1 diff -urN linux-2.4.22/Documentation/Configure.help linux-2.4.22/Documentation/Configure.help
2 --- linux-2.4.22/Documentation/Configure.help 2003-09-01 22:19:45.000000000 -0400
3 +++ linux-2.4.22/Documentation/Configure.help 2003-09-02 19:29:41.000000000 -0400
5 If you want to compile it as a module, say M here and read
6 Documentation/modules.txt. If unsure, say `N'.
8 +stealth networking support
9 +CONFIG_IP_NF_MATCH_STEALTH
10 + Enabling this option will drop all syn packets coming to unserved tcp
11 + ports as well as all packets coming to unserved udp ports. If you
12 + are using your system to route any type of packets (ie. via NAT)
13 + you should put this module at the end of your ruleset, since it will
14 + drop packets that aren't going to ports that are listening on your
15 + machine itself, it doesn't take into account that the packet might be
16 + destined for someone on your internal network if you're using NAT for
19 + If you want to compile it as a module, say M here and read
20 + Documentation/modules.txt. If unsure, say `N'.
22 MAC address match support
23 CONFIG_IP_NF_MATCH_MAC
24 MAC matching allows you to match packets based on the source
25 @@ -22263,6 +22277,609 @@
27 "Area6" will work for most boards. For ADX, select "Area5".
31 + If you say Y here, you will be able to configure many features that
32 + will enhance the security of your system. It is highly recommended
33 + that you say Y here and read through the help for each option so
34 + you fully understand the features and can evaluate their usefulness
37 +Additional security levels
40 + Low additional security
41 + -----------------------------------------------------------------------
42 + If you choose this option, several of the grsecurity options will
43 + be enabled that will give you greater protection against a number
44 + of attacks, while assuring that none of your software will have any
45 + conflicts with the additional security measures. If you run a lot of
46 + unusual software, or you are having problems with the higher security
47 + levels, you should say Y here. With this option, the following features
50 + linking restrictions
53 + enforcing nproc on execve()
56 + enforced chdir("/") on chroot
58 + Medium additional security
59 + -----------------------------------------------------------------------
60 + If you say Y here, several features in addition to those included in the
61 + low additional security level will be enabled. These features provide
62 + even more security to your system, though in rare cases they may
63 + be incompatible with very old or poorly written software. If you
64 + enable this option, make sure that your auth service (identd) is
65 + running as gid 10 (usually group wheel). With this option the following
66 + features (in addition to those provided in the low additional security
67 + level) will be enabled:
69 + random tcp source ports
74 + deny mounts in chroot
75 + deny double chrooting
76 + deny sysctl writes in chroot
77 + deny mknod in chroot
78 + deny access to abstract AF_UNIX sockets out of chroot
79 + deny pivot_root in chroot
80 + denied writes of /dev/kmem, /dev/mem, and /dev/port
81 + /proc restrictions with special gid set to 10 (usually wheel)
82 + address space layout randomization
84 + High additional security
85 + ----------------------------------------------------------------------
86 + If you say Y here, many of the features of grsecurity will be enabled,
87 + that will protect you against many kinds of attacks against
88 + your system. The heightened security comes at a cost of an
89 + increased chance of incompatibilities with rare software on your
90 + machine. It is highly recommended that you view
91 + <http://grsecurity.net/features.htm> and read about each option.
92 + Also remember that since the /proc restrictions are
93 + enabled, you must run your identd as group wheel (gid 10).
94 + This security level enables the following features in addition to those
95 + listed in the low and medium security levels:
97 + additional /proc restrictions
98 + chmod restrictions in chroot
99 + no signals, ptrace, or viewing processes outside of chroot
100 + capability restrictions in chroot
101 + deny fchdir out of chroot
102 + priority restrictions in chroot
103 + mprotect restrictions
104 + removal of /proc/<pid>/[maps|mem]
105 + kernel stack randomization
106 + mount/unmount/remount logging
107 + kernel symbol hiding
109 +Customized additional security
110 +CONFIG_GRKERNSEC_CUSTOM
111 + If you say Y here, you will be able to configure every grsecurity
112 + option, which allows you to enable many more features that aren't
113 + covered in the basic security levels. These additional features include
114 + TPE, socket restrictions, and the sysctl system for grsecurity. It is
115 + advised that you read through the help for each option to determine its
116 + usefulness in your situation.
118 +Deny writing to /dev/kmem, /dev/mem, and /dev/port
119 +CONFIG_GRKERNSEC_KMEM
120 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
121 + be written to via mmap or otherwise to modify the running kernel.
122 + /dev/port will also not be allowed to be opened. If you have module
123 + support disabled, enabling this will close up four ways that are
124 + currently used to insert malicious code into the running kernel.
125 + Even with all these features enabled, we still highly recommend that
126 + you use the ACL system, as it is still possible for an attacker to
127 + modify the running kernel through privileged I/O granted by ioperm/iopl.
128 + If you are not using XFree86, you may be able to stop this additional
129 + case by enabling the 'Disable privileged I/O' option. Though nothing
130 + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
131 + but only to video memory, which is the only writing we allow in this
132 + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
133 + not be allowed to mprotect it with PROT_WRITE later.
134 + Enabling this feature could make certain apps like VMWare stop working,
135 + as they need to write to other locations in /dev/mem.
136 + It is highly recommended that you say Y here if you meet all the
139 +Disable privileged I/O
141 + If you say Y here, all ioperm and iopl calls will return an error.
142 + Ioperm and iopl can be used to modify the running kernel.
143 + Unfortunately, some programs need this access to operate properly,
144 + the most notable of which are XFree86 and hwclock. hwclock can be
145 + remedied by having RTC support in the kernel, so CONFIG_RTC is
146 + enabled if this option is enabled, to ensure that hwclock operates
147 + correctly. XFree86 still will not operate correctly with this option
148 + enabled, so DO NOT CHOOSE Y IF YOU USE XFree86. If you use XFree86
149 + and you still want to protect your kernel against modification,
150 + use the ACL system.
153 +CONFIG_GRKERNSEC_HIDESYM
154 + If you say Y here, getting information on loaded modules, and
155 + displaying all kernel symbols through a syscall will be restricted
156 + to users with CAP_SYS_MODULE. This option is only effective
157 + provided the following conditions are met:
158 + 1) The kernel using grsecurity is not precompiled by some distribution
159 + 2) You are using the ACL system and hiding other files such as your
160 + kernel image and System.map
161 + 3) You have the additional /proc restrictions enabled, which removes
163 + If the above conditions are met, this option will aid to provide a
164 + useful protection against local and remote kernel exploitation of
165 + overflows and arbitrary read/write vulnerabilities.
167 +/proc/<pid>/ipaddr support
168 +CONFIG_GRKERNSEC_PROC_IPADDR
169 + If you say Y here, a new entry will be added to each /proc/<pid>
170 + directory that contains the IP address of the person using the task.
171 + The IP is carried across local TCP and AF_UNIX stream sockets.
172 + This information can be useful for IDS/IPSes to perform remote response
173 + to a local attack. The entry is readable by only the owner of the
174 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
175 + the RBAC system), and thus does not create privacy concerns.
178 +CONFIG_GRKERNSEC_PROC
179 + If you say Y here, the permissions of the /proc filesystem
180 + will be altered to enhance system security and privacy. Depending
181 + upon the options you choose, you can either restrict users to see
182 + only the processes they themselves run, or choose a group that can
183 + view all processes and files normally restricted to root if you choose
184 + the "restrict to user only" option. NOTE: If you're running identd as
185 + a non-root user, you will have to run it as the group you specify here.
187 +Restrict /proc to user only
188 +CONFIG_GRKERNSEC_PROC_USER
189 + If you say Y here, non-root users will only be able to view their own
190 + processes, and restricts them from viewing network-related information,
191 + and viewing kernel symbol and module information.
193 +Restrict /proc to user and group
194 +CONFIG_GRKERNSEC_PROC_USERGROUP
195 + If you say Y here, you will be able to select a group that will be
196 + able to view all processes, network-related information, and
197 + kernel and symbol information. This option is useful if you want
198 + to run identd as a non-root user.
200 +Additional proc restrictions
201 +CONFIG_GRKERNSEC_PROC_ADD
202 + If you say Y here, additional restrictions will be placed on
203 + /proc that keep normal users from viewing cpu and device information.
205 +Dmesg(8) Restriction
206 +CONFIG_GRKERNSEC_DMESG
207 + If you say Y here, non-root users will not be able to use dmesg(8)
208 + to view up to the last 4kb of messages in the kernel's log buffer.
209 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
212 +Linking restrictions
213 +CONFIG_GRKERNSEC_LINK
214 + If you say Y here, /tmp race exploits will be prevented, since users
215 + will no longer be able to follow symlinks owned by other users in
216 + world-writable +t directories (i.e. /tmp), unless the owner of the
217 + symlink is the owner of the directory. users will also not be
218 + able to hardlink to files they do not own. If the sysctl option is
219 + enabled, a sysctl option with name "linking_restrictions" is created.
222 +CONFIG_GRKERNSEC_FIFO
223 + If you say Y here, users will not be able to write to FIFOs they don't
224 + own in world-writable +t directories (i.e. /tmp), unless the owner of
225 + the FIFO is the same owner of the directory it's held in. If the sysctl
226 + option is enabled, a sysctl option with name "fifo_restrictions" is
229 +Enforce RLIMIT_NPROC on execs
230 +CONFIG_GRKERNSEC_EXECVE
231 + If you say Y here, users with a resource limit on processes will
232 + have the value checked during execve() calls. The current system
233 + only checks the system limit during fork() calls. If the sysctl option
234 + is enabled, a sysctl option with name "execve_limiting" is created.
236 +Single group for auditing
237 +CONFIG_GRKERNSEC_AUDIT_GROUP
238 + If you say Y here, the exec, chdir, (un)mount, and ipc logging features
239 + will only operate on a group you specify. This option is recommended
240 + if you only want to watch certain users instead of having a large
241 + amount of logs from the entire system. If the sysctl option is enabled,
242 + a sysctl option with name "audit_group" is created.
245 +CONFIG_GRKERNSEC_AUDIT_GID
246 + Here you can choose the GID that will be the target of kernel auditing.
247 + Remember to add the users you want to log to the GID specified here.
248 + If the sysctl option is enabled, whatever you choose here won't matter.
249 + You'll have to specify the GID in your bootup script by echoing the GID
250 + to the proper /proc entry. View the help on the sysctl option for more
251 + information. If the sysctl option is enabled, a sysctl option with name
252 + "audit_gid" is created.
255 +CONFIG_GRKERNSEC_AUDIT_CHDIR
256 + If you say Y here, all chdir() calls will be logged. If the sysctl
257 + option is enabled, a sysctl option with name "audit_chdir" is created.
260 +CONFIG_GRKERNSEC_AUDIT_MOUNT
261 + If you say Y here, all mounts and unmounts will be logged. If the
262 + sysctl option is enabled, a sysctl option with name "audit_mount" is
266 +CONFIG_GRKERNSEC_AUDIT_IPC
267 + If you say Y here, creation and removal of message queues, semaphores,
268 + and shared memory will be logged. If the sysctl option is enabled, a
269 + sysctl option with name "audit_ipc" is created.
272 +CONFIG_GRKERNSEC_EXECLOG
273 + If you say Y here, all execve() calls will be logged (since the
274 + other exec*() calls are frontends to execve(), all execution
275 + will be logged). Useful for shell-servers that like to keep track
276 + of their users. If the sysctl option is enabled, a sysctl option with
277 + name "exec_logging" is created.
278 + WARNING: This option when enabled will produce a LOT of logs, especially
279 + on an active system.
282 +CONFIG_GRKERNSEC_RESLOG
283 + If you say Y here, all attempts to overstep resource limits will
284 + be logged with the resource name, the requested size, and the current
285 + limit. It is highly recommended that you say Y here.
288 +CONFIG_GRKERNSEC_SIGNAL
289 + If you say Y here, certain important signals will be logged, such as
290 + SIGSEGV, which will as a result inform you of when a error in a program
291 + occurred, which in some cases could mean a possible exploit attempt.
292 + If the sysctl option is enabled, a sysctl option with name
293 + "signal_logging" is created.
295 +Fork failure logging
296 +CONFIG_GRKERNSEC_FORKFAIL
297 + If you say Y here, all failed fork() attempts will be logged.
298 + This could suggest a fork bomb, or someone attempting to overstep
299 + their process limit. If the sysctl option is enabled, a sysctl option
300 + with name "forkfail_logging" is created.
303 +CONFIG_GRKERNSEC_TIME
304 + If you say Y here, any changes of the system clock will be logged.
305 + If the sysctl option is enabled, a sysctl option with name
306 + "timechange_logging" is created.
308 +Chroot jail restrictions
309 +CONFIG_GRKERNSEC_CHROOT
310 + If you say Y here, you will be able to choose several options that will
311 + make breaking out of a chrooted jail much more difficult. If you
312 + encounter no software incompatibilities with the following options, it
313 + is recommended that you enable each one.
315 +Deny access to abstract AF_UNIX sockets out of chroot
316 +CONFIG_GRKERNSEC_CHROOT_UNIX
317 + If you say Y here, processes inside a chroot will not be able to
318 + connect to abstract (meaning not belonging to a filesystem) Unix
319 + domain sockets that were bound outside of a chroot. It is recommended
320 + that you say Y here. If the sysctl option is enabled, a sysctl option
321 + with name "chroot_deny_unix" is created.
323 +Deny shmat() out of chroot
324 +CONFIG_GRKERNSEC_CHROOT_SHMAT
325 + If you say Y here, processes inside a chroot will not be able to attach
326 + to shared memory segments that were created outside of the chroot jail.
327 + It is recommended that you say Y here. If the sysctl option is enabled,
328 + a sysctl option with name "chroot_deny_shmat" is created.
330 +Protect outside processes
331 +CONFIG_GRKERNSEC_CHROOT_FINDTASK
332 + If you say Y here, processes inside a chroot will not be able to
333 + kill, send signals with fcntl, ptrace, capget, setpgid, getpgid,
334 + getsid, or view any process outside of the chroot. If the sysctl
335 + option is enabled, a sysctl option with name "chroot_findtask" is
338 +Deny mounts in chroot
339 +CONFIG_GRKERNSEC_CHROOT_MOUNT
340 + If you say Y here, processes inside a chroot will not be able to
341 + mount or remount filesystems. If the sysctl option is enabled, a
342 + sysctl option with name "chroot_deny_mount" is created.
344 +Deny pivot_root in chroot
345 +CONFIG_GRKERNSEC_CHROOT_PIVOT
346 + If you say Y here, processes inside a chroot will not be able to use
347 + a function called pivot_root() that was introduced in Linux 2.3.41. It
348 + works similar to chroot in that it changes the root filesystem. This
349 + function could be misused in a chrooted process to attempt to break out
350 + of the chroot, and therefore should not be allowed. If the sysctl
351 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
355 +CONFIG_GRKERNSEC_CHROOT_DOUBLE
356 + If you say Y here, processes inside a chroot will not be able to chroot
357 + again. This is a widely used method of breaking out of a chroot jail
358 + and should not be allowed. If the sysctl option is enabled, a sysctl
359 + option with name "chroot_deny_chroot" is created.
361 +Deny fchdir outside of chroot
362 +CONFIG_GRKERNSEC_CHROOT_FCHDIR
363 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
364 + to a file descriptor of the chrooting process that points to a directory
365 + outside the filesystem will be stopped. If the sysctl option
366 + is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
368 +Enforce chdir("/") on all chroots
369 +CONFIG_GRKERNSEC_CHROOT_CHDIR
370 + If you say Y here, the current working directory of all newly-chrooted
371 + applications will be set to the the root directory of the chroot.
372 + The man page on chroot(2) states:
373 + Note that this call does not change the current working
374 + directory, so that `.' can be outside the tree rooted at
375 + `/'. In particular, the super-user can escape from a
376 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
378 + It is recommended that you say Y here, since it's not known to break
379 + any software. If the sysctl option is enabled, a sysctl option with
380 + name "chroot_enforce_chdir" is created.
382 +Deny (f)chmod +s in chroot
383 +CONFIG_GRKERNSEC_CHROOT_CHMOD
384 + If you say Y here, processes inside a chroot will not be able to chmod
385 + or fchmod files to make them have suid or sgid bits. This protects
386 + against another published method of breaking a chroot. If the sysctl
387 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
390 +Deny mknod in chroot
391 +CONFIG_GRKERNSEC_CHROOT_MKNOD
392 + If you say Y here, processes inside a chroot will not be allowed to
393 + mknod. The problem with using mknod inside a chroot is that it
394 + would allow an attacker to create a device entry that is the same
395 + as one on the physical root of your system, which could range from
396 + anything from the console device to a device for your harddrive (which
397 + they could then use to wipe the drive or steal data). It is recommended
398 + that you say Y here, unless you run into software incompatibilities.
399 + If the sysctl option is enabled, a sysctl option with name
400 + "chroot_deny_mknod" is created.
402 +Restrict priority changes in chroot
403 +CONFIG_GRKERNSEC_CHROOT_NICE
404 + If you say Y here, processes inside a chroot will not be able to raise
405 + the priority of processes in the chroot, or alter the priority of
406 + processes outside the chroot. This provides more security than simply
407 + removing CAP_SYS_NICE from the process' capability set. If the
408 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
411 +Log all execs within chroot
412 +CONFIG_GRKERNSEC_CHROOT_EXECLOG
413 + If you say Y here, all executions inside a chroot jail will be logged
414 + to syslog. This can cause a large amount of logs if certain
415 + applications (eg. djb's daemontools) are installed on the system, and
416 + is therefore left as an option. If the sysctl option is enabled, a
417 + sysctl option with name "chroot_execlog" is created.
419 +Deny sysctl writes in chroot
420 +CONFIG_GRKERNSEC_CHROOT_SYSCTL
421 + If you say Y here, an attacker in a chroot will not be able to
422 + write to sysctl entries, either by sysctl(2) or through a /proc
423 + interface. It is strongly recommended that you say Y here. If the
424 + sysctl option is enabled, a sysctl option with name
425 + "chroot_deny_sysctl" is created.
427 +Chroot jail capability restrictions
428 +CONFIG_GRKERNSEC_CHROOT_CAPS
429 + If you say Y here, the capabilities on all root processes within a
430 + chroot jail will be lowered to stop module insertion, raw i/o,
431 + system and net admin tasks, rebooting the system, modifying immutable
432 + files, modifying IPC owned by another, and changing the system time.
433 + This is left an option because it can break some apps. Disable this
434 + if your chrooted apps are having problems performing those kinds of
435 + tasks. If the sysctl option is enabled, a sysctl option with
436 + name "chroot_caps" is created.
438 +Trusted path execution
439 +CONFIG_GRKERNSEC_TPE
440 + If you say Y here, you will be able to choose a gid to add to the
441 + supplementary groups of users you want to mark as "untrusted."
442 + These users will not be able to execute any files that are not in
443 + root-owned directories writable only by root. If the sysctl option
444 + is enabled, a sysctl option with name "tpe" is created.
446 +Group for trusted path execution
447 +CONFIG_GRKERNSEC_TPE_GID
448 + Here you can choose the GID to enable trusted path protection for.
449 + Remember to add the users you want protection enabled for to the GID
450 + specified here. If the sysctl option is enabled, whatever you choose
451 + here won't matter. You'll have to specify the GID in your bootup
452 + script by echoing the GID to the proper /proc entry. View the help
453 + on the sysctl option for more information. If the sysctl option is
454 + enabled, a sysctl option with name "tpe_gid" is created.
456 +Partially restrict non-root users
457 +CONFIG_GRKERNSEC_TPE_ALL
458 + If you say Y here, All non-root users other than the ones in the
459 + group specified in the main TPE option will only be allowed to
460 + execute files in directories they own that are not group or
461 + world-writable, or in directories owned by root and writable only by
462 + root. If the sysctl option is enabled, a sysctl option with name
463 + "tpe_restrict_all" is created.
466 +CONFIG_GRKERNSEC_RANDPID
467 + If you say Y here, all PIDs created on the system will be
468 + pseudo-randomly generated. This is extremely effective along
469 + with the /proc restrictions to disallow an attacker from guessing
470 + pids of daemons, etc. PIDs are also used in some cases as part
471 + of a naming system for temporary files, so this option would keep
472 + those filenames from being predicted as well. We also use code
473 + to make sure that PID numbers aren't reused too soon. If the sysctl
474 + option is enabled, a sysctl option with name "rand_pids" is created.
476 +Larger entropy pools
477 +CONFIG_GRKERNSEC_RANDNET
478 + If you say Y here, the entropy pools used for many features of Linux
479 + and grsecurity will be doubled in size. Since several grsecurity
480 + features use additional randomness, it is recommended that you say Y
481 + here. Saying Y here has a similar effect as modifying
482 + /proc/sys/kernel/random/poolsize.
484 +Truly random TCP ISN selection
485 +CONFIG_GRKERNSEC_RANDISN
486 + If you say Y here, Linux's default selection of TCP Initial Sequence
487 + Numbers (ISNs) will be replaced with that of OpenBSD. Linux uses
488 + an MD4 hash based on the connection plus a time value to create the
489 + ISN, while OpenBSD's selection is random. If the sysctl option is
490 + enabled, a sysctl option with name "rand_isns" is created.
493 +CONFIG_GRKERNSEC_RANDID
494 + If you say Y here, all the id field on all outgoing packets
495 + will be randomized. This hinders os fingerprinters and
496 + keeps your machine from being used as a bounce for an untraceable
497 + portscan. Ids are used for fragmented packets, fragments belonging
498 + to the same packet have the same id. By default linux only
499 + increments the id value on each packet sent to an individual host.
500 + We use a port of the OpenBSD random ip id code to achieve the
501 + randomness, while keeping the possibility of id duplicates to
502 + near none. If the sysctl option is enabled, a sysctl option with name
503 + "rand_ip_ids" is created.
505 +Randomized TCP source ports
506 +CONFIG_GRKERNSEC_RANDSRC
507 + If you say Y here, situations where a source port is generated on the
508 + fly for the TCP protocol (ie. with connect() ) will be altered so that
509 + the source port is generated at random, instead of a simple incrementing
510 + algorithm. If the sysctl option is enabled, a sysctl option with name
511 + "rand_tcp_src_ports" is created.
514 +CONFIG_GRKERNSEC_RANDRPC
515 + If you say Y here, the method of determining XIDs for RPC requests will
516 + be randomized, instead of using linux's default behavior of simply
517 + incrementing the XID. If you want your RPC connections to be more
518 + secure, say Y here. If the sysctl option is enabled, a sysctl option
519 + with name "rand_rpc" is created.
522 +CONFIG_GRKERNSEC_SOCKET
523 + If you say Y here, you will be able to choose from several options.
524 + If you assign a GID on your system and add it to the supplementary
525 + groups of users you want to restrict socket access to, this patch
526 + will perform up to three things, based on the option(s) you choose.
528 +Deny all socket access
529 +CONFIG_GRKERNSEC_SOCKET_ALL
530 + If you say Y here, you will be able to choose a GID of whose users will
531 + be unable to connect to other hosts from your machine or run server
532 + applications from your machine. If the sysctl option is enabled, a
533 + sysctl option with name "socket_all" is created.
535 +Group for disabled socket access
536 +CONFIG_GRKERNSEC_SOCKET_ALL_GID
537 + Here you can choose the GID to disable socket access for. Remember to
538 + add the users you want socket access disabled for to the GID
539 + specified here. If the sysctl option is enabled, whatever you choose
540 + here won't matter. You'll have to specify the GID in your bootup
541 + script by echoing the GID to the proper /proc entry. View the help
542 + on the sysctl option for more information. If the sysctl option is
543 + enabled, a sysctl option with name "socket_all_gid" is created.
545 +Deny all client socket access
546 +CONFIG_GRKERNSEC_SOCKET_CLIENT
547 + If you say Y here, you will be able to choose a GID of whose users will
548 + be unable to connect to other hosts from your machine, but will be
549 + able to run servers. If this option is enabled, all users in the group
550 + you specify will have to use passive mode when initiating ftp transfers
551 + from the shell on your machine. If the sysctl option is enabled, a
552 + sysctl option with name "socket_client" is created.
554 +Group for disabled client socket access
555 +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID
556 + Here you can choose the GID to disable client socket access for.
557 + Remember to add the users you want client socket access disabled for to
558 + the GID specified here. If the sysctl option is enabled, whatever you
559 + choose here won't matter. You'll have to specify the GID in your bootup
560 + script by echoing the GID to the proper /proc entry. View the help
561 + on the sysctl option for more information. If the sysctl option is
562 + enabled, a sysctl option with name "socket_client_gid" is created.
564 +Deny all server socket access
565 +CONFIG_GRKERNSEC_SOCKET_SERVER
566 + If you say Y here, you will be able to choose a GID of whose users will
567 + be unable to run server applications from your machine. If the sysctl
568 + option is enabled, a sysctl option with name "socket_server" is created.
570 +Group for disabled server socket access
571 +CONFIG_GRKERNSEC_SOCKET_SERVER_GID
572 + Here you can choose the GID to disable server socket access for.
573 + Remember to add the users you want server socket access disabled for to
574 + the GID specified here. If the sysctl option is enabled, whatever you
575 + choose here won't matter. You'll have to specify the GID in your bootup
576 + script by echoing the GID to the proper /proc entry. View the help
577 + on the sysctl option for more information. If the sysctl option is
578 + enabled, a sysctl option with name "socket_server_gid" is created.
581 +CONFIG_GRKERNSEC_SYSCTL
582 + If you say Y here, you will be able to change the options that
583 + grsecurity runs with at bootup, without having to recompile your
584 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
585 + to enable (1) or disable (0) various features. All the sysctl entries
586 + are mutable until the "grsec_lock" entry is set to a non-zero value.
587 + All features are disabled by default. Please note that this option could
588 + reduce the effectiveness of the added security of this patch if an ACL
589 + system is not put in place. Your init scripts should be read-only, and
590 + root should not have access to adding modules or performing raw i/o
591 + operations. All options should be set at startup, and the grsec_lock
592 + entry should be set to a non-zero value after all the options are set.
593 + *THIS IS EXTREMELY IMPORTANT*
595 +Number of burst messages
596 +CONFIG_GRKERNSEC_FLOODBURST
597 + This option allows you to choose the maximum number of messages allowed
598 + within the flood time interval you chose in a separate option. The
599 + default should be suitable for most people, however if you find that
600 + many of your logs are being interpreted as flooding, you may want to
603 +Seconds in between log messages
604 +CONFIG_GRKERNSEC_FLOODTIME
605 + This option allows you to enforce the number of seconds between
606 + grsecurity log messages. The default should be suitable for most
607 + people, however, if you choose to change it, choose a value small enough
608 + to allow informative logs to be produced, but large enough to
611 +Hide kernel processes
612 +CONFIG_GRKERNSEC_ACL_HIDEKERN
613 + If you say Y here, when the ACL system is enabled via gradm -E,
614 + an additional ACL will be passed to the kernel that hides all kernel
615 + processes. These processes will only be viewable by the authenticated
616 + admin, or processes that have viewing access set.
618 +Maximum tries before password lockout
619 +CONFIG_GRKERNSEC_ACL_MAXTRIES
620 + This option enforces the maximum number of times a user can attempt
621 + to authorize themselves with the grsecurity ACL system before being
622 + denied the ability to attempt authorization again for a specified time.
623 + The lower the number, the harder it will be to brute-force a password.
625 +Time to wait after max password tries, in seconds
626 +CONFIG_GRKERNSEC_ACL_TIMEOUT
627 + This option specifies the time the user must wait after attempting to
628 + authorize to the ACL system with the maximum number of invalid
629 + passwords. The higher the number, the harder it will be to brute-force
633 CONFIG_DCACHE_DISABLE
634 This option allows you to run the kernel with data cache disabled.
635 diff -urN linux-2.4.22/Makefile linux-2.4.22/Makefile
636 --- linux-2.4.22/Makefile 2003-09-01 22:19:00.000000000 -0400
637 +++ linux-2.4.22/Makefile 2003-09-02 19:29:41.000000000 -0400
643 +EXTRAVERSION = -grsec
645 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
649 CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o
650 NETWORKS =net/network.o
651 +GRSECURITY =grsecurity/grsec.o
653 LIBS =$(TOPDIR)/lib/lib.a
654 -SUBDIRS =kernel drivers mm fs net ipc lib crypto
655 +SUBDIRS =kernel drivers mm fs net ipc lib crypto grsecurity
661 export CPPFLAGS CFLAGS CFLAGS_KERNEL AFLAGS AFLAGS_KERNEL
663 -export NETWORKS DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS
664 +export NETWORKS DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS GRSECURITY
667 $(CPP) $(AFLAGS) $(AFLAGS_KERNEL) -traditional -o $*.s $<
676 diff -urN linux-2.4.22/arch/alpha/config.in linux-2.4.22/arch/alpha/config.in
677 --- linux-2.4.22/arch/alpha/config.in 2003-09-01 22:19:33.000000000 -0400
678 +++ linux-2.4.22/arch/alpha/config.in 2003-09-02 19:29:41.000000000 -0400
681 source crypto/Config.in
684 +mainmenu_option next_comment
685 +comment 'Grsecurity'
686 +bool 'Grsecurity' CONFIG_GRKERNSEC
687 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
688 + source grsecurity/Config.in
692 diff -urN linux-2.4.22/arch/alpha/kernel/osf_sys.c linux-2.4.22/arch/alpha/kernel/osf_sys.c
693 --- linux-2.4.22/arch/alpha/kernel/osf_sys.c 2003-09-01 22:19:34.000000000 -0400
694 +++ linux-2.4.22/arch/alpha/kernel/osf_sys.c 2003-09-02 19:29:41.000000000 -0400
696 #include <linux/file.h>
697 #include <linux/types.h>
698 #include <linux/ipc.h>
699 +#include <linux/grsecurity.h>
708 + if(gr_handle_mmap(file, prot)) {
714 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
715 down_write(¤t->mm->mmap_sem);
716 ret = do_mmap(file, addr, len, prot, flags, off);
717 diff -urN linux-2.4.22/arch/alpha/kernel/ptrace.c linux-2.4.22/arch/alpha/kernel/ptrace.c
718 --- linux-2.4.22/arch/alpha/kernel/ptrace.c 2003-09-01 22:19:34.000000000 -0400
719 +++ linux-2.4.22/arch/alpha/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
721 #include <linux/ptrace.h>
722 #include <linux/user.h>
723 #include <linux/slab.h>
724 +#include <linux/grsecurity.h>
726 #include <asm/uaccess.h>
727 #include <asm/pgtable.h>
729 read_unlock(&tasklist_lock);
733 + if(gr_handle_ptrace(child, request))
736 if (request == PTRACE_ATTACH) {
737 ret = ptrace_attach(child);
739 diff -urN linux-2.4.22/arch/arm/config.in linux-2.4.22/arch/arm/config.in
740 --- linux-2.4.22/arch/arm/config.in 2003-09-01 22:19:37.000000000 -0400
741 +++ linux-2.4.22/arch/arm/config.in 2003-09-02 19:29:41.000000000 -0400
744 source crypto/Config.in
747 +mainmenu_option next_comment
748 +comment 'Grsecurity'
749 +bool 'Grsecurity' CONFIG_GRKERNSEC
750 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
751 + source grsecurity/Config.in
754 diff -urN linux-2.4.22/arch/cris/config.in linux-2.4.22/arch/cris/config.in
755 --- linux-2.4.22/arch/cris/config.in 2003-09-01 22:19:44.000000000 -0400
756 +++ linux-2.4.22/arch/cris/config.in 2003-09-02 19:29:41.000000000 -0400
758 source crypto/Config.in
762 +mainmenu_option next_comment
763 +comment 'Grsecurity'
764 +bool 'Grsecurity' CONFIG_GRKERNSEC
765 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
766 + source grsecurity/Config.in
770 diff -urN linux-2.4.22/arch/i386/config.in linux-2.4.22/arch/i386/config.in
771 --- linux-2.4.22/arch/i386/config.in 2003-09-01 22:19:33.000000000 -0400
772 +++ linux-2.4.22/arch/i386/config.in 2003-09-02 19:29:41.000000000 -0400
775 source crypto/Config.in
778 +mainmenu_option next_comment
779 +comment 'Grsecurity'
780 +bool 'Grsecurity' CONFIG_GRKERNSEC
781 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
782 + source grsecurity/Config.in
785 diff -urN linux-2.4.22/arch/i386/kernel/ioport.c linux-2.4.22/arch/i386/kernel/ioport.c
786 --- linux-2.4.22/arch/i386/kernel/ioport.c 2003-09-01 22:19:33.000000000 -0400
787 +++ linux-2.4.22/arch/i386/kernel/ioport.c 2003-09-02 19:29:41.000000000 -0400
789 #include <linux/smp.h>
790 #include <linux/smp_lock.h>
791 #include <linux/stddef.h>
792 +#include <linux/grsecurity.h>
794 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
795 static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
798 if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
800 +#ifdef CONFIG_GRKERNSEC_IO
802 + gr_handle_ioperm();
804 if (turn_on && !capable(CAP_SYS_RAWIO))
807 +#ifdef CONFIG_GRKERNSEC_IO
811 * If it's the first ioperm() call in this thread's lifetime, set the
812 * IO bitmap up. ioperm() is much less timing critical than clone(),
815 /* Trying to gain more privileges? */
817 +#ifdef CONFIG_GRKERNSEC_IO
821 if (!capable(CAP_SYS_RAWIO))
825 regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
827 diff -urN linux-2.4.22/arch/i386/kernel/ptrace.c linux-2.4.22/arch/i386/kernel/ptrace.c
828 --- linux-2.4.22/arch/i386/kernel/ptrace.c 2003-09-01 22:19:33.000000000 -0400
829 +++ linux-2.4.22/arch/i386/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
831 #include <linux/errno.h>
832 #include <linux/ptrace.h>
833 #include <linux/user.h>
834 +#include <linux/grsecurity.h>
836 #include <asm/uaccess.h>
837 #include <asm/pgtable.h>
839 if (pid == 1) /* you may not mess with init */
842 + if(gr_handle_ptrace(child, request))
845 if (request == PTRACE_ATTACH) {
846 ret = ptrace_attach(child);
849 if(addr < (long) &dummy->u_debugreg[4] &&
850 ((unsigned long) data) >= TASK_SIZE-3) break;
852 +#ifdef CONFIG_GRKERNSEC
853 + if(addr >= (long) &dummy->u_debugreg[0] &&
854 + addr <= (long) &dummy->u_debugreg[3]){
855 + long reg = (addr - (long) &dummy->u_debugreg[0]) >> 2;
856 + long type = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 4*reg)) & 3;
857 + long align = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 2 + 4*reg)) & 3;
858 + if((type & 1) && (data & align))
863 if(addr == (long) &dummy->u_debugreg[7]) {
864 data &= ~DR_CONTROL_RESERVED;
866 diff -urN linux-2.4.22/arch/i386/kernel/sys_i386.c linux-2.4.22/arch/i386/kernel/sys_i386.c
867 --- linux-2.4.22/arch/i386/kernel/sys_i386.c 2003-09-01 22:19:33.000000000 -0400
868 +++ linux-2.4.22/arch/i386/kernel/sys_i386.c 2003-09-02 19:29:41.000000000 -0400
870 #include <linux/mman.h>
871 #include <linux/file.h>
872 #include <linux/utsname.h>
873 +#include <linux/grsecurity.h>
875 #include <asm/uaccess.h>
881 + if(gr_handle_mmap(file, prot)) {
887 down_write(&mm->mmap_sem);
888 error = do_mmap_pgoff(mm, file, addr, len, prot, flags, pgoff);
889 up_write(&mm->mmap_sem);
890 diff -urN linux-2.4.22/arch/ia64/config.in linux-2.4.22/arch/ia64/config.in
891 --- linux-2.4.22/arch/ia64/config.in 2003-09-01 22:19:38.000000000 -0400
892 +++ linux-2.4.22/arch/ia64/config.in 2003-09-02 19:29:41.000000000 -0400
898 +mainmenu_option next_comment
899 +comment 'Grsecurity'
900 +bool 'Grsecurity' CONFIG_GRKERNSEC
901 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
902 + source grsecurity/Config.in
906 diff -urN linux-2.4.22/arch/ia64/kernel/ptrace.c linux-2.4.22/arch/ia64/kernel/ptrace.c
907 --- linux-2.4.22/arch/ia64/kernel/ptrace.c 2003-09-01 22:19:39.000000000 -0400
908 +++ linux-2.4.22/arch/ia64/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
910 #include <linux/ptrace.h>
911 #include <linux/smp_lock.h>
912 #include <linux/user.h>
913 +#include <linux/grsecurity.h>
915 #include <asm/pgtable.h>
916 #include <asm/processor.h>
917 @@ -1213,6 +1214,9 @@
918 if (pid == 1) /* no messing around with init! */
921 + if (gr_handle_ptrace(child, request))
924 if (request == PTRACE_ATTACH) {
925 ret = ptrace_attach(child);
927 diff -urN linux-2.4.22/arch/ia64/kernel/sys_ia64.c linux-2.4.22/arch/ia64/kernel/sys_ia64.c
928 --- linux-2.4.22/arch/ia64/kernel/sys_ia64.c 2003-09-01 22:19:39.000000000 -0400
929 +++ linux-2.4.22/arch/ia64/kernel/sys_ia64.c 2003-09-02 19:29:41.000000000 -0400
931 #include <linux/smp.h>
932 #include <linux/smp_lock.h>
933 #include <linux/highuid.h>
934 +#include <linux/grsecurity.h>
936 #include <asm/shmparam.h>
937 #include <asm/uaccess.h>
942 + if (gr_handle_mmap(file, prot)) {
947 down_write(¤t->mm->mmap_sem);
948 addr = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
949 up_write(¤t->mm->mmap_sem);
950 diff -urN linux-2.4.22/arch/m68k/config.in linux-2.4.22/arch/m68k/config.in
951 --- linux-2.4.22/arch/m68k/config.in 2003-09-01 22:19:37.000000000 -0400
952 +++ linux-2.4.22/arch/m68k/config.in 2003-09-02 19:29:41.000000000 -0400
955 source crypto/Config.in
958 +mainmenu_option next_comment
959 +comment 'Grsecurity'
960 +bool 'Grsecurity' CONFIG_GRKERNSEC
961 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
962 + source grsecurity/Config.in
965 diff -urN linux-2.4.22/arch/mips/config.in linux-2.4.22/arch/mips/config.in
966 --- linux-2.4.22/arch/mips/config.in 2003-09-01 22:19:35.000000000 -0400
967 +++ linux-2.4.22/arch/mips/config.in 2003-09-02 19:29:41.000000000 -0400
969 define_bool CONFIG_MIPS64 n
971 source arch/mips/config-shared.in
973 +mainmenu_option next_comment
974 +comment 'Grsecurity'
975 +bool 'Grsecurity' CONFIG_GRKERNSEC
976 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
977 + source grsecurity/Config.in
980 diff -urN linux-2.4.22/arch/mips64/config.in linux-2.4.22/arch/mips64/config.in
981 --- linux-2.4.22/arch/mips64/config.in 2003-09-01 22:19:39.000000000 -0400
982 +++ linux-2.4.22/arch/mips64/config.in 2003-09-02 19:29:41.000000000 -0400
984 define_bool CONFIG_MIPS64 y
986 source arch/mips/config-shared.in
988 +mainmenu_option next_comment
989 +comment 'Grsecurity'
990 +bool 'Grsecurity' CONFIG_GRKERNSEC
991 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
992 + source grsecurity/Config.in
995 diff -urN linux-2.4.22/arch/parisc/config.in linux-2.4.22/arch/parisc/config.in
996 --- linux-2.4.22/arch/parisc/config.in 2003-09-01 22:19:39.000000000 -0400
997 +++ linux-2.4.22/arch/parisc/config.in 2003-09-02 19:29:41.000000000 -0400
1000 source crypto/Config.in
1001 source lib/Config.in
1003 +mainmenu_option next_comment
1004 +comment 'Grsecurity'
1005 +bool 'Grsecurity' CONFIG_GRKERNSEC
1006 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1007 + source grsecurity/Config.in
1010 diff -urN linux-2.4.22/arch/parisc/kernel/ioctl32.c linux-2.4.22/arch/parisc/kernel/ioctl32.c
1011 --- linux-2.4.22/arch/parisc/kernel/ioctl32.c 2003-09-01 22:19:44.000000000 -0400
1012 +++ linux-2.4.22/arch/parisc/kernel/ioctl32.c 2003-09-02 19:29:41.000000000 -0400
1013 @@ -1434,7 +1434,11 @@
1014 * To have permissions to do most of the vt ioctls, we either have
1015 * to be the owner of the tty, or super-user.
1017 +#ifdef CONFIG_GRKERNSEC
1018 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1020 if (current->tty == tty || suser())
1025 diff -urN linux-2.4.22/arch/parisc/kernel/ptrace.c linux-2.4.22/arch/parisc/kernel/ptrace.c
1026 --- linux-2.4.22/arch/parisc/kernel/ptrace.c 2003-09-01 22:19:44.000000000 -0400
1027 +++ linux-2.4.22/arch/parisc/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
1029 #include <linux/ptrace.h>
1030 #include <linux/user.h>
1031 #include <linux/personality.h>
1033 +#include <linux/grsecurity.h>
1034 #include <asm/uaccess.h>
1035 #include <asm/pgtable.h>
1036 #include <asm/system.h>
1038 if (pid == 1) /* no messing around with init! */
1041 + if (gr_handle_ptrace(child, request))
1044 if (request == PTRACE_ATTACH) {
1045 ret = ptrace_attach(child);
1047 diff -urN linux-2.4.22/arch/parisc/kernel/sys_parisc.c linux-2.4.22/arch/parisc/kernel/sys_parisc.c
1048 --- linux-2.4.22/arch/parisc/kernel/sys_parisc.c 2003-09-01 22:19:44.000000000 -0400
1049 +++ linux-2.4.22/arch/parisc/kernel/sys_parisc.c 2003-09-02 19:29:41.000000000 -0400
1051 #include <linux/mman.h>
1052 #include <linux/shm.h>
1053 #include <linux/smp_lock.h>
1054 +#include <linux/grsecurity.h>
1056 int sys_pipe(int *fildes)
1058 @@ -104,6 +110,11 @@
1062 + if (gr_handle_mmap(file, prot)) {
1067 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1069 down_write(¤t->mm->mmap_sem);
1070 diff -urN linux-2.4.22/arch/parisc/kernel/sys_parisc32.c linux-2.4.22/arch/parisc/kernel/sys_parisc32.c
1071 --- linux-2.4.22/arch/parisc/kernel/sys_parisc32.c 2003-09-01 22:19:44.000000000 -0400
1072 +++ linux-2.4.22/arch/parisc/kernel/sys_parisc32.c 2003-09-02 19:29:41.000000000 -0400
1074 #include <linux/highmem.h>
1075 #include <linux/highuid.h>
1076 #include <linux/mman.h>
1077 +#include <linux/grsecurity.h>
1079 #include <asm/types.h>
1080 #include <asm/uaccess.h>
1081 @@ -177,6 +178,11 @@
1085 +#ifdef CONFIG_GRKERNSEC
1086 + struct file *old_exec_file;
1087 + struct acl_subject_label *old_acl;
1088 + struct rlimit old_rlim[RLIM_NLIMITS];
1091 file = open_exec(filename);
1093 @@ -184,6 +190,20 @@
1097 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1099 + if (gr_handle_nproc()) {
1100 + allow_write_access(file);
1105 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1106 + allow_write_access(file);
1111 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1112 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
1114 @@ -209,11 +234,24 @@
1118 + if (!gr_tpe_allow(file)) {
1123 + if (gr_check_crash_exec(file)) {
1128 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
1134 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
1136 retval = copy_strings32(bprm.envc, envp, &bprm);
1139 @@ -222,11 +260,32 @@
1143 +#ifdef CONFIG_GRKERNSEC
1144 + old_acl = current->acl;
1145 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
1146 + old_exec_file = current->exec_file;
1148 + current->exec_file = file;
1151 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
1153 retval = search_binary_handler(&bprm,regs);
1155 + if (retval >= 0) {
1156 +#ifdef CONFIG_GRKERNSEC
1157 + if (old_exec_file)
1158 + fput(old_exec_file);
1160 /* execve success */
1164 +#ifdef CONFIG_GRKERNSEC
1165 + current->acl = old_acl;
1166 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
1167 + fput(current->exec_file);
1168 + current->exec_file = old_exec_file;
1171 /* Something went wrong, return the inode and free the argument pages*/
1172 allow_write_access(bprm.file);
1173 diff -urN linux-2.4.22/arch/ppc/config.in linux-2.4.22/arch/ppc/config.in
1174 --- linux-2.4.22/arch/ppc/config.in 2003-09-01 22:19:36.000000000 -0400
1175 +++ linux-2.4.22/arch/ppc/config.in 2003-09-02 19:29:41.000000000 -0400
1176 @@ -488,3 +488,12 @@
1177 bool 'Support for early boot texts over serial port' CONFIG_SERIAL_TEXT_DEBUG
1181 +mainmenu_option next_comment
1182 +comment 'Grsecurity'
1183 +bool 'Grsecurity' CONFIG_GRKERNSEC
1184 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1185 + source grsecurity/Config.in
1189 diff -urN linux-2.4.22/arch/ppc/kernel/ptrace.c linux-2.4.22/arch/ppc/kernel/ptrace.c
1190 --- linux-2.4.22/arch/ppc/kernel/ptrace.c 2003-09-01 22:19:36.000000000 -0400
1191 +++ linux-2.4.22/arch/ppc/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
1193 #include <linux/errno.h>
1194 #include <linux/ptrace.h>
1195 #include <linux/user.h>
1196 +#include <linux/grsecurity.h>
1198 #include <asm/uaccess.h>
1199 #include <asm/page.h>
1201 if (pid == 1) /* you may not mess with init */
1204 + if (gr_handle_ptrace(child, request))
1207 if (request == PTRACE_ATTACH) {
1208 ret = ptrace_attach(child);
1210 diff -urN linux-2.4.22/arch/ppc/kernel/syscalls.c linux-2.4.22/arch/ppc/kernel/syscalls.c
1211 --- linux-2.4.22/arch/ppc/kernel/syscalls.c 2003-09-01 22:19:36.000000000 -0400
1212 +++ linux-2.4.22/arch/ppc/kernel/syscalls.c 2003-09-02 19:29:41.000000000 -0400
1214 #include <linux/ipc.h>
1215 #include <linux/utsname.h>
1216 #include <linux/file.h>
1217 +#include <linux/grsecurity.h>
1219 #include <asm/uaccess.h>
1220 #include <asm/ipc.h>
1221 @@ -175,6 +176,12 @@
1225 + if (gr_handle_mmap(file, prot)) {
1231 down_write(¤t->mm->mmap_sem);
1232 ret = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
1233 up_write(¤t->mm->mmap_sem);
1234 diff -urN linux-2.4.22/arch/ppc64/kernel/ioctl32.c linux-2.4.22/arch/ppc64/kernel/ioctl32.c
1235 --- linux-2.4.22/arch/ppc64/kernel/ioctl32.c 2003-09-01 22:19:33.000000000 -0400
1236 +++ linux-2.4.22/arch/ppc64/kernel/ioctl32.c 2003-09-02 19:29:41.000000000 -0400
1237 @@ -1800,7 +1800,11 @@
1238 * To have permissions to do most of the vt ioctls, we either have
1239 * to be the owner of the tty, or super-user.
