_sysctl.c
9203 --- linux-2.4.21/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
9204 +++ linux-2.4.21/grsecurity/grsec_sysctl.c 2003-06-23 11:49:16.000000000 -0400
9206 +#include <linux/kernel.h>
9207 +#include <linux/sched.h>
9208 +#include <linux/sysctl.h>
9209 +#include <linux/grinternal.h>
9212 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
9214 +#ifdef CONFIG_GRKERNSEC_SYSCTL
9215 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & 002)) {
9216 + security_alert(GR_SYSCTL_MSG, name, DEFAULTSECARGS);
9222 diff -urN linux-2.4.21/grsecurity/grsec_time.c linux-2.4.21/grsecurity/grsec_time.c
9223 --- linux-2.4.21/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
9224 +++ linux-2.4.21/grsecurity/grsec_time.c 2003-06-23 11:49:16.000000000 -0400
9226 +#include <linux/kernel.h>
9227 +#include <linux/sched.h>
9228 +#include <linux/grinternal.h>
9231 +gr_log_timechange(void)
9233 +#ifdef CONFIG_GRKERNSEC_TIME
9234 + if (grsec_enable_time)
9235 + security_alert_good(GR_TIME_MSG, DEFAULTSECARGS);
9239 diff -urN linux-2.4.21/grsecurity/grsec_tpe.c linux-2.4.21/grsecurity/grsec_tpe.c
9240 --- linux-2.4.21/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
9241 +++ linux-2.4.21/grsecurity/grsec_tpe.c 2003-06-23 11:49:16.000000000 -0400
9243 +#include <linux/kernel.h>
9244 +#include <linux/sched.h>
9245 +#include <linux/file.h>
9246 +#include <linux/fs.h>
9247 +#include <linux/grinternal.h>
9250 +gr_tpe_allow(const struct file *file)
9252 +#ifdef CONFIG_GRKERNSEC_TPE
9253 + struct inode *inode = file->f_dentry->d_parent->d_inode;
9255 + if (current->uid && grsec_enable_tpe && in_group_p(grsec_tpe_gid) &&
9256 + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
9257 + (inode->i_mode & S_IWOTH))))) {
9258 + security_alert(GR_EXEC_TPE_MSG,
9259 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
9263 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
9264 + if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
9265 + ((inode->i_uid && (inode->i_uid != current->uid)) ||
9266 + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
9267 + security_alert(GR_EXEC_TPE_MSG,
9268 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
9276 diff -urN linux-2.4.21/grsecurity/grsum.c linux-2.4.21/grsecurity/grsum.c
9277 --- linux-2.4.21/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
9278 +++ linux-2.4.21/grsecurity/grsum.c 2003-06-23 11:49:16.000000000 -0400
9280 +#include <linux/kernel.h>
9281 +#include <linux/sched.h>
9282 +#include <linux/gracl.h>
9284 +/* digest-sha256.c,v 1.13 2002/10/02 22:02:08 hvr Exp $
9286 + * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>.
9288 + * Glue code originally by Andrew McDonald and Alan Smithee, mailed
9289 + * to maintainer on pulped trees.
9291 + * This program is free software; you can redistribute it and/or modify it
9292 + * under the terms of the GNU General Public License as published by the
9293 + * Free Software Foundation; either version 2, or (at your option) any
9304 +static __inline__ __u32
9305 +generic_rotr32(const __u32 x, const unsigned bits)
9307 + const unsigned n = bits % 32;
9308 + return (x >> n) | (x << (32 - n));
9311 +#define Ch(x,y,z) ((x & y) ^ (~x & z))
9312 +#define Maj(x,y,z) ((x & y) ^ ( x & z) ^ (y & z))
9313 +#define RORu32(x,y) generic_rotr32(x, y)
9314 +#define e0(x) (RORu32(x, 2) ^ RORu32(x,13) ^ RORu32(x,22))
9315 +#define e1(x) (RORu32(x, 6) ^ RORu32(x,11) ^ RORu32(x,25))
9316 +#define s0(x) (RORu32(x, 7) ^ RORu32(x,18) ^ (x >> 3))
9317 +#define s1(x) (RORu32(x,17) ^ RORu32(x,19) ^ (x >> 10))
9319 +#define H0 0x6a09e667
9320 +#define H1 0xbb67ae85
9321 +#define H2 0x3c6ef372
9322 +#define H3 0xa54ff53a
9323 +#define H4 0x510e527f
9324 +#define H5 0x9b05688c
9325 +#define H6 0x1f83d9ab
9326 +#define H7 0x5be0cd19
9328 +const static __u32 sha256_K[64] = {
9329 + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
9330 + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
9331 + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
9332 + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
9333 + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
9334 + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
9335 + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
9336 + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
9337 + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
9338 + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
9339 + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
9340 + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
9341 + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
9342 + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
9343 + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
9344 + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
9347 +#define LOAD_OP(I)\
9349 + t1 = input[(4*I) ] & 0xff; t1<<=8;\
9350 + t1 |= input[(4*I)+1] & 0xff; t1<<=8;\
9351 + t1 |= input[(4*I)+2] & 0xff; t1<<=8;\
9352 + t1 |= input[(4*I)+3] & 0xff;\
9356 +#define BLEND_OP(I) W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
9359 +SHA256Transform(__u32 * state, const __u8 * input)
9361 + __u32 a, b, c, d, e, f, g, h, t1, t2;
9366 + /* load the input */
9385 + for (i = 16; i < 64; i += 8) {
9396 + /* load the state into our registers */
9407 + for (i = 0; i < 64; i += 8) {
9408 + t1 = h + e1(e) + Ch(e, f, g) + sha256_K[i] + W[i];
9409 + t2 = e0(a) + Maj(a, b, c);
9412 + t1 = g + e1(d) + Ch(d, e, f) + sha256_K[i + 1] + W[i + 1];
9413 + t2 = e0(h) + Maj(h, a, b);
9416 + t1 = f + e1(c) + Ch(c, d, e) + sha256_K[i + 2] + W[i + 2];
9417 + t2 = e0(g) + Maj(g, h, a);
9420 + t1 = e + e1(b) + Ch(b, c, d) + sha256_K[i + 3] + W[i + 3];
9421 + t2 = e0(f) + Maj(f, g, h);
9424 + t1 = d + e1(a) + Ch(a, b, c) + sha256_K[i + 4] + W[i + 4];
9425 + t2 = e0(e) + Maj(e, f, g);
9428 + t1 = c + e1(h) + Ch(h, a, b) + sha256_K[i + 5] + W[i + 5];
9429 + t2 = e0(d) + Maj(d, e, f);
9432 + t1 = b + e1(g) + Ch(g, h, a) + sha256_K[i + 6] + W[i + 6];
9433 + t2 = e0(c) + Maj(c, d, e);
9436 + t1 = a + e1(f) + Ch(f, g, h) + sha256_K[i + 7] + W[i + 7];
9437 + t2 = e0(b) + Maj(b, c, d);
9451 + /* clear any sensitive info... */
9452 + a = b = c = d = e = f = g = h = t1 = t2 = 0;
9453 + memset(W, 0, 64 * sizeof (__u32));
9457 +SHA256Init(sha256_ctx_t * C)
9467 + C->count[0] = C->count[1] = 0;
9468 + memset(C->buf, 0, 128);
9472 +SHA256Update(sha256_ctx_t * C, const __u8 * input, __u32 inputLen)
9474 + __u32 i, index, partLen;
9476 + /* Compute number of bytes mod 128 */
9477 + index = (__u32) ((C->count[0] >> 3) & 0x3f);
9479 + /* Update number of bits */
9480 + if ((C->count[0] += (inputLen << 3)) < (inputLen << 3)) {
9482 + C->count[1] += (inputLen >> 29);
9485 + partLen = 64 - index;
9487 + /* Transform as many times as possible. */
9488 + if (inputLen >= partLen) {
9489 + memcpy(&C->buf[index], input, partLen);
9490 + SHA256Transform(C->state, C->buf);
9492 + for (i = partLen; i + 63 < inputLen; i += 64)
9493 + SHA256Transform(C->state, &input[i]);
9499 + /* Buffer remaining input */
9500 + memcpy(&C->buf[index], &input[i], inputLen - i);
9504 +SHA256Final(sha256_ctx_t * C, __u8 * digest)
9506 + const static __u8 padding[64] = { 0x80, };
9508 + __u32 t, index, padLen;
9511 + /* Save number of bits */
9529 + /* Pad out to 56 mod 64. */
9530 + index = (C->count[0] >> 3) & 0x3f;
9531 + padLen = (index < 56) ? (56 - index) : ((64 + 56) - index);
9532 + SHA256Update(C, padding, padLen);
9534 + /* Append length (before padding) */
9535 + SHA256Update(C, bits, sizeof (bits));
9537 + /* Store state in digest */
9538 + for (i = j = 0; i < 8; i++, j += 4) {
9540 + digest[j + 3] = t;
9542 + digest[j + 2] = t;
9544 + digest[j + 1] = t;
9549 + /* Zeroize sensitive information. */
9550 + memset(C, 0, sizeof (sha256_ctx_t));
9554 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
9556 + sha256_ctx_t context;
9557 + unsigned char temp_sum[GR_SHA_LEN];
9558 + volatile int retval = 0;
9559 + volatile int dummy = 0;
9562 + SHA256Init(&context);
9563 + SHA256Update(&context, salt, GR_SALT_LEN);
9564 + SHA256Update(&context, entry->pw, strlen(entry->pw));
9565 + SHA256Final(&context, temp_sum);
9567 + memset(entry->pw, 0, GR_PW_LEN);
9569 + for (i = 0; i < GR_SHA_LEN; i++)
9570 + if (sum[i] != temp_sum[i])
9573 + dummy = 1; // waste a cycle
9577 diff -urN linux-2.4.21/grsecurity/obsd_rand.c linux-2.4.21/grsecurity/obsd_rand.c
9578 --- linux-2.4.21/grsecurity/obsd_rand.c 1969-12-31 19:00:00.000000000 -0500
9579 +++ linux-2.4.21/grsecurity/obsd_rand.c 2003-06-23 11:49:16.000000000 -0400
9583 + * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff.
9585 + * Version 1.89, last modified 19-Sep-99
9587 + * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999.
9588 + * All rights reserved.
9590 + * Copyright 1998 Niels Provos <provos@citi.umich.edu>
9591 + * All rights reserved.
9592 + * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
9593 + * such a mathematical system to generate more random (yet non-repeating)
9594 + * ids to solve the resolver/named problem. But Niels designed the
9595 + * actual system based on the constraints.
9597 + * Redistribution and use in source and binary forms, with or without
9598 + * modification, are permitted provided that the following conditions
9600 + * 1. Redistributions of source code must retain the above copyright
9601 + * notice, this list of conditions and the following disclaimer,
9602 + * 2. Redistributions in binary form must reproduce the above copyright
9603 + * notice, this list of conditions and the following disclaimer in the
9604 + * documentation and/or other materials provided with the distribution.
9605 + * 3. All advertising materials mentioning features or use of this software
9606 + * must display the following acknowledgement:
9607 + * This product includes software developed by Niels Provos.
9608 + * 4. The name of the author may not be used to endorse or promote products
9609 + * derived from this software without specific prior written permission.