1241 +#ifdef CONFIG_GRKERNSEC
1242 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1244 if (current->tty == tty || suser())
1249 diff -urN linux-2.4.22/arch/s390/config.in linux-2.4.22/arch/s390/config.in
1250 --- linux-2.4.22/arch/s390/config.in 2003-09-01 22:19:39.000000000 -0400
1251 +++ linux-2.4.22/arch/s390/config.in 2003-09-02 19:29:41.000000000 -0400
1254 source crypto/Config.in
1255 source lib/Config.in
1257 +mainmenu_option next_comment
1258 +comment 'Grsecurity'
1259 +bool 'Grsecurity' CONFIG_GRKERNSEC
1260 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1261 + source grsecurity/Config.in
1264 diff -urN linux-2.4.22/arch/s390x/config.in linux-2.4.22/arch/s390x/config.in
1265 --- linux-2.4.22/arch/s390x/config.in 2003-09-01 22:19:44.000000000 -0400
1266 +++ linux-2.4.22/arch/s390x/config.in 2003-09-02 19:29:41.000000000 -0400
1269 source crypto/Config.in
1270 source lib/Config.in
1272 +mainmenu_option next_comment
1273 +comment 'Grsecurity'
1274 +bool 'Grsecurity' CONFIG_GRKERNSEC
1275 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1276 + source grsecurity/Config.in
1279 diff -urN linux-2.4.22/arch/sh/config.in linux-2.4.22/arch/sh/config.in
1280 --- linux-2.4.22/arch/sh/config.in 2003-09-01 22:19:38.000000000 -0400
1281 +++ linux-2.4.22/arch/sh/config.in 2003-09-02 19:29:41.000000000 -0400
1282 @@ -469,3 +469,11 @@
1284 source crypto/Config.in
1285 source lib/Config.in
1287 +mainmenu_option next_comment
1288 +comment 'Grsecurity'
1289 +bool 'Grsecurity' CONFIG_GRKERNSEC
1290 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1291 + source grsecurity/Config.in
1294 diff -urN linux-2.4.22/arch/sparc/boot/Makefile linux-2.4.22/arch/sparc/boot/Makefile
1295 --- linux-2.4.22/arch/sparc/boot/Makefile 2003-09-01 22:19:34.000000000 -0400
1296 +++ linux-2.4.22/arch/sparc/boot/Makefile 2003-09-02 19:29:41.000000000 -0400
1299 BTOBJS := $(HEAD) init/main.o init/version.o init/do_mounts.o
1300 BTLIBS := $(CORE_FILES_NO_BTFIX) $(FILESYSTEMS) \
1301 - $(DRIVERS) $(NETWORKS)
1302 + $(DRIVERS) $(NETWORKS) $(GRSECURITY)
1304 # I wanted to make this depend upon BTOBJS so that a parallel
1305 # build would work, but this fails because $(HEAD) cannot work
1306 diff -urN linux-2.4.22/arch/sparc/config.in linux-2.4.22/arch/sparc/config.in
1307 --- linux-2.4.22/arch/sparc/config.in 2003-09-01 22:19:34.000000000 -0400
1308 +++ linux-2.4.22/arch/sparc/config.in 2003-09-02 19:29:41.000000000 -0400
1309 @@ -277,3 +277,11 @@
1311 source crypto/Config.in
1312 source lib/Config.in
1314 +mainmenu_option next_comment
1315 +comment 'Grsecurity'
1316 +bool 'Grsecurity' CONFIG_GRKERNSEC
1317 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1318 + source grsecurity/Config.in
1321 diff -urN linux-2.4.22/arch/sparc/kernel/ptrace.c linux-2.4.22/arch/sparc/kernel/ptrace.c
1322 --- linux-2.4.22/arch/sparc/kernel/ptrace.c 2003-09-01 22:19:34.000000000 -0400
1323 +++ linux-2.4.22/arch/sparc/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
1325 #include <linux/user.h>
1326 #include <linux/smp.h>
1327 #include <linux/smp_lock.h>
1328 +#include <linux/grsecurity.h>
1330 #include <asm/pgtable.h>
1331 #include <asm/system.h>
1336 + if(gr_handle_ptrace(child, request))
1339 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1340 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1341 if (ptrace_attach(child)) {
1342 diff -urN linux-2.4.22/arch/sparc/kernel/sys_sparc.c linux-2.4.22/arch/sparc/kernel/sys_sparc.c
1343 --- linux-2.4.22/arch/sparc/kernel/sys_sparc.c 2003-09-01 22:19:34.000000000 -0400
1344 +++ linux-2.4.22/arch/sparc/kernel/sys_sparc.c 2003-09-02 19:29:41.000000000 -0400
1346 #include <linux/utsname.h>
1347 #include <linux/smp.h>
1348 #include <linux/smp_lock.h>
1349 +#include <linux/grsecurity.h>
1351 #include <asm/uaccess.h>
1352 #include <asm/ipc.h>
1353 @@ -243,6 +256,12 @@
1354 if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE)
1357 + if (gr_handle_mmap(file, prot)) {
1363 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1365 down_write(¤t->mm->mmap_sem);
1366 diff -urN linux-2.4.22/arch/sparc64/config.in linux-2.4.22/arch/sparc64/config.in
1367 --- linux-2.4.22/arch/sparc64/config.in 2003-09-01 22:19:37.000000000 -0400
1368 +++ linux-2.4.22/arch/sparc64/config.in 2003-09-02 19:29:41.000000000 -0400
1369 @@ -311,3 +311,11 @@
1371 source crypto/Config.in
1372 source lib/Config.in
1374 +mainmenu_option next_comment
1375 +comment 'Grsecurity'
1376 +bool 'Grsecurity' CONFIG_GRKERNSEC
1377 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
1378 + source grsecurity/Config.in
1381 diff -urN linux-2.4.22/arch/sparc64/kernel/ioctl32.c linux-2.4.22/arch/sparc64/kernel/ioctl32.c
1382 --- linux-2.4.22/arch/sparc64/kernel/ioctl32.c 2003-09-01 22:19:37.000000000 -0400
1383 +++ linux-2.4.22/arch/sparc64/kernel/ioctl32.c 2003-09-02 19:29:41.000000000 -0400
1384 @@ -2046,7 +2046,11 @@
1385 * To have permissions to do most of the vt ioctls, we either have
1386 * to be the owner of the tty, or super-user.
1388 +#ifdef CONFIG_GRKERNSEC
1389 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1391 if (current->tty == tty || suser())
1396 diff -urN linux-2.4.22/arch/sparc64/kernel/ptrace.c linux-2.4.22/arch/sparc64/kernel/ptrace.c
1397 --- linux-2.4.22/arch/sparc64/kernel/ptrace.c 2003-09-01 22:19:37.000000000 -0400
1398 +++ linux-2.4.22/arch/sparc64/kernel/ptrace.c 2003-09-02 19:29:41.000000000 -0400
1400 #include <linux/user.h>
1401 #include <linux/smp.h>
1402 #include <linux/smp_lock.h>
1403 +#include <linux/grsecurity.h>
1405 #include <asm/asi.h>
1406 #include <asm/pgtable.h>
1407 @@ -161,6 +162,11 @@
1411 + if (gr_handle_ptrace(child, (long)request)) {
1412 + pt_error_return(regs, EPERM);
1416 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1417 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1418 if (ptrace_attach(child)) {
1419 diff -urN linux-2.4.22/arch/sparc64/kernel/sys_sparc.c linux-2.4.22/arch/sparc64/kernel/sys_sparc.c
1420 --- linux-2.4.22/arch/sparc64/kernel/sys_sparc.c 2003-09-01 22:19:37.000000000 -0400
1421 +++ linux-2.4.22/arch/sparc64/kernel/sys_sparc.c 2003-09-02 19:29:41.000000000 -0400
1423 #include <linux/slab.h>
1424 #include <linux/ipc.h>
1425 #include <linux/personality.h>
1426 +#include <linux/grsecurity.h>
1428 #include <asm/uaccess.h>
1429 #include <asm/ipc.h>
1430 @@ -289,6 +297,12 @@
1435 + if (gr_handle_mmap(file, prot)) {
1440 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
1441 len = PAGE_ALIGN(len);
1443 diff -urN linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c
1444 --- linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c 2003-09-01 22:19:37.000000000 -0400
1445 +++ linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c 2003-09-02 19:29:41.000000000 -0400
1447 #include <linux/sysctl.h>
1448 #include <linux/dnotify.h>
1449 #include <linux/netfilter_ipv4/ip_tables.h>
1450 +#include <linux/random.h>
1451 +#include <linux/grsecurity.h>
1453 #include <asm/types.h>
1454 #include <asm/ipc.h>
1455 @@ -3233,6 +3235,11 @@
1459 +#ifdef CONFIG_GRKERNSEC
1460 + struct file *old_exec_file;
1461 + struct acl_subject_label *old_acl;
1462 + struct rlimit old_rlim[RLIM_NLIMITS];
1465 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1466 memset(bprm.page, 0, MAX_ARG_PAGES * sizeof(bprm.page[0]));
1467 @@ -3243,6 +3255,20 @@
1471 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
1473 + if (gr_handle_nproc()) {
1474 + allow_write_access(file);
1479 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
1480 + allow_write_access(file);
1486 bprm.filename = filename;
1488 @@ -3263,11 +3289,24 @@
1492 + if(!gr_tpe_allow(file)) {
1497 + if (gr_check_crash_exec(file)) {
1502 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
1508 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
1510 retval = copy_strings32(bprm.envc, envp, &bprm);
1513 @@ -3276,11 +3315,32 @@
1517 +#ifdef CONFIG_GRKERNSEC
1518 + old_acl = current->acl;
1519 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
1520 + old_exec_file = current->exec_file;
1522 + current->exec_file = file;
1525 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
1527 retval = search_binary_handler(&bprm, regs);
1529 + if (retval >= 0) {
1530 +#ifdef CONFIG_GRKERNSEC
1531 + if (old_exec_file)
1532 + fput(old_exec_file);
1534 /* execve success */
1538 +#ifdef CONFIG_GRKERNSEC
1539 + current->acl = old_acl;
1540 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
1541 + fput(current->exec_file);
1542 + current->exec_file = old_exec_file;
1545 /* Something went wrong, return the inode and free the argument pages*/
1546 allow_write_access(bprm.file);
1547 diff -urN linux-2.4.22/arch/x86_64/ia32/ia32_ioctl.c linux-2.4.22/arch/x86_64/ia32/ia32_ioctl.c
1548 --- linux-2.4.22/arch/x86_64/ia32/ia32_ioctl.c 2003-09-01 22:19:33.000000000 -0400
1549 +++ linux-2.4.22/arch/x86_64/ia32/ia32_ioctl.c 2003-09-02 19:29:41.000000000 -0400
1550 @@ -1932,7 +1932,11 @@
1551 * To have permissions to do most of the vt ioctls, we either have
1552 * to be the owner of the tty, or super-user.
1554 +#ifdef CONFIG_GRKERNSEC
1555 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1557 if (current->tty == tty || suser())
1562 diff -urN linux-2.4.22/drivers/char/mem.c linux-2.4.22/drivers/char/mem.c
1563 --- linux-2.4.22/drivers/char/mem.c 2003-09-01 22:19:16.000000000 -0400
1564 +++ linux-2.4.22/drivers/char/mem.c 2003-09-02 19:29:41.000000000 -0400
1566 #include <linux/raw.h>
1567 #include <linux/tty.h>
1568 #include <linux/capability.h>
1569 +#include <linux/grsecurity.h>
1571 #include <asm/uaccess.h>
1574 #if defined(CONFIG_S390_TAPE) && defined(CONFIG_S390_TAPE_CHAR)
1575 extern void tapechar_init(void);
1578 +#ifdef CONFIG_GRKERNSEC
1579 +extern struct file_operations grsec_fops;
1582 static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp,
1583 const char * buf, size_t count, loff_t *ppos)
1584 @@ -114,6 +119,11 @@
1585 unsigned long p = *ppos;
1586 unsigned long end_mem;
1588 +#ifdef CONFIG_GRKERNSEC_KMEM
1589 + gr_handle_mem_write();
1593 end_mem = __pa(high_memory);
1596 @@ -186,6 +196,12 @@
1598 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
1600 +#ifdef CONFIG_GRKERNSEC_KMEM
1601 + if (gr_handle_mem_mmap(offset, vma))
1607 * Accessing memory above the top the kernel knows about or
1608 * through a file pointer that was marked O_SYNC will be
1609 @@ -285,6 +301,11 @@
1611 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
1613 +#ifdef CONFIG_GRKERNSEC_KMEM
1614 + gr_handle_kmem_write();
1618 if (p < (unsigned long) high_memory) {
1620 if (count > (unsigned long) high_memory - p)
1621 @@ -517,6 +538,15 @@
1623 static int open_port(struct inode * inode, struct file * filp)
1625 +#ifdef CONFIG_GRKERNSEC_KMEM
1626 + gr_handle_open_port();
1629 + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
1632 +static int open_mem(struct inode * inode, struct file * filp)
1634 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
1637 @@ -574,6 +604,11 @@
1638 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
1639 unsigned long size = vma->vm_end - vma->vm_start;
1641 +#ifdef CONFIG_GRKERNSEC_KMEM
1642 + if (gr_handle_mem_mmap(offset, vma))
1647 * If the user is not attempting to mmap a high memory address then
1648 * the standard mmap_mem mechanism will work. High memory addresses
1650 #define full_lseek null_lseek
1651 #define write_zero write_null
1652 #define read_full read_zero
1653 -#define open_mem open_port
1654 #define open_kmem open_mem
1656 static struct file_operations mem_fops = {
1657 @@ -685,6 +719,11 @@
1659 filp->f_op = &urandom_fops;
1661 +#ifdef CONFIG_GRKERNSEC
1663 + filp->f_op = &grsec_fops;
1669 @@ -711,7 +750,10 @@
1670 {5, "zero", S_IRUGO | S_IWUGO, &zero_fops},
1671 {7, "full", S_IRUGO | S_IWUGO, &full_fops},
1672 {8, "random", S_IRUGO | S_IWUSR, &random_fops},
1673 - {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}
1674 + {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
1675 +#ifdef CONFIG_GRKERNSEC
1676 + {10,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}
1681 diff -urN linux-2.4.22/drivers/char/random.c linux-2.4.22/drivers/char/random.c
1682 --- linux-2.4.22/drivers/char/random.c 2003-09-01 22:19:16.000000000 -0400
1683 +++ linux-2.4.22/drivers/char/random.c 2003-09-02 19:29:42.000000000 -0400
1684 @@ -262,9 +262,15 @@
1686 * Configuration information
1688 +#ifdef CONFIG_GRKERNSEC_RANDNET
1689 +#define DEFAULT_POOL_SIZE 1024
1690 +#define SECONDARY_POOL_SIZE 256
1691 +#define BATCH_ENTROPY_SIZE 512
1693 #define DEFAULT_POOL_SIZE 512
1694 #define SECONDARY_POOL_SIZE 128
1695 #define BATCH_ENTROPY_SIZE 256
1702 * Static global variables
1705 static struct entropy_store *random_state; /* The default global store */
1706 static struct entropy_store *sec_random_state; /* secondary store */
1707 static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
1708 @@ -2202,6 +2209,29 @@
1709 return halfMD4Transform(hash, keyptr->secret);
1712 +#ifdef CONFIG_GRKERNSEC
1713 +/* the following function is provided by PaX under the GPL */
1714 +unsigned long get_random_long(void)
1716 + static time_t rekey_time;
1717 + static __u32 secret[12];
1721 + * Pick a random secret every REKEY_INTERVAL seconds
1724 + if (!rekey_time || (t - rekey_time) > REKEY_INTERVAL) {
1726 + get_random_bytes(secret, sizeof(secret));
1729 + secret[1] = halfMD4Transform(secret+8, secret);
1730 + secret[0] = halfMD4Transform(secret+8, secret);
1731 + return *(unsigned long *)secret;
1735 #ifdef CONFIG_SYN_COOKIES
1737 * Secure SYN cookie computation. This is the algorithm worked out by
1738 diff -urN linux-2.4.22/drivers/char/tty_io.c linux-2.4.22/drivers/char/tty_io.c
1739 --- linux-2.4.22/drivers/char/tty_io.c 2003-09-01 22:19:16.000000000 -0400
1740 +++ linux-2.4.22/drivers/char/tty_io.c 2003-09-02 19:29:42.000000000 -0400
1742 #include <linux/vt_kern.h>
1743 #include <linux/selection.h>
1744 #include <linux/devfs_fs_kernel.h>
1746 +#include <linux/grsecurity.h>
1747 #include <linux/kmod.h>
1750 @@ -1402,7 +1402,11 @@
1752 filp->f_flags = saved_flags;
1754 +#ifdef CONFIG_GRKERNSEC
1755 + if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
1757 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
1762 @@ -1504,7 +1508,11 @@
1766 +#ifdef CONFIG_GRKERNSEC
1767 + if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
1769 if ((current->tty != tty) && !suser())
1772 if (get_user(ch, arg))
1774 @@ -1542,7 +1550,11 @@
1775 if (inode->i_rdev == SYSCONS_DEV ||
1776 inode->i_rdev == CONSOLE_DEV) {
1778 +#ifdef CONFIG_GRKERNSEC
1779 + if (!capable(CAP_SYS_TTY_CONFIG))
1784 spin_lock(&redirect_lock);
1786 @@ -1594,7 +1606,11 @@
1787 * This tty is already the controlling
1788 * tty for another session group!
1790 +#ifdef CONFIG_GRKERNSEC
1791 + if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
1793 if ((arg == 1) && suser()) {
1798 diff -urN linux-2.4.22/drivers/char/vt.c linux-2.4.22/drivers/char/vt.c
1799 --- linux-2.4.22/drivers/char/vt.c 2003-09-01 22:19:16.000000000 -0400
1800 +++ linux-2.4.22/drivers/char/vt.c 2003-09-02 19:29:42.000000000 -0400
1802 #include <linux/vt_kern.h>
1803 #include <linux/kbd_diacr.h>
1804 #include <linux/selection.h>
1805 +#include <linux/grsecurity.h>
1807 #ifdef CONFIG_FB_COMPAT_XPMAC
1808 #include <asm/vc_ioctl.h>
1809 @@ -443,7 +444,11 @@
1810 * to be the owner of the tty, or super-user.
1813 +#ifdef CONFIG_GRKERNSEC
1814 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1816 if (current->tty == tty || suser())
1820 kbd = kbd_table + console;
1821 @@ -1038,12 +1043,20 @@
1822 return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
1825 +#ifdef CONFIG_GRKERNSEC
1826 + if (!capable(CAP_SYS_TTY_CONFIG))
1833 case VT_UNLOCKSWITCH:
1834 +#ifdef CONFIG_GRKERNSEC
1835 + if (!capable(CAP_SYS_TTY_CONFIG))
1842 diff -urN linux-2.4.22/drivers/pci/proc.c linux-2.4.22/drivers/pci/proc.c
1843 --- linux-2.4.22/drivers/pci/proc.c 2003-09-01 22:19:22.000000000 -0400
1844 +++ linux-2.4.22/drivers/pci/proc.c 2003-09-02 19:29:42.000000000 -0400
1845 @@ -562,7 +562,15 @@
1846 pci_for_each_dev(dev) {
1847 pci_proc_attach_device(dev);
1849 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
1850 +#ifdef CONFIG_GRKERNSEC_PROC_USER
1851 + entry = create_proc_entry("pci", S_IRUSR, NULL);
1852 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
1853 + entry = create_proc_entry("pci", S_IRUSR | S_IRGRP, NULL);
1856 entry = create_proc_entry("pci", 0, NULL);
1859 entry->proc_fops = &proc_pci_operations;
1861 diff -urN linux-2.4.22/fs/binfmt_aout.c linux-2.4.22/fs/binfmt_aout.c
1862 --- linux-2.4.22/fs/binfmt_aout.c 2003-09-01 22:19:01.000000000 -0400
1863 +++ linux-2.4.22/fs/binfmt_aout.c 2003-09-02 19:29:42.000000000 -0400
1867 #include <linux/module.h>
1868 +#include <linux/config.h>
1870 #include <linux/sched.h>
1871 #include <linux/kernel.h>
1872 @@ -113,10 +114,12 @@
1873 /* If the size of the dump file exceeds the rlimit, then see what would happen
1874 if we wrote the stack, but not the data area. */
1876 + gr_learn_resource(current, RLIMIT_CORE, dump.u_dsize+dump.u_ssize);
1877 if ((dump.u_dsize+dump.u_ssize) >
1878 current->rlim[RLIMIT_CORE].rlim_cur)
1881 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE);
1882 if ((dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE >
1883 current->rlim[RLIMIT_CORE].rlim_cur)
1885 @@ -124,10 +127,12 @@
1887 /* Make sure we have enough room to write the stack and data areas. */
1889 + gr_learn_resource(current, RLIMIT_CORE, dump.u_ssize);
1890 if ((dump.u_ssize) >
1891 current->rlim[RLIMIT_CORE].rlim_cur)
1894 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize+1) * PAGE_SIZE);
1895 if ((dump.u_ssize+1) * PAGE_SIZE >
1896 current->rlim[RLIMIT_CORE].rlim_cur)
1899 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
1900 if (rlim >= RLIM_INFINITY)
1903 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss);
1904 if (ex.a_data + ex.a_bss > rlim)
1907 diff -urN linux-2.4.22/fs/binfmt_elf.c linux-2.4.22/fs/binfmt_elf.c
1908 --- linux-2.4.22/fs/binfmt_elf.c 2003-09-01 22:19:00.000000000 -0400
1909 +++ linux-2.4.22/fs/binfmt_elf.c 2003-09-02 19:29:42.000000000 -0400
1912 #include <linux/module.h>
1914 +#include <linux/config.h>
1915 #include <linux/fs.h>
1916 #include <linux/stat.h>
1917 #include <linux/sched.h>
1919 #include <linux/smp_lock.h>
1920 #include <linux/compiler.h>
1921 #include <linux/highmem.h>
1922 +#include <linux/random.h>
1923 +#include <linux/grsecurity.h>
1925 #include <asm/uaccess.h>
1926 #include <asm/param.h>
1927 #include <asm/pgalloc.h>
1928 +#include <asm/system.h>
1930 #define DLINFO_ITEMS 13
1932 @@ -1026,8 +1184,11 @@
1935 #define DUMP_WRITE(addr, nr) \
1937 + gr_learn_resource(current, RLIMIT_CORE, size + (nr)); \
1938 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
1939 - goto end_coredump;
1940 + goto end_coredump; \
1942 #define DUMP_SEEK(off) \
1943 if (!dump_seek(file, (off))) \
1945 diff -urN linux-2.4.22/fs/buffer.c linux-2.4.22/fs/buffer.c
1946 --- linux-2.4.22/fs/buffer.c 2003-09-01 22:19:00.000000000 -0400
1947 +++ linux-2.4.22/fs/buffer.c 2003-09-02 19:29:42.000000000 -0400
1948 @@ -1810,6 +1810,9 @@
1953 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size);
1955 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
1956 if (limit != RLIM_INFINITY && size > (loff_t)limit) {
1957 send_sig(SIGXFSZ, current, 0);
1958 diff -urN linux-2.4.22/fs/exec.c linux-2.4.22/fs/exec.c
1959 --- linux-2.4.22/fs/exec.c 2003-09-01 22:19:00.000000000 -0400
1960 +++ linux-2.4.22/fs/exec.c 2003-09-02 19:29:42.000000000 -0400
1962 #include <asm/uaccess.h>
1963 #include <asm/pgalloc.h>
1964 #include <asm/mmu_context.h>
1965 +#include <linux/major.h>
1966 +#include <linux/random.h>
1967 +#include <linux/grsecurity.h>
1970 #include <linux/kmod.h>
1972 cap_set_full(bprm->cap_effective);
1975 + if (gr_handle_ptrace_exec(bprm->file->f_dentry, bprm->file->f_vfsmnt))
1978 memset(bprm->buf,0,BINPRM_BUF_SIZE);
1979 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
1982 current->suid = current->euid = current->fsuid = bprm->e_uid;
1983 current->sgid = current->egid = current->fsgid = bprm->e_gid;
1985 + gr_handle_chroot_caps(current);
1989 current->keep_capabilities = 0;
1990 @@ -907,6 +944,11 @@
1994 +#ifdef CONFIG_GRKERNSEC
1995 + struct file *old_exec_file;
1996 + struct acl_subject_label *old_acl;
1997 + struct rlimit old_rlim[RLIM_NLIMITS];
2000 file = open_exec(filename);
2002 @@ -914,6 +956,20 @@
2006 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes));
2008 + if (gr_handle_nproc()) {
2009 + allow_write_access(file);
2014 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
2015 + allow_write_access(file);
2020 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
2021 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
2023 @@ -938,11 +999,26 @@
2027 + if (!gr_tpe_allow(file)) {
2032 + if(gr_check_crash_exec(file)) {
2037 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
2043 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
2045 + gr_handle_exec_args(&bprm, argv);
2047 retval = copy_strings(bprm.envc, envp, &bprm);
2050 @@ -951,11 +1027,32 @@
2054 +#ifdef CONFIG_GRKERNSEC
2055 + old_acl = current->acl;
2056 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
2057 + old_exec_file = current->exec_file;
2059 + current->exec_file = file;
2062 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
2064 retval = search_binary_handler(&bprm,regs);
2066 + if (retval >= 0) {
2067 +#ifdef CONFIG_GRKERNSEC
2068 + if (old_exec_file)
2069 + fput(old_exec_file);
2071 /* execve success */
2075 +#ifdef CONFIG_GRKERNSEC
2076 + current->acl = old_acl;
2077 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
2078 + fput(current->exec_file);
2079 + current->exec_file = old_exec_file;
2082 /* Something went wrong, return the inode and free the argument pages*/
2083 allow_write_access(bprm.file);
2084 @@ -1112,6 +1246,7 @@
2085 if (!is_dumpable(current))
2087 current->mm->dumpable = 0;
2088 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump);
2089 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
2092 @@ -1131,7 +1266,7 @@
2094 if (!file->f_op->write)
2096 - if (do_truncate(file->f_dentry, 0) != 0)
2097 + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)
2100 retval = binfmt->core_dump(signr, regs, file);
2101 diff -urN linux-2.4.22/fs/fcntl.c linux-2.4.22/fs/fcntl.c
2102 --- linux-2.4.22/fs/fcntl.c 2003-09-01 22:19:00.000000000 -0400
2103 +++ linux-2.4.22/fs/fcntl.c 2003-09-02 19:29:42.000000000 -0400
2105 #include <linux/smp_lock.h>
2106 #include <linux/slab.h>
2107 #include <linux/iobuf.h>
2108 +#include <linux/grsecurity.h>
2110 #include <asm/poll.h>
2111 #include <asm/siginfo.h>
2116 + gr_learn_resource(current, RLIMIT_NOFILE, orig_start);
2118 write_lock(&files->file_lock);
2125 + gr_learn_resource(current, RLIMIT_NOFILE, newfd);
2126 if (newfd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2130 struct file * file, *tofree;
2131 struct files_struct * files = current->files;
2133 + gr_learn_resource(current, RLIMIT_NOFILE, newfd);
2135 write_lock(&files->file_lock);
2136 if (!(file = fcheck(oldfd)))
2138 @@ -448,6 +454,10 @@
2142 + if (gr_check_protected_task(p))
2144 + if (gr_pid_is_chrooted(p))
2146 send_sigio_to_task(p, fown, fd, band);
2149 diff -urN linux-2.4.22/fs/locks.c linux-2.4.22/fs/locks.c
2150 --- linux-2.4.22/fs/locks.c 2003-09-01 22:19:00.000000000 -0400
2151 +++ linux-2.4.22/fs/locks.c 2003-09-02 19:29:42.000000000 -0400
2153 static struct file_lock *locks_alloc_lock(int account)
2155 struct file_lock *fl;
2156 + if(account) gr_learn_resource(current, RLIMIT_LOCKS, current->locks);
2157 if (account && current->locks >= current->rlim[RLIMIT_LOCKS].rlim_cur)
2159 fl = kmem_cache_alloc(filelock_cache, SLAB_KERNEL);
2160 diff -urN linux-2.4.22/fs/namei.c linux-2.4.22/fs/namei.c
2161 --- linux-2.4.22/fs/namei.c 2003-09-01 22:19:00.000000000 -0400
2162 +++ linux-2.4.22/fs/namei.c 2003-09-02 19:29:42.000000000 -0400
2164 #include <linux/dnotify.h>
2165 #include <linux/smp_lock.h>
2166 #include <linux/personality.h>
2167 +#include <linux/grsecurity.h>
2169 #include <asm/namei.h>
2170 #include <asm/uaccess.h>
2171 @@ -343,6 +344,13 @@
2172 current->state = TASK_RUNNING;
2176 + if (gr_handle_follow_link(dentry->d_parent->d_inode,
2177 + dentry->d_inode, dentry, nd->mnt)) {
2182 current->link_count++;
2183 current->total_link_count++;
2184 UPDATE_ATIME(dentry->d_inode);
2185 @@ -643,6 +651,10 @@
2189 + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) {
2196 @@ -1005,7 +1017,7 @@
2197 struct dentry *dentry;
2202 acc_mode = ACC_MODE(flag);
2205 @@ -1015,7 +1027,19 @@
2206 error = path_lookup(pathname, lookup_flags(flag), nd);
2210 + if (gr_handle_rawio(nd->dentry->d_inode)) {
2215 + if (!gr_acl_handle_open(nd->dentry, nd->mnt, flag)) {
2220 dentry = nd->dentry;
2225 @@ -1048,7 +1072,16 @@
2226 if (!dentry->d_inode) {
2227 if (!IS_POSIXACL(dir->d_inode))
2228 mode &= ~current->fs->umask;
2229 + if (!gr_acl_handle_creat(dentry, nd->dentry, nd->mnt, flag, mode)) {
2231 + up(&dir->d_inode->i_sem);
2235 error = vfs_create(dir->d_inode, dentry, mode);
2237 + gr_handle_create(dentry, nd->mnt);
2239 up(&dir->d_inode->i_sem);
2241 nd->dentry = dentry;
2242 @@ -1058,12 +1091,35 @@
2243 /* Don't check for write permission, don't truncate */
2251 * It already exists.
2254 + if (gr_acl_is_enabled() && S_ISBLK(dentry->d_inode->i_mode) &&
2255 + !capable(CAP_SYS_RAWIO)) {
2257 + up(&dir->d_inode->i_sem);
2261 + if (!gr_acl_handle_open(dentry, nd->mnt, flag)) {
2263 + up(&dir->d_inode->i_sem);
2267 + inode = dentry->d_inode;
2269 + if (gr_handle_fifo(dentry, nd->mnt, dir, flag, acc_mode)) {
2270 + up(&dir->d_inode->i_sem);
2275 up(&dir->d_inode->i_sem);
2278 @@ -1153,7 +1209,7 @@
2282 - error = do_truncate(dentry, 0);
2283 + error = do_truncate(dentry,0,nd->mnt);
2285 put_write_access(inode);
2287 @@ -1184,6 +1240,13 @@
2288 * stored in nd->last.name and we will have to putname() it when we
2289 * are done. Procfs-like symlinks just set LAST_BIND.
2292 + if (gr_handle_follow_link(dentry->d_parent->d_inode, dentry->d_inode,
2293 + dentry, nd->mnt)) {
2298 UPDATE_ATIME(dentry->d_inode);
2299 error = dentry->d_inode->i_op->follow_link(dentry, nd);
2301 @@ -1282,6 +1345,18 @@
2302 if (!IS_POSIXACL(nd.dentry->d_inode))
2303 mode &= ~current->fs->umask;
2304 if (!IS_ERR(dentry)) {
2305 + if (gr_handle_chroot_mknod(dentry, nd.mnt, mode)) {
2311 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
2317 switch (mode & S_IFMT) {
2318 case 0: case S_IFREG:
2319 error = vfs_create(nd.dentry->d_inode,dentry,mode);
2320 @@ -1295,8 +1370,13 @@
2326 + gr_handle_create(dentry, nd.mnt);
2331 up(&nd.dentry->d_inode->i_sem);
2334 @@ -1348,7 +1428,16 @@
2335 if (!IS_ERR(dentry)) {
2336 if (!IS_POSIXACL(nd.dentry->d_inode))
2337 mode &= ~current->fs->umask;
2338 - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
2341 + if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
2345 + error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
2347 + gr_handle_create(dentry, nd.mnt);
2351 up(&nd.dentry->d_inode->i_sem);
2352 @@ -1433,6 +1522,8 @@
2354 struct dentry *dentry;
2355 struct nameidata nd;
2356 + ino_t saved_ino = 0;
2357 + kdev_t saved_dev = 0;
2359 name = getname(pathname);
2361 @@ -1457,7 +1548,22 @@
2362 dentry = lookup_hash(&nd.last, nd.dentry);
2363 error = PTR_ERR(dentry);
2364 if (!IS_ERR(dentry)) {
2365 - error = vfs_rmdir(nd.dentry->d_inode, dentry);
2367 + if (dentry->d_inode) {
2368 + if (dentry->d_inode->i_nlink <= 1) {
2369 + saved_ino = dentry->d_inode->i_ino;
2370 + saved_dev = dentry->d_inode->i_dev;
2373 + if (!gr_acl_handle_rmdir(dentry, nd.mnt))
2378 + error = vfs_rmdir(nd.dentry->d_inode, dentry);
2379 + if (!error && (saved_dev || saved_ino))
2380 + gr_handle_delete(saved_ino,saved_dev);
2384 up(&nd.dentry->d_inode->i_sem);
2385 @@ -1501,6 +1607,8 @@
2387 struct dentry *dentry;
2388 struct nameidata nd;
2389 + ino_t saved_ino = 0;
2390 + kdev_t saved_dev = 0;
2392 name = getname(pathname);
2394 @@ -1519,7 +1627,21 @@
2395 /* Why not before? Because we want correct error value */
2396 if (nd.last.name[nd.last.len])
2398 - error = vfs_unlink(nd.dentry->d_inode, dentry);
2400 + if (dentry->d_inode) {
2401 + if (dentry->d_inode->i_nlink <= 1) {
2402 + saved_ino = dentry->d_inode->i_ino;
2403 + saved_dev = dentry->d_inode->i_dev;
2406 + if (!gr_acl_handle_unlink(dentry, nd.mnt))
2411 + error = vfs_unlink(nd.dentry->d_inode, dentry);
2412 + if (!error && (saved_ino || saved_dev))
2413 + gr_handle_delete(saved_ino,saved_dev);
2417 @@ -1583,7 +1705,15 @@
2418 dentry = lookup_create(&nd, 0);
2419 error = PTR_ERR(dentry);
2420 if (!IS_ERR(dentry)) {
2421 - error = vfs_symlink(nd.dentry->d_inode, dentry, from);
2424 + if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from))
2428 + error = vfs_symlink(nd.dentry->d_inode, dentry, from);
2430 + gr_handle_create(dentry, nd.mnt);
2433 up(&nd.dentry->d_inode->i_sem);
2434 @@ -1667,7 +1797,27 @@
2435 new_dentry = lookup_create(&nd, 0);
2436 error = PTR_ERR(new_dentry);
2437 if (!IS_ERR(new_dentry)) {
2438 - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
2441 + if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
2442 + old_nd.dentry->d_inode,
2443 + old_nd.dentry->d_inode->i_mode, to)) {
2448 + if (!gr_acl_handle_link(new_dentry, nd.dentry, nd.mnt,
2449 + old_nd.dentry, old_nd.mnt, to)) {
2454 + error = vfs_link(old_nd.dentry,
2455 + nd.dentry->d_inode, new_dentry);
2458 + gr_handle_create(new_dentry, nd.mnt);
2462 up(&nd.dentry->d_inode->i_sem);
2463 @@ -1898,10 +2048,15 @@
2464 if (IS_ERR(new_dentry))
2468 - error = vfs_rename(old_dir->d_inode, old_dentry,
2469 + error = gr_acl_handle_rename(new_dentry, newnd.dentry, newnd.mnt,
2470 + old_dentry, old_dir->d_inode, oldnd.mnt, newname);
2474 + error = vfs_rename(old_dir->d_inode, old_dentry,
2475 new_dir->d_inode, new_dentry);
2482 diff -urN linux-2.4.22/fs/namespace.c linux-2.4.22/fs/namespace.c
2483 --- linux-2.4.22/fs/namespace.c 2003-09-01 22:19:00.000000000 -0400
2484 +++ linux-2.4.22/fs/namespace.c 2003-09-02 19:29:42.000000000 -0400
2486 #include <linux/quotaops.h>
2487 #include <linux/acct.h>
2488 #include <linux/module.h>
2489 +#include <linux/sched.h>
2490 +#include <linux/grsecurity.h>
2492 #include <asm/uaccess.h>
2496 retval = do_remount_sb(sb, MS_RDONLY, 0);
2499 + gr_log_remount(mnt->mnt_devname, retval);
2501 up_write(&sb->s_umount);
2505 spin_unlock(&dcache_lock);
2506 up_write(¤t->namespace->sem);
2508 + gr_log_unmount(mnt->mnt_devname, retval);
2513 @@ -729,6 +736,12 @@
2517 + if (gr_handle_chroot_mount(nd.dentry, nd.mnt, dev_name)) {
2519 + path_release(&nd);
2523 if (flags & MS_REMOUNT)
2524 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
2527 retval = do_add_mount(&nd, type_page, flags, mnt_flags,
2528 dev_name, data_page);
2531 + gr_log_mount(dev_name, dir_name, retval);
2537 if (!capable(CAP_SYS_ADMIN))
2540 + if (gr_handle_chroot_pivot())
2545 error = __user_walk(new_root, LOOKUP_POSITIVE|LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd);
2546 diff -urN linux-2.4.22/fs/open.c linux-2.4.22/fs/open.c
2547 --- linux-2.4.22/fs/open.c 2003-09-01 22:19:00.000000000 -0400
2548 +++ linux-2.4.22/fs/open.c 2003-09-02 19:29:42.000000000 -0400
2550 #include <linux/slab.h>
2551 #include <linux/tty.h>
2552 #include <linux/iobuf.h>
2553 +#include <linux/grsecurity.h>
2555 #include <asm/uaccess.h>
2558 write_unlock(&files->file_lock);
2561 -int do_truncate(struct dentry *dentry, loff_t length)
2562 +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)
2564 struct inode *inode = dentry->d_inode;
2570 + if (!gr_acl_handle_truncate(dentry, mnt))
2573 down_write(&inode->i_alloc_sem);
2574 down(&inode->i_sem);
2575 newattrs.ia_size = length;
2577 error = locks_verify_truncate(inode, NULL, length);
2580 - error = do_truncate(nd.dentry, length);
2581 + error = do_truncate(nd.dentry, length, nd.mnt);
2583 put_write_access(inode);
2587 error = locks_verify_truncate(inode, file, length);
2589 - error = do_truncate(dentry, length);
2590 + error = do_truncate(dentry, length, file->f_vfsmnt);
2594 @@ -286,6 +290,12 @@
2595 (error = permission(inode,MAY_WRITE)) != 0)
2599 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
2601 + goto dput_and_out;
2604 error = notify_change(nd.dentry, &newattrs);
2607 @@ -331,6 +341,12 @@
2608 (error = permission(inode,MAY_WRITE)) != 0)
2612 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
2614 + goto dput_and_out;
2617 error = notify_change(nd.dentry, &newattrs);
2620 @@ -373,6 +389,10 @@
2621 if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
2622 && !special_file(nd.dentry->d_inode->i_mode))
2625 + if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode))
2635 + gr_log_chdir(nd.dentry, nd.mnt);
2637 set_fs_pwd(current->fs, nd.mnt, nd.dentry);
2640 @@ -426,6 +448,13 @@
2643 error = permission(inode, MAY_EXEC);
2645 + if (!error && !gr_chroot_fchdir(dentry, mnt))
2649 + gr_log_chdir(dentry, mnt);
2652 set_fs_pwd(current->fs, mnt, dentry);
2654 @@ -452,8 +481,16 @@
2655 if (!capable(CAP_SYS_CHROOT))
2658 + if (gr_handle_chroot_chroot(nd.dentry, nd.mnt))
2659 + goto dput_and_out;
2661 set_fs_root(current->fs, nd.mnt, nd.dentry);
2664 + gr_handle_chroot_caps(current);
2666 + gr_handle_chroot_chdir(nd.dentry, nd.mnt);
2671 @@ -482,8 +519,20 @@
2673 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2676 + if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) {
2681 if (mode == (mode_t) -1)
2682 mode = inode->i_mode;
2684 + if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) {
2689 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
2690 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
2691 err = notify_change(dentry, &newattrs);
2692 @@ -514,8 +563,19 @@
2693 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2696 + if (!gr_acl_handle_chmod(nd.dentry, nd.mnt, mode)) {
2698 + goto dput_and_out;
2701 if (mode == (mode_t) -1)
2702 mode = inode->i_mode;
2704 + if (gr_handle_chroot_chmod(nd.dentry, nd.mnt, mode)) {
2706 + goto dput_and_out;
2709 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
2710 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
2711 error = notify_change(nd.dentry, &newattrs);
2716 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
2717 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
2719 struct inode * inode;
2721 @@ -543,6 +603,12 @@
2723 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
2726 + if (!gr_acl_handle_chown(dentry, mnt)) {
2731 if (user == (uid_t) -1)
2732 user = inode->i_uid;
2733 if (group == (gid_t) -1)
2736 error = user_path_walk(filename, &nd);
2738 - error = chown_common(nd.dentry, user, group);
2739 + error = chown_common(nd.dentry, user, group, nd.mnt);
2745 error = user_path_walk_link(filename, &nd);
2747 - error = chown_common(nd.dentry, user, group);
2748 + error = chown_common(nd.dentry, user, group, nd.mnt);
2756 - error = chown_common(file->f_dentry, user, group);
2757 + error = chown_common(file->f_dentry, user,
2758 + group, file->f_vfsmnt);
2763 * N.B. For clone tasks sharing a files structure, this test
2764 * will limit the total number of files that can be opened.
2766 + gr_learn_resource(current, RLIMIT_NOFILE, fd);
2767 if (fd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
2770 diff -urN linux-2.4.22/fs/proc/array.c linux-2.4.22/fs/proc/array.c
2771 --- linux-2.4.22/fs/proc/array.c 2003-09-01 22:19:00.000000000 -0400
2772 +++ linux-2.4.22/fs/proc/array.c 2003-09-02 19:29:42.000000000 -0400
2773 @@ -334,6 +340,12 @@
2775 wchan = get_wchan(task);
2777 +#ifdef CONFIG_GRKERNSEC_HIDESYM
2783 collect_sigign_sigcatch(task, &sigign, &sigcatch);
2785 /* scale priority and nice values from timeslices to -20..20 */
2786 @@ -684,6 +728,16 @@
2790 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2791 +int proc_pid_ipaddr(struct task_struct *task, char * buffer)
2795 + len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->curr_ip));
2801 int proc_pid_cpu(struct task_struct *task, char * buffer)
2803 diff -urN linux-2.4.22/fs/proc/base.c linux-2.4.22/fs/proc/base.c
2804 --- linux-2.4.22/fs/proc/base.c 2003-09-01 22:19:00.000000000 -0400
2805 +++ linux-2.4.22/fs/proc/base.c 2003-09-02 19:29:42.000000000 -0400
2807 #include <linux/string.h>
2808 #include <linux/seq_file.h>
2809 #include <linux/namespace.h>
2810 +#include <linux/grsecurity.h>
2813 * For hysterical raisins we keep the same inumbers as in the old procfs.