9611 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9612 + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
9613 + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
9614 + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
9615 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9616 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
9617 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
9618 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
9619 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
9620 + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9623 +#include <linux/kernel.h>
9624 +#include <linux/sched.h>
9625 +#include <linux/timer.h>
9626 +#include <linux/smp_lock.h>
9627 +#include <linux/random.h>
9630 +#define RU_MAX 30000
9636 +const static __u16 pfacts[PFAC_N] = { 2, 3, 2729 };
9639 +static __u16 ru_seed, ru_seed2;
9640 +static __u16 ru_a, ru_b;
9642 +static __u16 ru_counter = 0;
9643 +static __u16 ru_msb = 0;
9644 +static unsigned long ru_reseed = 0;
9647 +static struct arc4_stream {
9652 +} arc4random_state[NR_CPUS];
9654 +#define TCP_RNDISS_ROUNDS 15
9655 +#define TCP_RNDISS_OUT 7200
9656 +#define TCP_RNDISS_MAX 30000
9658 +static __u8 tcp_rndiss_sbox[NR_CPUS][128];
9659 +static __u16 tcp_rndiss_msb[NR_CPUS];
9660 +static __u16 tcp_rndiss_cnt[NR_CPUS];
9661 +static unsigned long tcp_rndiss_reseed[NR_CPUS];
9663 +static unsigned long arc4random_reseed[NR_CPUS];
9665 +static int arc4random_initialized[NR_CPUS];
9667 +static __u16 pmod(__u16, __u16, __u16);
9668 +static void ip_initid(void);
9669 +__u16 ip_randomid(void);
9671 +static __inline__ __u8 arc4_getbyte(void);
9672 +static __inline__ void arc4_stir(void);
9673 +static void arc4maybeinit(void);
9674 +__u32 arc4random(void);
9676 +static __inline__ __u8
9679 + register __u8 si, sj;
9680 + int cpu = smp_processor_id();
9682 + arc4random_state[cpu].cnt++;
9683 + arc4random_state[cpu].i++;
9684 + si = arc4random_state[cpu].s[arc4random_state[cpu].i];
9685 + arc4random_state[cpu].j += si;
9686 + sj = arc4random_state[cpu].s[arc4random_state[cpu].j];
9687 + arc4random_state[cpu].s[arc4random_state[cpu].i] = sj;
9688 + arc4random_state[cpu].s[arc4random_state[cpu].j] = si;
9689 + return arc4random_state[cpu].s[(si + sj) & 0xff];
9692 +static __inline__ void
9698 + int len = sizeof (buf);
9699 + int cpu = smp_processor_id();
9700 + unsigned long flags;
9702 + do_gettimeofday((struct timeval *) buf);
9703 + get_random_bytes(buf + sizeof (struct timeval),
9704 + len - sizeof (struct timeval));
9706 + save_flags(flags);
9709 + arc4random_state[cpu].i--;
9710 + for (n = 0; n < 256; n++) {
9711 + arc4random_state[cpu].i++;
9712 + si = arc4random_state[cpu].s[arc4random_state[cpu].i];
9713 + arc4random_state[cpu].j += si + buf[n % len];
9714 + arc4random_state[cpu].s[arc4random_state[cpu].i] =
9715 + arc4random_state[cpu].s[arc4random_state[cpu].j];
9716 + arc4random_state[cpu].s[arc4random_state[cpu].j] = si;
9718 + arc4random_state[cpu].j = arc4random_state[cpu].i;
9719 + arc4random_state[cpu].cnt = 0;
9721 + restore_flags(flags);
9723 + for (n = 0; n < 256 * 4; n++)
9734 + for (n = 0; n < NR_CPUS; n++) {
9735 + for (i = 0; i < 256; i++)
9736 + arc4random_state[n].s[i] = i;
9737 + arc4random_initialized[n] = 0;
9742 +arc4maybeinit(void)
9744 + int cpu = smp_processor_id();
9746 + if (arc4random_initialized[cpu] &&
9747 + time_after(xtime.tv_sec, arc4random_reseed[cpu]))
9748 + arc4random_initialized[cpu] = 0;
9750 + if (!arc4random_initialized[cpu]) {
9751 + arc4random_initialized[cpu]++;
9753 + arc4random_reseed[cpu] = xtime.tv_sec + (10 * 60);
9761 + return ((arc4_getbyte() << 24) | (arc4_getbyte() << 16)
9762 + | (arc4_getbyte() << 8) | arc4_getbyte());
9766 +pmod(__u16 gen, __u16 exp, __u16 mod)
9776 + s = (s * t) % mod;
9778 + t = (t * t) % mod;
9789 + ru_x = ((tmp = arc4random()) & 0xFFFF) % RU_M;
9791 + ru_seed = (tmp >> 16) & 0x7FFF;
9792 + ru_seed2 = arc4random() & 0x7FFF;
9794 + ru_b = ((tmp = arc4random()) & 0xfffe) | 1;
9795 + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);
9796 + while (ru_b % 3 == 0)
9799 + j = (tmp = arc4random()) % RU_N;
9803 + for (i = 0; i < PFAC_N; i++)
9804 + if (j % pfacts[i] == 0)
9810 + j = (j + 1) % RU_N;
9813 + ru_g = pmod(RU_GEN, j, RU_N);
9816 + ru_reseed = xtime.tv_sec + RU_OUT;
9817 + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;
9825 + if (ru_counter >= RU_MAX || time_after(xtime.tv_sec, ru_reseed))
9829 + tmp = arc4random();
9833 + if (ru_counter + n >= RU_MAX)
9835 + for (i = 0; i <= n; i++)
9836 + ru_x = (ru_a * ru_x + ru_b) % RU_M;
9839 + return ((ru_seed ^ pmod(ru_g, ru_seed2 ^ ru_x, RU_N)) | ru_msb);
9843 +tcp_rndiss_encrypt(__u16 val)
9846 + int cpu = smp_processor_id();
9848 + for (i = 0; i < TCP_RNDISS_ROUNDS; i++) {
9850 + val ^= ((__u16) tcp_rndiss_sbox[cpu][(val ^ sum) ^ 0x7f]) << 7;
9851 + val = ((val & 0xff) << 7) | (val >> 8);
9858 +tcp_rndiss_init(void)
9860 + int cpu = smp_processor_id();
9862 + get_random_bytes(tcp_rndiss_sbox[cpu], sizeof (tcp_rndiss_sbox));
9863 + tcp_rndiss_reseed[cpu] = xtime.tv_sec + TCP_RNDISS_OUT;
9864 + tcp_rndiss_msb[cpu] = tcp_rndiss_msb[cpu] == 0x8000 ? 0 : 0x8000;
9865 + tcp_rndiss_cnt[cpu] = 0;
9871 + int cpu = smp_processor_id();
9873 + if (tcp_rndiss_cnt[cpu] >= TCP_RNDISS_MAX ||
9874 + time_after(xtime.tv_sec, tcp_rndiss_reseed[cpu]))
9875 + tcp_rndiss_init();
9877 + return (((tcp_rndiss_encrypt(tcp_rndiss_cnt[cpu]++) |
9878 + tcp_rndiss_msb[cpu]) << 16) | (arc4random() & 0x7fff));
9880 diff -urN linux-2.4.21/include/linux/fs.h linux-2.4.21/include/linux/fs.h
9881 --- linux-2.4.21/include/linux/fs.h 2003-06-23 11:41:32.000000000 -0400
9882 +++ linux-2.4.21/include/linux/fs.h 2003-06-23 11:49:17.000000000 -0400
9883 @@ -1070,7 +1070,7 @@
9885 asmlinkage long sys_open(const char *, int, int);
9886 asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */
9887 -extern int do_truncate(struct dentry *, loff_t start);
9888 +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);
9890 extern struct file *filp_open(const char *, int, int);
9891 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
9892 diff -urN linux-2.4.21/include/linux/gracl.h linux-2.4.21/include/linux/gracl.h
9893 --- linux-2.4.21/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
9894 +++ linux-2.4.21/include/linux/gracl.h 2003-07-29 17:58:19.000000000 -0400
9899 +#include <linux/grdefs.h>
9900 +#include <linux/resource.h>
9902 +#include <asm/resource.h>
9904 +/* * * * * * * * * * * * * * * * * * * * *
9905 + * grsecurity ACL System
9906 + * Main header file
9907 + * Purpose: define most gracl data structures
9908 + * * * * * * * * * * * * * * * * * * * * */
9910 +/* Major status information */
9912 +#define GR_VERSION "grsecurity 2.0"
9924 +/* Password setup definitions
9925 + * kernel/grhash.c */
9933 + GR_SPROLE_LEN = 64,
9936 +/* Begin Data Structures */
9939 + unsigned char *rolename;
9940 + unsigned char salt[GR_SALT_LEN];
9941 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
9944 +struct name_entry {
9951 +struct acl_role_db {
9952 + struct acl_role_label **r_hash;
9957 + struct name_entry **n_hash;
9963 + unsigned long expires;
9966 +/* Userspace Grsecurity ACL data structures */
9967 +struct acl_subject_label {
9975 + struct rlimit res[RLIM_NLIMITS + 1];
9978 + __u32 ip_proto[8];
9980 + struct acl_ip_label **ips;
9984 + unsigned long expires;
9986 + struct acl_subject_label *parent_subject;
9987 + struct acl_object_label *proc_object;
9988 + struct acl_ip_label *ip_object;
9989 + struct acl_subject_label *prev;
9990 + struct acl_subject_label *next;
9992 + struct acl_object_label **obj_hash;
9993 + __u32 obj_hash_size;
9996 +struct role_allowed_ip {
10000 + struct role_allowed_ip *prev;
10001 + struct role_allowed_ip *next;
10004 +struct role_transition {
10007 + struct role_transition *prev;
10008 + struct role_transition *next;
10011 +struct acl_role_label {
10016 + __u16 auth_attempts;
10017 + unsigned long expires;
10019 + struct acl_subject_label *root_label;
10020 + struct acl_subject_label *proc_subject;
10022 + struct acl_role_label *prev;
10023 + struct acl_role_label *next;
10025 + struct role_transition *transitions;
10026 + struct role_allowed_ip *allowed_ips;
10027 + struct acl_subject_label **subj_hash;
10028 + __u32 subj_hash_size;
10031 +struct user_acl_role_db {
10032 + struct acl_role_label **r_table;
10033 + __u32 r_entries; /* number of entries in table */
10034 + __u32 s_entries; /* total number of subject acls */
10035 + __u32 i_entries; /* total number of ip acls */
10036 + __u32 o_entries; /* Total number of object acls */
10037 + __u32 a_entries; /* total number of allowed ips */
10038 + __u32 t_entries; /* total number of transitions */
10041 +struct acl_object_label {
10047 + struct acl_subject_label *nested;
10049 + /* next two structures not used */
10051 + struct acl_object_label *prev;
10052 + struct acl_object_label *next;
10055 +struct acl_ip_label {
10063 + /* next two structures not used */
10065 + struct acl_ip_label *prev;
10066 + struct acl_ip_label *next;
10070 + struct user_acl_role_db role_db;
10071 + unsigned char pw[GR_PW_LEN];
10072 + unsigned char salt[GR_SALT_LEN];
10073 + unsigned char sum[GR_SHA_LEN];
10074 + unsigned char sp_role[GR_SPROLE_LEN];
10075 + struct sprole_pw *sprole_pws;
10076 + __u16 num_sprole_pws;
10077 + kdev_t segv_device;
10078 + ino_t segv_inode;
10083 +/* End Data Structures Section */
10085 +/* Hash functions generated by empirical testing by Brad Spengler
10086 + Makes good use of the low bits of the inode. Generally 0-1 times
10087 + in loop for successful match. 0-3 for unsuccessful match.
10088 + Shift/add algorithm with modulus of table size and an XOR*/
10090 +static __inline__ unsigned long
10091 +rhash(const uid_t uid, const __u16 type, const unsigned long sz)
10093 + return (((uid << type) + (uid ^ type)) % sz);
10096 +static __inline__ unsigned long
10097 +fhash(const ino_t ino, const kdev_t dev, const unsigned long sz)
10099 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
10102 +static __inline__ unsigned long
10103 +nhash(const char *name, const __u16 len, const unsigned long sz)
10105 + return full_name_hash(name, len) % sz;
10107 diff -urN linux-2.4.21/include/linux/gralloc.h linux-2.4.21/include/linux/gralloc.h
10108 --- linux-2.4.21/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
10109 +++ linux-2.4.21/include/linux/gralloc.h 2003-07-29 17:58:19.000000000 -0400
10111 +#ifndef __GRALLOC_H
10112 +#define __GRALLOC_H
10114 +void acl_free_all(void);
10115 +int acl_alloc_stack_init(unsigned long size);
10116 +void *acl_alloc(unsigned long len);
10119 diff -urN linux-2.4.21/include/linux/grdefs.h linux-2.4.21/include/linux/grdefs.h
10120 --- linux-2.4.21/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
10121 +++ linux-2.4.21/include/linux/grdefs.h 2003-06-23 11:49:17.000000000 -0400
10126 +/* Begin grsecurity status declarations */
10130 + GR_STATUS_INIT = 0x00 // disabled state
10133 +/* Begin ACL declarations */
10138 + GR_ROLE_USER = 0x0001,
10139 + GR_ROLE_GROUP = 0x0002,
10140 + GR_ROLE_DEFAULT = 0x0004,
10141 + GR_ROLE_SPECIAL = 0x0008,
10142 + GR_ROLE_AUTH = 0x0010,
10143 + GR_ROLE_NOPW = 0x0020,
10144 + GR_ROLE_GOD = 0x0040
10147 +/* ACL Subject and Object mode flags */
10149 + GR_DELETED = 0x00000080
10152 +/* ACL Object-only mode flags */
10154 + GR_READ = 0x00000001,
10155 + GR_APPEND = 0x00000002,
10156 + GR_WRITE = 0x00000004,
10157 + GR_EXEC = 0x00000008,
10158 + GR_FIND = 0x00000010,
10159 + GR_INHERIT = 0x00000040,
10160 + GR_PTRACERD = 0x00000100,
10161 + GR_SETID = 0x00000200,
10162 + GR_CREATE = 0x00000400,
10163 + GR_DELETE = 0x00000800,
10164 + GR_AUDIT_READ = 0x00001000,
10165 + GR_AUDIT_APPEND = 0x00002000,
10166 + GR_AUDIT_WRITE = 0x0004000,
10167 + GR_AUDIT_EXEC = 0x00008000,
10168 + GR_AUDIT_FIND = 0x00010000,
10169 + GR_AUDIT_INHERIT = 0x00020000,
10170 + GR_AUDIT_SETID = 0x00400000,
10171 + GR_AUDIT_CREATE = 0x00800000,
10172 + GR_AUDIT_DELETE = 0x01000000,
10173 + GR_SUPPRESS = 0x02000000,
10174 + GR_NOLEARN = 0x04000000
10177 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
10178 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
10179 + GR_AUDIT_CREATE | GR_AUDIT_DELETE)
10181 +/* ACL subject-only mode flags */
10183 + GR_KILL = 0x00000001,
10184 + GR_VIEW = 0x00000002,
10185 + GR_PROTECTED = 0x00000100,
10186 + GR_LEARN = 0x00000200,
10187 + GR_OVERRIDE = 0x00000400,
10188 + /* just a placeholder, this mode is only used in userspace */
10189 + GR_DUMMY = 0x00000800,
10191 + GR_PROTSHM = 0x00040000,
10192 + GR_KILLPROC = 0x00080000,
10193 + GR_KILLIPPROC = 0x00100000,
10194 + /* just a placeholder, this mode is only used in userspace */
10195 + GR_NOTROJAN = 0x00200000,
10196 + GR_PROTPROCFD = 0x00400000,
10197 + GR_PROCACCT = 0x00800000
10200 +#define GR_CRASH_RES 11
10201 +#define GR_UIDTABLE_MAX 500
10203 +/* begin resource learning section */
10205 + GR_RLIM_CPU_BUMP = 60,
10206 + GR_RLIM_FSIZE_BUMP = 50000,
10207 + GR_RLIM_DATA_BUMP = 10000,
10208 + GR_RLIM_STACK_BUMP = 1000,
10209 + GR_RLIM_CORE_BUMP = 10000,
10210 + GR_RLIM_RSS_BUMP = 500000,
10211 + GR_RLIM_NPROC_BUMP = 1,
10212 + GR_RLIM_NOFILE_BUMP = 5,
10213 + GR_RLIM_MEMLOCK_BUMP = 50000,
10214 + GR_RLIM_AS_BUMP = 500000,
10215 + GR_RLIM_LOCKS_BUMP = 2
10219 diff -urN linux-2.4.21/include/linux/grinternal.h linux-2.4.21/include/linux/grinternal.h
10220 --- linux-2.4.21/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
10221 +++ linux-2.4.21/include/linux/grinternal.h 2003-06-23 11:49:17.000000000 -0400
10223 +#ifndef __GRINTERNAL_H
10224 +#define __GRINTERNAL_H
10226 +#ifdef CONFIG_GRKERNSEC
10228 +#include <linux/grdefs.h>
10229 +#include <linux/grmsg.h>
10231 +extern void gr_add_learn_entry(const char *fmt, ...);
10232 +extern __u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
10233 + const struct vfsmount *mnt);
10234 +extern __u32 gr_check_create(const struct dentry *new_dentry,
10235 + const struct dentry *parent,
10236 + const struct vfsmount *mnt, const __u32 mode);
10237 +extern int gr_check_protected_task(const struct task_struct *task);
10238 +extern __inline__ __u32 to_gr_audit(const __u32 reqmode);
10239 +extern int gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
10240 + struct dentry *old_dentry,
10241 + struct dentry *new_dentry,
10242 + struct vfsmount *mnt, const __u8 replace);
10243 +extern int gr_set_acls(const int type);
10245 +extern void gr_handle_alertkill(void);