2815 int proc_pid_status(struct task_struct*,char*);
2816 int proc_pid_statm(struct task_struct*,char*);
2817 int proc_pid_cpu(struct task_struct*,char*);
2818 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2819 +int proc_pid_ipaddr(struct task_struct*,char*);
2822 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
2824 @@ -264,9 +268,22 @@
2826 static int proc_permission(struct inode *inode, int mask)
2829 + struct task_struct *task;
2831 if (vfs_permission(inode, mask) != 0)
2833 - return proc_check_root(inode);
2834 + ret = proc_check_root(inode);
2839 + task = inode->u.proc_i.task;
2844 + return gr_acl_handle_procpidmem(task);
2847 static ssize_t pid_maps_read(struct file * file, char * buf,
2852 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2856 PROC_PID_FD_DIR = 0x8000, /* 0x8000-0xffff */
2860 E(PROC_PID_CPU, "cpu", S_IFREG|S_IRUGO),
2862 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2863 + E(PROC_PID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
2865 E(PROC_PID_MAPS, "maps", S_IFREG|S_IRUGO),
2866 E(PROC_PID_MEM, "mem", S_IFREG|S_IRUSR|S_IWUSR),
2867 E(PROC_PID_CWD, "cwd", S_IFLNK|S_IRWXUGO),
2868 @@ -747,10 +770,17 @@
2869 get_task_struct(task);
2870 inode->u.proc_i.task = task;
2872 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2873 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
2878 if (ino == PROC_PID_INO || task_dumpable(task)) {
2879 inode->i_uid = task->euid;
2880 +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP
2881 inode->i_gid = task->egid;
2886 @@ -958,6 +988,12 @@
2887 inode->u.proc_i.op.proc_read = proc_pid_cpu;
2890 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
2891 + case PROC_PID_IPADDR:
2892 + inode->i_fop = &proc_info_file_operations;
2893 + inode->u.proc_i.op.proc_read = proc_pid_ipaddr;
2897 inode->i_op = &proc_mem_inode_operations;
2898 inode->i_fop = &proc_mem_operations;
2899 @@ -1056,13 +1092,34 @@
2903 + if(gr_check_hidden_task(task)) {
2904 + free_task_struct(task);
2908 +#ifdef CONFIG_GRKERNSEC_PROC
2909 + if (current->uid && (task->uid != current->uid)
2910 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2911 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
2914 + free_task_struct(task);
2918 inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);
2920 free_task_struct(task);
2924 +#ifdef CONFIG_GRKERNSEC_PROC_USER
2925 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
2926 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
2927 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
2929 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
2931 inode->i_op = &proc_base_inode_operations;
2932 inode->i_fop = &proc_base_operations;
2934 @@ -1102,6 +1159,18 @@
2938 + if(gr_pid_is_chrooted(p))
2940 + if(gr_check_hidden_task(p))
2942 +#ifdef CONFIG_GRKERNSEC_PROC
2943 + if (current->uid && (p->uid != current->uid)
2944 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2945 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
2952 pids[nr_pids] = pid;
2953 diff -urN linux-2.4.22/fs/proc/generic.c linux-2.4.22/fs/proc/generic.c
2954 --- linux-2.4.22/fs/proc/generic.c 2003-09-01 22:19:00.000000000 -0400
2955 +++ linux-2.4.22/fs/proc/generic.c 2003-09-02 19:29:42.000000000 -0400
2956 @@ -503,6 +503,32 @@
2960 +#ifdef CONFIG_GRKERNSEC_PROC
2961 +struct proc_dir_entry *proc_priv_mkdir(const char *name, struct proc_dir_entry *parent)
2963 + struct proc_dir_entry *ent;
2966 +#ifdef CONFIG_GRKERNSEC_PROC_USER
2967 + mode = S_IFDIR | S_IRUSR | S_IXUSR;
2968 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
2969 + mode = S_IFDIR | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP;
2972 + ent = proc_create(&parent, name, mode, 2);
2974 + ent->proc_fops = &proc_dir_operations;
2975 + ent->proc_iops = &proc_dir_inode_operations;
2977 + if (proc_register(parent, ent) < 0) {
2986 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
2987 struct proc_dir_entry *parent)
2989 diff -urN linux-2.4.22/fs/proc/inode.c linux-2.4.22/fs/proc/inode.c
2990 --- linux-2.4.22/fs/proc/inode.c 2003-09-01 22:19:00.000000000 -0400
2991 +++ linux-2.4.22/fs/proc/inode.c 2003-09-02 19:29:42.000000000 -0400
2992 @@ -152,7 +152,11 @@
2994 inode->i_mode = de->mode;
2995 inode->i_uid = de->uid;
2996 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
2997 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
2999 inode->i_gid = de->gid;
3003 inode->i_size = de->size;
3004 diff -urN linux-2.4.22/fs/proc/proc_misc.c linux-2.4.22/fs/proc/proc_misc.c
3005 --- linux-2.4.22/fs/proc/proc_misc.c 2003-09-01 22:19:00.000000000 -0400
3006 +++ linux-2.4.22/fs/proc/proc_misc.c 2003-09-02 19:29:42.000000000 -0400
3008 void __init proc_misc_init(void)
3010 struct proc_dir_entry *entry;
3014 int (*read_proc)(char*,char**,off_t,int,int*,void*);
3015 @@ -583,48 +584,81 @@
3016 #ifdef CONFIG_STRAM_PROC
3017 {"stram", stram_read_proc},
3019 -#ifdef CONFIG_MODULES
3020 +#if defined(CONFIG_MODULES) && !defined(CONFIG_GRKERNSEC_PROC)
3021 {"modules", modules_read_proc},
3023 {"stat", kstat_read_proc},
3024 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3025 {"devices", devices_read_proc},
3026 -#if !defined(CONFIG_ARCH_S390)
3028 +#if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
3029 {"interrupts", interrupts_read_proc},
3031 {"filesystems", filesystems_read_proc},
3032 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3033 {"dma", dma_read_proc},
3034 {"ioports", ioports_read_proc},
3035 {"cmdline", cmdline_read_proc},
3037 #ifdef CONFIG_SGI_DS1286
3038 {"rtc", ds1286_read_proc},
3040 {"locks", locks_read_proc},
3041 {"swaps", swaps_read_proc},
3042 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3043 {"iomem", memory_read_proc},
3045 {"execdomains", execdomains_read_proc},
3048 for (p = simple_ones; p->name; p++)
3049 create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
3051 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3052 + gr_mode = S_IRUSR;
3053 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
3054 + gr_mode = S_IRUSR | S_IRGRP;
3057 +#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)
3058 + create_proc_read_entry("modules", gr_mode, NULL, &modules_read_proc, NULL);
3060 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3061 + create_proc_read_entry("devices", gr_mode, NULL, &devices_read_proc, NULL);
3062 + create_proc_read_entry("dma", gr_mode, NULL, &dma_read_proc, NULL);
3063 + create_proc_read_entry("ioports", gr_mode, NULL, &ioports_read_proc, NULL);
3064 + create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL);
3065 + create_proc_read_entry("iomem", gr_mode, NULL, &memory_read_proc, NULL);
3066 +#if !defined(CONFIG_ARCH_S390)
3067 + create_proc_read_entry("interrupts", gr_mode, NULL, &interrupts_read_proc, NULL);
3071 proc_symlink("mounts", NULL, "self/mounts");
3073 /* And now for trickier ones */
3074 entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
3076 entry->proc_fops = &proc_kmsg_operations;
3077 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3078 + create_seq_entry("cpuinfo", gr_mode, &proc_cpuinfo_operations);
3079 + create_seq_entry("slabinfo", gr_mode,&proc_slabinfo_operations);
3081 create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
3082 - create_seq_entry("partitions", 0, &proc_partitions_operations);
3083 create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations);
3085 + create_seq_entry("partitions", 0, &proc_partitions_operations);
3086 #ifdef CONFIG_MODULES
3087 - create_seq_entry("ksyms", 0, &proc_ksyms_operations);
3088 + create_seq_entry("ksyms", gr_mode, &proc_ksyms_operations);
3090 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
3091 proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
3092 if (proc_root_kcore) {
3093 proc_root_kcore->proc_fops = &proc_kcore_operations;
3094 proc_root_kcore->size =
3095 (size_t)high_memory - PAGE_OFFSET + PAGE_SIZE;
3099 entry = create_proc_entry("profile", S_IWUSR | S_IRUGO, NULL);
3101 diff -urN linux-2.4.22/fs/proc/root.c linux-2.4.22/fs/proc/root.c
3102 --- linux-2.4.22/fs/proc/root.c 2003-09-01 22:19:00.000000000 -0400
3103 +++ linux-2.4.22/fs/proc/root.c 2003-09-02 19:29:42.000000000 -0400
3108 +#ifdef CONFIG_GRKERNSEC_PROC
3109 + proc_net = proc_priv_mkdir("net", 0);
3111 proc_net = proc_mkdir("net", 0);
3113 #ifdef CONFIG_SYSVIPC
3114 proc_mkdir("sysvipc", 0);
3116 #ifdef CONFIG_SYSCTL
3117 +#ifdef CONFIG_GRKERNSEC_PROC
3118 + proc_sys_root = proc_priv_mkdir("sys", 0);
3120 proc_sys_root = proc_mkdir("sys", 0);
3123 #if defined(CONFIG_BINFMT_MISC) || defined(CONFIG_BINFMT_MISC_MODULE)
3124 proc_mkdir("sys/fs", 0);
3125 proc_mkdir("sys/fs/binfmt_misc", 0);
3127 #ifdef CONFIG_PPC_RTAS
3131 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
3132 + proc_bus = proc_priv_mkdir("bus", 0);
3134 proc_bus = proc_mkdir("bus", 0);
3138 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry)
3139 diff -urN linux-2.4.22/fs/readdir.c linux-2.4.22/fs/readdir.c
3140 --- linux-2.4.22/fs/readdir.c 2003-09-01 22:19:00.000000000 -0400
3141 +++ linux-2.4.22/fs/readdir.c 2003-09-02 19:29:42.000000000 -0400
3143 #include <linux/stat.h>
3144 #include <linux/file.h>
3145 #include <linux/smp_lock.h>
3146 +#include <linux/grsecurity.h>
3148 #include <asm/uaccess.h>
3151 struct readdir_callback {
3152 struct old_linux_dirent * dirent;
3154 + struct nameidata nd;
3157 static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset,
3158 @@ -191,6 +193,10 @@
3163 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3167 dirent = buf->dirent;
3168 put_user(ino, &dirent->d_ino);
3171 buf.dirent = dirent;
3173 + buf.nd.dentry = file->f_dentry;
3174 + buf.nd.mnt = file->f_vfsmnt;
3176 error = vfs_readdir(file, fillonedir, &buf);
3180 struct linux_dirent * previous;
3183 + struct nameidata nd;
3186 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
3187 @@ -254,6 +264,10 @@
3188 buf->error = -EINVAL; /* only used if we fail.. */
3189 if (reclen > buf->count)
3192 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3195 dirent = buf->previous;
3197 put_user(offset, &dirent->d_off);
3202 + buf.nd.dentry = file->f_dentry;
3203 + buf.nd.mnt = file->f_vfsmnt;
3205 error = vfs_readdir(file, filldir, &buf);
3209 struct linux_dirent64 * previous;
3212 + struct nameidata nd;
3215 static int filldir64(void * __buf, const char * name, int namlen, loff_t offset,
3216 @@ -332,6 +350,10 @@
3217 buf->error = -EINVAL; /* only used if we fail.. */
3218 if (reclen > buf->count)
3221 + if (!gr_acl_handle_filldir(buf->nd.dentry, buf->nd.mnt, ino))
3224 dirent = buf->previous;
3231 + buf.nd.mnt = file->f_vfsmnt;
3232 + buf.nd.dentry = file->f_dentry;
3234 error = vfs_readdir(file, filldir64, &buf);
3237 diff -urN linux-2.4.22/grsecurity/Config.in linux-2.4.22/grsecurity/Config.in
3238 --- linux-2.4.22/grsecurity/Config.in 1969-12-31 19:00:00.000000000 -0500
3239 +++ linux-2.4.22/grsecurity/Config.in 2003-09-02 19:29:42.000000000 -0400
3241 +define_bool CONFIG_CRYPTO y
3242 +define_bool CONFIG_CRYPTO_SHA256 y
3243 +choice 'Security level' \
3244 + "Low CONFIG_GRKERNSEC_LOW \
3245 + Medium CONFIG_GRKERNSEC_MID \
3246 + High CONFIG_GRKERNSEC_HI \
3247 + Customized CONFIG_GRKERNSEC_CUSTOM" Customized
3248 +if [ "$CONFIG_GRKERNSEC_LOW" = "y" ]; then
3249 +define_bool CONFIG_GRKERNSEC_RANDSRC n
3250 +define_bool CONFIG_GRKERNSEC_RANDRPC n
3251 +define_bool CONFIG_GRKERNSEC_FORKFAIL n
3252 +define_bool CONFIG_GRKERNSEC_TIME n
3253 +define_bool CONFIG_GRKERNSEC_SIGNAL n
3254 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
3255 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT n
3256 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
3257 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE n
3258 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT n
3259 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD n
3260 +define_bool CONFIG_GRKERNSEC_PROC n
3261 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3262 +define_bool CONFIG_GRKERNSEC_HIDESYM n
3263 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
3264 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL n
3265 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP n
3266 +define_bool CONFIG_GRKERNSEC_KMEM n
3267 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
3268 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
3269 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
3270 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
3271 +if [ "$CONFIG_X86" = "y" ]; then
3272 +define_bool CONFIG_GRKERNSEC_IO n
3274 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3275 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3276 +define_bool CONFIG_GRKERNSEC_RESLOG n
3277 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3278 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3280 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3281 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3282 +define_bool CONFIG_GRKERNSEC_LINK y
3283 +define_bool CONFIG_GRKERNSEC_FIFO y
3284 +define_bool CONFIG_GRKERNSEC_RANDPID y
3285 +define_bool CONFIG_GRKERNSEC_EXECVE y
3286 +define_bool CONFIG_GRKERNSEC_RANDNET y
3287 +define_bool CONFIG_GRKERNSEC_RANDISN n
3288 +define_bool CONFIG_GRKERNSEC_DMESG y
3289 +define_bool CONFIG_GRKERNSEC_RANDID y
3290 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3292 +if [ "$CONFIG_GRKERNSEC_MID" = "y" ]; then
3293 +define_bool CONFIG_GRKERNSEC_KMEM n
3294 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3295 +define_bool CONFIG_GRKERNSEC_HIDESYM n
3296 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
3297 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
3298 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
3299 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
3300 +if [ "$CONFIG_X86" = "y" ]; then
3301 +define_bool CONFIG_GRKERNSEC_IO n
3303 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3304 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
3305 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
3306 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3307 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
3308 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3309 +define_bool CONFIG_GRKERNSEC_RESLOG n
3310 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3311 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3313 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3314 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3315 +define_bool CONFIG_GRKERNSEC_LINK y
3316 +define_bool CONFIG_GRKERNSEC_FIFO y
3317 +define_bool CONFIG_GRKERNSEC_RANDPID y
3318 +define_bool CONFIG_GRKERNSEC_EXECVE y
3319 +define_bool CONFIG_GRKERNSEC_DMESG y
3320 +define_bool CONFIG_GRKERNSEC_RANDID y
3321 +define_bool CONFIG_GRKERNSEC_RANDNET y
3322 +define_bool CONFIG_GRKERNSEC_RANDISN y
3323 +define_bool CONFIG_GRKERNSEC_RANDSRC y
3324 +define_bool CONFIG_GRKERNSEC_RANDRPC y
3325 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
3326 +define_bool CONFIG_GRKERNSEC_TIME y
3327 +define_bool CONFIG_GRKERNSEC_SIGNAL y
3328 +define_bool CONFIG_GRKERNSEC_CHROOT y
3329 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
3330 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
3331 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
3332 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
3333 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
3334 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3335 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
3336 +define_bool CONFIG_GRKERNSEC_PROC y
3337 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
3338 +define_int CONFIG_GRKERNSEC_PROC_GID 10
3340 +if [ "$CONFIG_GRKERNSEC_HI" = "y" ]; then
3341 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
3342 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
3343 +define_bool CONFIG_GRKERNSEC_LINK y
3344 +define_bool CONFIG_GRKERNSEC_FIFO y
3345 +define_bool CONFIG_GRKERNSEC_RANDPID y
3346 +define_bool CONFIG_GRKERNSEC_EXECVE y
3347 +define_bool CONFIG_GRKERNSEC_DMESG y
3348 +define_bool CONFIG_GRKERNSEC_RANDID y
3349 +define_bool CONFIG_GRKERNSEC_RANDSRC y
3350 +define_bool CONFIG_GRKERNSEC_RANDRPC y
3351 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
3352 +define_bool CONFIG_GRKERNSEC_TIME y
3353 +define_bool CONFIG_GRKERNSEC_SIGNAL y
3354 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT y
3355 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
3356 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
3357 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR y
3358 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
3359 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
3360 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
3361 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
3362 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS y
3363 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
3364 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK y
3365 +define_bool CONFIG_GRKERNSEC_PROC y
3366 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
3367 +define_bool CONFIG_GRKERNSEC_HIDESYM y
3368 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
3369 +define_int CONFIG_GRKERNSEC_PROC_GID 10
3370 +define_bool CONFIG_GRKERNSEC_KMEM y
3371 +define_bool CONFIG_GRKERNSEC_RESLOG y
3372 +define_bool CONFIG_GRKERNSEC_RANDNET y
3373 +define_bool CONFIG_GRKERNSEC_RANDISN y
3375 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
3376 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
3377 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3378 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3380 +define_bool CONFIG_GRKERNSEC_PROC_ADD y
3381 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD y
3382 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE y
3383 +if [ "$CONFIG_X86" = "y" ]; then
3384 +define_bool CONFIG_GRKERNSEC_IO n
3386 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT y
3388 +if [ "$CONFIG_GRKERNSEC_CUSTOM" = "y" ]; then
3389 +mainmenu_option next_comment
3390 +comment 'Address Space Protection'
3391 +bool 'Deny writing to /dev/kmem, /dev/mem, and /dev/port' CONFIG_GRKERNSEC_KMEM
3392 +if [ "$CONFIG_X86" = "y" ]; then
3393 + bool 'Disable privileged I/O' CONFIG_GRKERNSEC_IO
3394 + if [ "$CONFIG_GRKERNSEC_IO" = "y" ]; then
3395 + define_bool CONFIG_RTC y
3398 +bool 'Hide kernel symbols' CONFIG_GRKERNSEC_HIDESYM
3400 +mainmenu_option next_comment
3401 +comment 'Role Based Access Control Options'
3402 +bool 'Hide kernel processes' CONFIG_GRKERNSEC_ACL_HIDEKERN
3403 +int 'Maximum tries before password lockout' CONFIG_GRKERNSEC_ACL_MAXTRIES 3
3404 +int 'Time to wait after max password tries, in seconds' CONFIG_GRKERNSEC_ACL_TIMEOUT 30
3406 +mainmenu_option next_comment
3407 +comment 'Filesystem Protections'
3408 +bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC
3409 +if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then
3410 + bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER
3411 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then
3412 + bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP
3413 + if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
3414 + int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001
3417 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "n" -o "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
3418 + bool ' Additional restrictions' CONFIG_GRKERNSEC_PROC_ADD
3421 +bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK
3422 +bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO
3423 +bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT
3424 +if [ "$CONFIG_GRKERNSEC_CHROOT" != "n" ]; then
3425 +bool ' Deny mounts' CONFIG_GRKERNSEC_CHROOT_MOUNT
3426 +bool ' Deny double-chroots' CONFIG_GRKERNSEC_CHROOT_DOUBLE
3427 +bool ' Deny pivot_root in chroot' CONFIG_GRKERNSEC_CHROOT_PIVOT
3428 +bool ' Enforce chdir("/") on all chroots' CONFIG_GRKERNSEC_CHROOT_CHDIR
3429 +bool ' Deny (f)chmod +s' CONFIG_GRKERNSEC_CHROOT_CHMOD
3430 +bool ' Deny fchdir out of chroot' CONFIG_GRKERNSEC_CHROOT_FCHDIR
3431 +bool ' Deny mknod' CONFIG_GRKERNSEC_CHROOT_MKNOD
3432 +bool ' Deny shmat() out of chroot' CONFIG_GRKERNSEC_CHROOT_SHMAT
3433 +bool ' Deny access to abstract AF_UNIX sockets out of chroot' CONFIG_GRKERNSEC_CHROOT_UNIX
3434 +bool ' Protect outside processes' CONFIG_GRKERNSEC_CHROOT_FINDTASK
3435 +bool ' Restrict priority changes' CONFIG_GRKERNSEC_CHROOT_NICE
3436 +bool ' Deny sysctl writes in chroot' CONFIG_GRKERNSEC_CHROOT_SYSCTL
3437 +bool ' Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS
3440 +mainmenu_option next_comment
3441 +comment 'Kernel Auditing'
3442 +bool 'Single group for auditing' CONFIG_GRKERNSEC_AUDIT_GROUP
3443 +if [ "$CONFIG_GRKERNSEC_AUDIT_GROUP" != "n" ]; then
3444 +int ' GID for auditing' CONFIG_GRKERNSEC_AUDIT_GID 1007
3446 +bool 'Exec logging' CONFIG_GRKERNSEC_EXECLOG
3447 +bool 'Resource logging' CONFIG_GRKERNSEC_RESLOG
3448 +bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG
3449 +bool 'Chdir logging' CONFIG_GRKERNSEC_AUDIT_CHDIR
3450 +bool '(Un)Mount logging' CONFIG_GRKERNSEC_AUDIT_MOUNT
3451 +bool 'IPC logging' CONFIG_GRKERNSEC_AUDIT_IPC
3452 +bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL
3453 +bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL
3454 +bool 'Time change logging' CONFIG_GRKERNSEC_TIME
3455 +bool '/proc/<pid>/ipaddr support' CONFIG_GRKERNSEC_PROC_IPADDR
3457 +mainmenu_option next_comment
3458 +comment 'Executable Protections'
3459 +bool 'Enforce RLIMIT_NPROC on execs' CONFIG_GRKERNSEC_EXECVE
3460 +bool 'Dmesg(8) restriction' CONFIG_GRKERNSEC_DMESG
3461 +bool 'Randomized PIDs' CONFIG_GRKERNSEC_RANDPID
3462 +bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE
3463 +if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then
3464 +bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL
3465 +int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005
3468 +mainmenu_option next_comment
3469 +comment 'Network Protections'
3470 +bool 'Larger entropy pools' CONFIG_GRKERNSEC_RANDNET
3471 +bool 'Truly random TCP ISN selection' CONFIG_GRKERNSEC_RANDISN
3472 +bool 'Randomized IP IDs' CONFIG_GRKERNSEC_RANDID
3473 +bool 'Randomized TCP source ports' CONFIG_GRKERNSEC_RANDSRC
3474 +bool 'Randomized RPC XIDs' CONFIG_GRKERNSEC_RANDRPC
3475 +bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET
3476 +if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then
3477 +bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL
3478 +if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then
3479 +int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004
3481 +bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT
3482 +if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then
3483 +int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003
3485 +bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER
3486 +if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then
3487 +int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002
3491 +if [ "$CONFIG_SYSCTL" != "n" ]; then
3492 +mainmenu_option next_comment
3493 +comment 'Sysctl support'
3494 +bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL
3497 +mainmenu_option next_comment
3498 +comment 'Logging options'
3499 +int 'Seconds in between log messages (minimum)' CONFIG_GRKERNSEC_FLOODTIME 10
3500 +int 'Number of messages in a burst (maximum)' CONFIG_GRKERNSEC_FLOODBURST 4
3503 diff -urN linux-2.4.22/grsecurity/Makefile linux-2.4.22/grsecurity/Makefile
3504 --- linux-2.4.22/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
3505 +++ linux-2.4.22/grsecurity/Makefile 2003-09-02 19:29:42.000000000 -0400
3507 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
3508 +# during 2001, 2002, and 2003 it has been completely redesigned by
3511 +# All code in this directory and various hooks inserted throughout the kernel
3512 +# are copyright Brad Spengler, and released under the GPL, unless otherwise
3513 +# noted (as in obsd_rand.c)
3515 +O_TARGET := grsec.o
3517 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
3518 + grsec_mount.o grsec_rand.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
3519 + grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o
3521 +ifeq ($(CONFIG_GRKERNSEC),y)
3522 +obj-y += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o obsd_rand.o \
3523 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
3525 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
3527 +obj-y += grsec_disabled.o
3530 +include $(TOPDIR)/Rules.make
3531 diff -urN linux-2.4.22/grsecurity/gracl.c linux-2.4.22/grsecurity/gracl.c
3532 --- linux-2.4.22/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
3533 +++ linux-2.4.22/grsecurity/gracl.c 2003-09-02 19:50:30.000000000 -0400
3536 + * grsecurity/gracl.c
3537 + * Copyright Brad Spengler 2001, 2002, 2003
3541 +#include <linux/kernel.h>
3542 +#include <linux/sched.h>
3543 +#include <linux/mm.h>
3544 +#include <linux/file.h>
3545 +#include <linux/fs.h>
3546 +#include <linux/proc_fs.h>
3547 +#include <linux/smp_lock.h>
3548 +#include <linux/slab.h>
3549 +#include <linux/vmalloc.h>
3550 +#include <linux/types.h>
3551 +#include <linux/capability.h>
3552 +#include <linux/sysctl.h>
3553 +#include <linux/gracl.h>
3554 +#include <linux/gralloc.h>
3555 +#include <linux/grsecurity.h>
3556 +#include <linux/grinternal.h>
3558 +#include <asm/uaccess.h>
3559 +#include <asm/errno.h>
3560 +#include <asm/mman.h>
3562 +static struct acl_role_db acl_role_set;
3563 +static struct acl_role_label *role_list_head;
3564 +static struct name_db name_set;
3565 +static struct name_db inodev_set;
3567 +static struct acl_role_label *default_role;
3569 +static u16 acl_sp_role_value;
3571 +static DECLARE_MUTEX(gr_dev_sem);
3572 +rwlock_t gr_inode_lock = RW_LOCK_UNLOCKED;
3574 +extern char *gr_shared_page[4][NR_CPUS];
3575 +struct gr_arg *gr_usermode;
3577 +static unsigned long gr_status = GR_STATUS_INIT;
3579 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
3580 +extern void gr_clear_learn_entries(void);
3582 +#ifdef CONFIG_GRKERNSEC_RESLOG
3583 +extern __inline__ void gr_log_resource(const struct task_struct *task,
3585 + const unsigned long wanted);
3588 +unsigned char *gr_system_salt;
3589 +unsigned char *gr_system_sum;
3591 +static struct sprole_pw **acl_special_roles = NULL;
3592 +static __u16 num_sprole_pws = 0;
3594 +static struct acl_role_label *kernel_role = NULL;
3596 +/* The following are used to keep a place held in the hash table when we move
3597 + entries around. They can be replaced during insert. */
3599 +static struct acl_subject_label *deleted_subject;
3600 +static struct acl_object_label *deleted_object;
3601 +static struct name_entry *deleted_inodev;
3603 +/* for keeping track of the last and final allocated subjects, since
3604 + nested subject parsing is tricky
3606 +static struct acl_subject_label *s_last = NULL;
3607 +static struct acl_subject_label *s_final = NULL;
3609 +static unsigned int gr_auth_attempts = 0;
3610 +static unsigned long gr_auth_expires = 0UL;
3612 +extern int gr_init_uidset(void);
3613 +extern void gr_free_uidset(void);
3614 +extern void gr_remove_uid(uid_t uid);
3615 +extern int gr_find_uid(uid_t uid);
3618 +gr_acl_is_enabled(void)
3620 + return (gr_status & GR_READY);
3624 +gr_acl_tpe_check(void)
3626 + if (unlikely(!(gr_status & GR_READY)))
3628 + if (current->role->roletype & GR_ROLE_TPE)
3635 +gr_handle_rawio(const struct inode *inode)
3637 + if (inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO) &&
3638 + ((gr_status & GR_READY)
3639 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
3640 + || (grsec_enable_chroot_caps && proc_is_chrooted(current))
3648 +static __inline__ int
3649 +gr_streq(const char *a, const char *b, const __u16 lena, const __u16 lenb)
3652 + unsigned long *l1;
3653 + unsigned long *l2;
3654 + unsigned char *c1;
3655 + unsigned char *c2;
3658 + if (likely(lena != lenb))
3661 + l1 = (unsigned long *)a;
3662 + l2 = (unsigned long *)b;
3664 + num_longs = lena / sizeof(unsigned long);
3666 + for (i = num_longs; i--; l1++, l2++) {
3667 + if (unlikely(*l1 != *l2))
3671 + c1 = (unsigned char *) l1;
3672 + c2 = (unsigned char *) l2;
3674 + i = lena - (num_longs * sizeof(unsigned long));
3676 + for (; i--; c1++, c2++) {
3677 + if (unlikely(*c1 != *c2))
3684 +static __inline__ char *
3685 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
3686 + char *buf, int buflen)
3689 + struct dentry *our_dentry;
3690 + struct vfsmount *our_mount;
3691 + struct vfsmount *rootmnt;
3692 + struct dentry *root;
3694 + our_dentry = (struct dentry *) dentry;
3695 + our_mount = (struct vfsmount *) vfsmnt;
3697 + read_lock(&child_reaper->fs->lock);
3698 + rootmnt = mntget(child_reaper->fs->rootmnt);
3699 + root = dget(child_reaper->fs->root);
3700 + read_unlock(&child_reaper->fs->lock);
3702 + spin_lock(&dcache_lock);
3703 + res = __d_path(our_dentry, our_mount, root, rootmnt, buf, buflen);
3704 + spin_unlock(&dcache_lock);
3711 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
3713 + return d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
3718 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
3720 + return d_real_path(dentry, mnt, gr_shared_page[1][smp_processor_id()],
3725 +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
3727 + return d_real_path(dentry, mnt, gr_shared_page[2][smp_processor_id()],
3732 +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
3734 + return d_real_path(dentry, mnt, gr_shared_page[3][smp_processor_id()],
3739 +to_gr_audit(const __u32 reqmode)
3741 + __u32 retmode = 0;
3743 + retmode |= (reqmode & GR_READ) ? GR_AUDIT_READ : 0;
3744 + retmode |= (reqmode & GR_WRITE) ? GR_AUDIT_WRITE | GR_AUDIT_APPEND : 0;
3745 + retmode |= (reqmode & GR_APPEND) ? GR_AUDIT_APPEND : 0;
3746 + retmode |= (reqmode & GR_EXEC) ? GR_AUDIT_EXEC : 0;
3747 + retmode |= (reqmode & GR_INHERIT) ? GR_AUDIT_INHERIT : 0;
3748 + retmode |= (reqmode & GR_FIND) ? GR_AUDIT_FIND : 0;
3749 + retmode |= (reqmode & GR_SETID) ? GR_AUDIT_SETID : 0;
3750 + retmode |= (reqmode & GR_CREATE) ? GR_AUDIT_CREATE : 0;
3751 + retmode |= (reqmode & GR_DELETE) ? GR_AUDIT_DELETE : 0;
3756 +__inline__ struct acl_role_label *
3757 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
3760 + unsigned long index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
3761 + struct acl_role_label *match;
3762 + struct role_allowed_ip *ipp;
3765 + match = acl_role_set.r_hash[index];
3768 + && (match->uidgid != uid || !(match->roletype & GR_ROLE_USER))) {
3769 + index = (index + (1 << i)) % acl_role_set.r_size;
3770 + match = acl_role_set.r_hash[index];
3774 + if (!match || match->uidgid != uid || !(match->roletype & GR_ROLE_USER)) {
3776 + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
3777 + match = acl_role_set.r_hash[index];
3781 + && (match->uidgid != gid
3782 + || !(match->roletype & GR_ROLE_GROUP))) {
3783 + index = (index + (1 << i)) % acl_role_set.r_size;
3784 + match = acl_role_set.r_hash[index];
3788 + if (!match || match->uidgid != gid
3789 + || !(match->roletype & GR_ROLE_GROUP))
3790 + match = default_role;
3791 + else if (likely(!match->allowed_ips)) {
3794 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
3796 + ((task->curr_ip & ipp->netmask) ==
3797 + (ipp->addr & ipp->netmask)))
3800 + match = default_role;
3802 + } else if (likely(!match->allowed_ips)) {
3805 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
3807 + ((task->curr_ip & ipp->netmask) ==
3808 + (ipp->addr & ipp->netmask)))
3817 +__inline__ struct acl_subject_label *
3818 +lookup_acl_subj_label(const ino_t ino, const kdev_t dev,
3819 + const struct acl_role_label *role)
3821 + unsigned long subj_size = role->subj_hash_size;
3822 + struct acl_subject_label **s_hash = role->subj_hash;
3823 + unsigned long index = fhash(ino, dev, subj_size);
3824 + struct acl_subject_label *match;
3827 + match = s_hash[index];
3829 + while (match && (match->inode != ino || match->device != dev ||
3830 + (match->mode & GR_DELETED))) {
3831 + index = (index + (1 << i)) % subj_size;
3832 + match = s_hash[index];
3836 + if (unlikely(match && (match != deleted_subject) &&
3837 + (match->inode == ino) && (match->device == dev) &&
3838 + !(match->mode & GR_DELETED)))
3844 +static __inline__ struct acl_object_label *
3845 +lookup_acl_obj_label(const ino_t ino, const kdev_t dev,
3846 + const struct acl_subject_label *subj)
3848 + unsigned long obj_size = subj->obj_hash_size;
3849 + struct acl_object_label **o_hash = subj->obj_hash;
3850 + unsigned long index = fhash(ino, dev, obj_size);
3851 + struct acl_object_label *match;
3854 + match = o_hash[index];
3856 + while (match && (match->inode != ino || match->device != dev ||
3857 + (match->mode & GR_DELETED))) {
3858 + index = (index + (1 << i)) % obj_size;
3859 + match = o_hash[index];
3863 + if (unlikely(match && (match != deleted_object) &&
3864 + (match->inode == ino) && (match->device == dev) &&
3865 + !(match->mode & GR_DELETED)))
3871 +static __inline__ struct acl_object_label *
3872 +lookup_acl_obj_label_create(const ino_t ino, const kdev_t dev,
3873 + const struct acl_subject_label *subj)
3875 + unsigned long obj_size = subj->obj_hash_size;
3876 + struct acl_object_label **o_hash = subj->obj_hash;
3877 + unsigned long index = fhash(ino, dev, obj_size);
3878 + struct acl_object_label *match;
3881 + match = o_hash[index];
3883 + while (match && (match->inode != ino || match->device != dev ||
3884 + !(match->mode & GR_DELETED))) {
3885 + index = (index + (1 << i)) % obj_size;
3886 + match = o_hash[index];
3890 + if (unlikely(match && (match != deleted_object) &&
3891 + (match->inode == ino) && (match->device == dev) &&
3892 + (match->mode & GR_DELETED)))
3896 + index = fhash(ino, dev, obj_size);
3897 + match = o_hash[index];
3899 + while (match && (match->inode != ino || match->device != dev ||
3900 + (match->mode & GR_DELETED))) {
3901 + index = (index + (1 << i)) % obj_size;
3902 + match = o_hash[index];
3906 + if (unlikely(match && (match != deleted_object) &&
3907 + (match->inode == ino) && (match->device == dev) &&
3908 + !(match->mode & GR_DELETED)))
3914 +static __inline__ struct name_entry *
3915 +lookup_name_entry(const char *name)
3917 + __u16 len = strlen(name);
3918 + unsigned long index = nhash(name, len, name_set.n_size);
3919 + struct name_entry *match;
3922 + match = name_set.n_hash[index];
3924 + while (match && !gr_streq(match->name, name, match->len, len)) {
3925 + index = (index + (1 << i)) % name_set.n_size;
3926 + match = name_set.n_hash[index];
3930 + if (unlikely(!match || !gr_streq(match->name, name, match->len, len)))
3936 +static __inline__ struct name_entry *
3937 +lookup_inodev_entry(const ino_t ino, const kdev_t dev)
3939 + unsigned long index = fhash(ino, dev, inodev_set.n_size);
3940 + struct name_entry *match;
3943 + match = inodev_set.n_hash[index];
3945 + while (match && (match->inode != ino || match->device != dev)) {
3946 + index = (index + (1 << i)) % inodev_set.n_size;
3947 + match = inodev_set.n_hash[index];
3951 + if (unlikely(match && (match != deleted_inodev) &&
3952 + (match->inode == ino) && (match->device == dev)))
3959 +insert_inodev_entry(struct name_entry *nentry)
3961 + unsigned long index = fhash(nentry->inode, nentry->device,
3962 + inodev_set.n_size);
3963 + struct name_entry **curr;
3966 + curr = &inodev_set.n_hash[index];
3968 + while (*curr && *curr != deleted_inodev) {
3969 + index = (index + (1 << i)) % inodev_set.n_size;
3970 + curr = &inodev_set.n_hash[index];
3980 +insert_acl_role_label(struct acl_role_label *role)
3982 + unsigned long index =
3983 + rhash(role->uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
3984 + struct acl_role_label **curr;
3987 + curr = &acl_role_set.r_hash[index];
3990 + index = (index + (1 << i)) % acl_role_set.r_size;
3991 + curr = &acl_role_set.r_hash[index];
4001 +insert_name_entry(char *name, const ino_t inode, const kdev_t device)
4003 + struct name_entry **curr;
4005 + __u16 len = strlen(name);
4006 + unsigned long index = nhash(name, len, name_set.n_size);
4008 + curr = &name_set.n_hash[index];
4010 + while (*curr && !gr_streq((*curr)->name, name, (*curr)->len, len)) {
4011 + index = (index + (1 << i)) % name_set.n_size;
4012 + curr = &name_set.n_hash[index];
4017 + struct name_entry *nentry =
4018 + acl_alloc(sizeof (struct name_entry));
4021 + nentry->name = name;
4022 + nentry->inode = inode;
4023 + nentry->device = device;
4024 + nentry->len = len;
4026 + /* insert us into the table searchable by inode/dev */
4027 + insert_inodev_entry(nentry);
4034 +insert_acl_obj_label(struct acl_object_label *obj,
4035 + struct acl_subject_label *subj)
4037 + unsigned long index =
4038 + fhash(obj->inode, obj->device, subj->obj_hash_size);
4039 + struct acl_object_label **curr;
4042 + curr = &subj->obj_hash[index];
4044 + while (*curr && *curr != deleted_object) {
4045 + index = (index + (1 << i)) % subj->obj_hash_size;
4046 + curr = &subj->obj_hash[index];
4056 +insert_acl_subj_label(struct acl_subject_label *obj,
4057 + struct acl_role_label *role)
4059 + unsigned long subj_size = role->subj_hash_size;
4060 + struct acl_subject_label **s_hash = role->subj_hash;
4061 + unsigned long index = fhash(obj->inode, obj->device, subj_size);
4062 + struct acl_subject_label **curr;
4065 + curr = &s_hash[index];
4067 + while (*curr && *curr != deleted_subject) {
4068 + index = (index + (1 << i)) % subj_size;
4069 + curr = &s_hash[index];
4079 +create_table(__u32 * len)
4081 + unsigned long table_sizes[] = {
4082 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
4083 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
4084 + 4194301, 8388593, 16777213, 33554393, 67108859, 134217689,
4085 + 268435399, 536870909, 1073741789, 2147483647
4087 + void *newtable = NULL;
4088 + unsigned int pwr = 0;
4090 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
4091 + table_sizes[pwr] <= (2 * (*len)))
4094 + if (table_sizes[pwr] <= (2 * (*len)))
4097 + if ((table_sizes[pwr] * sizeof (void *)) <= PAGE_SIZE)
4099 + kmalloc(table_sizes[pwr] * sizeof (void *), GFP_KERNEL);
4101 + newtable = vmalloc(table_sizes[pwr] * sizeof (void *));
4103 + *len = table_sizes[pwr];
4109 +init_variables(const unsigned long acl_obj_size,
4110 + const unsigned long acl_subj_size,
4111 + const unsigned long acl_ip_size,
4112 + const unsigned long acl_role_size,
4113 + const unsigned long allowed_ip_size,
4114 + const unsigned long acl_trans_size,
4115 + const __u16 num_sprole_pws)
4117 + unsigned long stacksize;
4119 + acl_role_set.r_size = acl_role_size;
4120 + name_set.n_size = (acl_obj_size + acl_subj_size);
4121 + inodev_set.n_size = (acl_obj_size + acl_subj_size);
4123 + if (!gr_init_uidset())
4126 + /* set up the stack that holds allocation info */
4128 + stacksize = (3 * acl_obj_size) + (2 * acl_role_size) +
4129 + (4 * acl_subj_size) + acl_ip_size + (2 * acl_trans_size) +
4130 + allowed_ip_size + (2 * num_sprole_pws) + 5;
4132 + if (!acl_alloc_stack_init(stacksize))
4135 + /* create our empty, fake deleted acls */
4137 + (struct acl_subject_label *)
4138 + acl_alloc(sizeof (struct acl_subject_label));
4140 + (struct acl_object_label *)
4141 + acl_alloc(sizeof (struct acl_object_label));
4143 + (struct name_entry *) acl_alloc(sizeof (struct name_entry));
4145 + if (!deleted_subject || !deleted_object || !deleted_inodev)
4148 + memset(deleted_subject, 0, sizeof (struct acl_subject_label));
4149 + memset(deleted_object, 0, sizeof (struct acl_object_label));
4150 + memset(deleted_inodev, 0, sizeof (struct name_entry));
4152 + /* We only want 50% full tables for now */
4154 + acl_role_set.r_hash =
4155 + (struct acl_role_label **) create_table(&acl_role_set.r_size);
4156 + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size);
4157 + inodev_set.n_hash =
4158 + (struct name_entry **) create_table(&inodev_set.n_size);
4160 + if (!acl_role_set.r_hash || !name_set.n_hash || !inodev_set.n_hash)
4162 + memset(acl_role_set.r_hash, 0,
4163 + sizeof (struct acl_role_label *) * acl_role_set.r_size);
4164 + memset(name_set.n_hash, 0,
4165 + sizeof (struct name_entry *) * name_set.n_size);
4166 + memset(inodev_set.n_hash, 0,
4167 + sizeof (struct name_entry *) * inodev_set.n_size);
4173 +free_variables(void)
4175 + struct acl_subject_label *s;
4176 + struct acl_role_label *r;
4177 + struct task_struct *task;
4179 + gr_clear_learn_entries();
4181 + read_lock(&tasklist_lock);
4182 + for_each_task(task) {
4183 + task->acl_sp_role = 0;
4184 + task->acl_role_id = 0;
4186 + task->role = NULL;
4188 + read_unlock(&tasklist_lock);
4190 + /* free all object hash tables */
4192 + if (role_list_head) {
4193 + for (r = role_list_head; r; r = r->next) {
4194 + if (!r->subj_hash)
4196 + for (s = r->proc_subject; s; s = s->next) {
4199 + if ((s->obj_hash_size *
4200 + sizeof (struct acl_object_label *)) <=
4202 + kfree(s->obj_hash);
4204 + vfree(s->obj_hash);
4206 + if ((r->subj_hash_size *
4207 + sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
4208 + kfree(r->subj_hash);
4210 + vfree(r->subj_hash);
4216 + if (acl_role_set.r_hash) {
4217 + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
4219 + kfree(acl_role_set.r_hash);
4221 + vfree(acl_role_set.r_hash);
4223 + if (name_set.n_hash) {
4224 + if ((name_set.n_size * sizeof (struct name_entry *)) <=
4226 + kfree(name_set.n_hash);
4228 + vfree(name_set.n_hash);
4231 + if (inodev_set.n_hash) {
4232 + if ((inodev_set.n_size * sizeof (struct name_entry *)) <=
4234 + kfree(inodev_set.n_hash);
4236 + vfree(inodev_set.n_hash);
4241 + memset(&name_set, 0, sizeof (struct name_db));
4242 + memset(&inodev_set, 0, sizeof (struct name_db));
4243 + memset(&acl_role_set, 0, sizeof (struct acl_role_db));
4245 + role_list_head = NULL;
4246 + default_role = NULL;
4252 +count_user_objs(struct acl_object_label *userp)
4254 + struct acl_object_label o_tmp;
4258 + if (copy_from_user(&o_tmp, userp,
4259 + sizeof (struct acl_object_label)))
4262 + userp = o_tmp.prev;
4269 +static struct acl_subject_label *
4270 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
4273 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
4274 + struct acl_role_label *role)
4276 + struct acl_object_label *o_tmp;
4281 + if ((o_tmp = (struct acl_object_label *)
4282 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
4285 + if (copy_from_user(o_tmp, userp,
4286 + sizeof (struct acl_object_label)))
4289 + userp = o_tmp->prev;
4291 + len = strnlen_user(o_tmp->filename, PATH_MAX);
4293 + if (!len || len >= PATH_MAX)
4296 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4299 + if (copy_from_user(tmp, o_tmp->filename, len))
4302 + o_tmp->filename = tmp;
4304 + insert_acl_obj_label(o_tmp, subj);
4305 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
4309 + if (o_tmp->nested) {
4310 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
4311 + if (IS_ERR(o_tmp->nested))
4312 + return PTR_ERR(o_tmp->nested);
4314 + s_final = o_tmp->nested;
4322 +count_user_subjs(struct acl_subject_label *userp)
4324 + struct acl_subject_label s_tmp;
4328 + if (copy_from_user(&s_tmp, userp,
4329 + sizeof (struct acl_subject_label)))
4332 + userp = s_tmp.prev;
4333 + /* do not count nested subjects against this count, since
4334 + they are not included in the hash table, but are
4335 + attached to objects. We have already counted
4336 + the subjects in userspace for the allocation
4339 + if (!s_tmp.parent_subject)
4347 +copy_user_allowedips(struct acl_role_label *rolep)
4349 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
4351 + ruserip = rolep->allowed_ips;
4356 + if ((rtmp = (struct role_allowed_ip *)
4357 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
4360 + if (copy_from_user(rtmp, ruserip,
4361 + sizeof (struct role_allowed_ip)))
4364 + ruserip = rtmp->prev;
4367 + rtmp->prev = NULL;
4368 + rolep->allowed_ips = rtmp;
4370 + rlast->next = rtmp;
4371 + rtmp->prev = rlast;
4375 + rtmp->next = NULL;
4382 +copy_user_transitions(struct acl_role_label *rolep)
4384 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
4388 + rusertp = rolep->transitions;
4393 + if ((rtmp = (struct role_transition *)
4394 + acl_alloc(sizeof (struct role_transition))) == NULL)
4397 + if (copy_from_user(rtmp, rusertp,
4398 + sizeof (struct role_transition)))
4401 + rusertp = rtmp->prev;
4403 + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
4405 + if (!len || len >= GR_SPROLE_LEN)
4408 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4411 + if (copy_from_user(tmp, rtmp->rolename, len))
4414 + rtmp->rolename = tmp;
4417 + rtmp->prev = NULL;
4418 + rolep->transitions = rtmp;
4420 + rlast->next = rtmp;
4421 + rtmp->prev = rlast;
4425 + rtmp->next = NULL;
4431 +static struct acl_subject_label *
4432 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
4434 + struct acl_subject_label *s_tmp = NULL;
4438 + struct acl_ip_label **i_tmp, *i_utmp2;
4439 + unsigned long i_num;
4443 + if ((s_tmp = (struct acl_subject_label *)
4444 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
4445 + return ERR_PTR(-ENOMEM);
4447 + if (copy_from_user(s_tmp, userp,
4448 + sizeof (struct acl_subject_label)))
4449 + return ERR_PTR(-EFAULT);
4452 + s_tmp->prev = NULL;
4453 + role->proc_subject = s_tmp;
4455 + s_last->next = s_tmp;
4456 + s_tmp->prev = s_last;
4461 + len = strnlen_user(s_tmp->filename, PATH_MAX);
4463 + if (!len || len >= PATH_MAX)
4464 + return ERR_PTR(-EINVAL);
4466 + if ((tmp = (char *) acl_alloc(len)) == NULL)
4467 + return ERR_PTR(-ENOMEM);
4469 + if (copy_from_user(tmp, s_tmp->filename, len))
4470 + return ERR_PTR(-EFAULT);
4472 + s_tmp->filename = tmp;
4474 + if (!strcmp(s_tmp->filename, "/"))
4475 + role->root_label = s_tmp;
4477 + /* set up object hash table */
4478 + num_objs = count_user_objs(s_tmp->proc_object);
4480 + s_tmp->obj_hash_size = num_objs;
4482 + (struct acl_object_label **)
4483 + create_table(&(s_tmp->obj_hash_size));
4485 + if (!s_tmp->obj_hash)
4486 + return ERR_PTR(-ENOMEM);
4488 + memset(s_tmp->obj_hash, 0,
4489 + s_tmp->obj_hash_size *
4490 + sizeof (struct acl_object_label *));
4492 + /* copy before adding in objects, since a nested
4493 + acl could be found and be the final subject
4499 + /* add in objects */
4500 + err = copy_user_objs(s_tmp->proc_object, s_tmp, role);
4503 + return ERR_PTR(err);
4505 + /* add in ip acls */
4507 + if (!s_tmp->ip_num) {
4508 + s_tmp->ips = NULL;
4513 + (struct acl_ip_label **) acl_alloc(s_tmp->ip_num *
4518 + return ERR_PTR(-ENOMEM);
4520 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
4521 + *(i_tmp + i_num) =
4522 + (struct acl_ip_label *)
4523 + acl_alloc(sizeof (struct acl_ip_label));
4524 + if (!*(i_tmp + i_num))
4525 + return ERR_PTR(-ENOMEM);
4527 + if (copy_from_user
4528 + (&i_utmp2, s_tmp->ips + i_num,
4529 + sizeof (struct acl_ip_label *)))
4530 + return ERR_PTR(-EFAULT);
4532 + if (copy_from_user
4533 + (*(i_tmp + i_num), i_utmp2,
4534 + sizeof (struct acl_ip_label)))
4535 + return ERR_PTR(-EFAULT);
4538 + s_tmp->ips = i_tmp;
4541 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
4543 + return ERR_PTR(-ENOMEM);
4549 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
4551 + struct acl_subject_label s_pre;
4552 + struct acl_subject_label * ret;
4556 + if (copy_from_user(&s_pre, userp,
4557 + sizeof (struct acl_subject_label)))
4560 + /* do not add nested subjects here, add
4561 + while parsing objects
4564 + if (s_pre.parent_subject) {
4565 + userp = s_pre.prev;
4569 + ret = do_copy_user_subj(userp, role);
4571 + err = PTR_ERR(ret);
4575 + insert_acl_subj_label(ret, role);
4577 + userp = s_pre.prev;
4580 + s_final->next = NULL;
4586 +copy_user_acl(struct gr_arg *arg)
4588 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2, *r_last;
4589 + struct sprole_pw *sptmp;
4590 + unsigned long r_num;
4597 + /* we need a default and kernel role */
4598 + if (arg->role_db.r_entries < 2)
4601 + /* copy special role authentication info from userspace */
4603 + num_sprole_pws = arg->num_sprole_pws;
4604 + acl_special_roles = (struct sprole_pw **) acl_alloc(num_sprole_pws * sizeof(struct sprole_pw *));
4606 + if (!acl_special_roles) {
4611 + for (i = 0; i < num_sprole_pws; i++) {
4612 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
4617 + if (copy_from_user(sptmp, arg->sprole_pws + i,
4618 + sizeof (struct sprole_pw))) {
4624 + strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
4626 + if (!len || len >= GR_SPROLE_LEN) {
4631 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
4636 + if (copy_from_user(tmp, sptmp->rolename, len)) {
4641 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
4642 + printk(KERN_ALERT "Copying special role %s\n", tmp);
4644 + sptmp->rolename = tmp;
4645 + acl_special_roles[i] = sptmp;
4648 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
4650 + for (r_num = 0; r_num < arg->role_db.r_entries; r_num++) {
4653 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
4660 + if (copy_from_user(&r_utmp2, r_utmp + r_num,
4661 + sizeof (struct acl_role_label *))) {
4666 + if (copy_from_user(r_tmp, r_utmp2,
4667 + sizeof (struct acl_role_label))) {
4673 + r_tmp->prev = NULL;
4674 + role_list_head = r_tmp;
4676 + r_last->next = r_tmp;
4677 + r_tmp->prev = r_last;
4680 + if (r_num == (arg->role_db.r_entries - 1))
4681 + r_tmp->next = NULL;
4683 + len = strnlen_user(r_tmp->rolename, PATH_MAX);
4685 + if (!len || len >= PATH_MAX) {
4690 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
4694 + if (copy_from_user(tmp, r_tmp->rolename, len)) {
4698 + r_tmp->rolename = tmp;
4700 + if (!strcmp(r_tmp->rolename, "default")
4701 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
4702 + default_role = r_tmp;
4703 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
4704 + kernel_role = r_tmp;
4707 + num_subjs = count_user_subjs(r_tmp->proc_subject);
4709 + r_tmp->subj_hash_size = num_subjs;
4710 + r_tmp->subj_hash =
4711 + (struct acl_subject_label **)
4712 + create_table(&(r_tmp->subj_hash_size));
4714 + if (!r_tmp->subj_hash) {
4719 + err = copy_user_allowedips(r_tmp);
4723 + err = copy_user_transitions(r_tmp);
4727 + memset(r_tmp->subj_hash, 0,
4728 + r_tmp->subj_hash_size *
4729 + sizeof (struct acl_subject_label *));
4733 + err = copy_user_subjs(r_tmp->proc_subject, r_tmp);
4738 + insert_acl_role_label(r_tmp);
4750 +gracl_init(struct gr_arg *args)
4754 + memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
4755 + memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
4757 + if (init_variables(args->role_db.o_entries, args->role_db.s_entries,
4758 + args->role_db.i_entries, args->role_db.r_entries,
4759 + args->role_db.a_entries, args->role_db.t_entries,
4760 + args->num_sprole_pws)) {
4761 + security_alert_good(GR_INITF_ACL_MSG, GR_VERSION);
4767 + error = copy_user_acl(args);
4771 + if ((error = gr_set_acls(0))) {
4776 + gr_status |= GR_READY;
4781 +static struct acl_object_label *
4782 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
4783 + const struct acl_subject_label *subj)
4785 + struct dentry *dentry = (struct dentry *) l_dentry;
4786 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
4787 + struct dentry *root;
4788 + struct vfsmount *rootmnt;
4789 + struct acl_object_label *retval;
4791 + read_lock(&child_reaper->fs->lock);
4792 + rootmnt = mntget(child_reaper->fs->rootmnt);
4793 + root = dget(child_reaper->fs->root);
4794 + read_unlock(&child_reaper->fs->lock);
4795 + spin_lock(&dcache_lock);
4798 + if (unlikely(dentry == root && mnt == rootmnt))
4800 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
4801 + if (mnt->mnt_parent == mnt)
4804 + read_lock(&gr_inode_lock);
4806 + lookup_acl_obj_label(dentry->d_inode->i_ino,
4807 + dentry->d_inode->i_dev, subj);
4808 + read_unlock(&gr_inode_lock);
4809 + if (unlikely(retval != NULL))
4812 + dentry = mnt->mnt_mountpoint;
4813 + mnt = mnt->mnt_parent;
4817 + read_lock(&gr_inode_lock);
4819 + lookup_acl_obj_label(dentry->d_inode->i_ino,
4820 + dentry->d_inode->i_dev, subj);
4821 + read_unlock(&gr_inode_lock);
4822 + if (unlikely(retval != NULL))
4825 + dentry = dentry->d_parent;
4828 + read_lock(&gr_inode_lock);
4830 + lookup_acl_obj_label(dentry->d_inode->i_ino, dentry->d_inode->i_dev,
4832 + read_unlock(&gr_inode_lock);
4834 + if (unlikely(retval == NULL)) {
4835 + read_lock(&gr_inode_lock);
4837 + lookup_acl_obj_label(root->d_inode->i_ino,
4838 + root->d_inode->i_dev, subj);
4839 + read_unlock(&gr_inode_lock);
4842 + spin_unlock(&dcache_lock);
4849 +static struct acl_subject_label *
4850 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
4851 + const struct acl_role_label *role)
4853 + struct dentry *dentry = (struct dentry *) l_dentry;
4854 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
4855 + struct dentry *root;
4856 + struct vfsmount *rootmnt;
4857 + struct acl_subject_label *retval;
4859 + read_lock(&child_reaper->fs->lock);
4860 + rootmnt = mntget(child_reaper->fs->rootmnt);
4861 + root = dget(child_reaper->fs->root);
4862 + read_unlock(&child_reaper->fs->lock);
4863 + spin_lock(&dcache_lock);
4866 + if (unlikely(dentry == root && mnt == rootmnt))
4868 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
4869 + if (mnt->mnt_parent == mnt)
4872 + read_lock(&gr_inode_lock);
4874 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4875 + dentry->d_inode->i_dev, role);
4876 + read_unlock(&gr_inode_lock);
4877 + if (unlikely(retval != NULL))
4880 + dentry = mnt->mnt_mountpoint;
4881 + mnt = mnt->mnt_parent;
4885 + read_lock(&gr_inode_lock);
4887 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4888 + dentry->d_inode->i_dev, role);
4889 + read_unlock(&gr_inode_lock);
4890 + if (unlikely(retval != NULL))
4893 + dentry = dentry->d_parent;
4896 + read_lock(&gr_inode_lock);
4898 + lookup_acl_subj_label(dentry->d_inode->i_ino,
4899 + dentry->d_inode->i_dev, role);
4900 + read_unlock(&gr_inode_lock);
4902 + if (unlikely(retval == NULL)) {
4903 + read_lock(&gr_inode_lock);
4905 + lookup_acl_subj_label(root->d_inode->i_ino,
4906 + root->d_inode->i_dev, role);
4907 + read_unlock(&gr_inode_lock);
4910 + spin_unlock(&dcache_lock);
4917 +static __inline__ void
4918 +gr_log_learn(const struct acl_role_label *role, const uid_t uid, const gid_t gid,
4919 + const struct task_struct *task, const char *pathname,
4922 + security_learn(GR_LEARN_AUDIT_MSG, role->rolename, role->roletype,
4923 + uid, gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry,
4924 + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename,
4925 + 1, 1, pathname, (unsigned long) mode, NIPQUAD(task->curr_ip));
4931 +gr_check_link(const struct dentry * new_dentry,
4932 + const struct dentry * parent_dentry,
4933 + const struct vfsmount * parent_mnt,
4934 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
4936 + struct acl_object_label *obj;
4937 + __u32 oldmode, newmode;
4939 + if (unlikely(!(gr_status & GR_READY)))
4940 + return (GR_WRITE | GR_CREATE);
4942 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
4943 + oldmode = obj->mode;
4945 + if (current->acl->mode & GR_LEARN)
4946 + oldmode |= (GR_WRITE | GR_CREATE);
4948 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
4949 + oldmode | GR_CREATE | GR_AUDIT_CREATE |
4950 + GR_AUDIT_WRITE | GR_SUPPRESS);
4952 + if ((newmode & oldmode) == oldmode)
4954 + else if (current->acl->mode & GR_LEARN) {
4955 + gr_log_learn(current->role, current->uid, current->gid,
4956 + current, gr_to_filename(old_dentry, old_mnt), oldmode);
4957 + return (GR_WRITE | GR_CREATE);
4958 + } else if (newmode & GR_SUPPRESS)
4959 + return GR_SUPPRESS;
4965 +gr_search_file(const struct dentry * dentry, const __u32 mode,
4966 + const struct vfsmount * mnt)
4968 + __u32 retval = mode;
4969 + struct acl_subject_label *curracl;
4970 + struct acl_object_label *currobj;
4972 + if (unlikely(!(gr_status & GR_READY)))
4973 + return (mode & ~GR_AUDITS);
4975 + curracl = current->acl;
4977 + currobj = chk_obj_label(dentry, mnt, curracl);
4978 + retval = currobj->mode & mode;
4981 + ((curracl->mode & GR_LEARN) && (mode != GR_PTRACERD)
4982 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
4983 + __u32 new_mode = mode;
4985 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
4987 + retval = new_mode;
4989 + if (!(mode & GR_NOLEARN))
4990 + gr_log_learn(current->role, current->uid, current->gid,
4991 + current, gr_to_filename(dentry, mnt), new_mode);
4998 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
4999 + const struct vfsmount * mnt, const __u32 mode)
5001 + struct name_entry *match;
5002 + struct acl_object_label *matchpo;
5003 + struct acl_subject_label *curracl;
5006 + if (unlikely(!(gr_status & GR_READY)))
5007 + return (mode & ~GR_AUDITS);
5009 + match = lookup_name_entry(gr_to_filename(new_dentry, mnt));
5012 + goto check_parent;
5014 + curracl = current->acl;
5016 + read_lock(&gr_inode_lock);
5017 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
5018 + read_unlock(&gr_inode_lock);
5021 + if ((matchpo->mode & mode) !=
5022 + (mode & ~(GR_AUDITS | GR_SUPPRESS))
5023 + && curracl->mode & GR_LEARN) {
5024 + __u32 new_mode = mode;
5026 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
5028 + gr_log_learn(current->role, current->uid, current->gid,
5029 + current, gr_to_filename(new_dentry, mnt), new_mode);
5033 + return (matchpo->mode & mode);
5037 + curracl = current->acl;
5039 + matchpo = chk_obj_label(parent, mnt, curracl);
5040 + retval = matchpo->mode & mode;
5042 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
5043 + && (curracl->mode & GR_LEARN)) {
5044 + __u32 new_mode = mode;
5046 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
5048 + gr_log_learn(current->role, current->uid, current->gid,
5049 + current, gr_to_filename(new_dentry, mnt), new_mode);
5057 +gr_check_hidden_task(const struct task_struct *task)
5059 + if (unlikely(!(gr_status & GR_READY)))
5062 + if (!(task->acl->mode & GR_FIND) && !(current->acl->mode & GR_VIEW))
5069 +gr_check_protected_task(const struct task_struct *task)
5071 + if (unlikely(!(gr_status & GR_READY) || !task))
5074 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL))
5081 +gr_copy_label(struct task_struct *tsk)
5083 + tsk->used_accept = 0;
5084 + tsk->used_connect = 0;
5085 + tsk->acl_sp_role = 0;
5086 + tsk->acl_role_id = current->acl_role_id;
5087 + tsk->acl = current->acl;
5088 + tsk->role = current->role;
5089 + tsk->curr_ip = current->curr_ip;
5090 + if (current->exec_file)
5091 + get_file(current->exec_file);
5092 + tsk->exec_file = current->exec_file;
5093 + tsk->is_writable = current->is_writable;
5094 + if (unlikely(current->used_accept))
5095 + current->curr_ip = 0;
5100 +static __inline__ void
5101 +gr_set_proc_res(void)
5103 + struct acl_subject_label *proc;
5106 + proc = current->acl;
5108 + if (proc->mode & GR_LEARN)
5111 + for (i = 0; i < RLIM_NLIMITS; i++) {
5112 + if (!(proc->resmask & (1 << i)))
5115 + current->rlim[i].rlim_cur = proc->res[i].rlim_cur;
5116 + current->rlim[i].rlim_max = proc->res[i].rlim_max;
5122 +static __inline__ void
5123 +do_set_role_label(struct task_struct *task, const uid_t uid, const gid_t gid)
5125 + task->role = lookup_acl_role_label(task, uid, gid);
5131 +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
5133 + struct acl_object_label *obj;
5134 + struct file *filp;
5136 + if (unlikely(!(gr_status & GR_READY)))
5139 + filp = task->exec_file;
5141 + /* kernel process, we'll give them the kernel role */
5142 + if (unlikely(!filp)) {
5143 + task->role = kernel_role;
5144 + task->acl = kernel_role->root_label;
5146 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
5147 + do_set_role_label(task, uid, gid);
5150 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, task->role);
5152 + task->is_writable = 0;
5154 + /* ignore additional mmap checks for processes that are writable
5155 + by the default ACL */
5156 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5157 + if (unlikely(obj->mode & GR_WRITE))
5158 + task->is_writable = 1;
5159 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
5160 + if (unlikely(obj->mode & GR_WRITE))
5161 + task->is_writable = 1;
5163 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5164 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
5167 + gr_set_proc_res();
5173 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
5175 + struct acl_subject_label *newacl;
5176 + struct acl_object_label *obj;
5179 + if (unlikely(!(gr_status & GR_READY)))
5182 + newacl = chk_subj_label(dentry, mnt, current->role);
5184 + obj = chk_obj_label(dentry, mnt, current->acl);
5185 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
5187 + if ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT)) {
5189 + current->acl = obj->nested;
5191 + current->acl = newacl;
5192 + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
5193 + security_audit(GR_INHERIT_ACL_MSG, current->acl->filename,
5194 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
5196 + current->is_writable = 0;
5198 + /* ignore additional mmap checks for processes that are writable
5199 + by the default ACL */
5200 + obj = chk_obj_label(dentry, mnt, default_role->root_label);
5201 + if (unlikely(obj->mode & GR_WRITE))
5202 + current->is_writable = 1;
5203 + obj = chk_obj_label(dentry, mnt, current->role->root_label);
5204 + if (unlikely(obj->mode & GR_WRITE))
5205 + current->is_writable = 1;
5207 + gr_set_proc_res();
5209 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5210 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", current->comm, current->pid, current->role->rolename, current->acl->filename);
5215 +static __inline__ void
5216 +do_handle_delete(const ino_t ino, const kdev_t dev)
5218 + struct acl_object_label *matchpo;
5219 + struct acl_subject_label *matchps;
5220 + struct acl_subject_label *i;
5221 + struct acl_role_label *role;
5223 + for (role = role_list_head; role; role = role->next) {
5224 + for (i = role->proc_subject; i; i = i->next) {
5225 + if (unlikely(i->parent_subject &&
5226 + (i->inode == ino) &&
5227 + (i->device == dev)))
5228 + i->mode |= GR_DELETED;
5229 + if (unlikely((matchpo =
5230 + lookup_acl_obj_label(ino, dev, i)) != NULL))
5231 + matchpo->mode |= GR_DELETED;
5234 + if (unlikely((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL))
5235 + matchps->mode |= GR_DELETED;
5242 +gr_handle_delete(const ino_t ino, const kdev_t dev)
5244 + if (unlikely(!(gr_status & GR_READY)))
5247 + write_lock(&gr_inode_lock);
5248 + if (unlikely((unsigned long)lookup_inodev_entry(ino, dev)))
5249 + do_handle_delete(ino, dev);
5250 + write_unlock(&gr_inode_lock);
5255 +static __inline__ void
5256 +update_acl_obj_label(const ino_t oldinode, const kdev_t olddevice,
5257 + const ino_t newinode, const kdev_t newdevice,
5258 + struct acl_subject_label *subj)
5260 + unsigned long index = fhash(oldinode, olddevice, subj->obj_hash_size);
5261 + struct acl_object_label **match;
5262 + struct acl_object_label *tmp;
5265 + match = &subj->obj_hash[index];
5267 + while (*match && ((*match)->inode != oldinode ||
5268 + (*match)->device != olddevice ||
5269 + !((*match)->mode & GR_DELETED))) {
5270 + index = (index + (1 << i)) % subj->obj_hash_size;
5271 + match = &subj->obj_hash[index];
5275 + if (*match && ((*match) != deleted_object)
5276 + && ((*match)->inode == oldinode)
5277 + && ((*match)->device == olddevice)
5278 + && ((*match)->mode & GR_DELETED)) {
5280 + tmp->inode = newinode;
5281 + tmp->device = newdevice;
5282 + tmp->mode &= ~GR_DELETED;
5284 + *match = deleted_object;
5286 + insert_acl_obj_label(tmp, subj);
5292 +static __inline__ void
5293 +update_acl_subj_label(const ino_t oldinode, const kdev_t olddevice,
5294 + const ino_t newinode, const kdev_t newdevice,
5295 + struct acl_role_label *role)
5297 + struct acl_subject_label **s_hash = role->subj_hash;
5298 + unsigned long subj_size = role->subj_hash_size;
5299 + unsigned long index = fhash(oldinode, olddevice, subj_size);
5300 + struct acl_subject_label **match;
5301 + struct acl_subject_label *tmp;
5304 + match = &s_hash[index];
5306 + while (*match && ((*match)->inode != oldinode ||
5307 + (*match)->device != olddevice ||
5308 + !((*match)->mode & GR_DELETED))) {
5309 + index = (index + (1 << i)) % subj_size;
5311 + match = &s_hash[index];
5314 + if (*match && (*match != deleted_subject)
5315 + && ((*match)->inode == oldinode)
5316 + && ((*match)->device == olddevice)
5317 + && ((*match)->mode & GR_DELETED)) {
5320 + tmp->inode = newinode;
5321 + tmp->device = newdevice;
5322 + tmp->mode &= ~GR_DELETED;
5324 + *match = deleted_subject;
5326 + insert_acl_subj_label(tmp, role);
5332 +static __inline__ void
5333 +update_inodev_entry(const ino_t oldinode, const kdev_t olddevice,
5334 + const ino_t newinode, const kdev_t newdevice)
5336 + unsigned long index = fhash(oldinode, olddevice, inodev_set.n_size);
5337 + struct name_entry **match;
5338 + struct name_entry *tmp;
5341 + match = &inodev_set.n_hash[index];
5344 + && ((*match)->inode != oldinode
5345 + || (*match)->device != olddevice)) {
5346 + index = (index + (1 << i)) % inodev_set.n_size;
5348 + match = &inodev_set.n_hash[index];
5351 + if (*match && (*match != deleted_inodev)
5352 + && ((*match)->inode == oldinode)
5353 + && ((*match)->device == olddevice)) {
5356 + tmp->inode = newinode;
5357 + tmp->device = newdevice;
5359 + *match = deleted_inodev;
5361 + insert_inodev_entry(tmp);
5367 +static __inline__ void
5368 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
5369 + const struct vfsmount *mnt)
5371 + struct acl_subject_label *i;
5372 + struct acl_role_label *role;
5374 + for (role = role_list_head; role; role = role->next) {
5375 + update_acl_subj_label(matchn->inode, matchn->device,
5376 + dentry->d_inode->i_ino,
5377 + dentry->d_inode->i_dev, role);
5379 + for (i = role->proc_subject; i; i = i->next) {
5380 + if (unlikely(i->parent_subject &&
5381 + (i->inode == dentry->d_inode->i_ino) &&
5382 + (i->device == dentry->d_inode->i_dev))) {
5383 + i->inode = dentry->d_inode->i_ino;
5384 + i->device = dentry->d_inode->i_dev;
5386 + update_acl_obj_label(matchn->inode, matchn->device,
5387 + dentry->d_inode->i_ino,
5388 + dentry->d_inode->i_dev, i);
5392 + update_inodev_entry(matchn->inode, matchn->device,
5393 + dentry->d_inode->i_ino, dentry->d_inode->i_dev);
5399 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
5401 + struct name_entry *matchn;
5403 + if (unlikely(!(gr_status & GR_READY)))
5406 + matchn = lookup_name_entry(gr_to_filename(dentry, mnt));
5408 + if (unlikely((unsigned long)matchn)) {
5409 + write_lock(&gr_inode_lock);
5410 + do_handle_create(matchn, dentry, mnt);
5411 + write_unlock(&gr_inode_lock);
5418 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
5419 + struct dentry *old_dentry,
5420 + struct dentry *new_dentry,
5421 + struct vfsmount *mnt, const __u8 replace)
5423 + struct name_entry *matchn;
5426 + matchn = lookup_name_entry(gr_to_filename(new_dentry, mnt));
5429 + error = vfs_rename(old_dir, old_dentry, new_dir, new_dentry);
5432 + if (unlikely(error))
5435 + /* we wouldn't have to check d_inode if it weren't for
5436 + NFS silly-renaming
5439 + write_lock(&gr_inode_lock);
5440 + if (unlikely(replace && new_dentry->d_inode)) {
5441 + if (unlikely(lookup_inodev_entry(new_dentry->d_inode->i_ino,
5442 + new_dentry->d_inode->i_dev) &&
5443 + (old_dentry->d_inode->i_nlink <= 1)))
5444 + do_handle_delete(new_dentry->d_inode->i_ino,
5445 + new_dentry->d_inode->i_dev);
5448 + if (unlikely(lookup_inodev_entry(old_dentry->d_inode->i_ino,
5449 + old_dentry->d_inode->i_dev) &&
5450 + (old_dentry->d_inode->i_nlink <= 1)))
5451 + do_handle_delete(old_dentry->d_inode->i_ino,
5452 + old_dentry->d_inode->i_dev);
5454 + if (unlikely((unsigned long)matchn))
5455 + do_handle_create(matchn, old_dentry, mnt);
5456 + write_unlock(&gr_inode_lock);
5462 +lookup_special_role_auth(const char *rolename, unsigned char **salt,
5463 + unsigned char **sum)
5465 + struct acl_role_label *r;
5466 + struct role_transition *trans;
5470 + /* check transition table */
5472 + for (trans = current->role->transitions; trans; trans = trans->next) {
5473 + if (!strcmp(rolename, trans->rolename)) {
5482 + /* handle special roles that do not require authentication */
5484 + for (r = role_list_head; r; r = r->next) {
5485 + if (!strcmp(rolename, r->rolename)
5486 + && (r->roletype & GR_ROLE_NOPW)) {
5493 + for (i = 0; i < num_sprole_pws; i++) {
5494 + if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
5495 + *salt = acl_special_roles[i]->salt;
5496 + *sum = acl_special_roles[i]->sum;
5505 +assign_special_role(char *rolename)
5507 + struct acl_object_label *obj;
5508 + struct acl_role_label *r;
5509 + struct acl_role_label *assigned = NULL;
5510 + struct task_struct *tsk;
5511 + struct file *filp;
5513 + for (r = role_list_head; r; r = r->next)
5514 + if (!strcmp(rolename, r->rolename) &&
5515 + (r->roletype & GR_ROLE_SPECIAL))
5521 + tsk = current->p_pptr;
5522 + filp = tsk->exec_file;
5524 + if (tsk && filp) {
5525 + tsk->is_writable = 0;
5527 + acl_sp_role_value = (acl_sp_role_value % 65535) + 1;
5528 + tsk->acl_sp_role = 1;
5529 + tsk->acl_role_id = acl_sp_role_value;
5530 + tsk->role = assigned;
5532 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role);
5534 + /* ignore additional mmap checks for processes that are writable
5535 + by the default ACL */
5536 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5537 + if (unlikely(obj->mode & GR_WRITE))
5538 + tsk->is_writable = 1;
5539 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role->root_label);
5540 + if (unlikely(obj->mode & GR_WRITE))
5541 + tsk->is_writable = 1;
5543 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5544 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
5552 +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
5554 + struct gr_arg *arg;
5555 + unsigned char *sprole_salt;
5556 + unsigned char *sprole_sum;
5557 + int error = sizeof (struct gr_arg);
5560 + down(&gr_dev_sem);
5562 + arg = (struct gr_arg *) buf;
5564 + if (count != sizeof (struct gr_arg)) {
5565 + security_alert_good(GR_DEV_ACL_MSG, count,
5566 + (int) sizeof (struct gr_arg));
5571 + if ((gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5572 + && time_before_eq(gr_auth_expires, jiffies)) {
5573 + gr_auth_expires = 0;
5574 + gr_auth_attempts = 0;
5577 + if (copy_from_user(gr_usermode, arg, sizeof (struct gr_arg))) {
5582 + if (gr_usermode->mode != SPROLE && time_after(gr_auth_expires, jiffies)) {
5587 + /* if non-root trying to do anything other than use a special role,
5588 + do not attempt authentication, do not count towards authentication
5592 + if (gr_usermode->mode != SPROLE && current->uid) {
5597 + /* ensure pw and special role name are null terminated */
5599 + gr_usermode->pw[GR_PW_LEN - 1] = '\0';
5600 + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
5603 + * We have our enough of the argument structure..(we have yet
5604 + * to copy_from_user the tables themselves) . Copy the tables
5605 + * only if we need them, i.e. for loading operations. */
5607 + switch (gr_usermode->mode) {
5609 + if (gr_status & GR_READY)
5615 + if ((gr_status & GR_READY)
5616 + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
5617 + gr_status &= ~GR_READY;
5618 + security_alert_good(GR_SHUTS_ACL_MSG, DEFAULTSECARGS);
5620 + memset(gr_usermode, 0, sizeof (struct gr_arg));
5621 + memset(gr_system_salt, 0, GR_SALT_LEN);
5622 + memset(gr_system_sum, 0, GR_SHA_LEN);
5623 + } else if (gr_status & GR_READY) {
5624 + security_alert(GR_SHUTF_ACL_MSG, DEFAULTSECARGS);
5627 + security_alert_good(GR_SHUTI_ACL_MSG, DEFAULTSECARGS);
5632 + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
5633 + security_alert_good(GR_ENABLE_ACL_MSG, GR_VERSION);
5635 + if (gr_status & GR_READY)
5639 + security_alert(GR_ENABLEF_ACL_MSG, GR_VERSION,
5644 + if (!(gr_status & GR_READY)) {
5645 + security_alert_good(GR_RELOADI_ACL_MSG);
5647 + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
5649 + gr_status &= ~GR_READY;
5651 + if (!(error2 = gracl_init(gr_usermode))) {
5653 + security_alert_good(GR_RELOAD_ACL_MSG,
5658 + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION,
5662 + security_alert(GR_RELOADF_ACL_MSG, GR_VERSION,
5668 + if (unlikely(!(gr_status & GR_READY))) {
5669 + security_alert_good(GR_SEGVMODI_ACL_MSG,
5675 + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
5676 + security_alert_good(GR_SEGVMODS_ACL_MSG,
5678 + if (gr_usermode->segv_device && gr_usermode->segv_inode) {
5679 + struct acl_subject_label *segvacl;
5681 + lookup_acl_subj_label(gr_usermode->segv_inode,
5682 + gr_usermode->segv_device,
5685 + segvacl->crashes = 0;
5686 + segvacl->expires = 0;
5688 + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
5689 + gr_remove_uid(gr_usermode->segv_uid);
5692 + security_alert(GR_SEGVMODF_ACL_MSG, DEFAULTSECARGS);
5697 + if (unlikely(!(gr_status & GR_READY))) {
5698 + security_alert_good(GR_SPROLEI_ACL_MSG, DEFAULTSECARGS);
5703 + if ((current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5704 + && time_before_eq(current->role->expires, jiffies)) {
5705 + current->role->expires = 0;
5706 + current->role->auth_attempts = 0;
5709 + if (time_after(current->role->expires, jiffies)) {
5714 + if (lookup_special_role_auth
5715 + (gr_usermode->sp_role, &sprole_salt, &sprole_sum)
5716 + && ((!sprole_salt && !sprole_sum)
5717 + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
5718 + assign_special_role(gr_usermode->sp_role);
5719 + security_alert_good(GR_SPROLES_ACL_MSG,
5720 + (current->p_pptr) ? current->
5721 + p_pptr->role->rolename : "",
5722 + acl_sp_role_value, DEFAULTSECARGS);
5724 + security_alert(GR_SPROLEF_ACL_MSG, gr_usermode->sp_role,
5727 + current->role->auth_attempts++;
5728 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5729 + current->role->expires =
5730 + jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5731 + security_alert(GR_MAXROLEPW_ACL_MSG,
5732 + CONFIG_GRKERNSEC_ACL_MAXTRIES,
5733 + gr_usermode->sp_role, DEFAULTSECARGS);
5740 + if (unlikely(!(gr_status & GR_READY))) {
5741 + security_alert_good(GR_UNSPROLEI_ACL_MSG, DEFAULTSECARGS);
5746 + if ((current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES)
5747 + && time_before_eq(current->role->expires, jiffies)) {
5748 + current->role->expires = 0;
5749 + current->role->auth_attempts = 0;
5752 + if (time_after(current->role->expires, jiffies)) {
5757 + if ((current->role->roletype & GR_ROLE_SPECIAL) &&
5758 + lookup_special_role_auth
5759 + (current->role->rolename, &sprole_salt, &sprole_sum)
5760 + && ((!sprole_salt && !sprole_sum)
5761 + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
5762 + security_alert_good(GR_UNSPROLES_ACL_MSG,
5763 + (current->p_pptr) ? current->
5764 + p_pptr->role->rolename : "",
5765 + (current->p_pptr) ? current->
5766 + p_pptr->acl_role_id : 0, DEFAULTSECARGS);
5768 + if (current->p_pptr)
5769 + current->p_pptr->acl_sp_role = 0;
5771 + security_alert(GR_UNSPROLEF_ACL_MSG, gr_usermode->sp_role,
5774 + current->role->auth_attempts++;
5775 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5776 + current->role->expires =
5777 + jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5778 + security_alert(GR_MAXROLEPW_ACL_MSG,
5779 + CONFIG_GRKERNSEC_ACL_MAXTRIES,
5780 + current->role->rolename, DEFAULTSECARGS);
5787 + security_alert(GR_INVMODE_ACL_MSG, gr_usermode->mode,
5793 + if (error != -EPERM)
5796 + gr_auth_attempts++;
5798 + if (gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES) {
5799 + security_alert(GR_MAXPW_ACL_MSG, CONFIG_GRKERNSEC_ACL_MAXTRIES);
5800 + gr_auth_expires = jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
5809 +gr_set_acls(const int type)
5811 + struct acl_object_label *obj;
5812 + struct task_struct *task;
5813 + struct file *filp;
5816 + read_lock(&tasklist_lock);
5817 + for_each_task(task) {
5818 + /* check to see if we're called from the exit handler,
5819 + if so, only replace ACLs that have inherited the admin
5822 + if (type && (task->role != current->role ||
5823 + task->acl_role_id != current->acl_role_id))
5826 + task->acl_role_id = 0;
5828 + if ((filp = task->exec_file)) {
5829 + do_set_role_label(task, task->uid, task->gid);
5832 + chk_subj_label(filp->f_dentry, filp->f_vfsmnt,
5835 + struct acl_subject_label *curr;
5838 + task->is_writable = 0;
5839 + /* ignore additional mmap checks for processes that are writable
5840 + by the default ACL */
5841 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
5842 + if (unlikely(obj->mode & GR_WRITE))
5843 + task->is_writable = 1;
5844 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
5845 + if (unlikely(obj->mode & GR_WRITE))
5846 + task->is_writable = 1;
5848 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
5849 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
5851 + if (!(curr->mode & GR_LEARN))
5852 + for (i = 0; i < RLIM_NLIMITS; i++) {
5853 + if (!(curr->resmask & (1 << i)))
5856 + task->rlim[i].rlim_cur =
5857 + curr->res[i].rlim_cur;
5858 + task->rlim[i].rlim_max =
5859 + curr->res[i].rlim_max;
5862 + read_unlock(&tasklist_lock);
5863 + security_alert_good(GR_DEFACL_MSG, task->comm,
5868 + // it's a kernel process
5869 + task->role = kernel_role;
5870 + task->acl = kernel_role->root_label;
5871 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
5872 + task->acl->mode &= ~GR_FIND;
5876 + read_unlock(&tasklist_lock);
5881 +gr_learn_resource(const struct task_struct *task,
5882 + const int res, const unsigned long wanted)
5884 + struct acl_subject_label *acl;
5886 + if (unlikely((gr_status & GR_READY) &&
5887 + task->acl && (task->acl->mode & GR_LEARN)))
5890 +#ifdef CONFIG_GRKERNSEC_RESLOG
5891 + gr_log_resource(task, res, wanted);
5895 + if (unlikely(!(gr_status & GR_READY) || !wanted))
5900 + if (likely(!acl || !(acl->mode & GR_LEARN) ||
5901 + !(acl->resmask & (1 << (unsigned short) res))))
5904 + if (wanted >= acl->res[res].rlim_cur) {
5905 + unsigned long res_add;
5910 + res_add += GR_RLIM_CPU_BUMP;
5912 + case RLIMIT_FSIZE:
5913 + res_add += GR_RLIM_FSIZE_BUMP;
5916 + res_add += GR_RLIM_DATA_BUMP;
5918 + case RLIMIT_STACK:
5919 + res_add += GR_RLIM_STACK_BUMP;
5922 + res_add += GR_RLIM_CORE_BUMP;
5925 + res_add += GR_RLIM_RSS_BUMP;
5927 + case RLIMIT_NPROC:
5928 + res_add += GR_RLIM_NPROC_BUMP;
5930 + case RLIMIT_NOFILE:
5931 + res_add += GR_RLIM_NOFILE_BUMP;
5933 + case RLIMIT_MEMLOCK:
5934 + res_add += GR_RLIM_MEMLOCK_BUMP;
5937 + res_add += GR_RLIM_AS_BUMP;
5939 + case RLIMIT_LOCKS:
5940 + res_add += GR_RLIM_LOCKS_BUMP;
5944 + acl->res[res].rlim_cur = res_add;
5946 + if (wanted > acl->res[res].rlim_max)
5947 + acl->res[res].rlim_max = res_add;
5949 + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename,
5950 + current->role->roletype, acl->filename,
5951 + acl->res[res].rlim_cur, acl->res[res].rlim_max,
5952 + "", (unsigned long) res);
5958 +#ifdef CONFIG_SYSCTL
5959 +extern struct proc_dir_entry *proc_sys_root;
5962 +gr_handle_sysctl(const struct ctl_table *table, const void *oldval,
5963 + const void *newval)
5965 + struct proc_dir_entry *tmp;
5966 + struct nameidata nd;
5967 + const char *proc_sys = "/proc/sys";
5968 + char *path = gr_shared_page[0][smp_processor_id()];
5969 + struct acl_object_label *obj;
5970 + unsigned short len = 0, pos = 0, depth = 0, i;
5974 + if (unlikely(!(gr_status & GR_READY)))
5982 + /* convert the requested sysctl entry into a pathname */
5984 + for (tmp = table->de; tmp != proc_sys_root; tmp = tmp->parent) {
5985 + len += strlen(tmp->name);
5990 + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE)
5993 + memset(path, 0, PAGE_SIZE);
5995 + memcpy(path, proc_sys, strlen(proc_sys));
5997 + pos += strlen(proc_sys);
5999 + for (; depth > 0; depth--) {
6002 + for (i = 1, tmp = table->de; tmp != proc_sys_root;
6003 + tmp = tmp->parent) {
6005 + memcpy(path + pos, tmp->name,
6006 + strlen(tmp->name));
6007 + pos += strlen(tmp->name);
6013 + if (path_init(path, LOOKUP_FOLLOW, &nd))
6014 + err = path_walk(path, &nd);
6019 + obj = chk_obj_label(nd.dentry, nd.mnt, current->acl);
6020 + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
6022 + if (unlikely((current->acl->mode & GR_LEARN) && ((err & mode) != mode))) {
6023 + __u32 new_mode = mode;
6025 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
6028 + gr_log_learn(current->role, current->uid, current->gid,
6029 + current, path, new_mode);
6030 + } else if ((err & mode) != mode && !(err & GR_SUPPRESS)) {
6031 + security_alert(GR_SYSCTL_ACL_MSG, "denied", path,
6032 + (mode & GR_READ) ? " reading" : "",
6033 + (mode & GR_WRITE) ? " writing" : "",
6036 + } else if ((err & mode) != mode) {
6038 + } else if (((err & mode) == mode) && (err & GR_AUDITS)) {
6039 + security_audit(GR_SYSCTL_ACL_MSG, "successful",
6040 + path, (mode & GR_READ) ? " reading" : "",
6041 + (mode & GR_WRITE) ? " writing" : "",
6045 + path_release(&nd);
6053 +gr_handle_ptrace(struct task_struct *task, const long request)
6055 + struct file *filp;
6058 + if (unlikely(!(gr_status & GR_READY)))
6061 + filp = task->exec_file;
6063 + if (unlikely(!filp))
6066 + retmode = gr_search_file(filp->f_dentry, GR_PTRACERD, filp->f_vfsmnt);
6068 + if (retmode & GR_PTRACERD) {
6069 + switch (request) {
6070 + case PTRACE_POKETEXT:
6071 + case PTRACE_POKEDATA:
6072 + case PTRACE_POKEUSR:
6073 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA)
6074 + case PTRACE_SETREGS:
6075 + case PTRACE_SETFPREGS:
6078 + case PTRACE_SETFPXREGS:
6080 +#ifdef CONFIG_ALTIVEC
6081 + case PTRACE_SETVRREGS:
6087 + } else if (!(current->acl->mode & GR_OVERRIDE) &&
6088 + !(current->role->roletype & GR_ROLE_GOD)
6089 + && (current->acl != task->acl
6090 + || (current->acl != current->role->root_label
6091 + && current->pid != task->pid))) {
6092 + security_alert(GR_PTRACE_ACL_MSG,
6093 + gr_to_filename(filp->f_dentry, filp->f_vfsmnt),
6094 + task->comm, task->pid, DEFAULTSECARGS);
6102 +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt)
6105 + struct acl_subject_label *subj;
6107 + if (unlikely(!(gr_status & GR_READY)))
6111 + ((current->ptrace & PT_PTRACED)
6112 + && !(current->acl->mode & GR_OVERRIDE)))
6113 + retmode = gr_search_file(dentry, GR_PTRACERD, mnt);
6117 + subj = chk_subj_label(dentry, mnt, current->role);
6119 + if (!(retmode & GR_PTRACERD) &&
6120 + !(current->role->roletype & GR_ROLE_GOD) &&
6121 + (current->acl != subj)) {
6122 + security_alert(GR_PTRACE_EXEC_ACL_MSG,
6123 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
6131 +gr_handle_mmap(const struct file *filp, const unsigned long prot)
6133 + struct acl_object_label *obj, *obj2;
6135 + if (unlikely(!(gr_status & GR_READY) ||
6136 + (current->acl->mode & GR_OVERRIDE) || !filp ||
6137 + !(prot & PROT_EXEC)))
6140 + if (unlikely(current->is_writable))
6143 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
6144 + obj2 = chk_obj_label(filp->f_dentry, filp->f_vfsmnt,
6145 + current->role->root_label);
6146 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
6147 + security_alert(GR_WRITLIB_ACL_MSG,
6148 + gr_to_filename(filp->f_dentry, filp->f_vfsmnt),
6157 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
6161 + if (unlikely(!file || !(prot & PROT_EXEC)))
6165 + gr_search_file(file->f_dentry,
6166 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
6169 + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) {
6170 + security_alert(GR_MMAP_ACL_MSG, "denied",
6171 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6174 + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) {
6176 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
6177 + security_audit(GR_MMAP_ACL_MSG, "successful",
6178 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6187 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
6191 + if (unlikely(!file || !(prot & PROT_EXEC)))
6195 + gr_search_file(file->f_dentry,
6196 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
6199 + if (unlikely(!gr_tpe_allow(file) || (!(mode & GR_EXEC) && !(mode & GR_SUPPRESS)))) {
6200 + security_alert(GR_MPROTECT_ACL_MSG, "denied",
6201 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6204 + } else if (unlikely(!gr_tpe_allow(file) || !(mode & GR_EXEC))) {
6206 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
6207 + security_audit(GR_MPROTECT_ACL_MSG, "successful",
6208 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
6217 +gr_acl_handle_psacct(struct task_struct *task, const long code)
6219 + unsigned long runtime;
6220 + unsigned long cputime;
6221 + unsigned int wday, cday;
6225 + char cur_tty[64] = { 0 };
6226 + char parent_tty[64] = { 0 };
6228 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
6229 + !(task->acl->mode & GR_PROCACCT)))
6232 + runtime = (jiffies - task->start_time) / HZ;
6233 + wday = runtime / (3600 * 24);
6234 + runtime -= wday * (3600 * 24);
6235 + whr = runtime / 3600;
6236 + runtime -= whr * 3600;
6237 + wmin = runtime / 60;
6238 + runtime -= wmin * 60;
6241 + cputime = (task->times.tms_utime + task->times.tms_stime) / HZ;
6242 + cday = cputime / (3600 * 24);
6243 + cputime -= cday * (3600 * 24);
6244 + chr = cputime / 3600;
6245 + cputime -= chr * 3600;
6246 + cmin = cputime / 60;
6247 + cputime -= cmin * 60;
6250 + security_audit(GR_ACL_PROCACCT_MSG, gr_task_fullpath(task), task->comm,
6251 + task->pid, NIPQUAD(task->curr_ip), tty_name(task->tty,
6253 + task->uid, task->euid, task->gid, task->egid, wday, whr,
6254 + wmin, wsec, cday, chr, cmin, csec,
6256 + flags & PF_SIGNALED) ? "killed by signal" : "exited",
6257 + code, gr_parent_task_fullpath(task),
6258 + task->p_pptr->comm, task->p_pptr->pid,
6259 + NIPQUAD(task->p_pptr->curr_ip),
6260 + tty_name(task->p_pptr->tty, parent_tty),
6261 + task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid,
6262 + task->p_pptr->egid);
6267 +void gr_set_kernel_label(struct task_struct *task)
6269 + if (gr_status & GR_READY) {
6270 + task->role = kernel_role;
6271 + task->acl = kernel_role->root_label;
6275 diff -urN linux-2.4.22/grsecurity/gracl_alloc.c linux-2.4.22/grsecurity/gracl_alloc.c
6276 --- linux-2.4.22/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
6277 +++ linux-2.4.22/grsecurity/gracl_alloc.c 2003-09-02 19:29:42.000000000 -0400
6279 +/* stack-based acl allocation tracking (c) Brad Spengler 2002,2003 */
6281 +#include <linux/kernel.h>
6282 +#include <linux/mm.h>
6283 +#include <linux/slab.h>
6284 +#include <linux/vmalloc.h>
6285 +#include <linux/gracl.h>
6286 +#include <linux/grsecurity.h>
6288 +static unsigned long alloc_stack_next = 1;
6289 +static unsigned long alloc_stack_size = 1;
6290 +static void **alloc_stack;
6292 +static __inline__ int
6295 + if ((alloc_stack_next - 1) == 0)
6298 + if (*(alloc_stack + alloc_stack_next - 2))
6299 + kfree(*(alloc_stack + alloc_stack_next - 2));
6301 + alloc_stack_next--;
6306 +static __inline__ void
6307 +alloc_push(void *buf)
6309 + if (alloc_stack_next >= alloc_stack_size)
6312 + *(alloc_stack + alloc_stack_next - 1) = buf;
6314 + alloc_stack_next++;
6320 +acl_alloc(unsigned long len)
6324 + if (len > PAGE_SIZE)
6327 + ret = kmalloc(len, GFP_KERNEL);
6338 + if (gr_acl_is_enabled() || !alloc_stack)
6341 + while (alloc_pop()) ;
6343 + if (alloc_stack) {
6344 + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
6345 + kfree(alloc_stack);
6347 + vfree(alloc_stack);
6350 + alloc_stack = NULL;
6351 + alloc_stack_size = 1;
6352 + alloc_stack_next = 1;
6358 +acl_alloc_stack_init(unsigned long size)
6360 + if ((size * sizeof (void *)) <= PAGE_SIZE)
6362 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
6364 + alloc_stack = (void **) vmalloc(size * sizeof (void *));
6366 + alloc_stack_size = size;
6373 diff -urN linux-2.4.22/grsecurity/gracl_cap.c linux-2.4.22/grsecurity/gracl_cap.c
6374 --- linux-2.4.22/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
6375 +++ linux-2.4.22/grsecurity/gracl_cap.c 2003-09-02 19:29:42.000000000 -0400
6377 +/* capability handling routines, (c) Brad Spengler 2002,2003 */
6379 +#include <linux/kernel.h>
6380 +#include <linux/sched.h>
6381 +#include <linux/capability.h>
6382 +#include <linux/gracl.h>
6383 +#include <linux/grsecurity.h>
6384 +#include <linux/grinternal.h>
6386 +static const char *captab_log[29] = {
6388 + "CAP_DAC_OVERRIDE",
6389 + "CAP_DAC_READ_SEARCH",
6396 + "CAP_LINUX_IMMUTABLE",
6397 + "CAP_NET_BIND_SERVICE",
6398 + "CAP_NET_BROADCAST",
6411 + "CAP_SYS_RESOURCE",
6413 + "CAP_SYS_TTY_CONFIG",
6419 +gr_is_capable(const int cap)
6421 + struct acl_subject_label *curracl;
6423 + if (!gr_acl_is_enabled())
6426 + curracl = current->acl;
6428 + if (!cap_raised(curracl->cap_lower, cap))
6431 + if ((curracl->mode & GR_LEARN)
6432 + && cap_raised(current->cap_effective, cap)) {
6433 + security_learn(GR_LEARN_AUDIT_MSG, current->role->rolename,
6434 + current->role->roletype, current->uid,
6435 + current->gid, current->exec_file ?