10246 +extern char *gr_to_filename(const struct dentry *dentry,
10247 + const struct vfsmount *mnt);
10249 +extern int grsec_enable_link;
10250 +extern int grsec_enable_fifo;
10251 +extern int grsec_enable_execve;
10252 +extern int grsec_enable_forkbomb;
10253 +extern int grsec_forkbomb_gid;
10254 +extern int grsec_forkbomb_sec;
10255 +extern int grsec_forkbomb_max;
10256 +extern int grsec_enable_execlog;
10257 +extern int grsec_enable_signal;
10258 +extern int grsec_enable_forkfail;
10259 +extern int grsec_enable_time;
10260 +extern int grsec_enable_chroot_shmat;
10261 +extern int grsec_enable_chroot_findtask;
10262 +extern int grsec_enable_chroot_mount;
10263 +extern int grsec_enable_chroot_double;
10264 +extern int grsec_enable_chroot_pivot;
10265 +extern int grsec_enable_chroot_chdir;
10266 +extern int grsec_enable_chroot_chmod;
10267 +extern int grsec_enable_chroot_mknod;
10268 +extern int grsec_enable_chroot_fchdir;
10269 +extern int grsec_enable_chroot_nice;
10270 +extern int grsec_enable_chroot_execlog;
10271 +extern int grsec_enable_chroot_caps;
10272 +extern int grsec_enable_chroot_sysctl;
10273 +extern int grsec_enable_chroot_unix;
10274 +extern int grsec_enable_tpe;
10275 +extern int grsec_tpe_gid;
10276 +extern int grsec_enable_tpe_all;
10277 +extern int grsec_enable_sidcaps;
10278 +extern int grsec_enable_randpid;
10279 +extern int grsec_enable_socket_all;
10280 +extern int grsec_socket_all_gid;
10281 +extern int grsec_enable_socket_client;
10282 +extern int grsec_socket_client_gid;
10283 +extern int grsec_enable_socket_server;
10284 +extern int grsec_socket_server_gid;
10285 +extern int grsec_audit_gid;
10286 +extern int grsec_enable_group;
10287 +extern int grsec_enable_audit_ipc;
10288 +extern int grsec_enable_mount;
10289 +extern int grsec_enable_chdir;
10290 +extern int grsec_lock;
10292 +extern struct task_struct *child_reaper;
10294 +extern spinlock_t grsec_alert_lock;
10295 +extern unsigned long grsec_alert_wtime;
10296 +extern unsigned long grsec_alert_fyet;
10298 +extern spinlock_t grsec_alertgood_lock;
10299 +extern unsigned long grsec_alertgood_wtime;
10300 +extern unsigned long grsec_alertgood_fyet;
10302 +extern spinlock_t grsec_audit_lock;
10304 +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && \
10305 + ((tsk_a->fs->root->d_inode->i_dev != \
10306 + child_reaper->fs->root->d_inode->i_dev) || \
10307 + (tsk_a->fs->root->d_inode->i_ino != \
10308 + child_reaper->fs->root->d_inode->i_ino)))
10310 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_dev == \
10311 + tsk_b->fs->root->d_inode->i_dev) && \
10312 + (tsk_a->fs->root->d_inode->i_ino == \
10313 + tsk_b->fs->root->d_inode->i_ino))
10315 +#define DEFAULTSECARGS current->comm, current->pid, current->uid, \
10316 + current->euid, current->gid, current->egid, \
10317 + current->p_pptr->comm, current->p_pptr->pid, \
10318 + current->p_pptr->uid, current->p_pptr->euid, \
10319 + current->p_pptr->gid, current->p_pptr->egid
10321 +#define GR_CHROOT_CAPS ( \
10322 + CAP_TO_MASK(CAP_FOWNER) | \
10323 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
10324 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
10325 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
10326 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
10327 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
10328 + CAP_TO_MASK(CAP_IPC_OWNER))
10330 +#define security_alert_good(normal_msg,args...) \
10332 + spin_lock(&grsec_alertgood_lock); \
10334 + if (!grsec_alertgood_wtime || jiffies - grsec_alertgood_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { \
10335 + grsec_alertgood_wtime = jiffies; grsec_alertgood_fyet = 0; \
10336 + if (current->curr_ip) \
10337 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10339 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10340 + } else if((jiffies - grsec_alertgood_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alertgood_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \
10341 + grsec_alertgood_fyet++; \
10342 + if (current->curr_ip) \
10343 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10345 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10346 + } else if (grsec_alertgood_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \
10347 + grsec_alertgood_wtime = jiffies; grsec_alertgood_fyet++; \
10348 + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \
10349 + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \
10352 + spin_unlock(&grsec_alertgood_lock); \
10355 +#define security_alert(normal_msg,args...) \
10357 + spin_lock(&grsec_alert_lock); \
10359 + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { \
10360 + grsec_alert_wtime = jiffies; grsec_alert_fyet = 0; \
10361 + if (current->curr_ip) \
10362 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10364 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10365 + } else if((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \
10366 + grsec_alert_fyet++; \
10367 + if (current->curr_ip) \
10368 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10370 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10371 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \
10372 + grsec_alert_wtime = jiffies; grsec_alert_fyet++; \
10373 + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \
10374 + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \
10377 + gr_handle_alertkill(); \
10378 + spin_unlock(&grsec_alert_lock); \
10381 +#define security_audit(normal_msg,args...) \
10383 + spin_lock(&grsec_audit_lock); \
10384 + if (current->curr_ip) \
10385 + printk(KERN_INFO "grsec: From %u.%u.%u.%u: " normal_msg "\n", \
10386 + NIPQUAD(current->curr_ip) , ## args); \
10388 + printk(KERN_INFO "grsec: " normal_msg "\n", ## args); \
10389 + spin_unlock(&grsec_audit_lock); \
10392 +#define security_learn(normal_msg,args...) \
10394 + gr_add_learn_entry(normal_msg "\n", ## args); \
10400 diff -urN linux-2.4.21/include/linux/grmsg.h linux-2.4.21/include/linux/grmsg.h
10401 --- linux-2.4.21/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
10402 +++ linux-2.4.21/include/linux/grmsg.h 2003-06-23 11:49:17.000000000 -0400
10404 +#define DEFAULTSECMSG "(%.16s:%d) uid/euid:%d/%d gid/egid:%d/%d, parent (%.16s:%d) uid/euid:%d/%d gid/egid:%d/%d"
10405 +#define GR_ACL_PROCACCT_MSG "(%.16s:%d) IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent (%.16s:%d) IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d"
10406 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " DEFAULTSECMSG
10407 +#define GR_IOPERM_MSG "denied use of ioperm() by " DEFAULTSECMSG
10408 +#define GR_IOPL_MSG "denied use of iopl() by " DEFAULTSECMSG
10409 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " DEFAULTSECMSG
10410 +#define GR_UNIX_CHROOT_MSG "denied connect to abstract AF_UNIX socket outside of chroot by " DEFAULTSECMSG
10411 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " DEFAULTSECMSG
10412 +#define GR_KMEM_MSG "attempted write to /dev/kmem by " DEFAULTSECMSG
10413 +#define GR_PORT_OPEN_MSG "attempted open of /dev/port by " DEFAULTSECMSG
10414 +#define GR_MEM_WRITE_MSG "attempted write of /dev/mem by " DEFAULTSECMSG
10415 +#define GR_MEM_MMAP_MSG "attempted mmap write of /dev/[k]mem by " DEFAULTSECMSG
10416 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " DEFAULTSECMSG
10417 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%u.%u.%u.%u"
10418 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " DEFAULTSECMSG
10419 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " DEFAULTSECMSG
10420 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " DEFAULTSECMSG
10421 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " DEFAULTSECMSG
10422 +#define GR_MKNOD_CHROOT_MSG "refused attempt to mknod %.950s from chroot by " DEFAULTSECMSG
10423 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " DEFAULTSECMSG
10424 +#define GR_UNIXCONNECT_ACL_MSG "%s connect to the unix domain socket %.950s by " DEFAULTSECMSG
10425 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " DEFAULTSECMSG
10426 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " DEFAULTSECMSG
10427 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " DEFAULTSECMSG
10428 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " DEFAULTSECMSG
10429 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " DEFAULTSECMSG
10430 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " DEFAULTSECMSG
10431 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " DEFAULTSECMSG
10432 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " DEFAULTSECMSG
10433 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " DEFAULTSECMSG
10434 +#define GR_NPROC_MSG "attempt to overstep process limit by " DEFAULTSECMSG
10435 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " DEFAULTSECMSG
10436 +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " DEFAULTSECMSG
10437 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning uid %u from login for %lu seconds"
10438 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning execution of [%.16s:%lu] for %lu seconds"
10439 +#define GR_MOUNT_CHROOT_MSG "denied attempt to mount %.30s as %.930s from chroot by " DEFAULTSECMSG
10440 +#define GR_PIVOT_CHROOT_MSG "denied attempt to pivot_root from chroot by " DEFAULTSECMSG
10441 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " DEFAULTSECMSG
10442 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " DEFAULTSECMSG
10443 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " DEFAULTSECMSG
10444 +#define GR_CHROOT_CHROOT_MSG "denied attempt to double chroot to %.950s by " DEFAULTSECMSG
10445 +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by " DEFAULTSECMSG
10446 +#define GR_CHMOD_CHROOT_MSG "denied attempt to chmod +s %.950s by " DEFAULTSECMSG
10447 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " DEFAULTSECMSG
10448 +#define GR_CHROOT_FCHDIR_MSG "attempted fchdir outside of chroot to %.950s by " DEFAULTSECMSG
10449 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " DEFAULTSECMSG
10450 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " DEFAULTSECMSG
10451 +#define GR_INITF_ACL_MSG "init_variables() failed %s"
10452 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
10453 +#define GR_DEV_ACL_MSG "/dev/grsec: being fed garbage %d bytes sent %d required"
10454 +#define GR_SHUTS_ACL_MSG "shutdown auth success for " DEFAULTSECMSG
10455 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " DEFAULTSECMSG
10456 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " DEFAULTSECMSG
10457 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " DEFAULTSECMSG
10458 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " DEFAULTSECMSG
10459 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " DEFAULTSECMSG
10460 +#define GR_ENABLE_ACL_MSG "Loaded %s"
10461 +#define GR_ENABLEF_ACL_MSG "Unable to load %s for " DEFAULTSECMSG " RBAC system may already be enabled."
10462 +#define GR_RELOADI_ACL_MSG "Ignoring reload request for disabled RBAC system"
10463 +#define GR_RELOAD_ACL_MSG "Reloaded %s"
10464 +#define GR_RELOADF_ACL_MSG "Failed reload of %s for " DEFAULTSECMSG
10465 +#define GR_SPROLEI_ACL_MSG "Ignoring change to special role for disabled RBAC system for " DEFAULTSECMSG
10466 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " DEFAULTSECMSG
10467 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " DEFAULTSECMSG
10468 +#define GR_SPROLEF_ACL_MSG "special role %s failure for " DEFAULTSECMSG
10469 +#define GR_INVMODE_ACL_MSG "Invalid mode %d by " DEFAULTSECMSG
10470 +#define GR_MAXPW_ACL_MSG "Maximum pw attempts reached (%d), locking password authentication"
10471 +#define GR_MAXROLEPW_ACL_MSG "Maximum pw attempts reached (%d) trying to auth to special role %s, locking auth for role of " DEFAULTSECMSG
10472 +#define GR_PRIORITY_CHROOT_MSG "attempted priority change of process (%.16s:%d) by " DEFAULTSECMSG
10473 +#define GR_CAPSET_CHROOT_MSG "denied capset of (%.16s:%d) within chroot by " DEFAULTSECMSG
10474 +#define GR_FAILFORK_MSG "failed fork with errno %d by " DEFAULTSECMSG
10475 +#define GR_NICE_CHROOT_MSG "attempted priority change by " DEFAULTSECMSG
10476 +#define GR_UNISIGLOG_MSG "signal %d sent to " DEFAULTSECMSG
10477 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " DEFAULTSECMSG
10478 +#define GR_SIG_ACL_MSG "Attempted send of signal %d to protected task " DEFAULTSECMSG " by " DEFAULTSECMSG
10479 +#define GR_SYSCTL_MSG "attempt to modify grsecurity sysctl value : %.32s by " DEFAULTSECMSG
10480 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " DEFAULTSECMSG
10481 +#define GR_TIME_MSG "time set by " DEFAULTSECMSG
10482 +#define GR_DEFACL_MSG "Fatal: Unable to find ACL for (%.16s:%d)"
10483 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " DEFAULTSECMSG
10484 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " DEFAULTSECMSG
10485 +#define GR_SOCK_MSG "attempted socket(%.16s,%.16s,%.16s) by " DEFAULTSECMSG
10486 +#define GR_BIND_MSG "attempted bind() by " DEFAULTSECMSG
10487 +#define GR_CONNECT_MSG "attempted connect by " DEFAULTSECMSG
10488 +#define GR_BIND_ACL_MSG "attempted bind to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " DEFAULTSECMSG
10489 +#define GR_CONNECT_ACL_MSG "attempted connect to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " DEFAULTSECMSG
10490 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%u.%u.%u.%u\t%u\t%u\t%u\t%u\t%u.%u.%u.%u"
10491 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " DEFAULTSECMSG
10492 +#define GR_CAP_ACL_MSG "use of %s denied for " DEFAULTSECMSG
10493 +#define GR_REMOUNT_AUDIT_MSG "remount of %.30s by " DEFAULTSECMSG
10494 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.30s by " DEFAULTSECMSG
10495 +#define GR_MOUNT_AUDIT_MSG "mount %.30s to %.64s by " DEFAULTSECMSG
10496 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " DEFAULTSECMSG
10497 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.63s) by " DEFAULTSECMSG
10498 +#define GR_MSGQ_AUDIT_MSG "message queue created by " DEFAULTSECMSG
10499 +#define GR_MSGQR_AUDIT_MSG "message queue of uid:%d euid:%d removed by " DEFAULTSECMSG
10500 +#define GR_SEM_AUDIT_MSG "semaphore created by " DEFAULTSECMSG
10501 +#define GR_SEMR_AUDIT_MSG "semaphore of uid:%d euid:%d removed by " DEFAULTSECMSG
10502 +#define GR_SHM_AUDIT_MSG "shared memory of size %d created by " DEFAULTSECMSG
10503 +#define GR_SHMR_AUDIT_MSG "shared memory of uid:%d euid:%d removed by " DEFAULTSECMSG
10504 +#define GR_RESOURCE_MSG "attempted resource overstep by requesting %lu for %.16s against limit %lu by " DEFAULTSECMSG
10505 diff -urN linux-2.4.21/include/linux/grsecurity.h linux-2.4.21/include/linux/grsecurity.h
10506 --- linux-2.4.21/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
10507 +++ linux-2.4.21/include/linux/grsecurity.h 2003-07-29 17:58:19.000000000 -0400
10509 +#ifndef GR_SECURITY_H
10510 +#define GR_SECURITY_H
10512 +extern int gr_pid_is_chrooted(const struct task_struct *p);
10513 +extern int gr_handle_chroot_nice(void);
10514 +extern int gr_handle_chroot_sysctl(const int op);
10515 +extern int gr_handle_chroot_capset(const struct task_struct *target);
10516 +extern int gr_handle_chroot_setpriority(const struct task_struct *p,
10517 + const int niceval);
10518 +extern int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
10519 +extern int gr_handle_chroot_chroot(const struct dentry *dentry,
10520 + const struct vfsmount *mnt);
10521 +extern void gr_handle_chroot_caps(struct task_struct *task);
10522 +extern void gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt);
10523 +extern int gr_handle_chroot_chmod(const struct dentry *dentry,
10524 + const struct vfsmount *mnt, const int mode);
10525 +extern int gr_handle_chroot_mknod(const struct dentry *dentry,
10526 + const struct vfsmount *mnt, const int mode);
10527 +extern int gr_handle_chroot_mount(const struct dentry *dentry,
10528 + const struct vfsmount *mnt,
10529 + const char *dev_name);
10530 +extern int gr_handle_chroot_pivot(void);
10531 +extern int gr_handle_chroot_unix(const pid_t pid);
10533 +extern int gr_handle_nproc(void);
10535 +extern void gr_handle_ioperm(void);
10536 +extern void gr_handle_iopl(void);
10538 +extern int gr_tpe_allow(const struct file *file);
10540 +extern int gr_random_pid(spinlock_t * pid_lock);
10542 +extern void gr_log_forkfail(const int retval);
10543 +extern void gr_log_timechange(void);
10544 +extern void gr_log_signal(const int sig, const struct task_struct *t);
10545 +extern void gr_log_chdir(const struct dentry *dentry,
10546 + const struct vfsmount *mnt);
10547 +extern void gr_log_chroot_exec(const struct dentry *dentry,
10548 + const struct vfsmount *mnt);
10549 +extern void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
10550 +extern void gr_log_remount(const char *devname, const int retval);
10551 +extern void gr_log_unmount(const char *devname, const int retval);
10552 +extern void gr_log_mount(const char *from, const char *to, const int retval);
10553 +extern void gr_log_msgget(const int ret, const int msgflg);
10554 +extern void gr_log_msgrm(const uid_t uid, const uid_t cuid);
10555 +extern void gr_log_semget(const int err, const int semflg);
10556 +extern void gr_log_semrm(const uid_t uid, const uid_t cuid);
10557 +extern void gr_log_shmget(const int err, const int shmflg, const size_t size);
10558 +extern void gr_log_shmrm(const uid_t uid, const uid_t cuid);
10560 +extern int gr_handle_follow_link(const struct inode *parent,
10561 + const struct inode *inode,
10562 + const struct dentry *dentry,
10563 + const struct vfsmount *mnt);
10564 +extern int gr_handle_fifo(const struct dentry *dentry,
10565 + const struct vfsmount *mnt,
10566 + const struct dentry *dir, const int flag,
10567 + const int acc_mode);
10568 +extern int gr_handle_hardlink(const struct dentry *dentry,
10569 + const struct vfsmount *mnt,
10570 + struct inode *inode,
10571 + const int mode, const char *to);
10573 +extern int gr_is_capable(const int cap);
10574 +extern void gr_learn_resource(const struct task_struct *task, const int limit,
10575 + const unsigned long wanted);
10576 +extern void gr_copy_label(struct task_struct *tsk);
10577 +extern void gr_handle_crash(struct task_struct *task, const int sig);
10578 +extern int gr_handle_signal(const struct task_struct *p, const int sig);
10579 +extern int gr_check_crash_uid(const uid_t uid);
10580 +extern int gr_check_protected_task(const struct task_struct *task);
10581 +extern int gr_acl_handle_mmap(const struct file *file,
10582 + const unsigned long prot);
10583 +extern int gr_acl_handle_mprotect(const struct file *file,
10584 + const unsigned long prot);
10585 +extern int gr_check_hidden_task(const struct task_struct *tsk);
10586 +extern __u32 gr_acl_handle_truncate(const struct dentry *dentry,
10587 + const struct vfsmount *mnt);
10588 +extern __u32 gr_acl_handle_utime(const struct dentry *dentry,
10589 + const struct vfsmount *mnt);
10590 +extern __u32 gr_acl_handle_access(const struct dentry *dentry,
10591 + const struct vfsmount *mnt, const int fmode);
10592 +extern __u32 gr_acl_handle_fchmod(const struct dentry *dentry,
10593 + const struct vfsmount *mnt, mode_t mode);
10594 +extern __u32 gr_acl_handle_chmod(const struct dentry *dentry,
10595 + const struct vfsmount *mnt, mode_t mode);
10596 +extern __u32 gr_acl_handle_chown(const struct dentry *dentry,
10597 + const struct vfsmount *mnt);
10598 +extern int gr_handle_ptrace_exec(const struct dentry *dentry,
10599 + const struct vfsmount *mnt);
10600 +extern int gr_handle_ptrace(struct task_struct *task, const long request);
10601 +extern int gr_handle_mmap(const struct file *filp, const unsigned long prot);
10602 +extern __u32 gr_acl_handle_execve(const struct dentry *dentry,
10603 + const struct vfsmount *mnt);
10604 +extern int gr_check_crash_exec(const struct file *filp);
10605 +extern int gr_acl_is_enabled(void);
10606 +extern void gr_set_kernel_label(struct task_struct *task);
10607 +extern void gr_set_role_label(struct task_struct *task, const uid_t uid,
10608 + const gid_t gid);
10609 +extern void gr_set_proc_label(const struct dentry *dentry,
10610 + const struct vfsmount *mnt);
10611 +extern __u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
10612 + const struct vfsmount *mnt);
10613 +extern __u32 gr_acl_handle_open(const struct dentry *dentry,
10614 + const struct vfsmount *mnt, const int fmode);
10615 +extern __u32 gr_acl_handle_creat(const struct dentry *dentry,
10616 + const struct dentry *p_dentry,
10617 + const struct vfsmount *p_mnt, const int fmode,
10618 + const int imode);
10619 +extern void gr_handle_create(const struct dentry *dentry,
10620 + const struct vfsmount *mnt);
10621 +extern __u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
10622 + const struct dentry *parent_dentry,
10623 + const struct vfsmount *parent_mnt,
10625 +extern __u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
10626 + const struct dentry *parent_dentry,
10627 + const struct vfsmount *parent_mnt);
10628 +extern __u32 gr_acl_handle_rmdir(const struct dentry *dentry,
10629 + const struct vfsmount *mnt);
10630 +extern void gr_handle_delete(const ino_t ino, const kdev_t dev);
10631 +extern __u32 gr_acl_handle_unlink(const struct dentry *dentry,
10632 + const struct vfsmount *mnt);
10633 +extern __u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
10634 + const struct dentry *parent_dentry,
10635 + const struct vfsmount *parent_mnt,
10636 + const char *from);
10637 +extern __u32 gr_acl_handle_link(const struct dentry *new_dentry,
10638 + const struct dentry *parent_dentry,
10639 + const struct vfsmount *parent_mnt,
10640 + const struct dentry *old_dentry,
10641 + const struct vfsmount *old_mnt, const char *to);
10642 +extern int gr_acl_handle_rename(struct dentry *new_dentry,
10643 + struct dentry *parent_dentry,
10644 + const struct vfsmount *parent_mnt,
10645 + struct dentry *old_dentry,
10646 + struct inode *old_parent_inode,
10647 + struct vfsmount *old_mnt, const char *newname);
10648 +extern __u32 gr_check_link(const struct dentry *new_dentry,
10649 + const struct dentry *parent_dentry,
10650 + const struct vfsmount *parent_mnt,
10651 + const struct dentry *old_dentry,
10652 + const struct vfsmount *old_mnt);
10653 +extern __u32 gr_acl_handle_filldir(const struct dentry *dentry,
10654 + const struct vfsmount *mnt, const ino_t ino);
10655 +extern __u32 gr_acl_handle_unix(const struct dentry *dentry,
10656 + const struct vfsmount *mnt);
10657 +extern void gr_acl_handle_exit(void);
10658 +extern void gr_acl_handle_psacct(struct task_struct *task, const long code);
10659 +extern int gr_acl_handle_procpidmem(const struct task_struct *task);
10660 +extern __u32 gr_cap_rtnetlink(void);
10662 +#ifdef CONFIG_GRKERNSEC
10663 +extern void gr_handle_mem_write(void);
10664 +extern void gr_handle_kmem_write(void);
10665 +extern void gr_handle_open_port(void);
10666 +extern int gr_handle_mem_mmap(const unsigned long offset,
10667 + struct vm_area_struct *vma);
10669 +extern __u16 ip_randomid(void);
10670 +extern __u32 ip_randomisn(void);
10671 +extern __u32 arc4random(void);
10673 +extern int grsec_enable_dmesg;
10674 +extern int grsec_enable_randid;
10675 +extern int grsec_enable_randisn;
10676 +extern int grsec_enable_randsrc;
10677 +extern int grsec_enable_randrpc;
10681 diff -urN linux-2.4.21/include/linux/mm.h linux-2.4.21/include/linux/mm.h
10682 --- linux-2.4.21/include/linux/mm.h 2003-06-23 11:41:32.000000000 -0400
10683 +++ linux-2.4.21/include/linux/mm.h 2003-06-23 11:49:17.000000000 -0400
10685 extern struct list_head active_list;
10686 extern struct list_head inactive_list;
10688 +extern void gr_learn_resource(const struct task_struct * task, const int limit,
10689 + const unsigned long wanted);
10691 #include <asm/page.h>
10692 #include <asm/pgtable.h>
10693 #include <asm/atomic.h>
10694 @@ -639,6 +704,8 @@
10695 address &= PAGE_MASK;
10696 spin_lock(&vma->vm_mm->page_table_lock);
10697 grow = (vma->vm_start - address) >> PAGE_SHIFT;
10698 + gr_learn_resource(current, RLIMIT_STACK, vma->vm_end - address);
10699 + gr_learn_resource(current, RLIMIT_AS, (vma->vm_mm->total_vm + grow) << PAGE_SHIFT);
10700 if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
10701 ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) {
10702 spin_unlock(&vma->vm_mm->page_table_lock);
10703 diff -urN linux-2.4.21/include/linux/proc_fs.h linux-2.4.21/include/linux/proc_fs.h
10704 --- linux-2.4.21/include/linux/proc_fs.h 2003-06-23 11:41:32.000000000 -0400
10705 +++ linux-2.4.21/include/linux/proc_fs.h 2003-06-23 11:49:17.000000000 -0400
10706 @@ -143,6 +143,9 @@
10707 extern struct proc_dir_entry *proc_mknod(const char *,mode_t,
10708 struct proc_dir_entry *,kdev_t);
10709 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);
10710 +#ifdef CONFIG_GRKERNSEC_PROC
10711 +extern struct proc_dir_entry *proc_priv_mkdir(const char *, struct proc_dir_entry *);
10714 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
10715 mode_t mode, struct proc_dir_entry *base,
10716 diff -urN linux-2.4.21/include/linux/sched.h linux-2.4.21/include/linux/sched.h
10717 --- linux-2.4.21/include/linux/sched.h 2003-06-23 11:41:32.000000000 -0400
10718 +++ linux-2.4.21/include/linux/sched.h 2003-06-23 11:49:17.000000000 -0400
10720 #include <linux/securebits.h>
10721 #include <linux/fs_struct.h>
10723 +extern int gr_is_capable(const int cap);
10724 +extern int gr_pid_is_chrooted(const struct task_struct *p);
10726 struct exec_domain;
10729 @@ -415,6 +432,19 @@
10731 /* journalling filesystem info */
10732 void *journal_info;
10734 +#ifdef CONFIG_GRKERNSEC
10735 +/* added by grsecurity's ACL system */
10736 + struct acl_subject_label *acl;
10737 + struct acl_role_label *role;
10738 + struct file *exec_file;
10741 + u8 acl_sp_role:1;
10742 + u8 used_accept:1;
10743 + u8 used_connect:1;
10744 + u8 is_writable:1;
10749 @@ -549,6 +586,8 @@
10750 *p->pidhash_pprev = p->pidhash_next;
10753 +#include <asm/current.h>
10755 static inline task_t *find_task_by_pid(int pid)
10757 task_t *p, **htable = &pidhash[pid_hashfn(pid)];
10758 @@ -556,6 +595,8 @@
10759 for(p = *htable; p && p->pid != pid; p = p->pidhash_next)
10762 + if(gr_pid_is_chrooted(p)) p = NULL;
10767 @@ -576,8 +617,6 @@
10768 extern struct user_struct * alloc_uid(uid_t);
10769 extern void free_uid(struct user_struct *);
10771 -#include <asm/current.h>
10773 extern unsigned long volatile jiffies;
10774 extern unsigned long itimer_ticks;
10775 extern unsigned long itimer_next;
10776 @@ -741,7 +780,7 @@
10777 static inline int capable(int cap)
10780 - if (cap_raised(current->cap_effective, cap))
10781 + if (cap_raised(current->cap_effective, cap) && gr_is_capable(cap))
10783 if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid == 0)
10785 diff -urN linux-2.4.21/include/linux/sysctl.h linux-2.4.21/include/linux/sysctl.h
10786 --- linux-2.4.21/include/linux/sysctl.h 2003-06-23 11:41:32.000000000 -0400
10787 +++ linux-2.4.21/include/linux/sysctl.h 2003-06-23 11:49:17.000000000 -0400
10788 @@ -125,6 +125,7 @@
10789 KERN_CADPID=54, /* int: PID of the process to notify on CAD */
10790 KERN_KDB=55, /* int: kdb on/off */
10791 KERN_CORE_PATTERN=56, /* string: pattern for core-files */
10792 + KERN_GRSECURITY=68, /* grsecurity */
10796 diff -urN linux-2.4.21/include/net/inetpeer.h linux-2.4.21/include/net/inetpeer.h
10797 --- linux-2.4.21/include/net/inetpeer.h 2003-06-23 11:41:37.000000000 -0400
10798 +++ linux-2.4.21/include/net/inetpeer.h 2003-06-23 11:49:17.000000000 -0400
10800 #include <linux/init.h>
10801 #include <linux/sched.h>
10802 #include <linux/spinlock.h>
10804 #include <asm/atomic.h>
10808 /* can be called with or without local BH being disabled */
10809 struct inet_peer *inet_getpeer(__u32 daddr, int create);
10811 +#ifdef CONFIG_GRKERNSEC_RANDID
10812 +extern int grsec_enable_randid;
10813 +extern __u16 ip_randomid(void);
10816 extern spinlock_t inet_peer_unused_lock;
10817 extern struct inet_peer *inet_peer_unused_head;
10818 extern struct inet_peer **inet_peer_unused_tailp;
10822 spin_lock_bh(&inet_peer_idlock);
10823 - id = p->ip_id_count++;
10825 +#ifdef CONFIG_GRKERNSEC_RANDID
10826 + if(grsec_enable_randid)
10827 + id = htons(ip_randomid());
10830 + id = p->ip_id_count++;
10832 spin_unlock_bh(&inet_peer_idlock);
10835 diff -urN linux-2.4.21/include/net/ip.h linux-2.4.21/include/net/ip.h
10836 --- linux-2.4.21/include/net/ip.h 2003-06-23 11:41:37.000000000 -0400
10837 +++ linux-2.4.21/include/net/ip.h 2003-06-23 11:49:17.000000000 -0400
10839 void (*destructor)(struct sock *);
10842 +#ifdef CONFIG_GRKERNSEC_RANDID
10843 +extern int grsec_enable_randid;
10844 +extern __u16 ip_randomid(void);
10847 extern struct ip_ra_chain *ip_ra_chain;
10848 extern rwlock_t ip_ra_lock;
10850 @@ -196,7 +201,13 @@
10851 * does not change, they drop every other packet in
10852 * a TCP stream using header compression.