6436 + gr_to_filename(current->exec_file->f_dentry,
6437 + current->exec_file->f_vfsmnt) : curracl->filename,
6438 + curracl->filename, 0UL,
6439 + 0UL, "", (unsigned long) cap, NIPQUAD(current->curr_ip));
6443 + if ((cap >= 0) && (cap < 29) && cap_raised(current->cap_effective, cap))
6444 + security_alert(GR_CAP_ACL_MSG, captab_log[cap], DEFAULTSECARGS);
6448 diff -urN linux-2.4.22/grsecurity/gracl_fs.c linux-2.4.22/grsecurity/gracl_fs.c
6449 --- linux-2.4.22/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
6450 +++ linux-2.4.22/grsecurity/gracl_fs.c 2003-09-02 19:29:42.000000000 -0400
6452 +#include <linux/kernel.h>
6453 +#include <linux/sched.h>
6454 +#include <linux/types.h>
6455 +#include <linux/fs.h>
6456 +#include <linux/file.h>
6457 +#include <linux/grsecurity.h>
6458 +#include <linux/grinternal.h>
6459 +#include <linux/gracl.h>
6462 +gr_acl_handle_hidden_file(const struct dentry * dentry,
6463 + const struct vfsmount * mnt)
6467 + if (unlikely(!dentry->d_inode))
6471 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
6473 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
6474 + security_audit(GR_HIDDEN_ACL_MSG, "successful",
6475 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
6477 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
6478 + security_alert(GR_HIDDEN_ACL_MSG, "denied",
6479 + gr_to_filename(dentry, mnt),
6482 + } else if (unlikely(!(mode & GR_FIND)))
6489 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
6492 + __u32 reqmode = GR_FIND;
6495 + if (unlikely(!dentry->d_inode))
6498 + if (unlikely(fmode & O_APPEND))
6499 + reqmode |= GR_APPEND;
6500 + else if (unlikely(fmode & FMODE_WRITE))
6501 + reqmode |= GR_WRITE;
6502 + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
6503 + reqmode |= GR_READ;
6506 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
6509 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6510 + security_audit(GR_OPEN_ACL_MSG, "successful",
6511 + gr_to_filename(dentry, mnt),
6512 + reqmode & GR_READ ? " reading" : "",
6513 + reqmode & GR_WRITE ? " writing" :
6514 + reqmode & GR_APPEND ? " appending" : "",
6518 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6520 + security_alert(GR_OPEN_ACL_MSG, "denied",
6521 + gr_to_filename(dentry, mnt),
6522 + reqmode & GR_READ ? " reading" : "",
6523 + reqmode & GR_WRITE ? " writing" : reqmode &
6524 + GR_APPEND ? " appending" : "", DEFAULTSECARGS);
6526 + } else if (unlikely((mode & reqmode) != reqmode))
6533 +gr_acl_handle_creat(const struct dentry * dentry,
6534 + const struct dentry * p_dentry,
6535 + const struct vfsmount * p_mnt, const int fmode,
6538 + __u32 reqmode = GR_WRITE | GR_CREATE;
6541 + if (unlikely(fmode & O_APPEND))
6542 + reqmode |= GR_APPEND;
6543 + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
6544 + reqmode |= GR_READ;
6545 + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
6546 + reqmode |= GR_SETID;
6549 + gr_check_create(dentry, p_dentry, p_mnt,
6550 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
6552 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6553 + security_audit(GR_CREATE_ACL_MSG, "successful",
6554 + gr_to_filename(dentry, p_mnt),
6555 + reqmode & GR_READ ? " reading" : "",
6556 + reqmode & GR_WRITE ? " writing" :
6557 + reqmode & GR_APPEND ? " appending" : "",
6561 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6563 + security_alert(GR_CREATE_ACL_MSG, "denied",
6564 + gr_to_filename(dentry, p_mnt),
6565 + reqmode & GR_READ ? " reading" : "",
6566 + reqmode & GR_WRITE ? " writing" : reqmode &
6567 + GR_APPEND ? " appending" : "", DEFAULTSECARGS);
6569 + } else if (unlikely((mode & reqmode) != reqmode))
6576 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
6579 + __u32 mode, reqmode = GR_FIND;
6581 + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
6582 + reqmode |= GR_EXEC;
6583 + if (fmode & S_IWOTH)
6584 + reqmode |= GR_WRITE;
6585 + if (fmode & S_IROTH)
6586 + reqmode |= GR_READ;
6589 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
6592 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
6593 + security_audit(GR_ACCESS_ACL_MSG, "successful",
6594 + gr_to_filename(dentry, mnt),
6595 + reqmode & GR_READ ? " reading" : "",
6596 + reqmode & GR_WRITE ? " writing" : "",
6597 + reqmode & GR_EXEC ? " executing" : "",
6601 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
6603 + security_alert(GR_ACCESS_ACL_MSG, "denied",
6604 + gr_to_filename(dentry, mnt),
6605 + reqmode & GR_READ ? " reading" : "",
6606 + reqmode & GR_WRITE ? " writing" : "",
6607 + reqmode & GR_EXEC ? " executing" : "",
6610 + } else if (unlikely((mode & reqmode) != reqmode))
6616 +#define generic_fs_handler(dentry, mnt, reqmode, fmt) \
6620 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); \
6622 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \
6623 + security_audit(fmt, "successful", \
6624 + gr_to_filename(dentry, mnt), DEFAULTSECARGS); \
6626 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \
6627 + security_alert(fmt, "denied", gr_to_filename(dentry, mnt), \
6628 + DEFAULTSECARGS); \
6630 + } else if (unlikely((mode & (reqmode)) != (reqmode))) \
6633 + return (reqmode); \
6637 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
6639 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
6643 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
6645 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
6649 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
6651 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
6655 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
6657 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
6661 +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
6664 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
6665 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
6666 + GR_FCHMOD_ACL_MSG);
6668 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
6673 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
6676 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
6677 + generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
6678 + GR_CHMOD_ACL_MSG);
6680 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
6685 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
6687 + generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
6691 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
6693 + generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
6697 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
6699 + generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
6700 + GR_UNIXCONNECT_ACL_MSG);
6704 +gr_acl_handle_filldir(const struct dentry *dentry, const struct vfsmount *mnt,
6707 + if (likely((unsigned long)(dentry->d_inode))) {
6708 + struct dentry d = *dentry;
6709 + struct inode inode = *(dentry->d_inode);
6711 + inode.i_ino = ino;
6712 + d.d_inode = &inode;
6714 + if (unlikely(!gr_search_file(&d, GR_FIND | GR_NOLEARN, mnt)))
6722 +gr_acl_handle_link(const struct dentry * new_dentry,
6723 + const struct dentry * parent_dentry,
6724 + const struct vfsmount * parent_mnt,
6725 + const struct dentry * old_dentry,
6726 + const struct vfsmount * old_mnt, const char *to)
6728 + __u32 needmode = GR_WRITE | GR_CREATE;
6732 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
6735 + if (unlikely(((mode & needmode) == needmode) && mode & GR_AUDITS)) {
6736 + security_audit(GR_LINK_ACL_MSG, "successful",
6737 + gr_to_filename(old_dentry, old_mnt), to,
6740 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
6741 + security_alert(GR_LINK_ACL_MSG, "denied",
6742 + gr_to_filename(old_dentry, old_mnt), to,
6745 + } else if (unlikely((mode & needmode) != needmode))
6748 + return (GR_WRITE | GR_CREATE);
6752 +gr_acl_handle_symlink(const struct dentry * new_dentry,
6753 + const struct dentry * parent_dentry,
6754 + const struct vfsmount * parent_mnt, const char *from)
6756 + __u32 needmode = GR_WRITE | GR_CREATE;
6760 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
6761 + GR_CREATE | GR_AUDIT_CREATE |
6762 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
6764 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
6765 + security_audit(GR_SYMLINK_ACL_MSG, "successful",
6766 + from, gr_to_filename(new_dentry, parent_mnt),
6769 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
6770 + security_alert(GR_SYMLINK_ACL_MSG, "denied",
6771 + from, gr_to_filename(new_dentry, parent_mnt),
6774 + } else if (unlikely((mode & needmode) != needmode))
6777 + return (GR_WRITE | GR_CREATE);
6780 +#define generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, reqmode, fmt) \
6784 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); \
6786 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { \
6787 + security_audit(fmt, "successful", \
6788 + gr_to_filename(new_dentry, parent_mnt), \
6789 + DEFAULTSECARGS); \
6791 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { \
6792 + security_alert(fmt, "denied", \
6793 + gr_to_filename(new_dentry, parent_mnt), \
6794 + DEFAULTSECARGS); \
6796 + } else if (unlikely((mode & (reqmode)) != (reqmode))) \
6799 + return (reqmode); \
6803 +gr_acl_handle_mknod(const struct dentry * new_dentry,
6804 + const struct dentry * parent_dentry,
6805 + const struct vfsmount * parent_mnt,
6808 + __u32 reqmode = GR_WRITE | GR_CREATE;
6809 + if (unlikely(mode & (S_ISUID | S_ISGID)))
6810 + reqmode |= GR_SETID;
6812 + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6813 + reqmode, GR_MKNOD_ACL_MSG);
6817 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
6818 + const struct dentry *parent_dentry,
6819 + const struct vfsmount *parent_mnt)
6821 + generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
6822 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
6825 +#define RENAME_CHECK_SUCCESS(old, new) \
6826 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
6827 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
6830 +gr_acl_handle_rename(struct dentry *new_dentry,
6831 + struct dentry *parent_dentry,
6832 + const struct vfsmount *parent_mnt,
6833 + struct dentry *old_dentry,
6834 + struct inode *old_parent_inode,
6835 + struct vfsmount *old_mnt, const char *newname)
6837 + __u8 gr_replace = 1;
6838 + __u32 comp1, comp2;
6841 + if (unlikely(!gr_acl_is_enabled()))
6844 + if (!new_dentry->d_inode) {
6847 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
6848 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
6849 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
6850 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
6851 + GR_DELETE | GR_AUDIT_DELETE |
6852 + GR_AUDIT_READ | GR_AUDIT_WRITE |
6853 + GR_SUPPRESS, old_mnt);
6855 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
6856 + GR_CREATE | GR_DELETE |
6857 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
6858 + GR_AUDIT_READ | GR_AUDIT_WRITE |
6859 + GR_SUPPRESS, parent_mnt);
6861 + gr_search_file(old_dentry,
6862 + GR_READ | GR_WRITE | GR_AUDIT_READ |
6863 + GR_DELETE | GR_AUDIT_DELETE |
6864 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
6867 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
6868 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
6869 + security_audit(GR_RENAME_ACL_MSG, "successful",
6870 + gr_to_filename(old_dentry, old_mnt),
6871 + newname, DEFAULTSECARGS);
6872 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
6873 + && !(comp2 & GR_SUPPRESS)) {
6874 + security_alert(GR_RENAME_ACL_MSG, "denied",
6875 + gr_to_filename(old_dentry, old_mnt), newname,
6878 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
6884 + error = gr_handle_rename(old_parent_inode, parent_dentry->d_inode,
6885 + old_dentry, new_dentry, old_mnt, gr_replace);
6891 +gr_acl_handle_exit(void)
6896 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
6897 + id = current->acl_role_id;
6898 + rolename = current->role->rolename;
6900 + security_alert_good(GR_SPROLEL_ACL_MSG,
6901 + rolename, id, DEFAULTSECARGS);
6904 + if (current->exec_file) {
6905 + fput(current->exec_file);
6906 + current->exec_file = NULL;
6911 +gr_acl_handle_procpidmem(const struct task_struct *task)
6913 + if (unlikely(!gr_acl_is_enabled()))
6916 + if (task->acl->mode & GR_PROTPROCFD)
6921 diff -urN linux-2.4.22/grsecurity/gracl_ip.c linux-2.4.22/grsecurity/gracl_ip.c
6922 --- linux-2.4.22/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
6923 +++ linux-2.4.22/grsecurity/gracl_ip.c 2003-09-02 19:29:42.000000000 -0400
6926 + * grsecurity/gracl_ip.c
6927 + * Copyright Brad Spengler 2002, 2003
6931 +#include <linux/kernel.h>
6932 +#include <asm/uaccess.h>
6933 +#include <asm/errno.h>
6934 +#include <net/sock.h>
6935 +#include <linux/file.h>
6936 +#include <linux/fs.h>
6937 +#include <linux/net.h>
6938 +#include <linux/in.h>
6939 +#include <linux/skbuff.h>
6940 +#include <linux/ip.h>
6941 +#include <linux/udp.h>
6942 +#include <linux/smp_lock.h>
6943 +#include <linux/types.h>
6944 +#include <linux/sched.h>
6945 +#include <linux/gracl.h>
6946 +#include <linux/grsecurity.h>
6947 +#include <linux/grinternal.h>
6949 +#define GR_BIND 0x01
6950 +#define GR_CONNECT 0x02
6952 +static const char * gr_protocols[256] = {
6953 + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
6954 + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
6955 + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
6956 + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
6957 + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
6958 + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
6959 + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
6960 + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
6961 + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
6962 + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
6963 + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
6964 + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
6965 + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
6966 + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
6967 + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
6968 + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
6969 + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
6970 + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
6971 + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
6972 + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
6973 + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
6974 + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
6975 + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
6976 + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
6977 + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
6978 + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
6979 + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
6980 + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
6981 + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
6982 + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
6983 + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
6984 + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
6987 +static const char * gr_socktypes[11] = {
6988 + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
6989 + "unknown:7", "unknown:8", "unknown:9", "packet"
6992 +static __inline__ const char *
6993 +gr_proto_to_name(unsigned char proto)
6995 + return gr_protocols[proto];
6998 +static __inline__ const char *
6999 +gr_socktype_to_name(unsigned char type)
7001 + return gr_socktypes[type];
7005 +gr_search_socket(const int domain, const int type, const int protocol)
7007 + struct acl_subject_label *curr;
7009 + if (unlikely(!gr_acl_is_enabled()))
7012 + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
7013 + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
7014 + goto exit; // let the kernel handle it
7016 + curr = current->acl;
7021 + if ((curr->ip_type & (1 << type)) &&
7022 + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
7025 + if (curr->mode & GR_LEARN) {
7026 + /* we don't place acls on raw sockets , and sometimes
7027 + dgram/ip sockets are opened for ioctl and not
7028 + bind/connect, so we'll fake a bind learn log */
7029 + if (type == SOCK_RAW || type == SOCK_PACKET) {
7031 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
7032 + current->role->roletype, current->uid,
7033 + current->gid, current->exec_file ?
7034 + gr_to_filename(current->exec_file->f_dentry,
7035 + current->exec_file->f_vfsmnt) :
7036 + curr->filename, curr->filename,
7037 + NIPQUAD(fakeip), 0, type,
7038 + protocol, GR_CONNECT, NIPQUAD(current->curr_ip));
7039 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
7041 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
7042 + current->role->roletype, current->uid,
7043 + current->gid, current->exec_file ?
7044 + gr_to_filename(current->exec_file->f_dentry,
7045 + current->exec_file->f_vfsmnt) :
7046 + curr->filename, curr->filename,
7047 + NIPQUAD(fakeip), 0, type,
7048 + protocol, GR_BIND, NIPQUAD(current->curr_ip));
7050 + /* we'll log when they use connect or bind */
7054 + security_alert(GR_SOCK_MSG, "inet", gr_socktype_to_name(type),
7055 + gr_proto_to_name(protocol), DEFAULTSECARGS);
7062 +static __inline__ int
7063 +gr_search_connectbind(const int mode, const struct sock *sk,
7064 + const struct sockaddr_in *addr, const int type)
7066 + struct acl_subject_label *curr;
7067 + struct acl_ip_label *ip;
7069 + __u32 ip_addr = 0;
7070 + __u16 ip_port = 0;
7072 + if (unlikely(!gr_acl_is_enabled() || sk->family != PF_INET))
7075 + curr = current->acl;
7080 + ip_addr = addr->sin_addr.s_addr;
7081 + ip_port = ntohs(addr->sin_port);
7083 + for (i = 0; i < curr->ip_num; i++) {
7084 + ip = *(curr->ips + i);
7085 + if ((ip->mode & mode) &&
7086 + (ip_port >= ip->low) &&
7087 + (ip_port <= ip->high) &&
7088 + ((ntohl(ip_addr) & ip->netmask) ==
7089 + (ntohl(ip->addr) & ip->netmask))
7091 + proto[sk->protocol / 32] & (1 << (sk->protocol % 32)))
7092 + && (ip->type & (1 << type)))
7096 + if (curr->mode & GR_LEARN) {
7097 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
7098 + current->role->roletype, current->uid,
7099 + current->gid, current->exec_file ?
7100 + gr_to_filename(current->exec_file->f_dentry,
7101 + current->exec_file->f_vfsmnt) :
7102 + curr->filename, curr->filename,
7103 + NIPQUAD(ip_addr), ip_port, type,
7104 + sk->protocol, mode, NIPQUAD(current->curr_ip));
7108 + if (mode == GR_BIND)
7109 + security_alert(GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port,
7110 + gr_socktype_to_name(type), gr_proto_to_name(sk->protocol),
7112 + else if (mode == GR_CONNECT)
7113 + security_alert(GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port,
7114 + gr_socktype_to_name(type), gr_proto_to_name(sk->protocol),
7121 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
7123 + return gr_search_connectbind(GR_CONNECT, sock->sk, addr, sock->type);
7127 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
7129 + return gr_search_connectbind(GR_BIND, sock->sk, addr, sock->type);
7133 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
7136 + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
7138 + struct sockaddr_in sin;
7140 + sin.sin_addr.s_addr = sk->daddr;
7141 + sin.sin_port = sk->dport;
7143 + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM);
7148 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
7150 + struct sockaddr_in sin;
7152 + if (unlikely(skb->len < sizeof (struct udphdr)))
7153 + return 1; // skip this packet
7155 + sin.sin_addr.s_addr = skb->nh.iph->saddr;
7156 + sin.sin_port = skb->h.uh->source;
7158 + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM);
7160 diff -urN linux-2.4.22/grsecurity/gracl_learn.c linux-2.4.22/grsecurity/gracl_learn.c
7161 --- linux-2.4.22/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
7162 +++ linux-2.4.22/grsecurity/gracl_learn.c 2003-09-02 19:29:42.000000000 -0400
7164 +#include <linux/kernel.h>
7165 +#include <linux/mm.h>
7166 +#include <linux/sched.h>
7167 +#include <linux/poll.h>
7168 +#include <linux/smp_lock.h>
7169 +#include <linux/string.h>
7170 +#include <linux/file.h>
7171 +#include <linux/types.h>
7172 +#include <linux/vmalloc.h>
7173 +#include <linux/grinternal.h>
7175 +extern ssize_t write_grsec_handler(struct file * file, const char * buf,
7176 + size_t count, loff_t *ppos);
7177 +extern int gr_acl_is_enabled(void);
7179 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
7180 +static DECLARE_WAIT_QUEUE_HEAD(input_wait);
7181 +static atomic_t learn_buffer_count = ATOMIC_INIT(0);
7182 +static int gr_learn_attached;
7184 +#define LEARN_BUFFER_SLOTS 256
7185 +#define LEARN_BUFFER_SIZE 16384
7187 +static spinlock_t learn_buffer_lock[LEARN_BUFFER_SLOTS] = { [0 ... (LEARN_BUFFER_SLOTS - 1)] = SPIN_LOCK_UNLOCKED };
7188 +static char *learn_buffer[LEARN_BUFFER_SLOTS];
7189 +static int learn_buffer_len[LEARN_BUFFER_SLOTS];
7192 +read_learn(struct file *file, char * buf, size_t count, loff_t * ppos)
7194 + DECLARE_WAITQUEUE(wait, current);
7195 + ssize_t retval = 0;
7200 + add_wait_queue(&learn_wait, &wait);
7201 + set_current_state(TASK_INTERRUPTIBLE);
7203 + if (atomic_read(&learn_buffer_count) > 1)
7206 + if (file->f_flags & O_NONBLOCK) {
7210 + if (signal_pending(current)) {
7211 + retval = -ERESTARTSYS;
7219 + for (i = 0; i < LEARN_BUFFER_SLOTS; i++) {
7220 + spin_lock(&learn_buffer_lock[i]);
7221 + len = learn_buffer_len[i];
7222 + tmp = learn_buffer[i];
7223 + if (!len || !tmp) {
7224 + spin_unlock(&learn_buffer_lock[i]);
7227 + learn_buffer[i] = NULL;
7228 + learn_buffer_len[i] = 0;
7229 + spin_unlock(&learn_buffer_lock[i]);
7231 + if (count < ((i * LEARN_BUFFER_SIZE) + len)) {
7236 + if (copy_to_user(buf + (i * LEARN_BUFFER_SIZE), tmp, len)) {
7244 + atomic_dec(&learn_buffer_count);
7245 + atomic_dec(&learn_buffer_count);
7248 + wake_up(&input_wait);
7250 + set_current_state(TASK_RUNNING);
7251 + remove_wait_queue(&learn_wait, &wait);
7255 +static unsigned int
7256 +poll_learn(struct file * file, poll_table * wait)
7258 + poll_wait(file, &learn_wait, wait);
7260 + if (atomic_read(&learn_buffer_count) > 1)
7261 + return (POLLIN | POLLRDNORM);
7267 +gr_clear_learn_entries(void)
7271 + atomic_set(&learn_buffer_count, 0);
7272 + wake_up(&input_wait);
7274 + for (i = 0; i < LEARN_BUFFER_SLOTS; i++) {
7275 + if (learn_buffer_len[i]) {
7276 + vfree(learn_buffer[i]);
7277 + learn_buffer[i] = NULL;
7278 + learn_buffer_len[i] = 0;
7286 +gr_add_learn_entry(const char *fmt, ...)
7288 + DECLARE_WAITQUEUE(wait, current);
7295 + if (!gr_learn_attached)
7298 + tmpbuf = vmalloc(LEARN_BUFFER_SIZE);
7300 + if (tmpbuf == NULL)
7303 + va_start(args, fmt);
7304 + len = vsnprintf(tmpbuf, LEARN_BUFFER_SIZE, fmt, args);
7308 + len = LEARN_BUFFER_SIZE - 1;
7310 + buf = vmalloc(len + 1);
7312 + if (buf == NULL) {
7317 + memcpy(buf, tmpbuf, len);
7321 + add_wait_queue(&input_wait, &wait);
7323 + atomic_inc(&learn_buffer_count);
7324 + if (atomic_read(&learn_buffer_count) > ((2 * (LEARN_BUFFER_SLOTS - 1)) + 1)) {
7325 + /* don't sleep under the BKL */
7326 +// if (unlikely(current->lock_depth >= 0)) {
7327 + remove_wait_queue(&input_wait, &wait);
7328 + atomic_dec(&learn_buffer_count);
7332 +// sleep_on(&input_wait);
7335 + if (!gr_acl_is_enabled()) {
7336 + remove_wait_queue(&input_wait, &wait);
7337 + atomic_dec(&learn_buffer_count);
7342 + for (i = 0; i < LEARN_BUFFER_SLOTS; i++) {
7343 + spin_lock(&learn_buffer_lock[i]);
7345 + if (learn_buffer_len[i]) {
7346 + spin_unlock(&learn_buffer_lock[i]);
7350 + learn_buffer[i] = buf;
7352 + learn_buffer_len[i] = len + 1;
7354 + atomic_inc(&learn_buffer_count);
7355 + spin_unlock(&learn_buffer_lock[i]);
7359 + remove_wait_queue(&input_wait, &wait);
7360 + wake_up_interruptible(&learn_wait);
7366 +open_learn(struct inode *inode, struct file *file)
7368 + if (file->f_mode & FMODE_READ && gr_learn_attached)
7370 + else if (file->f_mode & FMODE_READ)
7371 + gr_learn_attached = 1;
7377 +close_learn(struct inode *inode, struct file *file)
7379 + if (file->f_mode & FMODE_READ)
7380 + gr_learn_attached = 0;
7385 +struct file_operations grsec_fops = {
7387 + write: write_grsec_handler,
7389 + release: close_learn,
7392 diff -urN linux-2.4.22/grsecurity/gracl_res.c linux-2.4.22/grsecurity/gracl_res.c
7393 --- linux-2.4.22/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
7394 +++ linux-2.4.22/grsecurity/gracl_res.c 2003-09-02 19:29:42.000000000 -0400
7396 +/* resource handling routines (c) Brad Spengler 2002, 2003 */
7398 +#include <linux/kernel.h>
7399 +#include <linux/sched.h>
7400 +#include <linux/gracl.h>
7401 +#include <linux/grinternal.h>
7403 +static const char *restab_log[11] = {
7418 +gr_log_resource(const struct task_struct *task,
7419 + const int res, const unsigned long wanted)
7421 + if (unlikely(res == RLIMIT_NPROC &&
7422 + (cap_raised(task->cap_effective, CAP_SYS_ADMIN) ||
7423 + cap_raised(task->cap_effective, CAP_SYS_RESOURCE))))
7426 + if (unlikely(wanted >= task->rlim[res].rlim_cur &&
7427 + task->rlim[res].rlim_cur != RLIM_INFINITY))
7428 + security_alert(GR_RESOURCE_MSG, wanted, restab_log[res],
7429 + task->rlim[res].rlim_cur,
7430 + gr_task_fullpath(task), task->comm,
7431 + task->pid, task->uid, task->euid,
7432 + task->gid, task->egid,
7433 + gr_parent_task_fullpath(task),
7434 + task->p_pptr->comm,
7435 + task->p_pptr->pid, task->p_pptr->uid,
7436 + task->p_pptr->euid, task->p_pptr->gid,
7437 + task->p_pptr->egid);
7441 diff -urN linux-2.4.22/grsecurity/gracl_segv.c linux-2.4.22/grsecurity/gracl_segv.c
7442 --- linux-2.4.22/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
7443 +++ linux-2.4.22/grsecurity/gracl_segv.c 2003-09-02 19:29:42.000000000 -0400
7446 + * grsecurity/gracl_segv.c
7447 + * Copyright Brad Spengler 2002, 2003
7451 +#include <linux/kernel.h>
7452 +#include <linux/mm.h>
7453 +#include <asm/uaccess.h>
7454 +#include <asm/errno.h>
7455 +#include <asm/mman.h>
7456 +#include <net/sock.h>
7457 +#include <linux/file.h>
7458 +#include <linux/fs.h>
7459 +#include <linux/net.h>
7460 +#include <linux/in.h>
7461 +#include <linux/smp_lock.h>
7462 +#include <linux/slab.h>
7463 +#include <linux/types.h>
7464 +#include <linux/sched.h>
7465 +#include <linux/timer.h>
7466 +#include <linux/gracl.h>
7467 +#include <linux/grsecurity.h>
7468 +#include <linux/grinternal.h>
7470 +static struct crash_uid *uid_set;
7471 +static unsigned short uid_used;
7472 +static rwlock_t gr_uid_lock = RW_LOCK_UNLOCKED;
7473 +extern rwlock_t gr_inode_lock;
7474 +extern __inline__ struct acl_subject_label *lookup_acl_subj_label(const ino_t
7483 +gr_init_uidset(void)
7486 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
7489 + return uid_set ? 1 : 0;
7493 +gr_free_uidset(void)
7502 +gr_find_uid(const uid_t uid)
7504 + struct crash_uid *tmp = uid_set;
7506 + int low = 0, high = uid_used - 1, mid;
7508 + while (high >= low) {
7509 + mid = (low + high) >> 1;
7510 + buid = tmp[mid].uid;
7522 +static __inline__ void
7523 +gr_insertsort(void)
7525 + unsigned short i, j;
7526 + struct crash_uid index;
7528 + for (i = 1; i < uid_used; i++) {
7529 + index = uid_set[i];
7531 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
7532 + uid_set[j] = uid_set[j - 1];
7535 + uid_set[j] = index;
7541 +static __inline__ void
7542 +gr_insert_uid(const uid_t uid, const unsigned long expires)
7546 + if (uid_used == GR_UIDTABLE_MAX)
7549 + loc = gr_find_uid(uid);
7552 + uid_set[loc].expires = expires;
7556 + uid_set[uid_used].uid = uid;
7557 + uid_set[uid_used].expires = expires;
7566 +gr_remove_uid(const unsigned short loc)
7570 + for (i = loc + 1; i < uid_used; i++)
7571 + uid_set[i - i] = uid_set[i];
7579 +gr_check_crash_uid(const uid_t uid)
7583 + if (unlikely(!gr_acl_is_enabled()))
7586 + read_lock(&gr_uid_lock);
7587 + loc = gr_find_uid(uid);
7588 + read_unlock(&gr_uid_lock);
7593 + write_lock(&gr_uid_lock);
7594 + if (time_before_eq(uid_set[loc].expires, jiffies))
7595 + gr_remove_uid(loc);
7597 + write_unlock(&gr_uid_lock);
7601 + write_unlock(&gr_uid_lock);
7605 +static __inline__ int
7606 +proc_is_setxid(const struct task_struct *task)
7608 + if (task->uid != task->euid || task->uid != task->suid ||
7609 + task->uid != task->fsuid)
7611 + if (task->gid != task->egid || task->gid != task->sgid ||
7612 + task->gid != task->fsgid)
7617 +static __inline__ int
7618 +gr_fake_force_sig(int sig, struct task_struct *t)
7620 + unsigned long int flags;
7622 + spin_lock_irqsave(&t->sigmask_lock, flags);
7623 + if (t->sig == NULL) {
7624 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
7628 + if (t->sig->action[sig - 1].sa.sa_handler == SIG_IGN)
7629 + t->sig->action[sig - 1].sa.sa_handler = SIG_DFL;
7630 + sigdelset(&t->blocked, sig);
7631 + recalc_sigpending(t);
7632 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
7634 + return send_sig_info(sig, (void *) 1L, t);
7638 +gr_handle_crash(struct task_struct *task, const int sig)
7640 + struct acl_subject_label *curr;
7641 + struct acl_subject_label *curr2;
7642 + struct task_struct *tsk;
7644 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
7647 + if (unlikely(!gr_acl_is_enabled()))
7652 + if (!(curr->resmask & (1 << GR_CRASH_RES)))
7655 + if (time_before_eq(curr->expires, jiffies)) {
7656 + curr->expires = 0;
7657 + curr->crashes = 0;
7662 + if (!curr->expires)
7663 + curr->expires = jiffies + curr->res[GR_CRASH_RES].rlim_max;
7665 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
7666 + time_after(curr->expires, jiffies)) {
7667 + if (task->uid && proc_is_setxid(task)) {
7668 + security_alert(GR_SEGVSTART_ACL_MSG,
7669 + gr_task_fullpath(task), task->comm,
7670 + task->pid, task->uid, task->euid,
7671 + task->gid, task->egid,
7672 + gr_parent_task_fullpath(task),
7673 + task->p_pptr->comm, task->p_pptr->pid,
7674 + task->p_pptr->uid, task->p_pptr->euid,
7675 + task->p_pptr->gid, task->p_pptr->egid,
7677 + curr->res[GR_CRASH_RES].rlim_max / HZ);
7678 + write_lock(&gr_uid_lock);
7679 + gr_insert_uid(task->uid, curr->expires);
7680 + write_unlock(&gr_uid_lock);
7681 + curr->expires = 0;
7682 + curr->crashes = 0;
7683 + read_lock(&tasklist_lock);
7684 + for_each_task(tsk) {
7685 + if (tsk != task && tsk->uid == task->uid)
7686 + gr_fake_force_sig(SIGKILL, tsk);
7688 + read_unlock(&tasklist_lock);
7690 + security_alert(GR_SEGVNOSUID_ACL_MSG,
7691 + gr_task_fullpath(task), task->comm,
7692 + task->pid, task->uid, task->euid,
7693 + task->gid, task->egid,
7694 + gr_parent_task_fullpath(task),
7695 + task->p_pptr->comm, task->p_pptr->pid,
7696 + task->p_pptr->uid, task->p_pptr->euid,
7697 + task->p_pptr->gid, task->p_pptr->egid,
7698 + kdevname(curr->device), curr->inode,
7699 + curr->res[GR_CRASH_RES].rlim_max / HZ);
7700 + read_lock(&tasklist_lock);
7701 + for_each_task(tsk) {
7702 + if (likely(tsk != task)) {
7705 + if (curr2->device == curr->device &&
7706 + curr2->inode == curr->inode)
7707 + gr_fake_force_sig(SIGKILL, tsk);
7710 + read_unlock(&tasklist_lock);
7718 +gr_check_crash_exec(const struct file *filp)
7720 + struct acl_subject_label *curr;
7722 + if (unlikely(!gr_acl_is_enabled()))
7725 + read_lock(&gr_inode_lock);
7726 + curr = lookup_acl_subj_label(filp->f_dentry->d_inode->i_ino,
7727 + filp->f_dentry->d_inode->i_dev,
7729 + read_unlock(&gr_inode_lock);
7731 + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
7732 + (!curr->crashes && !curr->expires))
7735 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
7736 + time_after(curr->expires, jiffies))
7738 + else if (time_before_eq(curr->expires, jiffies)) {
7739 + curr->crashes = 0;
7740 + curr->expires = 0;
7747 +gr_handle_alertkill(void)
7749 + struct acl_subject_label *curracl;
7751 + struct task_struct *task;
7753 + if (unlikely(!gr_acl_is_enabled()))
7756 + curracl = current->acl;
7757 + curr_ip = current->curr_ip;
7759 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip &&
7760 + (curr_ip != 0xffffffff)) {
7761 + read_lock(&tasklist_lock);
7762 + for_each_task(task) {
7763 + if (task->curr_ip == curr_ip)
7764 + gr_fake_force_sig(SIGKILL, task);
7766 + read_unlock(&tasklist_lock);
7767 + } else if (curracl->mode & GR_KILLPROC)
7768 + gr_fake_force_sig(SIGKILL, current);
7772 diff -urN linux-2.4.22/grsecurity/gracl_shm.c linux-2.4.22/grsecurity/gracl_shm.c
7773 --- linux-2.4.22/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
7774 +++ linux-2.4.22/grsecurity/gracl_shm.c 2003-09-02 19:29:42.000000000 -0400
7776 +/* shared memory handling routines, (c) Brad Spengler 2002, 2003 */
7778 +#include <linux/kernel.h>
7779 +#include <linux/mm.h>
7780 +#include <linux/sched.h>
7781 +#include <linux/file.h>
7782 +#include <linux/ipc.h>
7783 +#include <linux/gracl.h>
7784 +#include <linux/grsecurity.h>
7785 +#include <linux/grinternal.h>
7788 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
7789 + const time_t shm_createtime, const uid_t cuid, const int shmid)
7791 + struct task_struct *task;
7793 + if (!gr_acl_is_enabled())
7796 + task = find_task_by_pid(shm_cprid);
7798 + if (unlikely(!task))
7799 + task = find_task_by_pid(shm_lapid);
7801 + if (unlikely(task && ((task->start_time < shm_createtime) ||
7802 + (task->pid == shm_lapid)) &&
7803 + (task->acl->mode & GR_PROTSHM) &&
7804 + (task->acl != current->acl))) {
7805 + security_alert(GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid,
7812 diff -urN linux-2.4.22/grsecurity/grsec_chdir.c linux-2.4.22/grsecurity/grsec_chdir.c
7813 --- linux-2.4.22/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
7814 +++ linux-2.4.22/grsecurity/grsec_chdir.c 2003-09-02 19:29:42.000000000 -0400
7816 +#include <linux/kernel.h>
7817 +#include <linux/sched.h>
7818 +#include <linux/fs.h>
7819 +#include <linux/file.h>
7820 +#include <linux/grsecurity.h>
7821 +#include <linux/grinternal.h>
7824 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
7826 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
7827 + if ((grsec_enable_chdir && grsec_enable_group &&
7828 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
7829 + !grsec_enable_group)) {
7830 + security_audit(GR_CHDIR_AUDIT_MSG, gr_to_filename(dentry, mnt),
7836 diff -urN linux-2.4.22/grsecurity/grsec_chroot.c linux-2.4.22/grsecurity/grsec_chroot.c
7837 --- linux-2.4.22/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
7838 +++ linux-2.4.22/grsecurity/grsec_chroot.c 2003-09-02 19:29:42.000000000 -0400
7840 +#include <linux/kernel.h>
7841 +#include <linux/sched.h>
7842 +#include <linux/file.h>
7843 +#include <linux/fs.h>
7844 +#include <linux/types.h>
7845 +#include <linux/grinternal.h>
7848 +gr_handle_chroot_unix(const pid_t pid)
7850 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
7851 + struct task_struct *p, **htable;
7853 + if (unlikely(!grsec_enable_chroot_unix))
7856 + if (likely(!proc_is_chrooted(current)))
7859 + read_lock(&tasklist_lock);
7861 + htable = &pidhash[pid_hashfn(pid)];
7863 + for (p = *htable; p && p->pid != pid; p = p->pidhash_next) ;
7865 + if (unlikely(p && !have_same_root(current, p))) {
7866 + read_unlock(&tasklist_lock);
7867 + security_alert(GR_UNIX_CHROOT_MSG, DEFAULTSECARGS);
7870 + read_unlock(&tasklist_lock);
7876 +gr_handle_chroot_nice(void)
7878 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7879 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
7880 + security_alert(GR_NICE_CHROOT_MSG, DEFAULTSECARGS);
7888 +gr_handle_chroot_setpriority(const struct task_struct *p, const int niceval)
7890 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
7891 + if (grsec_enable_chroot_nice && (!have_same_root(p, current)
7892 + || (have_same_root(p, current)
7893 + && (niceval < task_nice(p))
7894 + && proc_is_chrooted(current)))) {
7895 + security_alert(GR_PRIORITY_CHROOT_MSG, p->comm, p->pid,
7904 +gr_handle_chroot_capset(const struct task_struct *target)
7906 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7907 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
7908 + !have_same_root(current, target)) {
7909 + security_alert(GR_CAPSET_CHROOT_MSG, target->comm, target->pid,
7918 +gr_handle_chroot_rawio(const struct inode *inode)
7920 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
7921 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
7922 + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
7929 +gr_pid_is_chrooted(const struct task_struct *p)
7931 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
7932 + if (!grsec_enable_chroot_findtask || (current->pid <= 1))
7935 + if (p && p->fs && p->fs->root && p->fs->root->d_inode &&
7936 + child_reaper && child_reaper->fs && child_reaper->fs->root &&
7937 + child_reaper->fs->root->d_inode && current && current->fs &&
7938 + current->fs->root && current->fs->root->d_inode) {
7939 + if (proc_is_chrooted(current) && !have_same_root(current, p))
7947 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
7949 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
7950 + if (!grsec_enable_chroot_fchdir)
7953 + if (!proc_is_chrooted(current))
7956 + struct dentry *dentry = u_dentry;
7957 + struct vfsmount *mnt = u_mnt;
7958 + struct dentry *realroot;
7959 + struct vfsmount *realrootmnt;
7960 + struct dentry *currentroot;
7961 + struct vfsmount *currentmnt;
7963 + read_lock(&child_reaper->fs->lock);
7964 + realrootmnt = mntget(child_reaper->fs->rootmnt);
7965 + realroot = dget(child_reaper->fs->root);
7966 + read_unlock(&child_reaper->fs->lock);
7968 + read_lock(¤t->fs->lock);
7969 + currentmnt = mntget(current->fs->rootmnt);
7970 + currentroot = dget(current->fs->root);
7971 + read_unlock(¤t->fs->lock);
7973 + spin_lock(&dcache_lock);
7976 + ((dentry == realroot && mnt == realrootmnt)
7977 + || (dentry == currentroot && mnt == currentmnt)))
7980 + (dentry == mnt->mnt_root || IS_ROOT(dentry))) {
7981 + if (mnt->mnt_parent == mnt)
7983 + dentry = mnt->mnt_mountpoint;
7984 + mnt = mnt->mnt_parent;
7987 + dentry = dentry->d_parent;
7989 + spin_unlock(&dcache_lock);
7991 + dput(currentroot);
7992 + mntput(currentmnt);
7994 + if (dentry == realroot && mnt == realrootmnt) {
7995 + /* ok, they're definitely trying to fchdir outside of the
7998 + mntput(realrootmnt);
7999 + security_alert(GR_CHROOT_FCHDIR_MSG,
8000 + gr_to_filename(u_dentry, u_mnt),
8005 + mntput(realrootmnt);
8014 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
8015 + const time_t shm_createtime)
8017 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
8018 + struct task_struct *p, **htable;
8020 + if (unlikely(!grsec_enable_chroot_shmat))
8023 + if (likely(!proc_is_chrooted(current)))
8026 + read_lock(&tasklist_lock);
8028 + htable = &pidhash[pid_hashfn(shm_cprid)];
8030 + for (p = *htable; p && p->pid != shm_cprid; p = p->pidhash_next) ;
8032 + if (unlikely(p && !have_same_root(current, p) &&
8033 + (p->start_time < shm_createtime))) {
8034 + read_unlock(&tasklist_lock);
8035 + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS);
8039 + if (unlikely(!p)) {
8040 + htable = &pidhash[pid_hashfn(shm_lapid)];
8041 + for (p = *htable; p && p->pid != shm_lapid;
8042 + p = p->pidhash_next) ;
8044 + if (unlikely(p && !have_same_root(current, p))) {
8045 + read_unlock(&tasklist_lock);
8046 + security_alert(GR_SHMAT_CHROOT_MSG, DEFAULTSECARGS);
8051 + read_unlock(&tasklist_lock);
8057 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
8059 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
8060 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
8061 + security_audit(GR_EXEC_CHROOT_MSG, gr_to_filename(dentry, mnt),
8068 +gr_handle_chroot_mknod(const struct dentry *dentry,
8069 + const struct vfsmount *mnt, const int mode)
8071 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
8072 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) &&
8073 + proc_is_chrooted(current)) {
8074 + security_alert(GR_MKNOD_CHROOT_MSG,
8075 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
8083 +gr_handle_chroot_mount(const struct dentry *dentry,
8084 + const struct vfsmount *mnt, const char *dev_name)
8086 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
8087 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
8088 + security_alert(GR_MOUNT_CHROOT_MSG, dev_name,
8089 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
8097 +gr_handle_chroot_pivot(void)
8099 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
8100 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
8101 + security_alert(GR_PIVOT_CHROOT_MSG, DEFAULTSECARGS);
8109 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
8111 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
8112 + if (grsec_enable_chroot_double && proc_is_chrooted(current)) {
8113 + security_alert(GR_CHROOT_CHROOT_MSG,
8114 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