10854 - iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
10856 +#ifdef CONFIG_GRKERNSEC_RANDID
10857 + if(grsec_enable_randid)
10858 + iph->id = htons(ip_randomid());
10861 + iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
10863 __ip_select_ident(iph, dst);
10865 diff -urN linux-2.4.21/init/main.c linux-2.4.21/init/main.c
10866 --- linux-2.4.21/init/main.c 2003-06-23 11:41:31.000000000 -0400
10867 +++ linux-2.4.21/init/main.c 2003-06-23 11:49:17.000000000 -0400
10869 #include <linux/iobuf.h>
10870 #include <linux/bootmem.h>
10871 #include <linux/tty.h>
10872 +#include <linux/grsecurity.h>
10874 #include <asm/io.h>
10875 #include <asm/bugs.h>
10876 @@ -107,6 +108,8 @@
10877 extern void ipc_init(void);
10880 +extern void grsecurity_init(void);
10883 * Boot command-line arguments
10885 @@ -546,6 +549,7 @@
10888 prepare_namespace();
10889 + grsecurity_init();
10892 * Ok, we have completed the initial bootup, and
10893 diff -urN linux-2.4.21/ipc/msg.c linux-2.4.21/ipc/msg.c
10894 --- linux-2.4.21/ipc/msg.c 2003-06-23 11:41:59.000000000 -0400
10895 +++ linux-2.4.21/ipc/msg.c 2003-06-23 11:49:17.000000000 -0400
10897 #include <linux/init.h>
10898 #include <linux/proc_fs.h>
10899 #include <linux/list.h>
10900 +#include <linux/grsecurity.h>
10901 #include <asm/uaccess.h>
10904 @@ -326,6 +327,9 @@
10909 + gr_log_msgget(ret, msgflg);
10914 @@ -560,6 +564,8 @@
10918 + gr_log_msgrm(ipcp->uid, ipcp->cuid);
10923 diff -urN linux-2.4.21/ipc/sem.c linux-2.4.21/ipc/sem.c
10924 --- linux-2.4.21/ipc/sem.c 2003-06-23 11:41:59.000000000 -0400
10925 +++ linux-2.4.21/ipc/sem.c 2003-06-23 11:49:17.000000000 -0400
10927 #include <linux/spinlock.h>
10928 #include <linux/init.h>
10929 #include <linux/proc_fs.h>
10930 +#include <linux/grsecurity.h>
10931 #include <asm/uaccess.h>
10934 @@ -181,6 +182,9 @@
10939 + gr_log_semget(err, semflg);
10944 @@ -728,6 +732,8 @@
10948 + gr_log_semrm(ipcp->uid, ipcp->cuid);
10953 diff -urN linux-2.4.21/ipc/shm.c linux-2.4.21/ipc/shm.c
10954 --- linux-2.4.21/ipc/shm.c 2003-06-23 11:41:59.000000000 -0400
10955 +++ linux-2.4.21/ipc/shm.c 2003-06-23 11:49:17.000000000 -0400
10957 #include <linux/mman.h>
10958 #include <linux/proc_fs.h>
10959 #include <asm/uaccess.h>
10960 +#include <linux/grsecurity.h>
10969 +#ifdef CONFIG_GRKERNSEC
10970 + time_t shm_createtime;
10975 +#ifdef CONFIG_GRKERNSEC
10976 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
10977 + const time_t shm_createtime, const uid_t cuid,
10978 + const int shmid);
10979 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
10980 + const time_t shm_createtime);
10983 #define shm_flags shm_perm.mode
10985 static struct file_operations shm_file_operations;
10986 @@ -209,6 +223,9 @@
10987 shp->shm_lprid = 0;
10988 shp->shm_atim = shp->shm_dtim = 0;
10989 shp->shm_ctim = CURRENT_TIME;
10990 +#ifdef CONFIG_GRKERNSEC
10991 + shp->shm_createtime = CURRENT_TIME;
10993 shp->shm_segsz = size;
10994 shp->shm_nattch = 0;
10995 shp->id = shm_buildid(id,shp->shm_perm.seq);
10996 @@ -254,6 +271,9 @@
11001 + gr_log_shmget(err, shmflg, size);
11006 @@ -509,6 +529,9 @@
11008 goto out_unlock_up;
11011 + gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid);
11013 if (shp->shm_nattch){
11014 shp->shm_flags |= SHM_DEST;
11015 /* Do not find it any more */
11016 @@ -622,9 +645,28 @@
11021 +#ifdef CONFIG_GRKERNSEC
11022 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
11023 + shp->shm_perm.cuid, shmid)) {
11024 + shm_unlock(shmid);
11028 + if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
11029 + shm_unlock(shmid);
11034 file = shp->shm_file;
11035 size = file->f_dentry->d_inode->i_size;
11038 +#ifdef CONFIG_GRKERNSEC
11039 + shp->shm_lapid = current->pid;
11044 down_write(¤t->mm->mmap_sem);
11045 diff -urN linux-2.4.21/kernel/capability.c linux-2.4.21/kernel/capability.c
11046 --- linux-2.4.21/kernel/capability.c 2003-06-23 11:41:31.000000000 -0400
11047 +++ linux-2.4.21/kernel/capability.c 2003-06-23 11:49:17.000000000 -0400
11050 #include <linux/mm.h>
11051 #include <asm/uaccess.h>
11052 +#include <linux/grsecurity.h>
11054 kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
11056 @@ -168,6 +169,10 @@
11060 + if (gr_handle_chroot_capset(target)) {
11065 /* verify restrictions on target's new Inheritable set */
11066 if (!cap_issubset(inheritable,
11067 diff -urN linux-2.4.21/kernel/exit.c linux-2.4.21/kernel/exit.c
11068 --- linux-2.4.21/kernel/exit.c 2003-06-23 11:41:31.000000000 -0400
11069 +++ linux-2.4.21/kernel/exit.c 2003-06-23 11:49:17.000000000 -0400
11071 #ifdef CONFIG_BSD_PROCESS_ACCT
11072 #include <linux/acct.h>
11074 +#include <linux/grsecurity.h>
11076 #include <asm/uaccess.h>
11077 #include <asm/pgtable.h>
11078 @@ -165,12 +165,21 @@
11080 write_lock_irq(&tasklist_lock);
11082 +#ifdef CONFIG_GRKERNSEC
11083 + if (current->exec_file) {
11084 + fput(current->exec_file);
11085 + current->exec_file = NULL;
11089 /* Reparent to init */
11090 REMOVE_LINKS(current);
11091 current->p_pptr = child_reaper;
11092 current->p_opptr = child_reaper;
11093 SET_LINKS(current);
11095 + gr_set_kernel_label(current);
11097 /* Set the exit signal to SIGCHLD so we signal init on exit */
11098 current->exit_signal = SIGCHLD;
11100 @@ -439,6 +440,10 @@
11101 #ifdef CONFIG_BSD_PROCESS_ACCT
11102 acct_process(code);
11105 + gr_acl_handle_psacct(tsk, code);
11106 + gr_acl_handle_exit();
11111 diff -urN linux-2.4.21/kernel/fork.c linux-2.4.21/kernel/fork.c
11112 --- linux-2.4.21/kernel/fork.c 2003-06-23 11:41:31.000000000 -0400
11113 +++ linux-2.4.21/kernel/fork.c 2003-06-23 11:49:17.000000000 -0400
11115 #include <linux/personality.h>
11116 #include <linux/compiler.h>
11117 #include <linux/mman.h>
11118 +#include <linux/grsecurity.h>
11120 #include <asm/pgtable.h>
11121 #include <asm/pgalloc.h>
11123 if (flags & CLONE_PID)
11124 return current->pid;
11126 + pid = gr_random_pid(&lastpid_lock);
11130 spin_lock(&lastpid_lock);
11131 beginpid = last_pid;
11132 if((++last_pid) & 0xffff8000) {
11133 @@ -635,6 +640,9 @@
11134 * friends to set the per-user process limit to something lower
11135 * than the amount of processes root is running. -- Rik
11138 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes));
11140 if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur
11141 && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
11142 goto bad_fork_free;
11143 @@ -719,6 +727,7 @@
11144 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
11146 goto bad_fork_cleanup_namespace;
11147 + gr_copy_label(p);
11150 /* Our parent execution domain becomes current domain
11151 @@ -804,6 +813,9 @@
11154 free_task_struct(p);
11156 + gr_log_forkfail(retval);
11161 diff -urN linux-2.4.21/kernel/ksyms.c linux-2.4.21/kernel/ksyms.c
11162 --- linux-2.4.21/kernel/ksyms.c 2003-06-23 11:41:31.000000000 -0400
11163 +++ linux-2.4.21/kernel/ksyms.c 2003-06-23 11:49:17.000000000 -0400
11165 #include <linux/completion.h>
11166 #include <linux/seq_file.h>
11167 #include <linux/dnotify.h>
11168 +#include <linux/grsecurity.h>
11169 #include <asm/checksum.h>
11171 #if defined(CONFIG_PROC_FS)
11172 @@ -585,3 +586,9 @@
11175 EXPORT_SYMBOL(dump_stack);
11178 +EXPORT_SYMBOL(gr_is_capable);
11179 +EXPORT_SYMBOL(gr_pid_is_chrooted);
11180 +EXPORT_SYMBOL(gr_learn_resource);
11181 +EXPORT_SYMBOL(gr_set_kernel_label);
11182 diff -urN linux-2.4.21/kernel/module.c linux-2.4.21/kernel/module.c
11183 --- linux-2.4.21/kernel/module.c 2003-06-23 11:41:31.000000000 -0400
11184 +++ linux-2.4.21/kernel/module.c 2003-06-23 11:49:17.000000000 -0400
11185 @@ -887,6 +887,11 @@
11186 struct module *mod;
11189 +#ifdef CONFIG_GRKERNSEC_HIDESYM
11190 + if (!capable(CAP_SYS_MODULE))
11195 if (name_user == NULL)
11196 mod = &kernel_module;
11197 @@ -956,6 +961,11 @@
11199 struct kernel_sym ksym;
11201 +#ifdef CONFIG_GRKERNSEC_HIDESYM
11202 + if (!capable(CAP_SYS_MODULE))
11207 for (mod = module_list, i = 0; mod; mod = mod->next) {
11208 /* include the count for the module name! */
11209 diff -urN linux-2.4.21/kernel/printk.c linux-2.4.21/kernel/printk.c
11210 --- linux-2.4.21/kernel/printk.c 2003-06-23 11:41:31.000000000 -0400
11211 +++ linux-2.4.21/kernel/printk.c 2003-06-23 11:49:17.000000000 -0400
11213 #include <linux/interrupt.h> /* For in_interrupt() */
11214 #include <linux/config.h>
11215 #include <linux/delay.h>
11216 +#include <linux/grsecurity.h>
11218 #include <asm/uaccess.h>
11220 @@ -294,6 +295,11 @@
11222 asmlinkage long sys_syslog(int type, char * buf, int len)
11224 +#ifdef CONFIG_GRKERNSEC_DMESG
11225 + if (!capable(CAP_SYS_ADMIN) && grsec_enable_dmesg)
11229 if ((type != 3) && !capable(CAP_SYS_ADMIN))
11231 return do_syslog(type, buf, len);
11232 diff -urN linux-2.4.21/kernel/sched.c linux-2.4.21/kernel/sched.c
11233 --- linux-2.4.21/kernel/sched.c 2003-06-23 11:41:31.000000000 -0400
11234 +++ linux-2.4.21/kernel/sched.c 2003-06-23 11:49:17.000000000 -0400
11235 @@ -29,11 +30,13 @@
11236 #include <linux/nmi.h>
11237 #include <linux/interrupt.h>
11238 #include <linux/init.h>
11239 +#include <linux/file.h>
11240 #include <asm/uaccess.h>
11241 #include <linux/smp_lock.h>
11242 #include <asm/mmu_context.h>
11243 #include <linux/kernel_stat.h>
11244 #include <linux/completion.h>
11245 +#include <linux/grsecurity.h>
11248 * Convert user-nice values [ -20 ... 0 ... 19 ]
11249 @@ -910,6 +912,9 @@
11251 if (increment < -40)
11254 + if (gr_handle_chroot_nice())
11257 if (increment > 40)
11259 diff -urN linux-2.4.21/kernel/signal.c linux-2.4.21/kernel/signal.c
11260 --- linux-2.4.21/kernel/signal.c 2003-06-23 11:41:31.000000000 -0400
11261 +++ linux-2.4.21/kernel/signal.c 2003-06-23 11:49:17.000000000 -0400
11263 #include <linux/smp_lock.h>
11264 #include <linux/init.h>
11265 #include <linux/sched.h>
11266 +#include <linux/fs.h>
11267 +#include <linux/grsecurity.h>
11269 #include <asm/uaccess.h>
11271 @@ -554,6 +556,8 @@
11272 if (!sig || !t->sig)
11275 + gr_log_signal(sig, t);
11277 spin_lock_irqsave(&t->sigmask_lock, flags);
11278 handle_stop_signal(sig, t);
11280 @@ -603,6 +607,8 @@
11281 recalc_sigpending(t);
11282 spin_unlock_irqrestore(&t->sigmask_lock, flags);
11284 + gr_handle_crash(t, sig);
11286 return send_sig_info(sig, info, t);
11289 @@ -622,9 +628,13 @@
11290 read_lock(&tasklist_lock);
11292 if (p->pgrp == pgrp && thread_group_leader(p)) {
11293 - int err = send_sig_info(sig, info, p);
11296 + if (gr_handle_signal(p, sig))
11299 + int err = send_sig_info(sig, info, p);
11305 read_unlock(&tasklist_lock);
11306 @@ -675,7 +685,10 @@
11310 - error = send_sig_info(sig, info, p);
11311 + if (gr_handle_signal(p, sig))
11314 + error = send_sig_info(sig, info, p);
11316 read_unlock(&tasklist_lock);
11318 @@ -700,10 +713,14 @@
11319 read_lock(&tasklist_lock);
11321 if (p->pid > 1 && p != current && thread_group_leader(p)) {
11322 - int err = send_sig_info(sig, info, p);
11324 - if (err != -EPERM)
11326 + if (gr_handle_signal(p, sig))
11329 + int err = send_sig_info(sig, info, p);
11331 + if (err != -EPERM)
11336 read_unlock(&tasklist_lock);
11337 diff -urN linux-2.4.21/kernel/sys.c linux-2.4.21/kernel/sys.c
11338 --- linux-2.4.21/kernel/sys.c 2003-06-23 11:41:31.000000000 -0400
11339 +++ linux-2.4.21/kernel/sys.c 2003-06-23 11:49:17.000000000 -0400
11341 * Copyright (C) 1991, 1992 Linus Torvalds
11344 +#include <linux/config.h>
11345 #include <linux/module.h>
11346 #include <linux/mm.h>
11347 #include <linux/utsname.h>
11349 #include <linux/prctl.h>
11350 #include <linux/init.h>
11351 #include <linux/highuid.h>
11352 +#include <linux/grsecurity.h>