8122 +gr_handle_chroot_caps(struct task_struct *task)
8124 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
8125 + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
8126 + task->cap_permitted =
8127 + cap_drop(task->cap_permitted, GR_CHROOT_CAPS);
8128 + task->cap_inheritable =
8129 + cap_drop(task->cap_inheritable, GR_CHROOT_CAPS);
8130 + task->cap_effective =
8131 + cap_drop(task->cap_effective, GR_CHROOT_CAPS);
8138 +gr_handle_chroot_sysctl(const int op)
8140 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
8141 + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
8149 +gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt)
8151 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
8152 + if (grsec_enable_chroot_chdir)
8153 + set_fs_pwd(current->fs, mnt, dentry);
8159 +gr_handle_chroot_chmod(const struct dentry *dentry,
8160 + const struct vfsmount *mnt, const int mode)
8162 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
8163 + if (grsec_enable_chroot_chmod &&
8164 + ((mode & S_ISUID) || (mode & S_ISGID)) &&
8165 + proc_is_chrooted(current)) {
8166 + security_alert(GR_CHMOD_CHROOT_MSG,
8167 + gr_to_filename(dentry, mnt), DEFAULTSECARGS);
8173 diff -urN linux-2.4.22/grsecurity/grsec_disabled.c linux-2.4.22/grsecurity/grsec_disabled.c
8174 --- linux-2.4.22/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
8175 +++ linux-2.4.22/grsecurity/grsec_disabled.c 2003-09-02 19:29:42.000000000 -0400
8178 + * when grsecurity is disabled, compile all external functions into nothing
8181 +#include <linux/kernel.h>
8182 +#include <linux/config.h>
8183 +#include <linux/sched.h>
8184 +#include <linux/file.h>
8185 +#include <linux/fs.h>
8186 +#include <linux/kdev_t.h>
8187 +#include <linux/net.h>
8188 +#include <linux/in.h>
8189 +#include <linux/ip.h>
8190 +#include <linux/skbuff.h>
8191 +#include <linux/sysctl.h>
8193 +#ifdef CONFIG_SYSCTL
8195 +gr_handle_sysctl(const struct ctl_table * table, __u32 mode)
8202 +gr_acl_is_enabled(void)
8208 +gr_handle_rawio(const struct inode *inode)
8214 +gr_acl_handle_psacct(struct task_struct *task, const long code)
8220 +gr_handle_ptrace_exec(const struct dentry *dentry, const struct vfsmount *mnt)
8226 +gr_handle_mmap(const struct file *filp, const unsigned long prot)
8232 +gr_handle_ptrace(struct task_struct *task, const long request)
8238 +gr_learn_resource(const struct task_struct *task,
8239 + const int res, const unsigned long wanted)
8245 +gr_set_acls(const int type)
8251 +gr_check_hidden_task(const struct task_struct *tsk)
8257 +gr_check_protected_task(const struct task_struct *task)
8263 +gr_copy_label(struct task_struct *tsk)
8269 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
8275 +gr_handle_delete(const ino_t ino, const kdev_t dev)
8281 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
8287 +gr_handle_crash(struct task_struct *task, const int sig)
8293 +gr_check_crash_exec(const struct file *filp)
8299 +gr_check_crash_uid(const uid_t uid)
8305 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
8306 + struct dentry *old_dentry,
8307 + struct dentry *new_dentry,
8308 + struct vfsmount *mnt, const __u8 replace)
8314 +gr_search_socket(const int family, const int type, const int protocol)
8320 +gr_search_connectbind(const int mode, const struct socket *sock,
8321 + const struct sockaddr_in *addr)
8327 +gr_is_capable(const int cap)
8333 +gr_handle_alertkill(void)
8339 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
8345 +gr_acl_handle_hidden_file(const struct dentry * dentry,
8346 + const struct vfsmount * mnt)
8352 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
8359 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
8365 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
8371 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
8372 + unsigned int *vm_flags)
8378 +gr_acl_handle_truncate(const struct dentry * dentry,
8379 + const struct vfsmount * mnt)
8385 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
8391 +gr_acl_handle_access(const struct dentry * dentry,
8392 + const struct vfsmount * mnt, const int fmode)
8398 +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
8405 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
8412 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
8418 +grsecurity_init(void)
8424 +gr_acl_handle_mknod(const struct dentry * new_dentry,
8425 + const struct dentry * parent_dentry,
8426 + const struct vfsmount * parent_mnt,
8433 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
8434 + const struct dentry * parent_dentry,
8435 + const struct vfsmount * parent_mnt)
8441 +gr_acl_handle_symlink(const struct dentry * new_dentry,
8442 + const struct dentry * parent_dentry,
8443 + const struct vfsmount * parent_mnt, const char *from)
8449 +gr_acl_handle_link(const struct dentry * new_dentry,
8450 + const struct dentry * parent_dentry,
8451 + const struct vfsmount * parent_mnt,
8452 + const struct dentry * old_dentry,
8453 + const struct vfsmount * old_mnt, const char *to)
8459 +gr_acl_handle_rename(const struct dentry *new_dentry,
8460 + const struct dentry *parent_dentry,
8461 + const struct vfsmount *parent_mnt,
8462 + const struct dentry *old_dentry,
8463 + const struct inode *old_parent_inode,
8464 + const struct vfsmount *old_mnt, const char *newname)
8470 +gr_acl_handle_filldir(const struct dentry * dentry,
8471 + const struct vfsmount * mnt, const ino_t ino)
8477 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
8478 + const time_t shm_createtime, const uid_t cuid, const int shmid)
8484 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
8490 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
8496 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
8502 +gr_acl_handle_creat(const struct dentry * dentry,
8503 + const struct dentry * p_dentry,
8504 + const struct vfsmount * p_mnt, const int fmode,
8511 +gr_acl_handle_exit(void)
8517 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
8523 +gr_set_role_label(const uid_t uid, const gid_t gid)
8529 +gr_acl_handle_procpidmem(const struct task_struct *task)
8535 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
8541 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
8547 +gr_set_kernel_label(struct task_struct *task)
8551 diff -urN linux-2.4.22/grsecurity/grsec_exec.c linux-2.4.22/grsecurity/grsec_exec.c
8552 --- linux-2.4.22/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
8553 +++ linux-2.4.22/grsecurity/grsec_exec.c 2003-09-02 19:29:42.000000000 -0400
8555 +#include <linux/kernel.h>
8556 +#include <linux/sched.h>
8557 +#include <linux/file.h>
8558 +#include <linux/fs.h>
8559 +#include <linux/types.h>
8560 +#include <linux/grdefs.h>
8561 +#include <linux/grinternal.h>
8562 +#include <linux/capability.h>
8564 +#include <asm/uaccess.h>
8567 +gr_handle_nproc(void)
8569 +#ifdef CONFIG_GRKERNSEC_EXECVE
8570 + if (grsec_enable_execve && current->user &&
8571 + (atomic_read(¤t->user->processes) >
8572 + current->rlim[RLIMIT_NPROC].rlim_cur) &&
8573 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
8574 + security_alert(GR_NPROC_MSG, DEFAULTSECARGS);
8582 +gr_handle_exec_args(struct linux_binprm *bprm, char **argv)
8584 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8585 + char grarg[64] = { 0 };
8589 + if (!((grsec_enable_execlog && grsec_enable_group &&
8590 + in_group_p(grsec_audit_gid))
8591 + || (grsec_enable_execlog && !grsec_enable_group)))
8594 + if (unlikely(!argv))
8597 + for (i = 0; i < bprm->argc && execlen < 62; i++) {
8601 + if (get_user(p, argv + i))
8605 + len = strnlen_user(p, 62 - execlen);
8606 + if (len > 62 - execlen)
8607 + len = 62 - execlen;
8610 + if (copy_from_user(grarg + execlen, p, len))
8613 + *(grarg + execlen) = ' ';
8614 + *(grarg + execlen + 1) = '\0';
8619 + security_audit(GR_EXEC_AUDIT_MSG, gr_to_filename(bprm->file->f_dentry,
8620 + bprm->file->f_vfsmnt),
8621 + grarg, DEFAULTSECARGS);
8625 diff -urN linux-2.4.22/grsecurity/grsec_fifo.c linux-2.4.22/grsecurity/grsec_fifo.c
8626 --- linux-2.4.22/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
8627 +++ linux-2.4.22/grsecurity/grsec_fifo.c 2003-09-02 19:29:42.000000000 -0400
8629 +#include <linux/kernel.h>
8630 +#include <linux/sched.h>
8631 +#include <linux/fs.h>
8632 +#include <linux/file.h>
8633 +#include <linux/grinternal.h>
8636 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
8637 + const struct dentry *dir, const int flag, const int acc_mode)
8639 +#ifdef CONFIG_GRKERNSEC_FIFO
8640 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
8641 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
8642 + (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
8643 + (current->fsuid != dentry->d_inode->i_uid)) {
8644 + if (!permission(dentry->d_inode, acc_mode))
8645 + security_alert(GR_FIFO_MSG, gr_to_filename(dentry, mnt),
8646 + dentry->d_inode->i_uid,
8647 + dentry->d_inode->i_gid, DEFAULTSECARGS);
8653 diff -urN linux-2.4.22/grsecurity/grsec_fork.c linux-2.4.22/grsecurity/grsec_fork.c
8654 --- linux-2.4.22/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
8655 +++ linux-2.4.22/grsecurity/grsec_fork.c 2003-09-02 19:29:42.000000000 -0400
8657 +#include <linux/kernel.h>
8658 +#include <linux/sched.h>
8659 +#include <linux/grsecurity.h>
8660 +#include <linux/grinternal.h>
8663 +gr_log_forkfail(const int retval)
8665 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8666 + if (grsec_enable_forkfail)
8667 + security_alert(GR_FAILFORK_MSG, retval, DEFAULTSECARGS);
8671 diff -urN linux-2.4.22/grsecurity/grsec_init.c linux-2.4.22/grsecurity/grsec_init.c
8672 --- linux-2.4.22/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
8673 +++ linux-2.4.22/grsecurity/grsec_init.c 2003-09-02 19:29:42.000000000 -0400
8675 +#include <linux/kernel.h>
8676 +#include <linux/sched.h>
8677 +#include <linux/mm.h>
8678 +#include <linux/smp_lock.h>
8679 +#include <linux/gracl.h>
8680 +#include <linux/slab.h>
8682 +int grsec_enable_link;
8683 +int grsec_enable_dmesg;
8684 +int grsec_enable_fifo;
8685 +int grsec_enable_execve;
8686 +int grsec_enable_execlog;
8687 +int grsec_enable_signal;
8688 +int grsec_enable_forkfail;
8689 +int grsec_enable_time;
8690 +int grsec_enable_group;
8691 +int grsec_audit_gid;
8692 +int grsec_enable_chdir;
8693 +int grsec_enable_audit_ipc;
8694 +int grsec_enable_mount;
8695 +int grsec_enable_chroot_findtask;
8696 +int grsec_enable_chroot_mount;
8697 +int grsec_enable_chroot_shmat;
8698 +int grsec_enable_chroot_fchdir;
8699 +int grsec_enable_chroot_double;
8700 +int grsec_enable_chroot_pivot;
8701 +int grsec_enable_chroot_chdir;
8702 +int grsec_enable_chroot_chmod;
8703 +int grsec_enable_chroot_mknod;
8704 +int grsec_enable_chroot_nice;
8705 +int grsec_enable_chroot_execlog;
8706 +int grsec_enable_chroot_caps;
8707 +int grsec_enable_chroot_sysctl;
8708 +int grsec_enable_chroot_unix;
8709 +int grsec_enable_tpe;
8711 +int grsec_enable_tpe_all;
8712 +int grsec_enable_randpid;
8713 +int grsec_enable_randid;
8714 +int grsec_enable_randisn;
8715 +int grsec_enable_randsrc;
8716 +int grsec_enable_randrpc;
8717 +int grsec_enable_socket_all;
8718 +int grsec_socket_all_gid;
8719 +int grsec_enable_socket_client;
8720 +int grsec_socket_client_gid;
8721 +int grsec_enable_socket_server;
8722 +int grsec_socket_server_gid;
8725 +spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
8726 +unsigned long grsec_alert_wtime = 0;
8727 +unsigned long grsec_alert_fyet = 0;
8729 +spinlock_t grsec_alertgood_lock = SPIN_LOCK_UNLOCKED;
8730 +unsigned long grsec_alertgood_wtime = 0;
8731 +unsigned long grsec_alertgood_fyet = 0;
8733 +spinlock_t grsec_audit_lock = SPIN_LOCK_UNLOCKED;
8735 +char *gr_shared_page[4][NR_CPUS];
8736 +extern struct gr_arg *gr_usermode;
8737 +extern unsigned char *gr_system_salt;
8738 +extern unsigned char *gr_system_sum;
8741 +grsecurity_init(void)
8744 + /* create the per-cpu shared pages */
8746 + for (j = 0; j < 4; j++) {
8747 + for (i = 0; i < NR_CPUS; i++) {
8748 + gr_shared_page[j][i] = (char *) get_zeroed_page(GFP_KERNEL);
8749 + if (!gr_shared_page[j][i]) {
8750 + panic("Unable to allocate grsecurity shared page");
8756 + /* allocate memory for authentication structure */
8757 + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
8758 + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
8759 + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
8761 + if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
8762 + panic("Unable to allocate grsecurity authentication structure");
8766 +#ifndef CONFIG_GRKERNSEC_SYSCTL
8768 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
8769 + grsec_enable_group = 1;
8770 + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
8772 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
8773 + grsec_enable_chdir = 1;
8775 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8776 + grsec_enable_audit_ipc = 1;
8778 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
8779 + grsec_enable_mount = 1;
8781 +#ifdef CONFIG_GRKERNSEC_LINK
8782 + grsec_enable_link = 1;
8784 +#ifdef CONFIG_GRKERNSEC_DMESG
8785 + grsec_enable_dmesg = 1;
8787 +#ifdef CONFIG_GRKERNSEC_FIFO
8788 + grsec_enable_fifo = 1;
8790 +#ifdef CONFIG_GRKERNSEC_EXECVE
8791 + grsec_enable_execve = 1;
8793 +#ifdef CONFIG_GRKERNSEC_EXECLOG
8794 + grsec_enable_execlog = 1;
8796 +#ifdef CONFIG_GRKERNSEC_SIGNAL
8797 + grsec_enable_signal = 1;
8799 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
8800 + grsec_enable_forkfail = 1;
8802 +#ifdef CONFIG_GRKERNSEC_TIME
8803 + grsec_enable_time = 1;
8805 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
8806 + grsec_enable_chroot_findtask = 1;
8808 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
8809 + grsec_enable_chroot_unix = 1;
8811 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
8812 + grsec_enable_chroot_mount = 1;
8814 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
8815 + grsec_enable_chroot_fchdir = 1;
8817 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
8818 + grsec_enable_chroot_shmat = 1;
8820 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
8821 + grsec_enable_chroot_double = 1;
8823 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
8824 + grsec_enable_chroot_pivot = 1;
8826 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
8827 + grsec_enable_chroot_chdir = 1;
8829 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
8830 + grsec_enable_chroot_chmod = 1;
8832 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
8833 + grsec_enable_chroot_mknod = 1;
8835 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
8836 + grsec_enable_chroot_nice = 1;
8838 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
8839 + grsec_enable_chroot_execlog = 1;
8841 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
8842 + grsec_enable_chroot_caps = 1;
8844 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
8845 + grsec_enable_chroot_sysctl = 1;
8847 +#ifdef CONFIG_GRKERNSEC_TPE
8848 + grsec_enable_tpe = 1;
8849 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
8850 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
8851 + grsec_enable_tpe_all = 1;
8854 +#ifdef CONFIG_GRKERNSEC_RANDPID
8855 + grsec_enable_randpid = 1;
8857 +#ifdef CONFIG_GRKERNSEC_RANDID
8858 + grsec_enable_randid = 1;
8860 +#ifdef CONFIG_GRKERNSEC_RANDISN
8861 + grsec_enable_randisn = 1;
8863 +#ifdef CONFIG_GRKERNSEC_RANDSRC
8864 + grsec_enable_randsrc = 1;
8866 +#ifdef CONFIG_GRKERNSEC_RANDRPC
8867 + grsec_enable_randrpc = 1;
8869 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
8870 + grsec_enable_socket_all = 1;
8871 + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
8873 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
8874 + grsec_enable_socket_client = 1;
8875 + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
8877 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
8878 + grsec_enable_socket_server = 1;
8879 + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
8885 diff -urN linux-2.4.22/grsecurity/grsec_ipc.c linux-2.4.22/grsecurity/grsec_ipc.c
8886 --- linux-2.4.22/grsecurity/grsec_ipc.c 1969-12-31 19:00:00.000000000 -0500
8887 +++ linux-2.4.22/grsecurity/grsec_ipc.c 2003-09-02 19:29:42.000000000 -0400
8889 +#include <linux/kernel.h>
8890 +#include <linux/sched.h>
8891 +#include <linux/types.h>
8892 +#include <linux/ipc.h>
8893 +#include <linux/grsecurity.h>
8894 +#include <linux/grinternal.h>
8897 +gr_log_msgget(const int ret, const int msgflg)
8899 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8900 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8901 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8902 + !grsec_enable_group)) && (ret >= 0)
8903 + && (msgflg & IPC_CREAT))
8904 + security_audit(GR_MSGQ_AUDIT_MSG, DEFAULTSECARGS);
8910 +gr_log_msgrm(const uid_t uid, const uid_t cuid)
8912 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8913 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8914 + grsec_enable_audit_ipc) ||
8915 + (grsec_enable_audit_ipc && !grsec_enable_group))
8916 + security_audit(GR_MSGQR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8922 +gr_log_semget(const int err, const int semflg)
8924 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8925 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8926 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8927 + !grsec_enable_group)) && (err >= 0)
8928 + && (semflg & IPC_CREAT))
8929 + security_audit(GR_SEM_AUDIT_MSG, DEFAULTSECARGS);
8935 +gr_log_semrm(const uid_t uid, const uid_t cuid)
8937 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8938 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8939 + grsec_enable_audit_ipc) ||
8940 + (grsec_enable_audit_ipc && !grsec_enable_group))
8941 + security_audit(GR_SEMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8947 +gr_log_shmget(const int err, const int shmflg, const size_t size)
8949 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8950 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8951 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
8952 + !grsec_enable_group)) && (err >= 0)
8953 + && (shmflg & IPC_CREAT))
8954 + security_audit(GR_SHM_AUDIT_MSG, size, DEFAULTSECARGS);
8960 +gr_log_shmrm(const uid_t uid, const uid_t cuid)
8962 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
8963 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
8964 + grsec_enable_audit_ipc) ||
8965 + (grsec_enable_audit_ipc && !grsec_enable_group))
8966 + security_audit(GR_SHMR_AUDIT_MSG, uid, cuid, DEFAULTSECARGS);
8970 diff -urN linux-2.4.22/grsecurity/grsec_link.c linux-2.4.22/grsecurity/grsec_link.c
8971 --- linux-2.4.22/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
8972 +++ linux-2.4.22/grsecurity/grsec_link.c 2003-09-02 19:29:42.000000000 -0400
8974 +#include <linux/kernel.h>
8975 +#include <linux/sched.h>
8976 +#include <linux/fs.h>
8977 +#include <linux/file.h>
8978 +#include <linux/grinternal.h>
8981 +gr_handle_follow_link(const struct inode *parent,
8982 + const struct inode *inode,
8983 + const struct dentry *dentry, const struct vfsmount *mnt)
8985 +#ifdef CONFIG_GRKERNSEC_LINK
8986 + if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
8987 + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
8988 + (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) {
8989 + security_alert(GR_SYMLINK_MSG, gr_to_filename(dentry, mnt),
8990 + inode->i_uid, inode->i_gid, DEFAULTSECARGS);
8998 +gr_handle_hardlink(const struct dentry *dentry,
8999 + const struct vfsmount *mnt,
9000 + struct inode *inode, const int mode, const char *to)
9002 +#ifdef CONFIG_GRKERNSEC_LINK
9003 + if (grsec_enable_link && current->fsuid != inode->i_uid &&
9004 + (!S_ISREG(mode) || (mode & S_ISUID) ||
9005 + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
9006 + (permission(inode, MAY_READ | MAY_WRITE))) &&
9007 + !capable(CAP_FOWNER) && current->uid) {
9008 + security_alert(GR_HARDLINK_MSG, gr_to_filename(dentry, mnt),
9009 + inode->i_uid, inode->i_gid, to, DEFAULTSECARGS);
9015 diff -urN linux-2.4.22/grsecurity/grsec_mem.c linux-2.4.22/grsecurity/grsec_mem.c
9016 --- linux-2.4.22/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
9017 +++ linux-2.4.22/grsecurity/grsec_mem.c 2003-09-02 19:29:42.000000000 -0400
9019 +#include <linux/kernel.h>
9020 +#include <linux/sched.h>
9021 +#include <linux/mm.h>
9022 +#include <linux/grinternal.h>
9025 +gr_handle_ioperm(void)
9027 + security_alert(GR_IOPERM_MSG, DEFAULTSECARGS);
9032 +gr_handle_iopl(void)
9034 + security_alert(GR_IOPL_MSG, DEFAULTSECARGS);
9039 +gr_handle_mem_write(void)
9041 + security_alert(GR_MEM_WRITE_MSG, DEFAULTSECARGS);
9046 +gr_handle_kmem_write(void)
9048 + security_alert(GR_KMEM_MSG, DEFAULTSECARGS);
9053 +gr_handle_open_port(void)
9055 + security_alert(GR_PORT_OPEN_MSG, DEFAULTSECARGS);
9060 +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
9062 + if (offset < __pa(high_memory) &&
9063 + (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
9064 + !(offset == 0xf0000 && ((vma->vm_end - vma->vm_start) <= 0x10000)) &&
9065 + !(offset == 0xa0000 && ((vma->vm_end - vma->vm_start) <= 0x20000))) {
9066 + security_alert(GR_MEM_MMAP_MSG, DEFAULTSECARGS);
9068 + } else if (offset < __pa(high_memory))
9069 + vma->vm_flags &= ~VM_MAYWRITE;
9073 diff -urN linux-2.4.22/grsecurity/grsec_mount.c linux-2.4.22/grsecurity/grsec_mount.c
9074 --- linux-2.4.22/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
9075 +++ linux-2.4.22/grsecurity/grsec_mount.c 2003-09-02 19:29:42.000000000 -0400
9077 +#include <linux/kernel.h>
9078 +#include <linux/sched.h>
9079 +#include <linux/grsecurity.h>
9080 +#include <linux/grinternal.h>
9083 +gr_log_remount(const char *devname, const int retval)
9085 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
9086 + if (grsec_enable_mount && (retval >= 0))
9087 + security_audit(GR_REMOUNT_AUDIT_MSG, devname, DEFAULTSECARGS);
9093 +gr_log_unmount(const char *devname, const int retval)
9095 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
9096 + if (grsec_enable_mount && (retval >= 0))
9097 + security_audit(GR_UNMOUNT_AUDIT_MSG, devname, DEFAULTSECARGS);
9103 +gr_log_mount(const char *from, const char *to, const int retval)
9105 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
9106 + if (grsec_enable_mount && (retval >= 0))
9107 + security_audit(GR_MOUNT_AUDIT_MSG, from, to, DEFAULTSECARGS);
9111 diff -urN linux-2.4.22/grsecurity/grsec_rand.c linux-2.4.22/grsecurity/grsec_rand.c
9112 --- linux-2.4.22/grsecurity/grsec_rand.c 1969-12-31 19:00:00.000000000 -0500
9113 +++ linux-2.4.22/grsecurity/grsec_rand.c 2003-09-02 19:29:42.000000000 -0400
9115 +#include <linux/kernel.h>
9116 +#include <linux/sched.h>
9117 +#include <linux/smp_lock.h>
9118 +#include <linux/grsecurity.h>
9119 +#include <linux/grinternal.h>
9121 +extern int last_pid;
9124 +gr_random_pid(spinlock_t * pid_lock)
9126 +#ifdef CONFIG_GRKERNSEC_RANDPID
9127 + struct task_struct *p;
9130 + if (grsec_enable_randpid && current->fs->root) {
9131 + read_lock(&tasklist_lock);
9132 + spin_lock(pid_lock);
9136 + pid = 1 + (get_random_long() % PID_MAX);
9138 + for_each_task(p) {
9139 + if (p->pid == pid || p->pgrp == pid ||
9140 + p->tgid == pid || p->session == pid)
9144 + spin_unlock(pid_lock);
9145 + read_unlock(&tasklist_lock);
9151 diff -urN linux-2.4.22/grsecurity/grsec_sig.c linux-2.4.22/grsecurity/grsec_sig.c
9152 --- linux-2.4.22/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
9153 +++ linux-2.4.22/grsecurity/grsec_sig.c 2003-09-02 19:29:42.000000000 -0400
9155 +#include <linux/kernel.h>
9156 +#include <linux/sched.h>
9157 +#include <linux/grinternal.h>
9160 +gr_log_signal(const int sig, const struct task_struct *t)
9162 +#ifdef CONFIG_GRKERNSEC_SIGNAL
9163 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
9164 + (sig == SIGABRT) || (sig == SIGBUS))) {
9165 + if (t->pid == current->pid) {
9166 + security_alert_good(GR_UNISIGLOG_MSG, sig,
9169 + security_alert_good(GR_DUALSIGLOG_MSG, sig,
9170 + gr_task_fullpath(t), t->comm,
9171 + t->pid, t->uid, t->euid, t->gid,
9172 + t->egid, gr_parent_task_fullpath(t),
9174 + t->p_pptr->pid, t->p_pptr->uid,
9175 + t->p_pptr->euid, t->p_pptr->gid,
9176 + t->p_pptr->egid, DEFAULTSECARGS);
9184 +gr_handle_signal(const struct task_struct *p, const int sig)
9186 +#ifdef CONFIG_GRKERNSEC
9187 + if (current->pid > 1 && gr_check_protected_task(p)) {
9188 + security_alert(GR_SIG_ACL_MSG, sig, gr_task_fullpath(p),
9189 + p->comm, p->pid, p->uid,
9190 + p->euid, p->gid, p->egid,
9191 + gr_parent_task_fullpath(p), p->p_pptr->comm,
9192 + p->p_pptr->pid, p->p_pptr->uid,
9193 + p->p_pptr->euid, p->p_pptr->gid,
9194 + p->p_pptr->egid, DEFAULTSECARGS);
9196 + } else if (gr_pid_is_chrooted(p)) {
9202 diff -urN linux-2.4.22/grsecurity/grsec_sock.c linux-2.4.22/grsecurity/grsec_sock.c
9203 --- linux-2.4.22/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
9204 +++ linux-2.4.22/grsecurity/grsec_sock.c 2003-09-02 19:29:42.000000000 -0400
9206 +#include <linux/kernel.h>
9207 +#include <linux/sched.h>
9208 +#include <linux/file.h>
9209 +#include <linux/net.h>
9210 +#include <net/sock.h>
9211 +#include <linux/grsecurity.h>
9212 +#include <linux/grinternal.h>
9213 +#include <linux/gracl.h>
9216 +gr_attach_curr_ip(const struct sock *sk)
9218 +#ifdef CONFIG_GRKERNSEC
9219 + struct task_struct *p;
9221 + struct inode *inode;
9222 + struct file *filp;
9223 + struct socket *connect_sock;
9225 + if (unlikely(sk->protocol != IPPROTO_TCP))
9228 + read_lock(&tasklist_lock);
9229 + for_each_task(p) {
9230 + if (!p->used_connect)
9233 + if (unlikely(!p->files)) {
9237 + read_lock(&p->files->file_lock);
9238 + for (i = 0; i < p->files->max_fds; i++) {
9239 + filp = fcheck_files(p->files, i);
9240 + if (likely(!filp))
9242 + inode = filp->f_dentry->d_inode;
9243 + if (likely(!inode || !inode->i_sock))
9245 + connect_sock = &inode->u.socket_i;
9246 + if (unlikely(!connect_sock ||
9247 + connect_sock->sk->protocol != IPPROTO_TCP))
9249 + if (unlikely(sk->rcv_saddr == connect_sock->sk->daddr &&
9250 + sk->daddr == connect_sock->sk->rcv_saddr &&
9251 + ntohs(sk->sport) ==
9252 + ntohs(connect_sock->sk->dport)
9253 + && ntohs(sk->dport) ==
9254 + ntohs(connect_sock->sk->sport))) {
9255 + current->curr_ip = p->curr_ip;
9256 + current->used_accept = 1;
9257 + read_unlock(&p->files->file_lock);
9259 + read_unlock(&tasklist_lock);
9263 + read_unlock(&p->files->file_lock);
9266 + read_unlock(&tasklist_lock);
9268 + current->curr_ip = sk->daddr;
9269 + current->used_accept = 1;
9275 +gr_handle_sock_all(const int family, const int type, const int protocol)
9277 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
9278 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
9279 + (family != AF_UNIX) && (family != AF_LOCAL)) {
9280 + security_alert(GR_SOCK_MSG, family, type, protocol,
9289 +gr_handle_sock_server(const struct sockaddr *sck)
9291 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
9292 + if (grsec_enable_socket_server &&
9293 + in_group_p(grsec_socket_server_gid) &&
9294 + sck && (sck->sa_family != AF_UNIX) &&
9295 + (sck->sa_family != AF_LOCAL)) {
9296 + security_alert(GR_BIND_MSG, DEFAULTSECARGS);
9304 +gr_handle_sock_client(const struct sockaddr *sck)
9306 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
9307 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
9308 + sck && (sck->sa_family != AF_UNIX) &&
9309 + (sck->sa_family != AF_LOCAL)) {
9310 + security_alert(GR_CONNECT_MSG, DEFAULTSECARGS);
9318 +gr_cap_rtnetlink(void)
9320 +#ifdef CONFIG_GRKERNSEC
9321 + if (!gr_acl_is_enabled())
9322 + return current->cap_effective;
9324 + return (current->cap_effective & ~(current->acl->cap_lower));
9326 + return current->cap_effective;
9329 diff -urN linux-2.4.22/grsecurity/grsec_sysctl.c linux-2.4.22/grsecurity/grsec_sysctl.c
9330 --- linux-2.4.22/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
9331 +++ linux-2.4.22/grsecurity/grsec_sysctl.c 2003-09-02 19:29:42.000000000 -0400
9333 +#include <linux/kernel.h>
9334 +#include <linux/sched.h>
9335 +#include <linux/sysctl.h>
9336 +#include <linux/grinternal.h>
9339 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
9341 +#ifdef CONFIG_GRKERNSEC_SYSCTL
9342 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & 002)) {
9343 + security_alert(GR_SYSCTL_MSG, name, DEFAULTSECARGS);
9349 diff -urN linux-2.4.22/grsecurity/grsec_time.c linux-2.4.22/grsecurity/grsec_time.c
9350 --- linux-2.4.22/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
9351 +++ linux-2.4.22/grsecurity/grsec_time.c 2003-09-02 19:29:42.000000000 -0400
9353 +#include <linux/kernel.h>
9354 +#include <linux/sched.h>
9355 +#include <linux/grinternal.h>
9358 +gr_log_timechange(void)
9360 +#ifdef CONFIG_GRKERNSEC_TIME
9361 + if (grsec_enable_time)
9362 + security_alert_good(GR_TIME_MSG, DEFAULTSECARGS);
9366 diff -urN linux-2.4.22/grsecurity/grsec_tpe.c linux-2.4.22/grsecurity/grsec_tpe.c
9367 --- linux-2.4.22/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
9368 +++ linux-2.4.22/grsecurity/grsec_tpe.c 2003-09-02 19:29:42.000000000 -0400
9370 +#include <linux/kernel.h>
9371 +#include <linux/sched.h>
9372 +#include <linux/file.h>
9373 +#include <linux/fs.h>
9374 +#include <linux/grinternal.h>
9376 +extern int gr_acl_tpe_check(void);
9379 +gr_tpe_allow(const struct file *file)
9381 +#ifdef CONFIG_GRKERNSEC
9382 + struct inode *inode = file->f_dentry->d_parent->d_inode;
9384 + if (current->uid && ((grsec_enable_tpe && in_group_p(grsec_tpe_gid)) || gr_acl_tpe_check()) &&
9385 + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
9386 + (inode->i_mode & S_IWOTH))))) {
9387 + security_alert(GR_EXEC_TPE_MSG,
9388 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
9392 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
9393 + if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
9394 + ((inode->i_uid && (inode->i_uid != current->uid)) ||
9395 + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
9396 + security_alert(GR_EXEC_TPE_MSG,
9397 + gr_to_filename(file->f_dentry, file->f_vfsmnt),
9405 diff -urN linux-2.4.22/grsecurity/grsum.c linux-2.4.22/grsecurity/grsum.c
9406 --- linux-2.4.22/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
9407 +++ linux-2.4.22/grsecurity/grsum.c 2003-09-02 19:29:42.000000000 -0400
9409 +#include <linux/kernel.h>
9410 +#include <linux/sched.h>
9411 +#include <linux/mm.h>
9412 +#include <asm/scatterlist.h>
9413 +#include <linux/crypto.h>
9414 +#include <linux/gracl.h>
9417 +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
9418 +#error "crypto and sha256 must be built into the kernel"
9422 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
9425 + struct crypto_tfm *tfm;
9426 + unsigned char temp_sum[GR_SHA_LEN];
9427 + struct scatterlist sg[2];
9428 + volatile int retval = 0;
9429 + volatile int dummy = 0;
9432 + tfm = crypto_alloc_tfm("sha256", 0);
9433 + if (tfm == NULL) {
9434 + /* should never happen, since sha256 should be built in */
9438 + crypto_digest_init(tfm);
9441 + sg[0].page = virt_to_page(p);
9442 + sg[0].offset = ((long) p & ~PAGE_MASK);
9443 + sg[0].length = GR_SALT_LEN;
9445 + crypto_digest_update(tfm, sg, 1);
9448 + sg[0].page = virt_to_page(p);
9449 + sg[0].offset = ((long) p & ~PAGE_MASK);
9450 + sg[0].length = strlen(entry->pw);
9452 + crypto_digest_update(tfm, sg, 1);
9454 + crypto_digest_final(tfm, temp_sum);
9456 + memset(entry->pw, 0, GR_PW_LEN);
9458 + for (i = 0; i < GR_SHA_LEN; i++)
9459 + if (sum[i] != temp_sum[i])
9462 + dummy = 1; // waste a cycle
9464 + crypto_free_tfm(tfm);
9468 diff -urN linux-2.4.22/grsecurity/obsd_rand.c linux-2.4.22/grsecurity/obsd_rand.c
9469 --- linux-2.4.22/grsecurity/obsd_rand.c 1969-12-31 19:00:00.000000000 -0500
9470 +++ linux-2.4.22/grsecurity/obsd_rand.c 2003-09-02 19:29:42.000000000 -0400
9474 + * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff.
9476 + * Version 1.89, last modified 19-Sep-99
9478 + * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999.
9479 + * All rights reserved.
9481 + * Copyright 1998 Niels Provos <provos@citi.umich.edu>
9482 + * All rights reserved.
9483 + * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
9484 + * such a mathematical system to generate more random (yet non-repeating)
9485 + * ids to solve the resolver/named problem. But Niels designed the
9486 + * actual system based on the constraints.
9488 + * Redistribution and use in source and binary forms, with or without
9489 + * modification, are permitted provided that the following conditions
9491 + * 1. Redistributions of source code must retain the above copyright
9492 + * notice, this list of conditions and the following disclaimer,
9493 + * 2. Redistributions in binary form must reproduce the above copyright
9494 + * notice, this list of conditions and the following disclaimer in the
9495 + * documentation and/or other materials provided with the distribution.
9496 + * 3. All advertising materials mentioning features or use of this software
9497 + * must display the following acknowledgement:
9498 + * This product includes software developed by Niels Provos.
9499 + * 4. The name of the author may not be used to endorse or promote products
9500 + * derived from this software without specific prior written permission.
9502 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9503 + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
9504 + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
9505 + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
9506 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9507 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
9508 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
9509 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
9510 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
9511 + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9514 +#include <linux/kernel.h>
9515 +#include <linux/sched.h>
9516 +#include <linux/timer.h>
9517 +#include <linux/smp_lock.h>
9518 +#include <linux/random.h>
9519 +#include <linux/grsecurity.h>
9522 +#define RU_MAX 30000
9528 +const static __u16 pfacts[PFAC_N] = { 2, 3, 2729 };
9531 +static __u16 ru_seed, ru_seed2;
9532 +static __u16 ru_a, ru_b;
9534 +static __u16 ru_counter = 0;
9535 +static __u16 ru_msb = 0;
9536 +static unsigned long ru_reseed = 0;
9539 +#define TCP_RNDISS_ROUNDS 15
9540 +#define TCP_RNDISS_OUT 7200
9541 +#define TCP_RNDISS_MAX 30000
9543 +static __u8 tcp_rndiss_sbox[NR_CPUS][128];
9544 +static __u16 tcp_rndiss_msb[NR_CPUS];
9545 +static __u16 tcp_rndiss_cnt[NR_CPUS];
9546 +static unsigned long tcp_rndiss_reseed[NR_CPUS];
9548 +static __u16 pmod(__u16, __u16, __u16);
9549 +static void ip_initid(void);
9550 +__u16 ip_randomid(void);
9553 +pmod(__u16 gen, __u16 exp, __u16 mod)
9563 + s = (s * t) % mod;
9565 + t = (t * t) % mod;
9576 + ru_x = ((tmp = get_random_long()) & 0xFFFF) % RU_M;
9578 + ru_seed = (tmp >> 16) & 0x7FFF;
9579 + ru_seed2 = get_random_long() & 0x7FFF;
9581 + ru_b = ((tmp = get_random_long()) & 0xfffe) | 1;
9582 + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);
9583 + while (ru_b % 3 == 0)
9586 + j = (tmp = get_random_long()) % RU_N;
9590 + for (i = 0; i < PFAC_N; i++)
9591 + if (j % pfacts[i] == 0)
9597 + j = (j + 1) % RU_N;
9600 + ru_g = pmod(RU_GEN, j, RU_N);
9603 + ru_reseed = xtime.tv_sec + RU_OUT;
9604 + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;
9612 + if (ru_counter >= RU_MAX || time_after(xtime.tv_sec, ru_reseed))
9616 + tmp = get_random_long();
9620 + if (ru_counter + n >= RU_MAX)
9622 + for (i = 0; i <= n; i++)
9623 + ru_x = (ru_a * ru_x + ru_b) % RU_M;
9626 + return ((ru_seed ^ pmod(ru_g, ru_seed2 ^ ru_x, RU_N)) | ru_msb);
9630 +tcp_rndiss_encrypt(__u16 val)
9633 + int cpu = smp_processor_id();
9635 + for (i = 0; i < TCP_RNDISS_ROUNDS; i++) {
9637 + val ^= ((__u16) tcp_rndiss_sbox[cpu][(val ^ sum) ^ 0x7f]) << 7;
9638 + val = ((val & 0xff) << 7) | (val >> 8);
9645 +tcp_rndiss_init(void)
9647 + int cpu = smp_processor_id();
9649 + get_random_bytes(tcp_rndiss_sbox[cpu], sizeof (tcp_rndiss_sbox));
9650 + tcp_rndiss_reseed[cpu] = xtime.tv_sec + TCP_RNDISS_OUT;
9651 + tcp_rndiss_msb[cpu] = tcp_rndiss_msb[cpu] == 0x8000 ? 0 : 0x8000;
9652 + tcp_rndiss_cnt[cpu] = 0;
9658 + int cpu = smp_processor_id();
9660 + if (tcp_rndiss_cnt[cpu] >= TCP_RNDISS_MAX ||
9661 + time_after(xtime.tv_sec, tcp_rndiss_reseed[cpu]))
9662 + tcp_rndiss_init();
9664 + return (((tcp_rndiss_encrypt(tcp_rndiss_cnt[cpu]++) |
9665 + tcp_rndiss_msb[cpu]) << 16) | (get_random_long() & 0x7fff));
9667 diff -urN linux-2.4.22/include/linux/fs.h linux-2.4.22/include/linux/fs.h
9668 --- linux-2.4.22/include/linux/fs.h 2003-09-01 22:19:02.000000000 -0400
9669 +++ linux-2.4.22/include/linux/fs.h 2003-09-02 19:33:29.000000000 -0400
9670 @@ -1087,7 +1087,7 @@
9672 asmlinkage long sys_open(const char *, int, int);
9673 asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */
9674 -extern int do_truncate(struct dentry *, loff_t start);
9675 +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);
9677 extern struct file *filp_open(const char *, int, int);
9678 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
9679 diff -urN linux-2.4.22/include/linux/gracl.h linux-2.4.22/include/linux/gracl.h
9680 --- linux-2.4.22/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
9681 +++ linux-2.4.22/include/linux/gracl.h 2003-09-02 19:40:47.000000000 -0400
9686 +#include <linux/grdefs.h>
9687 +#include <linux/resource.h>
9689 +#include <asm/resource.h>
9691 +/* * * * * * * * * * * * * * * * * * * * *
9692 + * grsecurity ACL System
9693 + * Main header file
9694 + * Purpose: define most gracl data structures
9695 + * * * * * * * * * * * * * * * * * * * * */
9697 +/* Major status information */
9699 +#define GR_VERSION "grsecurity 2.0"
9712 +/* Password setup definitions
9713 + * kernel/grhash.c */
9721 + GR_SPROLE_LEN = 64,
9724 +/* Begin Data Structures */
9727 + unsigned char *rolename;
9728 + unsigned char salt[GR_SALT_LEN];
9729 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
9732 +struct name_entry {
9739 +struct acl_role_db {
9740 + struct acl_role_label **r_hash;
9745 + struct name_entry **n_hash;
9751 + unsigned long expires;
9754 +/* Userspace Grsecurity ACL data structures */
9755 +struct acl_subject_label {
9763 + struct rlimit res[RLIM_NLIMITS + 1];
9766 + __u32 ip_proto[8];
9768 + struct acl_ip_label **ips;
9772 + unsigned long expires;
9774 + struct acl_subject_label *parent_subject;
9775 + struct acl_object_label *proc_object;
9776 + struct acl_ip_label *ip_object;
9777 + struct acl_subject_label *prev;
9778 + struct acl_subject_label *next;
9780 + struct acl_object_label **obj_hash;
9781 + __u32 obj_hash_size;
9784 +struct role_allowed_ip {
9788 + struct role_allowed_ip *prev;
9789 + struct role_allowed_ip *next;
9792 +struct role_transition {
9795 + struct role_transition *prev;
9796 + struct role_transition *next;
9799 +struct acl_role_label {
9804 + __u16 auth_attempts;
9805 + unsigned long expires;
9807 + struct acl_subject_label *root_label;
9808 + struct acl_subject_label *proc_subject;
9810 + struct acl_role_label *prev;
9811 + struct acl_role_label *next;
9813 + struct role_transition *transitions;
9814 + struct role_allowed_ip *allowed_ips;
9815 + struct acl_subject_label **subj_hash;
9816 + __u32 subj_hash_size;
9819 +struct user_acl_role_db {
9820 + struct acl_role_label **r_table;
9821 + __u32 r_entries; /* number of entries in table */
9822 + __u32 s_entries; /* total number of subject acls */
9823 + __u32 i_entries; /* total number of ip acls */
9824 + __u32 o_entries; /* Total number of object acls */
9825 + __u32 a_entries; /* total number of allowed ips */
9826 + __u32 t_entries; /* total number of transitions */
9829 +struct acl_object_label {
9835 + struct acl_subject_label *nested;
9837 + /* next two structures not used */
9839 + struct acl_object_label *prev;
9840 + struct acl_object_label *next;
9843 +struct acl_ip_label {
9851 + /* next two structures not used */
9853 + struct acl_ip_label *prev;
9854 + struct acl_ip_label *next;
9858 + struct user_acl_role_db role_db;
9859 + unsigned char pw[GR_PW_LEN];
9860 + unsigned char salt[GR_SALT_LEN];
9861 + unsigned char sum[GR_SHA_LEN];
9862 + unsigned char sp_role[GR_SPROLE_LEN];
9863 + struct sprole_pw *sprole_pws;
9864 + __u16 num_sprole_pws;
9865 + kdev_t segv_device;
9871 +/* End Data Structures Section */
9873 +/* Hash functions generated by empirical testing by Brad Spengler
9874 + Makes good use of the low bits of the inode. Generally 0-1 times
9875 + in loop for successful match. 0-3 for unsuccessful match.