11354 #include <asm/uaccess.h>
11355 #include <asm/io.h>
11356 @@ -239,6 +241,12 @@
11358 if (error == -ESRCH)
11361 + if (gr_handle_chroot_setpriority(p, niceval)) {
11362 + read_unlock(&tasklist_lock);
11366 if (niceval < task_nice(p) && !capable(CAP_SYS_NICE))
11369 @@ -425,6 +433,9 @@
11370 if (rgid != (gid_t) -1 ||
11371 (egid != (gid_t) -1 && egid != old_rgid))
11372 current->sgid = new_egid;
11374 + gr_set_role_label(current, current->uid, new_rgid);
11376 current->fsgid = new_egid;
11377 current->egid = new_egid;
11378 current->gid = new_rgid;
11379 @@ -447,6 +458,9 @@
11380 current->mm->dumpable=0;
11384 + gr_set_role_label(current, current->uid, gid);
11386 current->gid = current->egid = current->sgid = current->fsgid = gid;
11388 else if ((gid == current->gid) || (gid == current->sgid))
11389 @@ -530,6 +544,9 @@
11390 current->mm->dumpable = 0;
11394 + gr_set_role_label(current, new_ruid, current->gid);
11396 current->uid = new_ruid;
11397 current->user = new_user;
11398 free_uid(old_user);
11399 @@ -626,6 +643,9 @@
11400 } else if ((uid != current->uid) && (uid != new_suid))
11403 + if (gr_check_crash_uid(uid))
11406 if (old_euid != uid)
11408 current->mm->dumpable = 0;
11409 @@ -722,8 +742,10 @@
11410 current->egid = egid;
11412 current->fsgid = current->egid;
11413 - if (rgid != (gid_t) -1)
11414 + if (rgid != (gid_t) -1) {
11415 + gr_set_role_label(current, current->uid, rgid);
11416 current->gid = rgid;
11418 if (sgid != (gid_t) -1)
11419 current->sgid = sgid;
11421 @@ -1140,6 +1162,10 @@
11422 if(copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
11424 old_rlim = current->rlim + resource;
11426 + if (old_rlim->rlim_max < old_rlim->rlim_cur)
11429 if (((new_rlim.rlim_cur > old_rlim->rlim_max) ||
11430 (new_rlim.rlim_max > old_rlim->rlim_max)) &&
11431 !capable(CAP_SYS_RESOURCE))
11432 diff -urN linux-2.4.21/kernel/sysctl.c linux-2.4.21/kernel/sysctl.c
11433 --- linux-2.4.21/kernel/sysctl.c 2003-06-23 11:41:31.000000000 -0400
11434 +++ linux-2.4.21/kernel/sysctl.c 2003-06-23 11:49:17.000000000 -0400
11438 #if defined(CONFIG_SYSCTL)
11439 +#include <linux/grsecurity.h>
11440 +#include <linux/grinternal.h>
11442 +extern __u32 gr_handle_sysctl(const ctl_table * table, const void *oldval,
11443 + const void *newval);
11444 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, const int op);
11445 +extern int gr_handle_chroot_sysctl(const int op);
11447 /* External variables not in a header file. */
11448 extern int panic_timeout;
11449 @@ -119,6 +126,8 @@
11450 static ctl_table dev_table[];
11451 extern ctl_table random_table[];
11453 +static ctl_table grsecurity_table[];
11455 /* /proc declarations: */
11457 #ifdef CONFIG_PROC_FS
11458 @@ -259,8 +268,191 @@
11459 {KERN_S390_USER_DEBUG_LOGGING,"userprocess_debug",
11460 &sysctl_userprocess_debug,sizeof(int),0644,NULL,&proc_dointvec},
11462 +#ifdef CONFIG_GRKERNSEC_SYSCTL
11463 + {KERN_GRSECURITY, "grsecurity", NULL, 0, 0555, grsecurity_table},
11468 +#ifdef CONFIG_GRKERNSEC_SYSCTL
11469 +enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL,
11470 +GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT,
11471 +GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM,
11472 +GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS,
11473 +GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, GS_SIDCAPS,
11474 +GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDISN,
11475 +GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
11476 +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
11477 +GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
11478 +GS_FINDTASK, GS_LOCK};
11480 +static ctl_table grsecurity_table[] = {
11481 +#ifdef CONFIG_GRKERNSEC_LINK
11482 + {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),
11483 + 0600, NULL, &proc_dointvec},
11485 +#ifdef CONFIG_GRKERNSEC_FIFO
11486 + {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),
11487 + 0600, NULL, &proc_dointvec},
11489 +#ifdef CONFIG_GRKERNSEC_EXECVE
11490 + {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),
11491 + 0600, NULL, &proc_dointvec},
11493 +#ifdef CONFIG_GRKERNSEC_EXECLOG
11494 + {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),
11495 + 0600, NULL, &proc_dointvec},
11497 +#ifdef CONFIG_GRKERNSEC_SIGNAL
11498 + {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),
11499 + 0600, NULL, &proc_dointvec},
11501 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
11502 + {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),
11503 + 0600, NULL, &proc_dointvec},
11505 +#ifdef CONFIG_GRKERNSEC_TIME
11506 + {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),
11507 + 0600, NULL, &proc_dointvec},
11509 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
11510 + {GS_CHROOT_SHMAT, "chroot_deny_shmat", &grsec_enable_chroot_shmat, sizeof (int),
11511 + 0600, NULL, &proc_dointvec},
11513 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
11514 + {GS_CHROOT_UNIX, "chroot_deny_unix", &grsec_enable_chroot_unix, sizeof(int),
11515 + 0600, NULL, &proc_dointvec},
11517 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
11518 + {GS_CHROOT_MNT, "chroot_deny_mount", &grsec_enable_chroot_mount, sizeof (int),
11519 + 0600, NULL, &proc_dointvec},
11521 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
11522 + {GS_CHROOT_FCHDIR, "chroot_deny_fchdir", &grsec_enable_chroot_fchdir, sizeof (int),
11523 + 0600, NULL, &proc_dointvec},
11525 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
11526 + {GS_CHROOT_DBL, "chroot_deny_chroot", &grsec_enable_chroot_double, sizeof (int),
11527 + 0600, NULL, &proc_dointvec},
11529 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
11530 + {GS_CHROOT_PVT, "chroot_deny_pivot", &grsec_enable_chroot_pivot, sizeof (int),
11531 + 0600, NULL, &proc_dointvec},
11533 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
11534 + {GS_CHROOT_CD, "chroot_enforce_chdir", &grsec_enable_chroot_chdir, sizeof (int),
11535 + 0600, NULL, &proc_dointvec},
11537 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
11538 + {GS_CHROOT_CM, "chroot_deny_chmod", &grsec_enable_chroot_chmod, sizeof (int),
11539 + 0600, NULL, &proc_dointvec},
11541 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
11542 + {GS_CHROOT_MK, "chroot_deny_mknod", &grsec_enable_chroot_mknod, sizeof (int),
11543 + 0600, NULL, &proc_dointvec},
11545 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
11546 + {GS_CHROOT_NI, "chroot_restrict_nice", &grsec_enable_chroot_nice, sizeof (int),
11547 + 0600, NULL, &proc_dointvec},
11549 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
11550 + {GS_CHROOT_EXECLOG, "chroot_execlog",
11551 + &grsec_enable_chroot_execlog, sizeof (int),
11552 + 0600, NULL, &proc_dointvec},
11554 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
11555 + {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),
11556 + 0600, NULL, &proc_dointvec},
11558 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
11559 + {GS_CHROOT_SYSCTL, "chroot_deny_sysctl", &grsec_enable_chroot_sysctl, sizeof (int),
11560 + 0600, NULL, &proc_dointvec},
11562 +#ifdef CONFIG_GRKERNSEC_TPE
11563 + {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),
11564 + 0600, NULL, &proc_dointvec},
11565 + {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),
11566 + 0600, NULL, &proc_dointvec},
11568 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
11569 + {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),
11570 + 0600, NULL, &proc_dointvec},
11572 +#ifdef CONFIG_GRKERNSEC_RANDPID
11573 + {GS_RANDPID, "rand_pids", &grsec_enable_randpid, sizeof (int),
11574 + 0600, NULL, &proc_dointvec},
11576 +#ifdef CONFIG_GRKERNSEC_RANDID
11577 + {GS_RANDID, "rand_ip_ids", &grsec_enable_randid, sizeof (int),
11578 + 0600, NULL, &proc_dointvec},
11580 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11581 + {GS_RANDSRC, "rand_tcp_src_ports", &grsec_enable_randsrc, sizeof (int),
11582 + 0600, NULL, &proc_dointvec},
11584 +#ifdef CONFIG_GRKERNSEC_RANDISN
11585 + {GS_RANDISN, "rand_isns", &grsec_enable_randisn, sizeof (int),
11586 + 0600, NULL, &proc_dointvec},
11588 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
11589 + {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),
11590 + 0600, NULL, &proc_dointvec},
11591 + {GS_SOCKET_ALL_GID, "socket_all_gid",
11592 + &grsec_socket_all_gid, sizeof (int),
11593 + 0600, NULL, &proc_dointvec},
11595 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
11596 + {GS_SOCKET_CLIENT, "socket_client",
11597 + &grsec_enable_socket_client, sizeof (int),
11598 + 0600, NULL, &proc_dointvec},
11599 + {GS_SOCKET_CLIENT_GID, "socket_client_gid",
11600 + &grsec_socket_client_gid, sizeof (int),
11601 + 0600, NULL, &proc_dointvec},
11603 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
11604 + {GS_SOCKET_SERVER, "socket_server",
11605 + &grsec_enable_socket_server, sizeof (int),
11606 + 0600, NULL, &proc_dointvec},
11607 + {GS_SOCKET_SERVER_GID, "socket_server_gid",
11608 + &grsec_socket_server_gid, sizeof (int),
11609 + 0600, NULL, &proc_dointvec},
11611 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
11612 + {GS_GROUP, "audit_group", &grsec_enable_group, sizeof (int),
11613 + 0600, NULL, &proc_dointvec},
11614 + {GS_GID, "audit_gid",
11615 + &grsec_audit_gid, sizeof (int),
11616 + 0600, NULL, &proc_dointvec},
11618 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
11619 + {GS_ACHDIR, "audit_chdir", &grsec_enable_chdir, sizeof (int),
11620 + 0600, NULL, &proc_dointvec},
11622 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
11623 + {GS_AMOUNT, "audit_mount", &grsec_enable_mount, sizeof (int),
11624 + 0600, NULL, &proc_dointvec},
11626 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
11627 + {GS_AIPC, "audit_ipc", &grsec_enable_audit_ipc, sizeof (int),
11628 + 0600, NULL, &proc_dointvec},
11630 +#ifdef CONFIG_GRKERNSEC_DMESG
11631 + {GS_AIPC, "dmesg", &grsec_enable_dmesg, sizeof (int),
11632 + 0600, NULL, &proc_dointvec},
11634 +#ifdef CONFIG_GRKERNSEC_RANDRPC
11635 + {GS_RANDRPC, "rand_rpc", &grsec_enable_randrpc, sizeof (int),
11636 + 0600, NULL, &proc_dointvec},
11638 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
11639 + {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
11640 + sizeof (int), 0600, NULL, &proc_dointvec},
11642 + {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
11648 static ctl_table vm_table[] = {
11649 {VM_BDFLUSH, "bdflush", &bdf_prm, 9*sizeof(int), 0644, NULL,
11650 @@ -395,6 +587,11 @@
11652 static inline int ctl_perm(ctl_table *table, int op)
11654 + if (gr_handle_sysctl_mod(table->de->parent->name, table->de->name, op))
11656 + if (gr_handle_chroot_sysctl(op))
11659 return test_perm(table->mode, op);
11662 @@ -428,6 +625,10 @@
11663 table = table->child;
11667 + if (!gr_handle_sysctl(table, oldval, newval))
11670 error = do_sysctl_strategy(table, name, nlen,
11672 newval, newlen, context);
11673 diff -urN linux-2.4.21/kernel/time.c linux-2.4.21/kernel/time.c
11674 --- linux-2.4.21/kernel/time.c 2003-06-23 11:41:31.000000000 -0400
11675 +++ linux-2.4.21/kernel/time.c 2003-06-23 11:49:17.000000000 -0400
11677 #include <linux/mm.h>
11678 #include <linux/timex.h>
11679 #include <linux/smp_lock.h>
11680 +#include <linux/grsecurity.h>
11682 #include <asm/uaccess.h>
11685 time_maxerror = NTP_PHASE_LIMIT;
11686 time_esterror = NTP_PHASE_LIMIT;
11687 write_unlock_irq(&xtime_lock);
11689 + gr_log_timechange();
11694 @@ -167,6 +171,8 @@
11695 * globally block out interrupts when it runs.