9876 + Shift/add algorithm with modulus of table size and an XOR*/
9878 +static __inline__ unsigned long
9879 +rhash(const uid_t uid, const __u16 type, const unsigned long sz)
9881 + return (((uid << type) + (uid ^ type)) % sz);
9884 +static __inline__ unsigned long
9885 +fhash(const ino_t ino, const kdev_t dev, const unsigned long sz)
9887 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
9890 +static __inline__ unsigned long
9891 +nhash(const char *name, const __u16 len, const unsigned long sz)
9893 + return full_name_hash(name, len) % sz;
9895 diff -urN linux-2.4.22/include/linux/gralloc.h linux-2.4.22/include/linux/gralloc.h
9896 --- linux-2.4.22/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
9897 +++ linux-2.4.22/include/linux/gralloc.h 2003-09-02 19:29:42.000000000 -0400
9899 +#ifndef __GRALLOC_H
9900 +#define __GRALLOC_H
9902 +void acl_free_all(void);
9903 +int acl_alloc_stack_init(unsigned long size);
9904 +void *acl_alloc(unsigned long len);
9907 diff -urN linux-2.4.22/include/linux/grdefs.h linux-2.4.22/include/linux/grdefs.h
9908 --- linux-2.4.22/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
9909 +++ linux-2.4.22/include/linux/grdefs.h 2003-09-02 19:29:42.000000000 -0400
9914 +/* Begin grsecurity status declarations */
9918 + GR_STATUS_INIT = 0x00 // disabled state
9921 +/* Begin ACL declarations */
9926 + GR_ROLE_USER = 0x0001,
9927 + GR_ROLE_GROUP = 0x0002,
9928 + GR_ROLE_DEFAULT = 0x0004,
9929 + GR_ROLE_SPECIAL = 0x0008,
9930 + GR_ROLE_AUTH = 0x0010,
9931 + GR_ROLE_NOPW = 0x0020,
9932 + GR_ROLE_GOD = 0x0040,
9933 + GR_ROLE_LEARN = 0x0080,
9934 + GR_ROLE_TPE = 0x0100
9937 +/* ACL Subject and Object mode flags */
9939 + GR_DELETED = 0x00000080
9942 +/* ACL Object-only mode flags */
9944 + GR_READ = 0x00000001,
9945 + GR_APPEND = 0x00000002,
9946 + GR_WRITE = 0x00000004,
9947 + GR_EXEC = 0x00000008,
9948 + GR_FIND = 0x00000010,
9949 + GR_INHERIT = 0x00000040,
9950 + GR_PTRACERD = 0x00000100,
9951 + GR_SETID = 0x00000200,
9952 + GR_CREATE = 0x00000400,
9953 + GR_DELETE = 0x00000800,
9954 + GR_AUDIT_READ = 0x00001000,
9955 + GR_AUDIT_APPEND = 0x00002000,
9956 + GR_AUDIT_WRITE = 0x0004000,
9957 + GR_AUDIT_EXEC = 0x00008000,
9958 + GR_AUDIT_FIND = 0x00010000,
9959 + GR_AUDIT_INHERIT = 0x00020000,
9960 + GR_AUDIT_SETID = 0x00400000,
9961 + GR_AUDIT_CREATE = 0x00800000,
9962 + GR_AUDIT_DELETE = 0x01000000,
9963 + GR_SUPPRESS = 0x02000000,
9964 + GR_NOLEARN = 0x04000000
9967 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
9968 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
9969 + GR_AUDIT_CREATE | GR_AUDIT_DELETE)
9971 +/* ACL subject-only mode flags */
9973 + GR_KILL = 0x00000001,
9974 + GR_VIEW = 0x00000002,
9975 + GR_PROTECTED = 0x00000100,
9976 + GR_LEARN = 0x00000200,
9977 + GR_OVERRIDE = 0x00000400,
9978 + /* just a placeholder, this mode is only used in userspace */
9979 + GR_DUMMY = 0x00000800,
9981 + GR_PAXPAGE = 0x00001000,
9982 + GR_PAXSEGM = 0x00002000,
9983 + GR_PAXGCC = 0x00004000,
9984 + GR_PAXRANDMMAP = 0x00008000,
9985 + GR_PAXRANDEXEC = 0x00010000,
9986 + GR_PAXMPROTECT = 0x00020000,
9987 + GR_PROTSHM = 0x00040000,
9988 + GR_KILLPROC = 0x00080000,
9989 + GR_KILLIPPROC = 0x00100000,
9990 + /* just a placeholder, this mode is only used in userspace */
9991 + GR_NOTROJAN = 0x00200000,
9992 + GR_PROTPROCFD = 0x00400000,
9993 + GR_PROCACCT = 0x00800000
9996 +#define GR_CRASH_RES 11
9997 +#define GR_UIDTABLE_MAX 500
9999 +/* begin resource learning section */
10001 + GR_RLIM_CPU_BUMP = 60,
10002 + GR_RLIM_FSIZE_BUMP = 50000,
10003 + GR_RLIM_DATA_BUMP = 10000,
10004 + GR_RLIM_STACK_BUMP = 1000,
10005 + GR_RLIM_CORE_BUMP = 10000,
10006 + GR_RLIM_RSS_BUMP = 500000,
10007 + GR_RLIM_NPROC_BUMP = 1,
10008 + GR_RLIM_NOFILE_BUMP = 5,
10009 + GR_RLIM_MEMLOCK_BUMP = 50000,
10010 + GR_RLIM_AS_BUMP = 500000,
10011 + GR_RLIM_LOCKS_BUMP = 2
10015 diff -urN linux-2.4.22/include/linux/grinternal.h linux-2.4.22/include/linux/grinternal.h
10016 --- linux-2.4.22/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
10017 +++ linux-2.4.22/include/linux/grinternal.h 2003-09-02 19:47:41.000000000 -0400
10019 +#ifndef __GRINTERNAL_H
10020 +#define __GRINTERNAL_H
10022 +#ifdef CONFIG_GRKERNSEC
10024 +#include <linux/grdefs.h>
10025 +#include <linux/grmsg.h>
10027 +extern void gr_add_learn_entry(const char *fmt, ...);
10028 +extern __u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
10029 + const struct vfsmount *mnt);
10030 +extern __u32 gr_check_create(const struct dentry *new_dentry,
10031 + const struct dentry *parent,
10032 + const struct vfsmount *mnt, const __u32 mode);
10033 +extern int gr_check_protected_task(const struct task_struct *task);
10034 +extern __inline__ __u32 to_gr_audit(const __u32 reqmode);
10035 +extern int gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
10036 + struct dentry *old_dentry,
10037 + struct dentry *new_dentry,
10038 + struct vfsmount *mnt, const __u8 replace);
10039 +extern int gr_set_acls(const int type);
10041 +extern void gr_handle_alertkill(void);
10042 +extern char *gr_to_filename(const struct dentry *dentry,
10043 + const struct vfsmount *mnt);
10044 +extern char *gr_to_filename1(const struct dentry *dentry,
10045 + const struct vfsmount *mnt);
10046 +extern char *gr_to_filename2(const struct dentry *dentry,
10047 + const struct vfsmount *mnt);
10048 +extern char *gr_to_filename3(const struct dentry *dentry,
10049 + const struct vfsmount *mnt);
10051 +extern int grsec_enable_link;
10052 +extern int grsec_enable_fifo;
10053 +extern int grsec_enable_execve;
10054 +extern int grsec_enable_forkbomb;
10055 +extern int grsec_forkbomb_gid;
10056 +extern int grsec_forkbomb_sec;
10057 +extern int grsec_forkbomb_max;
10058 +extern int grsec_enable_execlog;
10059 +extern int grsec_enable_signal;
10060 +extern int grsec_enable_forkfail;
10061 +extern int grsec_enable_time;
10062 +extern int grsec_enable_chroot_shmat;
10063 +extern int grsec_enable_chroot_findtask;
10064 +extern int grsec_enable_chroot_mount;
10065 +extern int grsec_enable_chroot_double;
10066 +extern int grsec_enable_chroot_pivot;
10067 +extern int grsec_enable_chroot_chdir;
10068 +extern int grsec_enable_chroot_chmod;
10069 +extern int grsec_enable_chroot_mknod;
10070 +extern int grsec_enable_chroot_fchdir;
10071 +extern int grsec_enable_chroot_nice;
10072 +extern int grsec_enable_chroot_execlog;
10073 +extern int grsec_enable_chroot_caps;
10074 +extern int grsec_enable_chroot_sysctl;
10075 +extern int grsec_enable_chroot_unix;
10076 +extern int grsec_enable_tpe;
10077 +extern int grsec_tpe_gid;
10078 +extern int grsec_enable_tpe_all;
10079 +extern int grsec_enable_sidcaps;
10080 +extern int grsec_enable_randpid;
10081 +extern int grsec_enable_socket_all;
10082 +extern int grsec_socket_all_gid;
10083 +extern int grsec_enable_socket_client;
10084 +extern int grsec_socket_client_gid;
10085 +extern int grsec_enable_socket_server;
10086 +extern int grsec_socket_server_gid;
10087 +extern int grsec_audit_gid;
10088 +extern int grsec_enable_group;
10089 +extern int grsec_enable_audit_ipc;
10090 +extern int grsec_enable_mount;
10091 +extern int grsec_enable_chdir;
10092 +extern int grsec_lock;
10094 +extern struct task_struct *child_reaper;
10096 +extern spinlock_t grsec_alert_lock;
10097 +extern unsigned long grsec_alert_wtime;
10098 +extern unsigned long grsec_alert_fyet;
10100 +extern spinlock_t grsec_alertgood_lock;
10101 +extern unsigned long grsec_alertgood_wtime;
10102 +extern unsigned long grsec_alertgood_fyet;
10104 +extern spinlock_t grsec_audit_lock;
10106 +#define gr_task_fullpath(tsk) (tsk->exec_file ? \
10107 + gr_to_filename2(tsk->exec_file->f_dentry, \
10108 + tsk->exec_file->f_vfsmnt) : "/")
10110 +#define gr_parent_task_fullpath(tsk) (tsk->p_pptr->exec_file ? \
10111 + gr_to_filename3(tsk->p_pptr->exec_file->f_dentry, \
10112 + tsk->p_pptr->exec_file->f_vfsmnt) : "/")
10114 +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && \
10115 + ((tsk_a->fs->root->d_inode->i_dev != \
10116 + child_reaper->fs->root->d_inode->i_dev) || \
10117 + (tsk_a->fs->root->d_inode->i_ino != \
10118 + child_reaper->fs->root->d_inode->i_ino)))
10120 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs->root->d_inode->i_dev == \
10121 + tsk_b->fs->root->d_inode->i_dev) && \
10122 + (tsk_a->fs->root->d_inode->i_ino == \
10123 + tsk_b->fs->root->d_inode->i_ino))
10125 +#define DEFAULTSECARGS gr_task_fullpath(current), current->comm, \
10126 + current->pid, current->uid, \
10127 + current->euid, current->gid, current->egid, \
10128 + gr_parent_task_fullpath(current), \
10129 + current->p_pptr->comm, current->p_pptr->pid, \
10130 + current->p_pptr->uid, current->p_pptr->euid, \
10131 + current->p_pptr->gid, current->p_pptr->egid
10133 +#define GR_CHROOT_CAPS ( \
10134 + CAP_TO_MASK(CAP_FOWNER) | \
10135 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
10136 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
10137 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
10138 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
10139 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
10140 + CAP_TO_MASK(CAP_IPC_OWNER))
10142 +#define security_alert_good(normal_msg,args...) \
10144 + spin_lock(&grsec_alertgood_lock); \
10146 + if (!grsec_alertgood_wtime || jiffies - grsec_alertgood_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { \
10147 + grsec_alertgood_wtime = jiffies; grsec_alertgood_fyet = 0; \
10148 + if (current->curr_ip) \
10149 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10151 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10152 + } else if((jiffies - grsec_alertgood_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alertgood_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \
10153 + grsec_alertgood_fyet++; \
10154 + if (current->curr_ip) \
10155 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10157 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10158 + } else if (grsec_alertgood_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \
10159 + grsec_alertgood_wtime = jiffies; grsec_alertgood_fyet++; \
10160 + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \
10161 + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \
10164 + spin_unlock(&grsec_alertgood_lock); \
10167 +#define security_alert(normal_msg,args...) \
10169 + spin_lock(&grsec_alert_lock); \
10171 + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { \
10172 + grsec_alert_wtime = jiffies; grsec_alert_fyet = 0; \
10173 + if (current->curr_ip) \
10174 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10176 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10177 + } else if((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { \
10178 + grsec_alert_fyet++; \
10179 + if (current->curr_ip) \
10180 + printk(KERN_ALERT "grsec: From %u.%u.%u.%u: " normal_msg "\n", NIPQUAD(current->curr_ip) , ## args); \
10182 + printk(KERN_ALERT "grsec: " normal_msg "\n" , ## args); \
10183 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { \
10184 + grsec_alert_wtime = jiffies; grsec_alert_fyet++; \
10185 + printk(KERN_ALERT "grsec: more alerts, logging disabled for " \
10186 + "%d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); \
10189 + gr_handle_alertkill(); \
10190 + spin_unlock(&grsec_alert_lock); \
10193 +#define security_audit(normal_msg,args...) \
10195 + spin_lock(&grsec_audit_lock); \
10196 + if (current->curr_ip) \
10197 + printk(KERN_INFO "grsec: From %u.%u.%u.%u: " normal_msg "\n", \
10198 + NIPQUAD(current->curr_ip) , ## args); \
10200 + printk(KERN_INFO "grsec: " normal_msg "\n", ## args); \
10201 + spin_unlock(&grsec_audit_lock); \
10204 +#define security_learn(normal_msg,args...) \
10206 + gr_add_learn_entry(normal_msg "\n", ## args); \
10212 diff -urN linux-2.4.22/include/linux/grmsg.h linux-2.4.22/include/linux/grmsg.h
10213 --- linux-2.4.22/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
10214 +++ linux-2.4.22/include/linux/grmsg.h 2003-09-02 19:47:26.000000000 -0400
10216 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%d/%d gid/egid:%d/%d, parent %.256s[%.16s:%d] uid/euid:%d/%d gid/egid:%d/%d"
10217 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%d/%d gid/egid:%d/%d"
10218 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " DEFAULTSECMSG
10219 +#define GR_IOPERM_MSG "denied use of ioperm() by " DEFAULTSECMSG
10220 +#define GR_IOPL_MSG "denied use of iopl() by " DEFAULTSECMSG
10221 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " DEFAULTSECMSG
10222 +#define GR_UNIX_CHROOT_MSG "denied connect to abstract AF_UNIX socket outside of chroot by " DEFAULTSECMSG
10223 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " DEFAULTSECMSG
10224 +#define GR_KMEM_MSG "attempted write to /dev/kmem by " DEFAULTSECMSG
10225 +#define GR_PORT_OPEN_MSG "attempted open of /dev/port by " DEFAULTSECMSG
10226 +#define GR_MEM_WRITE_MSG "attempted write of /dev/mem by " DEFAULTSECMSG
10227 +#define GR_MEM_MMAP_MSG "attempted mmap write of /dev/[k]mem by " DEFAULTSECMSG
10228 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " DEFAULTSECMSG
10229 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%u.%u.%u.%u"
10230 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " DEFAULTSECMSG
10231 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " DEFAULTSECMSG
10232 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " DEFAULTSECMSG
10233 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " DEFAULTSECMSG
10234 +#define GR_MKNOD_CHROOT_MSG "refused attempt to mknod %.950s from chroot by " DEFAULTSECMSG
10235 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " DEFAULTSECMSG
10236 +#define GR_UNIXCONNECT_ACL_MSG "%s connect to the unix domain socket %.950s by " DEFAULTSECMSG
10237 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " DEFAULTSECMSG
10238 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " DEFAULTSECMSG
10239 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " DEFAULTSECMSG
10240 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " DEFAULTSECMSG
10241 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " DEFAULTSECMSG
10242 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " DEFAULTSECMSG
10243 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " DEFAULTSECMSG
10244 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " DEFAULTSECMSG
10245 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " DEFAULTSECMSG
10246 +#define GR_NPROC_MSG "attempt to overstep process limit by " DEFAULTSECMSG
10247 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " DEFAULTSECMSG
10248 +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " DEFAULTSECMSG
10249 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning uid %u from login for %lu seconds"
10250 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " Banning execution of [%.16s:%lu] for %lu seconds"
10251 +#define GR_MOUNT_CHROOT_MSG "denied attempt to mount %.30s as %.930s from chroot by " DEFAULTSECMSG
10252 +#define GR_PIVOT_CHROOT_MSG "denied attempt to pivot_root from chroot by " DEFAULTSECMSG
10253 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " DEFAULTSECMSG
10254 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " DEFAULTSECMSG
10255 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " DEFAULTSECMSG
10256 +#define GR_CHROOT_CHROOT_MSG "denied attempt to double chroot to %.950s by " DEFAULTSECMSG
10257 +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by " DEFAULTSECMSG
10258 +#define GR_CHMOD_CHROOT_MSG "denied attempt to chmod +s %.950s by " DEFAULTSECMSG
10259 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " DEFAULTSECMSG
10260 +#define GR_CHROOT_FCHDIR_MSG "attempted fchdir outside of chroot to %.950s by " DEFAULTSECMSG
10261 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " DEFAULTSECMSG
10262 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " DEFAULTSECMSG
10263 +#define GR_INITF_ACL_MSG "init_variables() failed %s"
10264 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
10265 +#define GR_DEV_ACL_MSG "/dev/grsec: being fed garbage %d bytes sent %d required"
10266 +#define GR_SHUTS_ACL_MSG "shutdown auth success for " DEFAULTSECMSG
10267 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " DEFAULTSECMSG
10268 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " DEFAULTSECMSG
10269 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " DEFAULTSECMSG
10270 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " DEFAULTSECMSG
10271 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " DEFAULTSECMSG
10272 +#define GR_ENABLE_ACL_MSG "Loaded %s"
10273 +#define GR_ENABLEF_ACL_MSG "Unable to load %s for " DEFAULTSECMSG " RBAC system may already be enabled."
10274 +#define GR_RELOADI_ACL_MSG "Ignoring reload request for disabled RBAC system"
10275 +#define GR_RELOAD_ACL_MSG "Reloaded %s"
10276 +#define GR_RELOADF_ACL_MSG "Failed reload of %s for " DEFAULTSECMSG
10277 +#define GR_SPROLEI_ACL_MSG "Ignoring change to special role for disabled RBAC system for " DEFAULTSECMSG
10278 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " DEFAULTSECMSG
10279 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " DEFAULTSECMSG
10280 +#define GR_SPROLEF_ACL_MSG "special role %s failure for " DEFAULTSECMSG
10281 +#define GR_UNSPROLEI_ACL_MSG "Ignoring unauth of special role for disabled RBAC system for " DEFAULTSECMSG
10282 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by " DEFAULTSECMSG
10283 +#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for " DEFAULTSECMSG
10284 +#define GR_INVMODE_ACL_MSG "Invalid mode %d by " DEFAULTSECMSG
10285 +#define GR_MAXPW_ACL_MSG "Maximum pw attempts reached (%d), locking password authentication"
10286 +#define GR_MAXROLEPW_ACL_MSG "Maximum pw attempts reached (%d) trying to auth to special role %s, locking auth for role of " DEFAULTSECMSG
10287 +#define GR_PRIORITY_CHROOT_MSG "attempted priority change of process (%.16s:%d) by " DEFAULTSECMSG
10288 +#define GR_CAPSET_CHROOT_MSG "denied capset of (%.16s:%d) within chroot by " DEFAULTSECMSG
10289 +#define GR_FAILFORK_MSG "failed fork with errno %d by " DEFAULTSECMSG
10290 +#define GR_NICE_CHROOT_MSG "attempted priority change by " DEFAULTSECMSG
10291 +#define GR_UNISIGLOG_MSG "signal %d sent to " DEFAULTSECMSG
10292 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " DEFAULTSECMSG
10293 +#define GR_SIG_ACL_MSG "Attempted send of signal %d to protected task " DEFAULTSECMSG " by " DEFAULTSECMSG
10294 +#define GR_SYSCTL_MSG "attempt to modify grsecurity sysctl value : %.32s by " DEFAULTSECMSG
10295 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " DEFAULTSECMSG
10296 +#define GR_TIME_MSG "time set by " DEFAULTSECMSG
10297 +#define GR_DEFACL_MSG "Fatal: Unable to find ACL for (%.16s:%d)"
10298 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " DEFAULTSECMSG
10299 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " DEFAULTSECMSG
10300 +#define GR_SOCK_MSG "attempted socket(%.16s,%.16s,%.16s) by " DEFAULTSECMSG
10301 +#define GR_BIND_MSG "attempted bind() by " DEFAULTSECMSG
10302 +#define GR_CONNECT_MSG "attempted connect by " DEFAULTSECMSG
10303 +#define GR_BIND_ACL_MSG "attempted bind to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " DEFAULTSECMSG
10304 +#define GR_CONNECT_ACL_MSG "attempted connect to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " DEFAULTSECMSG
10305 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%u.%u.%u.%u\t%u\t%u\t%u\t%u\t%u.%u.%u.%u"
10306 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " DEFAULTSECMSG
10307 +#define GR_CAP_ACL_MSG "use of %s denied for " DEFAULTSECMSG
10308 +#define GR_REMOUNT_AUDIT_MSG "remount of %.30s by " DEFAULTSECMSG
10309 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.30s by " DEFAULTSECMSG
10310 +#define GR_MOUNT_AUDIT_MSG "mount %.30s to %.64s by " DEFAULTSECMSG
10311 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " DEFAULTSECMSG
10312 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.63s) by " DEFAULTSECMSG
10313 +#define GR_MSGQ_AUDIT_MSG "message queue created by " DEFAULTSECMSG
10314 +#define GR_MSGQR_AUDIT_MSG "message queue of uid:%d euid:%d removed by " DEFAULTSECMSG
10315 +#define GR_SEM_AUDIT_MSG "semaphore created by " DEFAULTSECMSG
10316 +#define GR_SEMR_AUDIT_MSG "semaphore of uid:%d euid:%d removed by " DEFAULTSECMSG
10317 +#define GR_SHM_AUDIT_MSG "shared memory of size %d created by " DEFAULTSECMSG
10318 +#define GR_SHMR_AUDIT_MSG "shared memory of uid:%d euid:%d removed by " DEFAULTSECMSG
10319 +#define GR_RESOURCE_MSG "attempted resource overstep by requesting %lu for %.16s against limit %lu by " DEFAULTSECMSG
10320 diff -urN linux-2.4.22/include/linux/grsecurity.h linux-2.4.22/include/linux/grsecurity.h
10321 --- linux-2.4.22/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
10322 +++ linux-2.4.22/include/linux/grsecurity.h 2003-09-02 19:33:29.000000000 -0400
10324 +#ifndef GR_SECURITY_H
10325 +#define GR_SECURITY_H
10327 +extern int gr_pid_is_chrooted(const struct task_struct *p);
10328 +extern int gr_handle_chroot_nice(void);
10329 +extern int gr_handle_chroot_sysctl(const int op);
10330 +extern int gr_handle_chroot_capset(const struct task_struct *target);
10331 +extern int gr_handle_chroot_setpriority(const struct task_struct *p,
10332 + const int niceval);
10333 +extern int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
10334 +extern int gr_handle_chroot_chroot(const struct dentry *dentry,
10335 + const struct vfsmount *mnt);
10336 +extern void gr_handle_chroot_caps(struct task_struct *task);
10337 +extern void gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt);
10338 +extern int gr_handle_chroot_chmod(const struct dentry *dentry,
10339 + const struct vfsmount *mnt, const int mode);
10340 +extern int gr_handle_chroot_mknod(const struct dentry *dentry,
10341 + const struct vfsmount *mnt, const int mode);
10342 +extern int gr_handle_chroot_mount(const struct dentry *dentry,
10343 + const struct vfsmount *mnt,
10344 + const char *dev_name);
10345 +extern int gr_handle_chroot_pivot(void);
10346 +extern int gr_handle_chroot_unix(const pid_t pid);
10348 +extern int gr_handle_rawio(const struct inode *inode);
10349 +extern int gr_handle_nproc(void);
10351 +extern void gr_handle_ioperm(void);
10352 +extern void gr_handle_iopl(void);
10354 +extern int gr_tpe_allow(const struct file *file);
10356 +extern int gr_random_pid(spinlock_t * pid_lock);
10358 +extern void gr_log_forkfail(const int retval);
10359 +extern void gr_log_timechange(void);
10360 +extern void gr_log_signal(const int sig, const struct task_struct *t);
10361 +extern void gr_log_chdir(const struct dentry *dentry,
10362 + const struct vfsmount *mnt);
10363 +extern void gr_log_chroot_exec(const struct dentry *dentry,
10364 + const struct vfsmount *mnt);
10365 +extern void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
10366 +extern void gr_log_remount(const char *devname, const int retval);
10367 +extern void gr_log_unmount(const char *devname, const int retval);
10368 +extern void gr_log_mount(const char *from, const char *to, const int retval);
10369 +extern void gr_log_msgget(const int ret, const int msgflg);
10370 +extern void gr_log_msgrm(const uid_t uid, const uid_t cuid);
10371 +extern void gr_log_semget(const int err, const int semflg);
10372 +extern void gr_log_semrm(const uid_t uid, const uid_t cuid);
10373 +extern void gr_log_shmget(const int err, const int shmflg, const size_t size);
10374 +extern void gr_log_shmrm(const uid_t uid, const uid_t cuid);
10376 +extern int gr_handle_follow_link(const struct inode *parent,
10377 + const struct inode *inode,
10378 + const struct dentry *dentry,
10379 + const struct vfsmount *mnt);
10380 +extern int gr_handle_fifo(const struct dentry *dentry,
10381 + const struct vfsmount *mnt,
10382 + const struct dentry *dir, const int flag,
10383 + const int acc_mode);
10384 +extern int gr_handle_hardlink(const struct dentry *dentry,
10385 + const struct vfsmount *mnt,
10386 + struct inode *inode,
10387 + const int mode, const char *to);
10389 +extern int gr_is_capable(const int cap);
10390 +extern void gr_learn_resource(const struct task_struct *task, const int limit,
10391 + const unsigned long wanted);
10392 +extern void gr_copy_label(struct task_struct *tsk);
10393 +extern void gr_handle_crash(struct task_struct *task, const int sig);
10394 +extern int gr_handle_signal(const struct task_struct *p, const int sig);
10395 +extern int gr_check_crash_uid(const uid_t uid);
10396 +extern int gr_check_protected_task(const struct task_struct *task);
10397 +extern int gr_acl_handle_mmap(const struct file *file,
10398 + const unsigned long prot);
10399 +extern int gr_acl_handle_mprotect(const struct file *file,
10400 + const unsigned long prot);
10401 +extern int gr_check_hidden_task(const struct task_struct *tsk);
10402 +extern __u32 gr_acl_handle_truncate(const struct dentry *dentry,
10403 + const struct vfsmount *mnt);
10404 +extern __u32 gr_acl_handle_utime(const struct dentry *dentry,
10405 + const struct vfsmount *mnt);
10406 +extern __u32 gr_acl_handle_access(const struct dentry *dentry,
10407 + const struct vfsmount *mnt, const int fmode);
10408 +extern __u32 gr_acl_handle_fchmod(const struct dentry *dentry,
10409 + const struct vfsmount *mnt, mode_t mode);
10410 +extern __u32 gr_acl_handle_chmod(const struct dentry *dentry,
10411 + const struct vfsmount *mnt, mode_t mode);
10412 +extern __u32 gr_acl_handle_chown(const struct dentry *dentry,
10413 + const struct vfsmount *mnt);
10414 +extern int gr_handle_ptrace_exec(const struct dentry *dentry,
10415 + const struct vfsmount *mnt);
10416 +extern int gr_handle_ptrace(struct task_struct *task, const long request);
10417 +extern int gr_handle_mmap(const struct file *filp, const unsigned long prot);
10418 +extern __u32 gr_acl_handle_execve(const struct dentry *dentry,
10419 + const struct vfsmount *mnt);
10420 +extern int gr_check_crash_exec(const struct file *filp);
10421 +extern int gr_acl_is_enabled(void);
10422 +extern void gr_set_kernel_label(struct task_struct *task);
10423 +extern void gr_set_role_label(struct task_struct *task, const uid_t uid,
10424 + const gid_t gid);
10425 +extern void gr_set_proc_label(const struct dentry *dentry,
10426 + const struct vfsmount *mnt);
10427 +extern __u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
10428 + const struct vfsmount *mnt);
10429 +extern __u32 gr_acl_handle_open(const struct dentry *dentry,
10430 + const struct vfsmount *mnt, const int fmode);
10431 +extern __u32 gr_acl_handle_creat(const struct dentry *dentry,
10432 + const struct dentry *p_dentry,
10433 + const struct vfsmount *p_mnt, const int fmode,
10434 + const int imode);
10435 +extern void gr_handle_create(const struct dentry *dentry,
10436 + const struct vfsmount *mnt);
10437 +extern __u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
10438 + const struct dentry *parent_dentry,
10439 + const struct vfsmount *parent_mnt,
10441 +extern __u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
10442 + const struct dentry *parent_dentry,
10443 + const struct vfsmount *parent_mnt);
10444 +extern __u32 gr_acl_handle_rmdir(const struct dentry *dentry,
10445 + const struct vfsmount *mnt);
10446 +extern void gr_handle_delete(const ino_t ino, const kdev_t dev);
10447 +extern __u32 gr_acl_handle_unlink(const struct dentry *dentry,
10448 + const struct vfsmount *mnt);
10449 +extern __u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
10450 + const struct dentry *parent_dentry,
10451 + const struct vfsmount *parent_mnt,
10452 + const char *from);
10453 +extern __u32 gr_acl_handle_link(const struct dentry *new_dentry,
10454 + const struct dentry *parent_dentry,
10455 + const struct vfsmount *parent_mnt,
10456 + const struct dentry *old_dentry,
10457 + const struct vfsmount *old_mnt, const char *to);
10458 +extern int gr_acl_handle_rename(struct dentry *new_dentry,
10459 + struct dentry *parent_dentry,
10460 + const struct vfsmount *parent_mnt,
10461 + struct dentry *old_dentry,
10462 + struct inode *old_parent_inode,
10463 + struct vfsmount *old_mnt, const char *newname);
10464 +extern __u32 gr_check_link(const struct dentry *new_dentry,
10465 + const struct dentry *parent_dentry,
10466 + const struct vfsmount *parent_mnt,
10467 + const struct dentry *old_dentry,
10468 + const struct vfsmount *old_mnt);
10469 +extern __u32 gr_acl_handle_filldir(const struct dentry *dentry,
10470 + const struct vfsmount *mnt, const ino_t ino);
10471 +extern __u32 gr_acl_handle_unix(const struct dentry *dentry,
10472 + const struct vfsmount *mnt);
10473 +extern void gr_acl_handle_exit(void);
10474 +extern void gr_acl_handle_psacct(struct task_struct *task, const long code);
10475 +extern int gr_acl_handle_procpidmem(const struct task_struct *task);
10476 +extern __u32 gr_cap_rtnetlink(void);
10478 +#ifdef CONFIG_GRKERNSEC
10479 +extern void gr_handle_mem_write(void);
10480 +extern void gr_handle_kmem_write(void);
10481 +extern void gr_handle_open_port(void);
10482 +extern int gr_handle_mem_mmap(const unsigned long offset,
10483 + struct vm_area_struct *vma);
10485 +extern __u16 ip_randomid(void);
10486 +extern __u32 ip_randomisn(void);
10487 +extern unsigned long get_random_long(void);
10489 +extern int grsec_enable_dmesg;
10490 +extern int grsec_enable_randid;
10491 +extern int grsec_enable_randisn;
10492 +extern int grsec_enable_randsrc;
10493 +extern int grsec_enable_randrpc;
10497 diff -urN linux-2.4.22/include/linux/mm.h linux-2.4.22/include/linux/mm.h
10498 --- linux-2.4.22/include/linux/mm.h 2003-09-01 22:19:02.000000000 -0400
10499 +++ linux-2.4.22/include/linux/mm.h 2003-09-02 19:33:29.000000000 -0400
10501 extern struct list_head active_list;
10502 extern struct list_head inactive_list;
10504 +extern void gr_learn_resource(const struct task_struct * task, const int limit,
10505 + const unsigned long wanted);
10507 #include <asm/page.h>
10508 #include <asm/pgtable.h>
10509 #include <asm/atomic.h>
10510 +#include <asm/mman.h>
10513 * Linux kernel virtual memory manager primitives.
10514 @@ -649,6 +719,11 @@
10515 address &= PAGE_MASK;
10516 spin_lock(&vma->vm_mm->page_table_lock);
10517 grow = (vma->vm_start - address) >> PAGE_SHIFT;
10519 + gr_learn_resource(current, RLIMIT_STACK, vma->vm_end - address);
10520 + gr_learn_resource(current, RLIMIT_AS, (vma->vm_mm->total_vm + grow) << PAGE_SHIFT);
10521 + gr_learn_resource(current, RLIMIT_MEMLOCK, (vma->vm_mm->locked_vm + grow) << PAGE_SHIFT);
10523 if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
10524 ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) {
10525 spin_unlock(&vma->vm_mm->page_table_lock);
10526 diff -urN linux-2.4.22/include/linux/proc_fs.h linux-2.4.22/include/linux/proc_fs.h
10527 --- linux-2.4.22/include/linux/proc_fs.h 2003-09-01 22:19:02.000000000 -0400
10528 +++ linux-2.4.22/include/linux/proc_fs.h 2003-09-02 19:33:36.000000000 -0400
10529 @@ -143,6 +143,9 @@
10530 extern struct proc_dir_entry *proc_mknod(const char *,mode_t,
10531 struct proc_dir_entry *,kdev_t);
10532 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);
10533 +#ifdef CONFIG_GRKERNSEC_PROC
10534 +extern struct proc_dir_entry *proc_priv_mkdir(const char *, struct proc_dir_entry *);
10537 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
10538 mode_t mode, struct proc_dir_entry *base,
10539 diff -urN linux-2.4.22/include/linux/sched.h linux-2.4.22/include/linux/sched.h
10540 --- linux-2.4.22/include/linux/sched.h 2003-09-01 22:19:02.000000000 -0400
10541 +++ linux-2.4.22/include/linux/sched.h 2003-09-02 19:33:29.000000000 -0400
10543 #include <linux/securebits.h>
10544 #include <linux/fs_struct.h>
10546 +extern int gr_is_capable(const int cap);
10547 +extern int gr_pid_is_chrooted(const struct task_struct *p);
10549 struct exec_domain;
10552 @@ -415,6 +432,19 @@
10554 /* journalling filesystem info */
10555 void *journal_info;
10557 +#ifdef CONFIG_GRKERNSEC
10558 +/* added by grsecurity's ACL system */
10559 + struct acl_subject_label *acl;
10560 + struct acl_role_label *role;
10561 + struct file *exec_file;
10564 + u8 acl_sp_role:1;
10565 + u8 used_accept:1;
10566 + u8 used_connect:1;
10567 + u8 is_writable:1;
10572 @@ -549,6 +586,8 @@
10573 *p->pidhash_pprev = p->pidhash_next;
10576 +#include <asm/current.h>
10578 static inline task_t *find_task_by_pid(int pid)
10580 task_t *p, **htable = &pidhash[pid_hashfn(pid)];
10581 @@ -556,6 +595,8 @@
10582 for(p = *htable; p && p->pid != pid; p = p->pidhash_next)
10585 + if(gr_pid_is_chrooted(p)) p = NULL;
10590 @@ -576,8 +617,6 @@
10591 extern struct user_struct * alloc_uid(uid_t);
10592 extern void free_uid(struct user_struct *);
10594 -#include <asm/current.h>
10596 extern unsigned long volatile jiffies;
10597 extern unsigned long itimer_ticks;
10598 extern unsigned long itimer_next;
10599 @@ -741,7 +780,7 @@
10600 static inline int capable(int cap)
10603 - if (cap_raised(current->cap_effective, cap))
10604 + if (cap_raised(current->cap_effective, cap) && gr_is_capable(cap))
10606 if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid == 0)
10608 diff -urN linux-2.4.22/include/linux/sysctl.h linux-2.4.22/include/linux/sysctl.h
10609 --- linux-2.4.22/include/linux/sysctl.h 2003-09-01 22:19:02.000000000 -0400
10610 +++ linux-2.4.22/include/linux/sysctl.h 2003-09-02 19:33:31.000000000 -0400
10611 @@ -127,6 +127,7 @@
10612 KERN_CORE_PATTERN=56, /* string: pattern for core-files */
10613 KERN_PPC_L3CR=57, /* l3cr register on PPC */
10614 KERN_EXCEPTION_TRACE=58, /* boolean: exception trace */
10615 + KERN_GRSECURITY=68, /* grsecurity */
10619 diff -urN linux-2.4.22/include/net/inetpeer.h linux-2.4.22/include/net/inetpeer.h
10620 --- linux-2.4.22/include/net/inetpeer.h 2003-09-01 22:19:06.000000000 -0400
10621 +++ linux-2.4.22/include/net/inetpeer.h 2003-09-02 19:37:15.000000000 -0400
10623 #include <linux/init.h>
10624 #include <linux/sched.h>
10625 #include <linux/spinlock.h>
10627 #include <asm/atomic.h>
10631 /* can be called with or without local BH being disabled */
10632 struct inet_peer *inet_getpeer(__u32 daddr, int create);
10634 +#ifdef CONFIG_GRKERNSEC_RANDID
10635 +extern int grsec_enable_randid;
10636 +extern __u16 ip_randomid(void);
10639 extern spinlock_t inet_peer_unused_lock;
10640 extern struct inet_peer *inet_peer_unused_head;
10641 extern struct inet_peer **inet_peer_unused_tailp;
10645 spin_lock_bh(&inet_peer_idlock);
10646 - id = p->ip_id_count++;
10648 +#ifdef CONFIG_GRKERNSEC_RANDID
10649 + if(grsec_enable_randid)
10650 + id = htons(ip_randomid());
10653 + id = p->ip_id_count++;
10655 spin_unlock_bh(&inet_peer_idlock);
10658 diff -urN linux-2.4.22/include/net/ip.h linux-2.4.22/include/net/ip.h
10659 --- linux-2.4.22/include/net/ip.h 2003-09-01 22:19:03.000000000 -0400
10660 +++ linux-2.4.22/include/net/ip.h 2003-09-02 19:37:15.000000000 -0400
10662 void (*destructor)(struct sock *);
10665 +#ifdef CONFIG_GRKERNSEC_RANDID
10666 +extern int grsec_enable_randid;
10667 +extern __u16 ip_randomid(void);
10670 extern struct ip_ra_chain *ip_ra_chain;
10671 extern rwlock_t ip_ra_lock;
10673 @@ -197,7 +202,13 @@
10674 * does not change, they drop every other packet in
10675 * a TCP stream using header compression.