11697 do_settimeofday(tv);
11699 + gr_log_timechange();
11703 diff -urN linux-2.4.21/kernel/timer.c linux-2.4.21/kernel/timer.c
11704 --- linux-2.4.21/kernel/timer.c 2003-06-23 11:41:31.000000000 -0400
11705 +++ linux-2.4.21/kernel/timer.c 2003-06-23 11:49:17.000000000 -0400
11706 @@ -541,6 +541,9 @@
11708 psecs = (p->times.tms_utime += user);
11709 psecs += (p->times.tms_stime += system);
11711 + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ);
11713 if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
11714 /* Send SIGXCPU every second.. */
11716 diff -urN linux-2.4.21/mm/filemap.c linux-2.4.21/mm/filemap.c
11717 --- linux-2.4.21/mm/filemap.c 2003-06-23 11:41:31.000000000 -0400
11718 +++ linux-2.4.21/mm/filemap.c 2003-06-23 11:49:17.000000000 -0400
11719 @@ -2501,6 +2507,7 @@
11721 rlim_rss = current->rlim ? current->rlim[RLIMIT_RSS].rlim_cur :
11722 LONG_MAX; /* default: see resource.h */
11723 + gr_learn_resource(current, RLIMIT_RSS, vma->vm_mm->rss + (end - start));
11724 if ((vma->vm_mm->rss + (end - start)) > rlim_rss)
11727 @@ -3004,6 +3011,7 @@
11730 if (!S_ISBLK(inode->i_mode) && limit != RLIM_INFINITY) {
11731 + gr_learn_resource(current, RLIMIT_FSIZE, pos);
11732 if (pos >= limit) {
11733 send_sig(SIGXFSZ, current, 0);
11735 @@ -3039,6 +3047,7 @@
11738 if (!S_ISBLK(inode->i_mode)) {
11739 + gr_learn_resource(current, RLIMIT_FSIZE, count + (u32)pos);
11740 if (pos >= inode->i_sb->s_maxbytes)
11742 if (count || pos > inode->i_sb->s_maxbytes) {
11743 diff -urN linux-2.4.21/mm/memory.c linux-2.4.21/mm/memory.c
11744 --- linux-2.4.21/mm/memory.c 2003-06-23 11:41:31.000000000 -0400
11745 +++ linux-2.4.21/mm/memory.c 2003-06-23 11:49:17.000000000 -0400
11746 @@ -1065,6 +1129,7 @@
11749 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
11750 + gr_learn_resource(current, RLIMIT_FSIZE, offset);
11751 if (limit != RLIM_INFINITY && offset > limit)
11753 if (offset > inode->i_sb->s_maxbytes)
11754 diff -urN linux-2.4.21/mm/mlock.c linux-2.4.21/mm/mlock.c
11755 --- linux-2.4.21/mm/mlock.c 2003-06-23 11:41:31.000000000 -0400
11756 +++ linux-2.4.21/mm/mlock.c 2003-06-23 11:49:17.000000000 -0400
11757 @@ -209,6 +235,7 @@
11758 lock_limit >>= PAGE_SHIFT;
11760 /* check against resource limits */
11761 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11762 if (locked > lock_limit)
11765 @@ -276,6 +303,7 @@
11766 lock_limit >>= PAGE_SHIFT;
11769 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm);
11770 if (current->mm->total_vm > lock_limit)
11773 diff -urN linux-2.4.21/mm/mmap.c linux-2.4.21/mm/mmap.c
11774 --- linux-2.4.21/mm/mmap.c 2003-06-23 11:41:31.000000000 -0400
11775 +++ linux-2.4.21/mm/mmap.c 2003-06-23 11:49:17.000000000 -0400
11777 #include <linux/file.h>
11778 #include <linux/fs.h>
11779 #include <linux/personality.h>
11780 +#include <linux/random.h>
11781 +#include <linux/grsecurity.h>
11783 #include <asm/uaccess.h>
11784 #include <asm/pgalloc.h>
11785 @@ -168,6 +170,7 @@
11787 /* Check against rlimit.. */
11788 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
11789 + gr_learn_resource(current, RLIMIT_DATA, brk - mm->start_data);
11790 if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
11793 @@ -432,6 +462,7 @@
11794 if (vm_flags & VM_LOCKED) {
11795 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
11797 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11798 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11801 @@ -480,6 +532,9 @@
11805 + if (!gr_acl_handle_mmap(file, prot))
11808 /* Clear old maps */
11810 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
11811 @@ -490,6 +545,7 @@
11814 /* Check against address space limit. */
11815 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len);
11816 if ((mm->total_vm << PAGE_SHIFT) + len
11817 > current->rlim[RLIMIT_AS].rlim_cur)
11819 @@ -1047,6 +1255,7 @@
11820 if (mm->def_flags & VM_LOCKED) {
11821 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
11823 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11824 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11827 @@ -1063,6 +1272,7 @@
11830 /* Check against address space limits *after* clearing old maps... */
11831 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len);
11832 if ((mm->total_vm << PAGE_SHIFT) + len
11833 > current->rlim[RLIMIT_AS].rlim_cur)
11835 diff -urN linux-2.4.21/mm/mprotect.c linux-2.4.21/mm/mprotect.c
11836 --- linux-2.4.21/mm/mprotect.c 2003-06-23 11:41:31.000000000 -0400
11837 +++ linux-2.4.21/mm/mprotect.c 2003-06-23 11:49:17.000000000 -0400
11839 #include <linux/smp_lock.h>
11840 #include <linux/shm.h>
11841 #include <linux/mman.h>
11842 +#include <linux/grsecurity.h>
11844 #include <asm/uaccess.h>
11845 #include <asm/pgalloc.h>
11846 @@ -288,6 +392,11 @@
11847 if (!vma || vma->vm_start > start)
11850 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
11855 for (nstart = start ; ; ) {
11856 unsigned int newflags;
11858 diff -urN linux-2.4.21/mm/mremap.c linux-2.4.21/mm/mremap.c
11859 --- linux-2.4.21/mm/mremap.c 2003-06-23 11:41:31.000000000 -0400
11860 +++ linux-2.4.21/mm/mremap.c 2003-06-23 11:49:17.000000000 -0400
11861 @@ -278,10 +301,13 @@
11862 unsigned long locked = current->mm->locked_vm << PAGE_SHIFT;
11863 locked += new_len - old_len;
11865 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11866 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11871 + gr_learn_resource(current, RLIMIT_AS, (current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len));
11872 if ((current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len)
11873 > current->rlim[RLIMIT_AS].rlim_cur)
11875 diff -urN linux-2.4.21/mm/shmem.c linux-2.4.21/mm/shmem.c
11876 --- linux-2.4.21/mm/shmem.c 2003-06-23 11:41:31.000000000 -0400
11877 +++ linux-2.4.21/mm/shmem.c 2003-06-23 11:49:17.000000000 -0400
11878 @@ -822,6 +822,8 @@
11881 if (limit != RLIM_INFINITY) {
11882 + gr_learn_resource(current, RLIMIT_FSIZE, pos);
11884 if (pos >= limit) {
11885 send_sig(SIGXFSZ, current, 0);
11887 diff -urN linux-2.4.21/net/ipv4/af_inet.c linux-2.4.21/net/ipv4/af_inet.c
11888 --- linux-2.4.21/net/ipv4/af_inet.c 2003-06-23 11:41:55.000000000 -0400
11889 +++ linux-2.4.21/net/ipv4/af_inet.c 2003-06-23 11:49:17.000000000 -0400
11891 #include <linux/init.h>
11892 #include <linux/poll.h>
11893 #include <linux/netfilter_ipv4.h>
11894 +#include <linux/grsecurity.h>
11896 #include <asm/uaccess.h>
11897 #include <asm/system.h>
11898 @@ -374,7 +375,12 @@
11900 sk->protinfo.af_inet.pmtudisc = IP_PMTUDISC_WANT;
11902 - sk->protinfo.af_inet.id = 0;
11903 +#ifdef CONFIG_GRKERNSEC_RANDID
11904 + if(grsec_enable_randid)
11905 + sk->protinfo.af_inet.id = htons(ip_randomid());
11908 + sk->protinfo.af_inet.id = 0;
11910 sock_init_data(sock,sk);
11912 diff -urN linux-2.4.21/net/ipv4/icmp.c linux-2.4.21/net/ipv4/icmp.c
11913 --- linux-2.4.21/net/ipv4/icmp.c 2003-06-23 11:41:55.000000000 -0400
11914 +++ linux-2.4.21/net/ipv4/icmp.c 2003-06-23 11:49:17.000000000 -0400
11916 #include <linux/errno.h>
11917 #include <linux/timer.h>
11918 #include <linux/init.h>
11919 +#include <linux/grsecurity.h>
11921 #include <asm/system.h>
11922 #include <asm/uaccess.h>
11923 #include <net/checksum.h>
11924 @@ -712,6 +714,7 @@
11926 icmp_param.data.icmph=*skb->h.icmph;
11927 icmp_param.data.icmph.type=ICMP_ECHOREPLY;
11929 icmp_param.skb=skb;
11930 icmp_param.offset=0;
11931 icmp_param.data_len=skb->len;
11932 diff -urN linux-2.4.21/net/ipv4/ip_output.c linux-2.4.21/net/ipv4/ip_output.c
11933 --- linux-2.4.21/net/ipv4/ip_output.c 2003-07-29 17:57:12.000000000 -0400
11934 +++ linux-2.4.21/net/ipv4/ip_output.c 2003-07-29 17:58:20.000000000 -0400
11936 #include <linux/netfilter_ipv4.h>
11937 #include <linux/mroute.h>
11938 #include <linux/netlink.h>
11939 +#include <linux/grsecurity.h>
11942 * Shall we try to damage output packets if routing dev changes?
11943 @@ -511,7 +512,13 @@
11944 * Begin outputting the bytes.
11947 - id = sk->protinfo.af_inet.id++;
11948 +#ifdef CONFIG_GRKERNSEC_RANDID
11949 + if(grsec_enable_randid) {
11950 + id = htons(ip_randomid());
11951 + sk->protinfo.af_inet.id = htons(ip_randomid());
11954 + id = sk->protinfo.af_inet.id++;
11958 diff -urN linux-2.4.21/net/ipv4/netfilter/Config.in linux-2.4.21/net/ipv4/netfilter/Config.in
11959 --- linux-2.4.21/net/ipv4/netfilter/Config.in 2003-06-23 11:41:55.000000000 -0400
11960 +++ linux-2.4.21/net/ipv4/netfilter/Config.in 2003-06-23 11:49:17.000000000 -0400
11962 dep_tristate ' address type match support' CONFIG_IP_NF_MATCH_ADDRTYPE $CONFIG_IP_NF_IPTABLES
11963 dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
11964 dep_tristate ' realm match support' CONFIG_IP_NF_MATCH_REALM $CONFIG_IP_NF_IPTABLES
11965 + dep_tristate ' stealth match support' CONFIG_IP_NF_MATCH_STEALTH $CONFIG_IP_NF_IPTABLES
11966 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
11967 dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
11969 diff -urN linux-2.4.21/net/ipv4/netfilter/Makefile linux-2.4.21/net/ipv4/netfilter/Makefile
11970 --- linux-2.4.21/net/ipv4/netfilter/Makefile 2003-06-23 11:41:55.000000000 -0400
11971 +++ linux-2.4.21/net/ipv4/netfilter/Makefile 2003-06-23 11:49:17.000000000 -0400
11973 obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o
11974 obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o
11975 obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
11976 +obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o
11977 obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
11978 obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o
11980 diff -urN linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c
11981 --- linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c 1969-12-31 19:00:00.000000000 -0500
11982 +++ linux-2.4.21/net/ipv4/netfilter/ipt_stealth.c 2003-06-23 11:49:17.000000000 -0400
11984 +/* Kernel module to add stealth support.
11986 + * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net>
11990 +#include <linux/kernel.h>
11991 +#include <linux/module.h>
11992 +#include <linux/skbuff.h>
11993 +#include <linux/net.h>
11994 +#include <linux/sched.h>
11995 +#include <linux/inet.h>
11996 +#include <linux/stddef.h>
11998 +#include <net/ip.h>
11999 +#include <net/sock.h>
12000 +#include <net/tcp.h>
12001 +#include <net/udp.h>
12002 +#include <net/route.h>
12003 +#include <net/inet_common.h>
12005 +#include <linux/netfilter_ipv4/ip_tables.h>
12007 +MODULE_LICENSE("GPL");
12009 +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif);
12012 +match(const struct sk_buff *skb,
12013 + const struct net_device *in,
12014 + const struct net_device *out,
12015 + const void *matchinfo,
12018 + u_int16_t datalen,
12021 + struct iphdr *ip = skb->nh.iph;
12022 + struct tcphdr *th = (struct tcphdr *) hdr;
12023 + struct udphdr *uh = (struct udphdr *) hdr;
12024 + struct sock *sk = NULL;
12026 + if (!ip || !hdr || offset) return 0;
12028 + switch(ip->protocol) {
12029 + case IPPROTO_TCP:
12030 + if (datalen < sizeof(struct tcphdr)) {
12034 + if (!(th->syn && !th->ack)) return 0;
12035 + sk = tcp_v4_lookup_listener(ip->daddr, ntohs(th->dest), ((struct rtable*)skb->dst)->rt_iif);
12037 + case IPPROTO_UDP:
12038 + if (datalen < sizeof(struct udphdr)) {
12042 + sk = udp_v4_lookup(ip->saddr, uh->source, ip->daddr, uh->dest, skb->dev->ifindex);
12048 + if(!sk) // port is being listened on, match this
12056 +/* Called when user tries to insert an entry of this type. */
12058 +checkentry(const char *tablename,
12059 + const struct ipt_ip *ip,
12061 + unsigned int matchsize,
12062 + unsigned int hook_mask)
12064 + if (matchsize != IPT_ALIGN(0))
12067 + if(((ip->proto == IPPROTO_TCP && !(ip->invflags & IPT_INV_PROTO)) ||
12068 + ((ip->proto == IPPROTO_UDP) && !(ip->invflags & IPT_INV_PROTO)))
12069 + && (hook_mask & (1 << NF_IP_LOCAL_IN)))
12072 + printk("stealth: Only works on TCP and UDP for the INPUT chain.\n");
12078 +static struct ipt_match stealth_match
12079 += { { NULL, NULL }, "stealth", &match, &checkentry, NULL, THIS_MODULE };
12081 +static int __init init(void)
12083 + return ipt_register_match(&stealth_match);
12086 +static void __exit fini(void)
12088 + ipt_unregister_match(&stealth_match);
12091 +module_init(init);
12092 +module_exit(fini);
12093 diff -urN linux-2.4.21/net/ipv4/tcp_ipv4.c linux-2.4.21/net/ipv4/tcp_ipv4.c
12094 --- linux-2.4.21/net/ipv4/tcp_ipv4.c 2003-06-23 11:41:55.000000000 -0400
12095 +++ linux-2.4.21/net/ipv4/tcp_ipv4.c 2003-06-23 11:49:17.000000000 -0400
12097 #include <linux/inet.h>
12098 #include <linux/stddef.h>
12099 #include <linux/ipsec.h>
12100 +#include <linux/grsecurity.h>
12102 extern int sysctl_ip_dynaddr;
12103 extern int sysctl_ip_default_ttl;
12104 @@ -221,9 +222,18 @@
12106 spin_lock(&tcp_portalloc_lock);
12107 rover = tcp_port_rover;
12109 - if ((rover < low) || (rover > high))
12112 +#ifdef CONFIG_GRKERNSEC_RANDSRC
12113 + if (grsec_enable_randsrc && (high > low)) {
12114 + rover = low + (arc4random() % (high - low));
12119 + if ((rover < low) || (rover > high))
12123 head = &tcp_bhash[tcp_bhashfn(rover)];
12124 spin_lock(&head->lock);
12125 for (tb = head->chain; tb; tb = tb->next)
12126 @@ -546,6 +556,11 @@
12128 static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb)
12130 +#ifdef CONFIG_GRKERNSEC_RANDISN
12131 + if (likely(grsec_enable_randisn))
12132 + return ip_randomisn();
12135 return secure_tcp_sequence_number(skb->nh.iph->daddr,
12136 skb->nh.iph->saddr,
12138 @@ -681,9 +696,16 @@
12139 rover = tcp_port_rover;
12143 - if ((rover < low) || (rover > high))
12145 +#ifdef CONFIG_GRKERNSEC_RANDSRC
12146 + if(grsec_enable_randsrc && (high > low)) {
12147 + rover = low + (arc4random() % (high - low));
12152 + if ((rover < low) || (rover > high))
12155 head = &tcp_bhash[tcp_bhashfn(rover)];
12156 spin_lock(&head->lock);
12158 @@ -844,11 +866,22 @@
12162 - if (!tp->write_seq)
12163 + if (!tp->write_seq) {
12164 +#ifdef CONFIG_GRKERNSEC_RANDISN
12165 + if (likely(grsec_enable_randisn))
12166 + tp->write_seq = ip_randomisn();
12169 tp->write_seq = secure_tcp_sequence_number(sk->saddr, sk->daddr,
12170 sk->sport, usin->sin_port);
12173 - sk->protinfo.af_inet.id = tp->write_seq^jiffies;
12174 +#ifdef CONFIG_GRKERNSEC_RANDID
12175 + if(grsec_enable_randid)
12176 + sk->protinfo.af_inet.id = htons(ip_randomid());
12179 + sk->protinfo.af_inet.id = tp->write_seq^jiffies;
12181 err = tcp_connect(sk);
12183 @@ -1570,7 +1603,13 @@
12184 newtp->ext_header_len = 0;
12185 if (newsk->protinfo.af_inet.opt)
12186 newtp->ext_header_len = newsk->protinfo.af_inet.opt->optlen;
12187 - newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
12189 +#ifdef CONFIG_GRKERNSEC_RANDID
12190 + if(grsec_enable_randid)
12191 + newsk->protinfo.af_inet.id = htons(ip_randomid());
12194 + newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
12196 tcp_sync_mss(newsk, dst->pmtu);
12197 newtp->advmss = dst->advmss;
12198 diff -urN linux-2.4.21/net/ipv4/udp.c linux-2.4.21/net/ipv4/udp.c
12199 --- linux-2.4.21/net/ipv4/udp.c 2003-06-23 11:41:55.000000000 -0400
12200 +++ linux-2.4.21/net/ipv4/udp.c 2003-06-23 11:49:17.000000000 -0400
12202 #include <net/ipv6.h>
12203 #include <net/protocol.h>
12204 #include <linux/skbuff.h>
12205 +#include <linux/grsecurity.h>
12206 #include <net/sock.h>
12207 #include <net/udp.h>
12208 #include <net/icmp.h>
12210 #include <net/inet_common.h>
12211 #include <net/checksum.h>
12213 +extern int gr_search_udp_recvmsg(const struct sock *sk,
12214 + const struct sk_buff *skb);
12215 +extern int gr_search_udp_sendmsg(const struct sock *sk,
12216 + const struct sockaddr_in *addr);
12219 * Snmp MIB for the UDP layer
12221 @@ -474,9 +480,16 @@
12222 ufh.uh.dest = usin->sin_port;
12223 if (ufh.uh.dest == 0)
12226 + if (!gr_search_udp_sendmsg(sk, usin))
12229 if (sk->state != TCP_ESTABLISHED)
12232 + if (!gr_search_udp_sendmsg(sk, NULL))
12235 ufh.daddr = sk->daddr;
12236 ufh.uh.dest = sk->dport;
12237 /* Open fast path for connected socket.
12238 @@ -484,6 +497,7 @@
12243 ipc.addr = sk->saddr;
12244 ufh.uh.source = sk->sport;
12246 @@ -655,6 +669,11 @@
12250 + if (!gr_search_udp_recvmsg(sk, skb)) {
12255 copied = skb->len - sizeof(struct udphdr);
12256 if (copied > len) {
12258 @@ -759,7 +778,13 @@
12259 sk->daddr = rt->rt_dst;
12260 sk->dport = usin->sin_port;
12261 sk->state = TCP_ESTABLISHED;
12262 - sk->protinfo.af_inet.id = jiffies;
12264 +#ifdef CONFIG_GRKERNSEC_RANDID
12265 + if(grsec_enable_randid)
12266 + sk->protinfo.af_inet.id = htons(ip_randomid());
12269 + sk->protinfo.af_inet.id = jiffies;
12271 sk_dst_set(sk, &rt->u.dst);
12273 diff -urN linux-2.4.21/net/netlink/af_netlink.c linux-2.4.21/net/netlink/af_netlink.c
12274 --- linux-2.4.21/net/netlink/af_netlink.c 2003-06-23 11:41:58.000000000 -0400
12275 +++ linux-2.4.21/net/netlink/af_netlink.c 2003-06-23 11:49:17.000000000 -0400
12277 #include <linux/proc_fs.h>
12278 #include <linux/smp_lock.h>
12279 #include <linux/notifier.h>
12280 +#include <linux/grsecurity.h>
12281 #include <net/sock.h>
12282 #include <net/scm.h>
12284 @@ -620,7 +621,8 @@
12285 check them, when this message will be delivered
12286 to corresponding kernel module. --ANK (980802)
12288 - NETLINK_CB(skb).eff_cap = current->cap_effective;
12290 + NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink();
12293 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
12294 diff -urN linux-2.4.21/net/netsyms.c linux-2.4.21/net/netsyms.c
12295 --- linux-2.4.21/net/netsyms.c 2003-06-23 11:41:53.000000000 -0400
12296 +++ linux-2.4.21/net/netsyms.c 2003-06-23 11:49:17.000000000 -0400
12298 #include <net/checksum.h>
12299 #include <linux/etherdevice.h>
12300 #include <net/route.h>
12301 +#include <linux/grsecurity.h>
12302 #ifdef CONFIG_HIPPI
12303 #include <linux/hippidevice.h>
12305 @@ -598,6 +599,47 @@
12307 EXPORT_SYMBOL(softnet_data);
12309 +#if defined(CONFIG_IP_NF_MATCH_STEALTH_MODULE)
12310 +#if !defined (CONFIG_IPV6_MODULE) && !defined (CONFIG_KHTTPD) && !defined (CONFIG_KHTTPD_MODULE)
12311 +EXPORT_SYMBOL(tcp_v4_lookup_listener);
12315 +#if defined(CONFIG_GRKERNSEC_RANDID)
12316 +EXPORT_SYMBOL(ip_randomid);
12318 +#if defined(CONFIG_GRKERNSEC_RANDSRC) || defined(CONFIG_GRKERNSEC_RANDRPC)
12319 +EXPORT_SYMBOL(arc4random);
12321 +#ifdef CONFIG_GRKERNSEC_RANDISN
12322 +EXPORT_SYMBOL(ip_randomisn);
12323 +EXPORT_SYMBOL(grsec_enable_randisn);
12325 +#ifdef CONFIG_GRKERNSEC_RANDID
12326 +EXPORT_SYMBOL(grsec_enable_randid);
12328 +#ifdef CONFIG_GRKERNSEC_RANDSRC
12329 +EXPORT_SYMBOL(grsec_enable_randsrc);
12331 +#ifdef CONFIG_GRKERNSEC_RANDRPC
12332 +EXPORT_SYMBOL(grsec_enable_randrpc);
12335 +EXPORT_SYMBOL(gr_cap_rtnetlink);
12337 +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
12338 +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
12340 +EXPORT_SYMBOL(gr_search_udp_recvmsg);
12341 +EXPORT_SYMBOL(gr_search_udp_sendmsg);
12343 +#ifdef CONFIG_UNIX_MODULE
12344 +EXPORT_SYMBOL(gr_acl_handle_unix);
12345 +EXPORT_SYMBOL(gr_acl_handle_mknod);
12346 +EXPORT_SYMBOL(gr_handle_chroot_unix);
12347 +EXPORT_SYMBOL(gr_handle_create);
12350 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
12351 #include <net/iw_handler.h>
12352 EXPORT_SYMBOL(wireless_send_event);
12353 diff -urN linux-2.4.21/net/socket.c linux-2.4.21/net/socket.c
12354 --- linux-2.4.21/net/socket.c 2003-06-23 11:41:53.000000000 -0400
12355 +++ linux-2.4.21/net/socket.c 2003-06-23 11:49:17.000000000 -0400
12357 #include <net/scm.h>
12358 #include <linux/netfilter.h>
12360 +extern void gr_attach_curr_ip(const struct sock *sk);
12361 +extern int gr_handle_sock_all(const int family, const int type,
12362 + const int protocol);
12363 +extern int gr_handle_sock_server(const struct sockaddr *sck);
12364 +extern int gr_handle_sock_client(const struct sockaddr *sck);
12365 +extern int gr_search_connect(const struct socket * sock,
12366 + const struct sockaddr_in * addr);
12367 +extern int gr_search_bind(const struct socket * sock,
12368 + const struct sockaddr_in * addr);
12369 +extern int gr_search_socket(const int domain, const int type,
12370 + const int protocol);
12372 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
12373 static ssize_t sock_read(struct file *file, char *buf,
12374 size_t size, loff_t *ppos);
12375 @@ -699,6 +711,7 @@
12377 int sock_close(struct inode *inode, struct file *filp)
12379 + struct socket *sock;
12381 * It was possible the inode is NULL we were
12382 * closing an unfinished socket.
12383 @@ -709,8 +722,21 @@
12384 printk(KERN_DEBUG "sock_close: NULL inode\n");
12387 + sock = socki_lookup(inode);
12389 sock_fasync(-1, filp, 0);
12391 +#ifdef CONFIG_GRKERNSEC
12392 + if (unlikely(current->used_accept && sock->sk &&
12393 + (sock->sk->protocol == IPPROTO_TCP) &&
12394 + (sock->sk->daddr == current->curr_ip))) {
12395 + current->used_accept = 0;
12396 + current->curr_ip = 0;
12400 sock_release(socki_lookup(inode));
12405 @@ -903,6 +929,16 @@
12407 struct socket *sock;
12409 + if(!gr_search_socket(family, type, protocol)) {
12410 + retval = -EACCES;
12414 + if (gr_handle_sock_all(family, type, protocol)) {
12415 + retval = -EACCES;
12419 retval = sock_create(family, type, protocol, &sock);
12422 @@ -998,12 +1034,26 @@
12424 struct socket *sock;
12425 char address[MAX_SOCK_ADDR];
12426 + struct sockaddr * sck;
12429 if((sock = sockfd_lookup(fd,&err))!=NULL)
12431 - if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
12432 + if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
12433 + sck = (struct sockaddr *) address;
12435 + if(!gr_search_bind(sock, (struct sockaddr_in *) sck)) {
12436 + sockfd_put(sock);
12440 + if (gr_handle_sock_server(sck)) {
12441 + sockfd_put(sock);
12445 err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
12450 @@ -1079,6 +1129,8 @@
12451 if ((err = sock_map_fd(newsock)) < 0)
12454 + gr_attach_curr_ip(newsock->sk);
12459 @@ -1106,6 +1158,7 @@
12461 struct socket *sock;
12462 char address[MAX_SOCK_ADDR];
12463 + struct sockaddr * sck;
12466 sock = sockfd_lookup(fd, &err);
12467 @@ -1114,6 +1167,24 @@
12468 err = move_addr_to_kernel(uservaddr, addrlen, address);
12472 + sck = (struct sockaddr *) address;
12474 + if (!gr_search_connect(sock, (struct sockaddr_in *) sck)) {
12479 + if (gr_handle_sock_client(sck)) {
12484 +#ifdef CONFIG_GRKERNSEC
12485 + if (sock->sk->protocol == IPPROTO_TCP)
12486 + current->used_connect = 1;
12489 err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
12490 sock->file->f_flags);
12492 @@ -1333,6 +1404,14 @@
12493 err=sock->ops->shutdown(sock, how);
12497 +#ifdef CONFIG_GRKERNSEC
12498 + if (likely(!err && current->used_accept)) {
12499 + current->used_accept = 0;
12500 + current->curr_ip = 0;
12507 diff -urN linux-2.4.21/net/sunrpc/xprt.c linux-2.4.21/net/sunrpc/xprt.c
12508 --- linux-2.4.21/net/sunrpc/xprt.c 2003-06-23 11:41:57.000000000 -0400
12509 +++ linux-2.4.21/net/sunrpc/xprt.c 2003-06-23 11:49:17.000000000 -0400
12511 #include <linux/unistd.h>
12512 #include <linux/sunrpc/clnt.h>
12513 #include <linux/file.h>
12514 +#include <linux/grsecurity.h>
12516 #include <net/sock.h>
12517 #include <net/checksum.h>
12518 @@ -1267,6 +1268,12 @@
12521 spin_unlock(&xid_lock);
12523 +#ifdef CONFIG_GRKERNSEC_RANDRPC
12524 + if (grsec_enable_randrpc)
12525 + ret = arc4random();
12531 diff -urN linux-2.4.21/net/unix/af_unix.c linux-2.4.21/net/unix/af_unix.c
12532 --- linux-2.4.21/net/unix/af_unix.c 2003-06-23 11:41:53.000000000 -0400
12533 +++ linux-2.4.21/net/unix/af_unix.c 2003-06-23 11:49:18.000000000 -0400
12534 @@ -109,6 +109,7 @@
12535 #include <linux/poll.h>
12536 #include <linux/smp_lock.h>
12537 #include <linux/rtnetlink.h>
12538 +#include <linux/grsecurity.h>
12540 #include <asm/checksum.h>
12542 @@ -599,6 +600,11 @@
12546 + if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) {
12551 err = -ECONNREFUSED;
12552 if (!S_ISSOCK(nd.dentry->d_inode->i_mode))
12554 @@ -622,6 +628,13 @@
12556 struct dentry *dentry;
12557 dentry = u->protinfo.af_unix.dentry;
12559 + if (!gr_handle_chroot_unix(u->peercred.pid)) {
12566 UPDATE_ATIME(dentry->d_inode);
12568 @@ -720,9 +733,19 @@
12569 * All right, let's create it.
12571 mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
12573 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
12575 + goto out_mknod_dput;
12578 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
12581 goto out_mknod_dput;
12583 + gr_handle_create(dentry, nd.mnt);
12585 up(&nd.dentry->d_inode->i_sem);
12587 nd.dentry = dentry;
12588 @@ -740,6 +763,10 @@
12592 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
12593 + sk->peercred.pid = current->pid;
12596 list = &unix_socket_table[addr->hash];
12598 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
12599 @@ -866,6 +893,9 @@
12603 +#ifdef CONFIG_GRKERNSEC
12604 + struct task_struct *p, **htable;
12607 err = unix_mkname(sunaddr, addr_len, &hash);
12609 @@ -989,6 +1019,17 @@
12610 /* Set credentials */
12611 sk->peercred = other->peercred;
12613 +#ifdef CONFIG_GRKERNSEC
12614 + read_lock(&tasklist_lock);
12615 + htable = &pidhash[pid_hashfn(other->peercred.pid)];
12616 + for (p = *htable; p && p->pid != other->peercred.pid; p = p->pidhash_next);
12618 + p->curr_ip = current->curr_ip;
12619 + p->used_accept = 1;
12621 + read_unlock(&tasklist_lock);
12625 unix_peer(sk)=newsk;
12626 sock->state=SS_CONNECTED;