10677 - iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
10679 +#ifdef CONFIG_GRKERNSEC_RANDID
10680 + if(grsec_enable_randid)
10681 + iph->id = htons(ip_randomid());
10684 + iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
10686 __ip_select_ident(iph, dst);
10688 diff -urN linux-2.4.22/init/main.c linux-2.4.22/init/main.c
10689 --- linux-2.4.22/init/main.c 2003-09-01 22:19:01.000000000 -0400
10690 +++ linux-2.4.22/init/main.c 2003-09-02 19:29:42.000000000 -0400
10692 #include <linux/iobuf.h>
10693 #include <linux/bootmem.h>
10694 #include <linux/tty.h>
10695 +#include <linux/grsecurity.h>
10697 #include <asm/io.h>
10698 #include <asm/bugs.h>
10699 @@ -111,6 +112,8 @@
10700 extern void ipc_init(void);
10703 +extern void grsecurity_init(void);
10706 * Boot command-line arguments
10708 @@ -552,6 +555,7 @@
10711 prepare_namespace();
10712 + grsecurity_init();
10715 * Ok, we have completed the initial bootup, and
10716 diff -urN linux-2.4.22/ipc/msg.c linux-2.4.22/ipc/msg.c
10717 --- linux-2.4.22/ipc/msg.c 2003-09-01 22:19:11.000000000 -0400
10718 +++ linux-2.4.22/ipc/msg.c 2003-09-02 19:29:42.000000000 -0400
10720 #include <linux/init.h>
10721 #include <linux/proc_fs.h>
10722 #include <linux/list.h>
10723 +#include <linux/grsecurity.h>
10724 #include <asm/uaccess.h>
10727 @@ -326,6 +327,9 @@
10732 + gr_log_msgget(ret, msgflg);
10737 @@ -560,6 +564,8 @@
10741 + gr_log_msgrm(ipcp->uid, ipcp->cuid);
10746 diff -urN linux-2.4.22/ipc/sem.c linux-2.4.22/ipc/sem.c
10747 --- linux-2.4.22/ipc/sem.c 2003-09-01 22:19:11.000000000 -0400
10748 +++ linux-2.4.22/ipc/sem.c 2003-09-02 19:29:42.000000000 -0400
10750 #include <linux/init.h>
10751 #include <linux/proc_fs.h>
10752 #include <linux/time.h>
10753 +#include <linux/grsecurity.h>
10754 #include <asm/uaccess.h>
10757 @@ -182,6 +183,9 @@
10762 + gr_log_semget(err, semflg);
10767 @@ -724,6 +728,8 @@
10771 + gr_log_semrm(ipcp->uid, ipcp->cuid);
10776 diff -urN linux-2.4.22/ipc/shm.c linux-2.4.22/ipc/shm.c
10777 --- linux-2.4.22/ipc/shm.c 2003-09-01 22:19:11.000000000 -0400
10778 +++ linux-2.4.22/ipc/shm.c 2003-09-02 19:29:42.000000000 -0400
10780 #include <linux/mman.h>
10781 #include <linux/proc_fs.h>
10782 #include <asm/uaccess.h>
10783 +#include <linux/grsecurity.h>
10792 +#ifdef CONFIG_GRKERNSEC
10793 + time_t shm_createtime;
10798 +#ifdef CONFIG_GRKERNSEC
10799 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
10800 + const time_t shm_createtime, const uid_t cuid,
10801 + const int shmid);
10802 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
10803 + const time_t shm_createtime);
10806 #define shm_flags shm_perm.mode
10808 static struct file_operations shm_file_operations;
10809 @@ -209,6 +223,9 @@
10810 shp->shm_lprid = 0;
10811 shp->shm_atim = shp->shm_dtim = 0;
10812 shp->shm_ctim = CURRENT_TIME;
10813 +#ifdef CONFIG_GRKERNSEC
10814 + shp->shm_createtime = CURRENT_TIME;
10816 shp->shm_segsz = size;
10817 shp->shm_nattch = 0;
10818 shp->id = shm_buildid(id,shp->shm_perm.seq);
10819 @@ -254,6 +271,9 @@
10824 + gr_log_shmget(err, shmflg, size);
10829 @@ -509,6 +529,9 @@
10831 goto out_unlock_up;
10834 + gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid);
10836 if (shp->shm_nattch){
10837 shp->shm_flags |= SHM_DEST;
10838 /* Do not find it any more */
10839 @@ -622,9 +645,28 @@
10844 +#ifdef CONFIG_GRKERNSEC
10845 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
10846 + shp->shm_perm.cuid, shmid)) {
10847 + shm_unlock(shmid);
10851 + if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
10852 + shm_unlock(shmid);
10857 file = shp->shm_file;
10858 size = file->f_dentry->d_inode->i_size;
10861 +#ifdef CONFIG_GRKERNSEC
10862 + shp->shm_lapid = current->pid;
10867 down_write(¤t->mm->mmap_sem);
10868 diff -urN linux-2.4.22/kernel/capability.c linux-2.4.22/kernel/capability.c
10869 --- linux-2.4.22/kernel/capability.c 2003-09-01 22:19:01.000000000 -0400
10870 +++ linux-2.4.22/kernel/capability.c 2003-09-02 19:29:42.000000000 -0400
10873 #include <linux/mm.h>
10874 #include <asm/uaccess.h>
10875 +#include <linux/grsecurity.h>
10877 kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
10879 @@ -168,6 +169,10 @@
10883 + if (gr_handle_chroot_capset(target)) {
10888 /* verify restrictions on target's new Inheritable set */
10889 if (!cap_issubset(inheritable,
10890 diff -urN linux-2.4.22/kernel/exit.c linux-2.4.22/kernel/exit.c
10891 --- linux-2.4.22/kernel/exit.c 2003-09-01 22:19:01.000000000 -0400
10892 +++ linux-2.4.22/kernel/exit.c 2003-09-02 19:29:42.000000000 -0400
10894 #ifdef CONFIG_BSD_PROCESS_ACCT
10895 #include <linux/acct.h>
10897 +#include <linux/grsecurity.h>
10899 #include <asm/uaccess.h>
10900 #include <asm/pgtable.h>
10901 @@ -165,12 +165,21 @@
10903 write_lock_irq(&tasklist_lock);
10905 +#ifdef CONFIG_GRKERNSEC
10906 + if (current->exec_file) {
10907 + fput(current->exec_file);
10908 + current->exec_file = NULL;
10912 /* Reparent to init */
10913 REMOVE_LINKS(current);
10914 current->p_pptr = child_reaper;
10915 current->p_opptr = child_reaper;
10916 SET_LINKS(current);
10918 + gr_set_kernel_label(current);
10920 /* Set the exit signal to SIGCHLD so we signal init on exit */
10921 current->exit_signal = SIGCHLD;
10923 @@ -439,6 +440,10 @@
10924 #ifdef CONFIG_BSD_PROCESS_ACCT
10925 acct_process(code);
10928 + gr_acl_handle_psacct(tsk, code);
10929 + gr_acl_handle_exit();
10934 diff -urN linux-2.4.22/kernel/fork.c linux-2.4.22/kernel/fork.c
10935 --- linux-2.4.22/kernel/fork.c 2003-09-01 22:19:01.000000000 -0400
10936 +++ linux-2.4.22/kernel/fork.c 2003-09-02 19:29:42.000000000 -0400
10938 #include <linux/namespace.h>
10939 #include <linux/personality.h>
10940 #include <linux/compiler.h>
10941 +#include <linux/grsecurity.h>
10943 #include <asm/pgtable.h>
10944 #include <asm/pgalloc.h>
10946 if (flags & CLONE_PID)
10947 return current->pid;
10949 + pid = gr_random_pid(&lastpid_lock);
10953 spin_lock(&lastpid_lock);
10954 beginpid = last_pid;
10955 if((++last_pid) & 0xffff8000) {
10956 @@ -667,6 +672,9 @@
10957 * friends to set the per-user process limit to something lower
10958 * than the amount of processes root is running. -- Rik
10961 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes));
10963 if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur
10964 && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
10965 goto bad_fork_free;
10966 @@ -751,6 +759,7 @@
10967 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
10969 goto bad_fork_cleanup_namespace;
10970 + gr_copy_label(p);
10973 /* Our parent execution domain becomes current domain
10974 @@ -836,6 +845,9 @@
10977 free_task_struct(p);
10979 + gr_log_forkfail(retval);
10984 diff -urN linux-2.4.22/kernel/ksyms.c linux-2.4.22/kernel/ksyms.c
10985 --- linux-2.4.22/kernel/ksyms.c 2003-09-01 22:19:01.000000000 -0400
10986 +++ linux-2.4.22/kernel/ksyms.c 2003-09-02 19:29:42.000000000 -0400
10988 #include <linux/seq_file.h>
10989 #include <linux/dnotify.h>
10990 #include <linux/crc32.h>
10991 +#include <linux/grsecurity.h>
10992 #include <asm/checksum.h>
10994 #if defined(CONFIG_PROC_FS)
10995 @@ -600,3 +601,9 @@
10996 /* To match ksyms with System.map */
10997 extern const char _end[];
10998 EXPORT_SYMBOL(_end);
11001 +EXPORT_SYMBOL(gr_is_capable);
11002 +EXPORT_SYMBOL(gr_pid_is_chrooted);
11003 +EXPORT_SYMBOL(gr_learn_resource);
11004 +EXPORT_SYMBOL(gr_set_kernel_label);
11005 diff -urN linux-2.4.22/kernel/module.c linux-2.4.22/kernel/module.c
11006 --- linux-2.4.22/kernel/module.c 2003-09-01 22:19:01.000000000 -0400
11007 +++ linux-2.4.22/kernel/module.c 2003-09-02 19:29:42.000000000 -0400
11008 @@ -900,6 +900,11 @@
11009 struct module *mod;
11012 +#ifdef CONFIG_GRKERNSEC_HIDESYM
11013 + if (!capable(CAP_SYS_MODULE))
11018 if (name_user == NULL)
11019 mod = &kernel_module;
11020 @@ -969,6 +974,11 @@
11022 struct kernel_sym ksym;
11024 +#ifdef CONFIG_GRKERNSEC_HIDESYM
11025 + if (!capable(CAP_SYS_MODULE))
11030 for (mod = module_list, i = 0; mod; mod = mod->next) {
11031 /* include the count for the module name! */
11032 diff -urN linux-2.4.22/kernel/printk.c linux-2.4.22/kernel/printk.c
11033 --- linux-2.4.22/kernel/printk.c 2003-09-01 22:19:01.000000000 -0400
11034 +++ linux-2.4.22/kernel/printk.c 2003-09-02 19:29:42.000000000 -0400
11036 #include <linux/interrupt.h> /* For in_interrupt() */
11037 #include <linux/config.h>
11038 #include <linux/delay.h>
11039 +#include <linux/grsecurity.h>
11041 #include <asm/uaccess.h>
11043 @@ -294,6 +295,11 @@
11045 asmlinkage long sys_syslog(int type, char * buf, int len)
11047 +#ifdef CONFIG_GRKERNSEC_DMESG
11048 + if (!capable(CAP_SYS_ADMIN) && grsec_enable_dmesg)
11052 if ((type != 3) && !capable(CAP_SYS_ADMIN))
11054 return do_syslog(type, buf, len);
11055 diff -urN linux-2.4.22/kernel/sched.c linux-2.4.22/kernel/sched.c
11056 --- linux-2.4.22/kernel/sched.c 2003-09-01 22:19:01.000000000 -0400
11057 +++ linux-2.4.22/kernel/sched.c 2003-09-02 19:29:42.000000000 -0400
11058 @@ -22,11 +22,13 @@
11059 #include <linux/nmi.h>
11060 #include <linux/interrupt.h>
11061 #include <linux/init.h>
11062 +#include <linux/file.h>
11063 #include <asm/uaccess.h>
11064 #include <linux/smp_lock.h>
11065 #include <asm/mmu_context.h>
11066 #include <linux/kernel_stat.h>
11067 #include <linux/completion.h>
11068 +#include <linux/grsecurity.h>
11071 * Convert user-nice values [ -20 ... 0 ... 19 ]
11072 @@ -910,6 +912,9 @@
11074 if (increment < -40)
11077 + if (gr_handle_chroot_nice())
11080 if (increment > 40)
11082 diff -urN linux-2.4.22/kernel/signal.c linux-2.4.22/kernel/signal.c
11083 --- linux-2.4.22/kernel/signal.c 2003-09-01 22:19:01.000000000 -0400
11084 +++ linux-2.4.22/kernel/signal.c 2003-09-02 19:29:42.000000000 -0400
11086 #include <linux/smp_lock.h>
11087 #include <linux/init.h>
11088 #include <linux/sched.h>
11089 +#include <linux/fs.h>
11090 +#include <linux/grsecurity.h>
11092 #include <asm/uaccess.h>
11094 @@ -554,6 +556,8 @@
11095 if (!sig || !t->sig)
11098 + gr_log_signal(sig, t);
11100 spin_lock_irqsave(&t->sigmask_lock, flags);
11101 handle_stop_signal(sig, t);
11103 @@ -603,6 +607,8 @@
11104 recalc_sigpending(t);
11105 spin_unlock_irqrestore(&t->sigmask_lock, flags);
11107 + gr_handle_crash(t, sig);
11109 return send_sig_info(sig, info, t);
11112 @@ -622,9 +628,13 @@
11113 read_lock(&tasklist_lock);
11115 if (p->pgrp == pgrp && thread_group_leader(p)) {
11116 - int err = send_sig_info(sig, info, p);
11119 + if (gr_handle_signal(p, sig))
11122 + int err = send_sig_info(sig, info, p);
11128 read_unlock(&tasklist_lock);
11129 @@ -675,7 +685,10 @@
11133 - error = send_sig_info(sig, info, p);
11134 + if (gr_handle_signal(p, sig))
11137 + error = send_sig_info(sig, info, p);
11139 read_unlock(&tasklist_lock);
11141 @@ -700,10 +713,14 @@
11142 read_lock(&tasklist_lock);
11144 if (p->pid > 1 && p != current && thread_group_leader(p)) {
11145 - int err = send_sig_info(sig, info, p);
11147 - if (err != -EPERM)
11149 + if (gr_handle_signal(p, sig))
11152 + int err = send_sig_info(sig, info, p);
11154 + if (err != -EPERM)
11159 read_unlock(&tasklist_lock);
11160 diff -urN linux-2.4.22/kernel/sys.c linux-2.4.22/kernel/sys.c
11161 --- linux-2.4.22/kernel/sys.c 2003-09-01 22:19:01.000000000 -0400
11162 +++ linux-2.4.22/kernel/sys.c 2003-09-02 19:29:42.000000000 -0400
11164 * Copyright (C) 1991, 1992 Linus Torvalds
11167 +#include <linux/config.h>
11168 #include <linux/module.h>
11169 #include <linux/mm.h>
11170 #include <linux/utsname.h>
11172 #include <linux/prctl.h>
11173 #include <linux/init.h>
11174 #include <linux/highuid.h>
11175 +#include <linux/grsecurity.h>
11177 #include <asm/uaccess.h>
11178 #include <asm/io.h>
11179 @@ -239,6 +241,12 @@
11181 if (error == -ESRCH)
11184 + if (gr_handle_chroot_setpriority(p, niceval)) {
11185 + read_unlock(&tasklist_lock);
11189 if (niceval < task_nice(p) && !capable(CAP_SYS_NICE))
11192 @@ -425,6 +433,9 @@
11193 if (rgid != (gid_t) -1 ||
11194 (egid != (gid_t) -1 && egid != old_rgid))
11195 current->sgid = new_egid;
11197 + gr_set_role_label(current, current->uid, new_rgid);
11199 current->fsgid = new_egid;
11200 current->egid = new_egid;
11201 current->gid = new_rgid;
11202 @@ -447,6 +458,9 @@
11203 current->mm->dumpable=0;
11207 + gr_set_role_label(current, current->uid, gid);
11209 current->gid = current->egid = current->sgid = current->fsgid = gid;
11211 else if ((gid == current->gid) || (gid == current->sgid))
11212 @@ -530,6 +544,9 @@
11213 current->mm->dumpable = 0;
11217 + gr_set_role_label(current, new_ruid, current->gid);
11219 current->uid = new_ruid;
11220 current->user = new_user;
11221 free_uid(old_user);
11222 @@ -626,6 +643,9 @@
11223 } else if ((uid != current->uid) && (uid != new_suid))
11226 + if (gr_check_crash_uid(uid))
11229 if (old_euid != uid)
11231 current->mm->dumpable = 0;
11232 @@ -722,8 +742,10 @@
11233 current->egid = egid;
11235 current->fsgid = current->egid;
11236 - if (rgid != (gid_t) -1)
11237 + if (rgid != (gid_t) -1) {
11238 + gr_set_role_label(current, current->uid, rgid);
11239 current->gid = rgid;
11241 if (sgid != (gid_t) -1)
11242 current->sgid = sgid;
11244 @@ -1146,6 +1168,10 @@
11245 if (new_rlim.rlim_cur > new_rlim.rlim_max)
11247 old_rlim = current->rlim + resource;
11249 + if (old_rlim->rlim_max < old_rlim->rlim_cur)
11252 if (((new_rlim.rlim_cur > old_rlim->rlim_max) ||
11253 (new_rlim.rlim_max > old_rlim->rlim_max)) &&
11254 !capable(CAP_SYS_RESOURCE))
11255 diff -urN linux-2.4.22/kernel/sysctl.c linux-2.4.22/kernel/sysctl.c
11256 --- linux-2.4.22/kernel/sysctl.c 2003-09-01 22:19:01.000000000 -0400
11257 +++ linux-2.4.22/kernel/sysctl.c 2003-09-02 19:29:42.000000000 -0400
11261 #if defined(CONFIG_SYSCTL)
11262 +#include <linux/grsecurity.h>
11263 +#include <linux/grinternal.h>
11265 +extern int gr_proc_handler(ctl_table * table, int write, struct file * filp,
11266 + void * buffer, size_t * lenp);
11267 +extern __u32 gr_handle_sysctl(const ctl_table * table, const void *oldval,
11268 + const void *newval);
11269 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, const int op);
11270 +extern int gr_handle_chroot_sysctl(const int op);
11272 /* External variables not in a header file. */
11273 extern int panic_timeout;
11274 @@ -123,6 +132,8 @@
11275 static ctl_table dev_table[];
11276 extern ctl_table random_table[];
11278 +static ctl_table grsecurity_table[];
11280 /* /proc declarations: */
11282 #ifdef CONFIG_PROC_FS
11283 @@ -269,8 +280,191 @@
11284 {KERN_EXCEPTION_TRACE,"exception-trace",
11285 &exception_trace,sizeof(int),0644,NULL,&proc_dointvec},
11287 +#ifdef CONFIG_GRKERNSEC_SYSCTL
11288 + {KERN_GRSECURITY, "grsecurity", NULL, 0, 0500, grsecurity_table},
11293 +#ifdef CONFIG_GRKERNSEC_SYSCTL
11294 +enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL,
11295 +GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT,
11296 +GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM,
11297 +GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS,
11298 +GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, GS_SIDCAPS,
11299 +GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDISN,
11300 +GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
11301 +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
11302 +GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
11303 +GS_FINDTASK, GS_LOCK};
11305 +static ctl_table grsecurity_table[] = {
11306 +#ifdef CONFIG_GRKERNSEC_LINK
11307 + {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),
11308 + 0600, NULL, &proc_dointvec},
11310 +#ifdef CONFIG_GRKERNSEC_FIFO
11311 + {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),
11312 + 0600, NULL, &proc_dointvec},
11314 +#ifdef CONFIG_GRKERNSEC_EXECVE
11315 + {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),
11316 + 0600, NULL, &proc_dointvec},
11318 +#ifdef CONFIG_GRKERNSEC_EXECLOG
11319 + {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),
11320 + 0600, NULL, &proc_dointvec},
11322 +#ifdef CONFIG_GRKERNSEC_SIGNAL
11323 + {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),
11324 + 0600, NULL, &proc_dointvec},
11326 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
11327 + {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),
11328 + 0600, NULL, &proc_dointvec},
11330 +#ifdef CONFIG_GRKERNSEC_TIME
11331 + {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),
11332 + 0600, NULL, &proc_dointvec},
11334 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
11335 + {GS_CHROOT_SHMAT, "chroot_deny_shmat", &grsec_enable_chroot_shmat, sizeof (int),
11336 + 0600, NULL, &proc_dointvec},
11338 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
11339 + {GS_CHROOT_UNIX, "chroot_deny_unix", &grsec_enable_chroot_unix, sizeof(int),
11340 + 0600, NULL, &proc_dointvec},
11342 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
11343 + {GS_CHROOT_MNT, "chroot_deny_mount", &grsec_enable_chroot_mount, sizeof (int),
11344 + 0600, NULL, &proc_dointvec},
11346 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
11347 + {GS_CHROOT_FCHDIR, "chroot_deny_fchdir", &grsec_enable_chroot_fchdir, sizeof (int),
11348 + 0600, NULL, &proc_dointvec},
11350 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
11351 + {GS_CHROOT_DBL, "chroot_deny_chroot", &grsec_enable_chroot_double, sizeof (int),
11352 + 0600, NULL, &proc_dointvec},
11354 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
11355 + {GS_CHROOT_PVT, "chroot_deny_pivot", &grsec_enable_chroot_pivot, sizeof (int),
11356 + 0600, NULL, &proc_dointvec},
11358 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
11359 + {GS_CHROOT_CD, "chroot_enforce_chdir", &grsec_enable_chroot_chdir, sizeof (int),
11360 + 0600, NULL, &proc_dointvec},
11362 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
11363 + {GS_CHROOT_CM, "chroot_deny_chmod", &grsec_enable_chroot_chmod, sizeof (int),
11364 + 0600, NULL, &proc_dointvec},
11366 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
11367 + {GS_CHROOT_MK, "chroot_deny_mknod", &grsec_enable_chroot_mknod, sizeof (int),
11368 + 0600, NULL, &proc_dointvec},
11370 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
11371 + {GS_CHROOT_NI, "chroot_restrict_nice", &grsec_enable_chroot_nice, sizeof (int),
11372 + 0600, NULL, &proc_dointvec},
11374 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
11375 + {GS_CHROOT_EXECLOG, "chroot_execlog",
11376 + &grsec_enable_chroot_execlog, sizeof (int),
11377 + 0600, NULL, &proc_dointvec},
11379 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
11380 + {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),
11381 + 0600, NULL, &proc_dointvec},
11383 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
11384 + {GS_CHROOT_SYSCTL, "chroot_deny_sysctl", &grsec_enable_chroot_sysctl, sizeof (int),
11385 + 0600, NULL, &proc_dointvec},
11387 +#ifdef CONFIG_GRKERNSEC_TPE
11388 + {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),
11389 + 0600, NULL, &proc_dointvec},
11390 + {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),
11391 + 0600, NULL, &proc_dointvec},
11393 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
11394 + {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),
11395 + 0600, NULL, &proc_dointvec},
11397 +#ifdef CONFIG_GRKERNSEC_RANDPID
11398 + {GS_RANDPID, "rand_pids", &grsec_enable_randpid, sizeof (int),
11399 + 0600, NULL, &proc_dointvec},
11401 +#ifdef CONFIG_GRKERNSEC_RANDID
11402 + {GS_RANDID, "rand_ip_ids", &grsec_enable_randid, sizeof (int),
11403 + 0600, NULL, &proc_dointvec},
11405 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11406 + {GS_RANDSRC, "rand_tcp_src_ports", &grsec_enable_randsrc, sizeof (int),
11407 + 0600, NULL, &proc_dointvec},
11409 +#ifdef CONFIG_GRKERNSEC_RANDISN
11410 + {GS_RANDISN, "rand_isns", &grsec_enable_randisn, sizeof (int),
11411 + 0600, NULL, &proc_dointvec},
11413 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
11414 + {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),
11415 + 0600, NULL, &proc_dointvec},
11416 + {GS_SOCKET_ALL_GID, "socket_all_gid",
11417 + &grsec_socket_all_gid, sizeof (int),
11418 + 0600, NULL, &proc_dointvec},
11420 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
11421 + {GS_SOCKET_CLIENT, "socket_client",
11422 + &grsec_enable_socket_client, sizeof (int),
11423 + 0600, NULL, &proc_dointvec},
11424 + {GS_SOCKET_CLIENT_GID, "socket_client_gid",
11425 + &grsec_socket_client_gid, sizeof (int),
11426 + 0600, NULL, &proc_dointvec},
11428 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
11429 + {GS_SOCKET_SERVER, "socket_server",
11430 + &grsec_enable_socket_server, sizeof (int),
11431 + 0600, NULL, &proc_dointvec},
11432 + {GS_SOCKET_SERVER_GID, "socket_server_gid",
11433 + &grsec_socket_server_gid, sizeof (int),
11434 + 0600, NULL, &proc_dointvec},
11436 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
11437 + {GS_GROUP, "audit_group", &grsec_enable_group, sizeof (int),
11438 + 0600, NULL, &proc_dointvec},
11439 + {GS_GID, "audit_gid",
11440 + &grsec_audit_gid, sizeof (int),
11441 + 0600, NULL, &proc_dointvec},
11443 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
11444 + {GS_ACHDIR, "audit_chdir", &grsec_enable_chdir, sizeof (int),
11445 + 0600, NULL, &proc_dointvec},
11447 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
11448 + {GS_AMOUNT, "audit_mount", &grsec_enable_mount, sizeof (int),
11449 + 0600, NULL, &proc_dointvec},
11451 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
11452 + {GS_AIPC, "audit_ipc", &grsec_enable_audit_ipc, sizeof (int),
11453 + 0600, NULL, &proc_dointvec},
11455 +#ifdef CONFIG_GRKERNSEC_DMESG
11456 + {GS_AIPC, "dmesg", &grsec_enable_dmesg, sizeof (int),
11457 + 0600, NULL, &proc_dointvec},
11459 +#ifdef CONFIG_GRKERNSEC_RANDRPC
11460 + {GS_RANDRPC, "rand_rpc", &grsec_enable_randrpc, sizeof (int),
11461 + 0600, NULL, &proc_dointvec},
11463 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
11464 + {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
11465 + sizeof (int), 0600, NULL, &proc_dointvec},
11467 + {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
11473 static ctl_table vm_table[] = {
11474 {VM_BDFLUSH, "bdflush", &bdf_prm, 9*sizeof(int), 0644, NULL,
11475 @@ -403,6 +597,11 @@
11477 static inline int ctl_perm(ctl_table *table, int op)
11479 + if (gr_handle_sysctl_mod(table->de->parent->name, table->de->name, op))
11481 + if (gr_handle_chroot_sysctl(op))
11484 return test_perm(table->mode, op);
11487 @@ -436,6 +635,10 @@
11488 table = table->child;
11492 + if (!gr_handle_sysctl(table, oldval, newval))
11495 error = do_sysctl_strategy(table, name, nlen,
11497 newval, newlen, context);
11498 diff -urN linux-2.4.22/kernel/time.c linux-2.4.22/kernel/time.c
11499 --- linux-2.4.22/kernel/time.c 2003-09-01 22:19:01.000000000 -0400
11500 +++ linux-2.4.22/kernel/time.c 2003-09-02 19:29:42.000000000 -0400
11502 #include <linux/mm.h>
11503 #include <linux/timex.h>
11504 #include <linux/smp_lock.h>
11505 +#include <linux/grsecurity.h>
11507 #include <asm/uaccess.h>
11510 time_maxerror = NTP_PHASE_LIMIT;
11511 time_esterror = NTP_PHASE_LIMIT;
11512 write_unlock_irq(&xtime_lock);
11514 + gr_log_timechange();
11519 @@ -167,6 +171,8 @@
11520 * globally block out interrupts when it runs.
11522 do_settimeofday(tv);
11524 + gr_log_timechange();
11528 diff -urN linux-2.4.22/kernel/timer.c linux-2.4.22/kernel/timer.c
11529 --- linux-2.4.22/kernel/timer.c 2003-09-01 22:19:01.000000000 -0400
11530 +++ linux-2.4.22/kernel/timer.c 2003-09-02 19:29:42.000000000 -0400
11531 @@ -541,6 +541,9 @@
11533 psecs = (p->times.tms_utime += user);
11534 psecs += (p->times.tms_stime += system);
11536 + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ);
11538 if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
11539 /* Send SIGXCPU every second.. */
11541 diff -urN linux-2.4.22/mm/filemap.c linux-2.4.22/mm/filemap.c
11542 --- linux-2.4.22/mm/filemap.c 2003-09-01 22:19:02.000000000 -0400
11543 +++ linux-2.4.22/mm/filemap.c 2003-09-02 19:29:42.000000000 -0400
11544 @@ -2541,6 +2547,7 @@
11546 rlim_rss = current->rlim ? current->rlim[RLIMIT_RSS].rlim_cur :
11547 LONG_MAX; /* default: see resource.h */
11548 + gr_learn_resource(current, RLIMIT_RSS, vma->vm_mm->rss + (end - start));
11549 if ((vma->vm_mm->rss + (end - start)) > rlim_rss)
11552 @@ -3016,6 +3023,7 @@
11555 if (!S_ISBLK(inode->i_mode) && limit != RLIM_INFINITY) {
11556 + gr_learn_resource(current, RLIMIT_FSIZE, pos);
11557 if (pos >= limit) {
11558 send_sig(SIGXFSZ, current, 0);
11560 @@ -3051,6 +3059,7 @@
11563 if (!S_ISBLK(inode->i_mode)) {
11564 + gr_learn_resource(current, RLIMIT_FSIZE, *count + (u32)pos);
11565 if (pos >= inode->i_sb->s_maxbytes)
11567 if (*count || pos > inode->i_sb->s_maxbytes) {
11568 diff -urN linux-2.4.22/mm/memory.c linux-2.4.22/mm/memory.c
11569 --- linux-2.4.22/mm/memory.c 2003-09-01 22:19:02.000000000 -0400
11570 +++ linux-2.4.22/mm/memory.c 2003-09-02 19:29:42.000000000 -0400
11571 @@ -1065,6 +1129,7 @@
11574 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
11575 + gr_learn_resource(current, RLIMIT_FSIZE, offset);
11576 if (limit != RLIM_INFINITY && offset > limit)
11578 if (offset > inode->i_sb->s_maxbytes)
11579 diff -urN linux-2.4.22/mm/mlock.c linux-2.4.22/mm/mlock.c
11580 --- linux-2.4.22/mm/mlock.c 2003-09-01 22:19:02.000000000 -0400
11581 +++ linux-2.4.22/mm/mlock.c 2003-09-02 19:29:42.000000000 -0400
11582 @@ -209,6 +235,7 @@
11583 lock_limit >>= PAGE_SHIFT;
11585 /* check against resource limits */
11586 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11587 if (locked > lock_limit)
11590 @@ -276,6 +303,7 @@
11591 lock_limit >>= PAGE_SHIFT;
11594 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm);
11595 if (current->mm->total_vm > lock_limit)
11598 diff -urN linux-2.4.22/mm/mmap.c linux-2.4.22/mm/mmap.c
11599 --- linux-2.4.22/mm/mmap.c 2003-09-01 22:19:02.000000000 -0400
11600 +++ linux-2.4.22/mm/mmap.c 2003-09-02 19:29:42.000000000 -0400
11602 #include <linux/file.h>
11603 #include <linux/fs.h>
11604 #include <linux/personality.h>
11605 +#include <linux/random.h>
11606 +#include <linux/grsecurity.h>
11608 #include <asm/uaccess.h>
11609 #include <asm/pgalloc.h>
11610 @@ -168,6 +170,7 @@
11612 /* Check against rlimit.. */
11613 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
11614 + gr_learn_resource(current, RLIMIT_DATA, brk - mm->start_data);
11615 if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
11618 @@ -432,6 +462,7 @@
11619 if (vm_flags & VM_LOCKED) {
11620 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
11622 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11623 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11626 @@ -480,6 +532,9 @@
11630 + if (!gr_acl_handle_mmap(file, prot))
11633 /* Clear old maps */
11635 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
11636 @@ -490,6 +545,7 @@
11639 /* Check against address space limit. */
11640 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len);
11641 if ((mm->total_vm << PAGE_SHIFT) + len
11642 > current->rlim[RLIMIT_AS].rlim_cur)
11644 @@ -1047,6 +1255,7 @@
11645 if (mm->def_flags & VM_LOCKED) {
11646 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
11648 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11649 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11652 @@ -1063,6 +1272,7 @@
11655 /* Check against address space limits *after* clearing old maps... */
11656 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len);
11657 if ((mm->total_vm << PAGE_SHIFT) + len
11658 > current->rlim[RLIMIT_AS].rlim_cur)
11660 diff -urN linux-2.4.22/mm/mprotect.c linux-2.4.22/mm/mprotect.c
11661 --- linux-2.4.22/mm/mprotect.c 2003-09-01 22:19:02.000000000 -0400
11662 +++ linux-2.4.22/mm/mprotect.c 2003-09-02 19:29:42.000000000 -0400
11664 #include <linux/smp_lock.h>
11665 #include <linux/shm.h>
11666 #include <linux/mman.h>
11667 +#include <linux/grsecurity.h>
11669 #include <asm/uaccess.h>
11670 #include <asm/pgalloc.h>
11671 @@ -288,6 +393,11 @@
11672 if (!vma || vma->vm_start > start)
11675 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
11680 for (nstart = start ; ; ) {
11681 unsigned int newflags;
11683 diff -urN linux-2.4.22/mm/mremap.c linux-2.4.22/mm/mremap.c
11684 --- linux-2.4.22/mm/mremap.c 2003-09-01 22:19:02.000000000 -0400
11685 +++ linux-2.4.22/mm/mremap.c 2003-09-02 19:29:42.000000000 -0400
11686 @@ -283,10 +305,12 @@
11687 unsigned long locked = current->mm->locked_vm << PAGE_SHIFT;
11688 locked += new_len - old_len;
11690 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked);
11691 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
11695 + gr_learn_resource(current, RLIMIT_AS, (current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len));
11696 if ((current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len)
11697 > current->rlim[RLIMIT_AS].rlim_cur)
11699 diff -urN linux-2.4.22/net/ipv4/af_inet.c linux-2.4.22/net/ipv4/af_inet.c
11700 --- linux-2.4.22/net/ipv4/af_inet.c 2003-09-01 22:19:08.000000000 -0400
11701 +++ linux-2.4.22/net/ipv4/af_inet.c 2003-09-02 19:29:42.000000000 -0400
11703 #include <linux/init.h>
11704 #include <linux/poll.h>
11705 #include <linux/netfilter_ipv4.h>
11706 +#include <linux/grsecurity.h>
11708 #include <asm/uaccess.h>
11709 #include <asm/system.h>
11710 @@ -374,7 +375,12 @@
11712 sk->protinfo.af_inet.pmtudisc = IP_PMTUDISC_WANT;
11714 - sk->protinfo.af_inet.id = 0;
11715 +#ifdef CONFIG_GRKERNSEC_RANDID
11716 + if(grsec_enable_randid)
11717 + sk->protinfo.af_inet.id = htons(ip_randomid());
11720 + sk->protinfo.af_inet.id = 0;
11722 sock_init_data(sock,sk);
11724 diff -urN linux-2.4.22/net/ipv4/icmp.c linux-2.4.22/net/ipv4/icmp.c
11725 --- linux-2.4.22/net/ipv4/icmp.c 2003-09-01 22:19:08.000000000 -0400
11726 +++ linux-2.4.22/net/ipv4/icmp.c 2003-09-02 19:29:42.000000000 -0400
11728 #include <linux/errno.h>
11729 #include <linux/timer.h>
11730 #include <linux/init.h>
11731 +#include <linux/grsecurity.h>
11733 #include <asm/system.h>
11734 #include <asm/uaccess.h>
11735 #include <net/checksum.h>
11736 @@ -715,6 +717,7 @@
11738 icmp_param.data.icmph=*skb->h.icmph;
11739 icmp_param.data.icmph.type=ICMP_ECHOREPLY;
11741 icmp_param.skb=skb;
11742 icmp_param.offset=0;
11743 icmp_param.data_len=skb->len;
11744 diff -urN linux-2.4.22/net/ipv4/ip_output.c linux-2.4.22/net/ipv4/ip_output.c
11745 --- linux-2.4.22/net/ipv4/ip_output.c 2003-09-01 22:19:08.000000000 -0400
11746 +++ linux-2.4.22/net/ipv4/ip_output.c 2003-09-02 19:29:42.000000000 -0400
11748 #include <linux/netfilter_ipv4.h>
11749 #include <linux/mroute.h>
11750 #include <linux/netlink.h>
11751 +#include <linux/grsecurity.h>
11754 * Shall we try to damage output packets if routing dev changes?
11755 @@ -514,7 +515,13 @@
11756 * Begin outputting the bytes.
11759 - id = sk->protinfo.af_inet.id++;
11760 +#ifdef CONFIG_GRKERNSEC_RANDID
11761 + if(grsec_enable_randid) {
11762 + id = htons(ip_randomid());
11763 + sk->protinfo.af_inet.id = htons(ip_randomid());
11766 + id = sk->protinfo.af_inet.id++;
11770 diff -urN linux-2.4.22/net/ipv4/netfilter/Config.in linux-2.4.22/net/ipv4/netfilter/Config.in
11771 --- linux-2.4.22/net/ipv4/netfilter/Config.in 2003-09-01 22:19:08.000000000 -0400
11772 +++ linux-2.4.22/net/ipv4/netfilter/Config.in 2003-09-02 19:29:42.000000000 -0400
11774 dep_tristate ' address type match support' CONFIG_IP_NF_MATCH_ADDRTYPE $CONFIG_IP_NF_IPTABLES
11775 dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
11776 dep_tristate ' realm match support' CONFIG_IP_NF_MATCH_REALM $CONFIG_IP_NF_IPTABLES
11777 + dep_tristate ' stealth match support' CONFIG_IP_NF_MATCH_STEALTH $CONFIG_IP_NF_IPTABLES
11778 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
11779 dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
11781 diff -urN linux-2.4.22/net/ipv4/netfilter/Makefile linux-2.4.22/net/ipv4/netfilter/Makefile
11782 --- linux-2.4.22/net/ipv4/netfilter/Makefile 2003-09-01 22:19:08.000000000 -0400
11783 +++ linux-2.4.22/net/ipv4/netfilter/Makefile 2003-09-02 19:29:42.000000000 -0400
11785 obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
11786 obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
11787 obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o
11788 +obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o
11791 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
11792 diff -urN linux-2.4.22/net/ipv4/netfilter/ipt_stealth.c linux-2.4.22/net/ipv4/netfilter/ipt_stealth.c
11793 --- linux-2.4.22/net/ipv4/netfilter/ipt_stealth.c 1969-12-31 19:00:00.000000000 -0500
11794 +++ linux-2.4.22/net/ipv4/netfilter/ipt_stealth.c 2003-09-02 19:29:42.000000000 -0400
11796 +/* Kernel module to add stealth support.
11798 + * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net>
11802 +#include <linux/kernel.h>
11803 +#include <linux/module.h>
11804 +#include <linux/skbuff.h>
11805 +#include <linux/net.h>
11806 +#include <linux/sched.h>
11807 +#include <linux/inet.h>
11808 +#include <linux/stddef.h>
11810 +#include <net/ip.h>
11811 +#include <net/sock.h>
11812 +#include <net/tcp.h>
11813 +#include <net/udp.h>
11814 +#include <net/route.h>
11815 +#include <net/inet_common.h>
11817 +#include <linux/netfilter_ipv4/ip_tables.h>
11819 +MODULE_LICENSE("GPL");
11821 +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif);
11824 +match(const struct sk_buff *skb,
11825 + const struct net_device *in,
11826 + const struct net_device *out,
11827 + const void *matchinfo,
11830 + u_int16_t datalen,
11833 + struct iphdr *ip = skb->nh.iph;
11834 + struct tcphdr *th = (struct tcphdr *) hdr;
11835 + struct udphdr *uh = (struct udphdr *) hdr;
11836 + struct sock *sk = NULL;
11838 + if (!ip || !hdr || offset) return 0;
11840 + switch(ip->protocol) {
11841 + case IPPROTO_TCP:
11842 + if (datalen < sizeof(struct tcphdr)) {
11846 + if (!(th->syn && !th->ack)) return 0;
11847 + sk = tcp_v4_lookup_listener(ip->daddr, ntohs(th->dest), ((struct rtable*)skb->dst)->rt_iif);
11849 + case IPPROTO_UDP:
11850 + if (datalen < sizeof(struct udphdr)) {
11854 + sk = udp_v4_lookup(ip->saddr, uh->source, ip->daddr, uh->dest, skb->dev->ifindex);
11860 + if(!sk) // port is being listened on, match this
11868 +/* Called when user tries to insert an entry of this type. */
11870 +checkentry(const char *tablename,
11871 + const struct ipt_ip *ip,
11873 + unsigned int matchsize,
11874 + unsigned int hook_mask)
11876 + if (matchsize != IPT_ALIGN(0))
11879 + if(((ip->proto == IPPROTO_TCP && !(ip->invflags & IPT_INV_PROTO)) ||
11880 + ((ip->proto == IPPROTO_UDP) && !(ip->invflags & IPT_INV_PROTO)))
11881 + && (hook_mask & (1 << NF_IP_LOCAL_IN)))
11884 + printk("stealth: Only works on TCP and UDP for the INPUT chain.\n");
11890 +static struct ipt_match stealth_match
11891 += { { NULL, NULL }, "stealth", &match, &checkentry, NULL, THIS_MODULE };
11893 +static int __init init(void)
11895 + return ipt_register_match(&stealth_match);
11898 +static void __exit fini(void)
11900 + ipt_unregister_match(&stealth_match);
11903 +module_init(init);
11904 +module_exit(fini);
11905 diff -urN linux-2.4.22/net/ipv4/tcp_ipv4.c linux-2.4.22/net/ipv4/tcp_ipv4.c
11906 --- linux-2.4.22/net/ipv4/tcp_ipv4.c 2003-09-01 22:19:08.000000000 -0400
11907 +++ linux-2.4.22/net/ipv4/tcp_ipv4.c 2003-09-02 19:29:42.000000000 -0400
11909 #include <linux/inet.h>
11910 #include <linux/stddef.h>
11911 #include <linux/ipsec.h>
11912 +#include <linux/grsecurity.h>
11914 extern int sysctl_ip_dynaddr;
11915 extern int sysctl_ip_default_ttl;
11916 @@ -221,9 +222,18 @@
11918 spin_lock(&tcp_portalloc_lock);
11919 rover = tcp_port_rover;
11921 - if ((rover < low) || (rover > high))
11924 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11925 + if (grsec_enable_randsrc && (high > low)) {
11926 + rover = low + (get_random_long() % (high - low));
11931 + if ((rover < low) || (rover > high))
11935 head = &tcp_bhash[tcp_bhashfn(rover)];
11936 spin_lock(&head->lock);
11937 for (tb = head->chain; tb; tb = tb->next)
11938 @@ -546,6 +556,11 @@
11940 static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb)
11942 +#ifdef CONFIG_GRKERNSEC_RANDISN
11943 + if (likely(grsec_enable_randisn))
11944 + return ip_randomisn();
11947 return secure_tcp_sequence_number(skb->nh.iph->daddr,
11948 skb->nh.iph->saddr,
11950 @@ -681,9 +696,16 @@
11951 rover = tcp_port_rover;
11955 - if ((rover < low) || (rover > high))
11957 +#ifdef CONFIG_GRKERNSEC_RANDSRC
11958 + if(grsec_enable_randsrc && (high > low)) {
11959 + rover = low + (get_random_long() % (high - low));
11964 + if ((rover < low) || (rover > high))
11967 head = &tcp_bhash[tcp_bhashfn(rover)];
11968 spin_lock(&head->lock);
11970 @@ -844,11 +866,22 @@
11974 - if (!tp->write_seq)
11975 + if (!tp->write_seq) {
11976 +#ifdef CONFIG_GRKERNSEC_RANDISN
11977 + if (likely(grsec_enable_randisn))
11978 + tp->write_seq = ip_randomisn();
11981 tp->write_seq = secure_tcp_sequence_number(sk->saddr, sk->daddr,
11982 sk->sport, usin->sin_port);
11985 - sk->protinfo.af_inet.id = tp->write_seq^jiffies;
11986 +#ifdef CONFIG_GRKERNSEC_RANDID
11987 + if(grsec_enable_randid)
11988 + sk->protinfo.af_inet.id = htons(ip_randomid());
11991 + sk->protinfo.af_inet.id = tp->write_seq^jiffies;
11993 err = tcp_connect(sk);
11995 @@ -1570,7 +1603,13 @@
11996 newtp->ext_header_len = 0;
11997 if (newsk->protinfo.af_inet.opt)
11998 newtp->ext_header_len = newsk->protinfo.af_inet.opt->optlen;
11999 - newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
12001 +#ifdef CONFIG_GRKERNSEC_RANDID
12002 + if(grsec_enable_randid)
12003 + newsk->protinfo.af_inet.id = htons(ip_randomid());
12006 + newsk->protinfo.af_inet.id = newtp->write_seq^jiffies;
12008 tcp_sync_mss(newsk, dst->pmtu);
12009 newtp->advmss = dst->advmss;
12010 diff -urN linux-2.4.22/net/ipv4/udp.c linux-2.4.22/net/ipv4/udp.c
12011 --- linux-2.4.22/net/ipv4/udp.c 2003-09-01 22:19:08.000000000 -0400
12012 +++ linux-2.4.22/net/ipv4/udp.c 2003-09-02 19:29:42.000000000 -0400
12014 #include <net/ipv6.h>
12015 #include <net/protocol.h>
12016 #include <linux/skbuff.h>
12017 +#include <linux/grsecurity.h>
12018 #include <net/sock.h>
12019 #include <net/udp.h>
12020 #include <net/icmp.h>
12022 #include <net/inet_common.h>
12023 #include <net/checksum.h>
12025 +extern int gr_search_udp_recvmsg(const struct sock *sk,
12026 + const struct sk_buff *skb);
12027 +extern int gr_search_udp_sendmsg(const struct sock *sk,
12028 + const struct sockaddr_in *addr);
12031 * Snmp MIB for the UDP layer
12033 @@ -478,9 +484,16 @@
12034 ufh.uh.dest = usin->sin_port;
12035 if (ufh.uh.dest == 0)
12038 + if (!gr_search_udp_sendmsg(sk, usin))
12041 if (sk->state != TCP_ESTABLISHED)
12042 return -EDESTADDRREQ;
12044 + if (!gr_search_udp_sendmsg(sk, NULL))
12047 ufh.daddr = sk->daddr;
12048 ufh.uh.dest = sk->dport;
12049 /* Open fast path for connected socket.
12050 @@ -488,6 +501,7 @@
12055 ipc.addr = sk->saddr;
12056 ufh.uh.source = sk->sport;
12058 @@ -659,6 +673,11 @@
12062 + if (!gr_search_udp_recvmsg(sk, skb)) {
12067 copied = skb->len - sizeof(struct udphdr);
12068 if (copied > len) {
12070 @@ -763,7 +782,13 @@
12071 sk->daddr = rt->rt_dst;
12072 sk->dport = usin->sin_port;
12073 sk->state = TCP_ESTABLISHED;
12074 - sk->protinfo.af_inet.id = jiffies;
12076 +#ifdef CONFIG_GRKERNSEC_RANDID
12077 + if(grsec_enable_randid)
12078 + sk->protinfo.af_inet.id = htons(ip_randomid());
12081 + sk->protinfo.af_inet.id = jiffies;
12083 sk_dst_set(sk, &rt->u.dst);
12085 diff -urN linux-2.4.22/net/netlink/af_netlink.c linux-2.4.22/net/netlink/af_netlink.c
12086 --- linux-2.4.22/net/netlink/af_netlink.c 2003-09-01 22:19:11.000000000 -0400
12087 +++ linux-2.4.22/net/netlink/af_netlink.c 2003-09-02 19:29:42.000000000 -0400
12089 #include <linux/proc_fs.h>
12090 #include <linux/smp_lock.h>
12091 #include <linux/notifier.h>
12092 +#include <linux/grsecurity.h>
12093 #include <net/sock.h>
12094 #include <net/scm.h>
12096 @@ -625,7 +626,8 @@
12097 check them, when this message will be delivered
12098 to corresponding kernel module. --ANK (980802)
12100 - NETLINK_CB(skb).eff_cap = current->cap_effective;
12102 + NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink();
12105 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
12106 diff -urN linux-2.4.22/net/netsyms.c linux-2.4.22/net/netsyms.c
12107 --- linux-2.4.22/net/netsyms.c 2003-09-01 22:19:08.000000000 -0400
12108 +++ linux-2.4.22/net/netsyms.c 2003-09-02 19:29:42.000000000 -0400
12110 #include <net/checksum.h>
12111 #include <linux/etherdevice.h>
12112 #include <net/route.h>
12113 +#include <linux/grsecurity.h>
12114 #ifdef CONFIG_HIPPI
12115 #include <linux/hippidevice.h>
12117 @@ -606,6 +607,47 @@
12119 EXPORT_SYMBOL(softnet_data);
12121 +#if defined(CONFIG_IP_NF_MATCH_STEALTH_MODULE)
12122 +#if !defined (CONFIG_IPV6_MODULE) && !defined (CONFIG_KHTTPD) && !defined (CONFIG_KHTTPD_MODULE)
12123 +EXPORT_SYMBOL(tcp_v4_lookup_listener);
12127 +#if defined(CONFIG_GRKERNSEC_RANDID)
12128 +EXPORT_SYMBOL(ip_randomid);
12130 +#if defined(CONFIG_GRKERNSEC_RANDSRC) || defined(CONFIG_GRKERNSEC_RANDRPC)
12131 +EXPORT_SYMBOL(get_random_long);
12133 +#ifdef CONFIG_GRKERNSEC_RANDISN
12134 +EXPORT_SYMBOL(ip_randomisn);
12135 +EXPORT_SYMBOL(grsec_enable_randisn);
12137 +#ifdef CONFIG_GRKERNSEC_RANDID
12138 +EXPORT_SYMBOL(grsec_enable_randid);
12140 +#ifdef CONFIG_GRKERNSEC_RANDSRC
12141 +EXPORT_SYMBOL(grsec_enable_randsrc);
12143 +#ifdef CONFIG_GRKERNSEC_RANDRPC
12144 +EXPORT_SYMBOL(grsec_enable_randrpc);
12147 +EXPORT_SYMBOL(gr_cap_rtnetlink);
12149 +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
12150 +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
12152 +EXPORT_SYMBOL(gr_search_udp_recvmsg);
12153 +EXPORT_SYMBOL(gr_search_udp_sendmsg);
12155 +#ifdef CONFIG_UNIX_MODULE
12156 +EXPORT_SYMBOL(gr_acl_handle_unix);
12157 +EXPORT_SYMBOL(gr_acl_handle_mknod);
12158 +EXPORT_SYMBOL(gr_handle_chroot_unix);
12159 +EXPORT_SYMBOL(gr_handle_create);
12162 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
12163 #include <net/iw_handler.h>
12164 EXPORT_SYMBOL(wireless_send_event);
12165 diff -urN linux-2.4.22/net/socket.c linux-2.4.22/net/socket.c
12166 --- linux-2.4.22/net/socket.c 2003-09-01 22:19:08.000000000 -0400
12167 +++ linux-2.4.22/net/socket.c 2003-09-02 19:29:42.000000000 -0400
12169 #include <net/scm.h>
12170 #include <linux/netfilter.h>
12172 +extern void gr_attach_curr_ip(const struct sock *sk);
12173 +extern int gr_handle_sock_all(const int family, const int type,
12174 + const int protocol);
12175 +extern int gr_handle_sock_server(const struct sockaddr *sck);
12176 +extern int gr_handle_sock_client(const struct sockaddr *sck);
12177 +extern int gr_search_connect(const struct socket * sock,
12178 + const struct sockaddr_in * addr);
12179 +extern int gr_search_bind(const struct socket * sock,
12180 + const struct sockaddr_in * addr);
12181 +extern int gr_search_socket(const int domain, const int type,
12182 + const int protocol);
12184 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
12185 static ssize_t sock_read(struct file *file, char *buf,
12186 size_t size, loff_t *ppos);
12187 @@ -699,6 +711,7 @@
12189 int sock_close(struct inode *inode, struct file *filp)
12191 + struct socket *sock;
12193 * It was possible the inode is NULL we were
12194 * closing an unfinished socket.
12195 @@ -709,8 +722,21 @@
12196 printk(KERN_DEBUG "sock_close: NULL inode\n");
12199 + sock = socki_lookup(inode);
12201 sock_fasync(-1, filp, 0);
12203 +#ifdef CONFIG_GRKERNSEC
12204 + if (unlikely(current->used_accept && sock->sk &&
12205 + (sock->sk->protocol == IPPROTO_TCP) &&
12206 + (sock->sk->daddr == current->curr_ip))) {
12207 + current->used_accept = 0;
12208 + current->curr_ip = 0;
12212 sock_release(socki_lookup(inode));
12217 @@ -903,6 +929,16 @@
12219 struct socket *sock;
12221 + if(!gr_search_socket(family, type, protocol)) {
12222 + retval = -EACCES;
12226 + if (gr_handle_sock_all(family, type, protocol)) {
12227 + retval = -EACCES;
12231 retval = sock_create(family, type, protocol, &sock);
12234 @@ -998,12 +1034,26 @@
12236 struct socket *sock;
12237 char address[MAX_SOCK_ADDR];
12238 + struct sockaddr * sck;
12241 if((sock = sockfd_lookup(fd,&err))!=NULL)
12243 - if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
12244 + if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
12245 + sck = (struct sockaddr *) address;
12247 + if(!gr_search_bind(sock, (struct sockaddr_in *) sck)) {
12248 + sockfd_put(sock);
12252 + if (gr_handle_sock_server(sck)) {
12253 + sockfd_put(sock);
12257 err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
12262 @@ -1079,6 +1129,8 @@
12263 if ((err = sock_map_fd(newsock)) < 0)
12266 + gr_attach_curr_ip(newsock->sk);
12271 @@ -1106,6 +1158,7 @@
12273 struct socket *sock;
12274 char address[MAX_SOCK_ADDR];
12275 + struct sockaddr * sck;
12278 sock = sockfd_lookup(fd, &err);
12279 @@ -1114,6 +1167,24 @@
12280 err = move_addr_to_kernel(uservaddr, addrlen, address);
12284 + sck = (struct sockaddr *) address;
12286 + if (!gr_search_connect(sock, (struct sockaddr_in *) sck)) {
12291 + if (gr_handle_sock_client(sck)) {
12296 +#ifdef CONFIG_GRKERNSEC
12297 + if (sock->sk->protocol == IPPROTO_TCP)
12298 + current->used_connect = 1;
12301 err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
12302 sock->file->f_flags);
12304 @@ -1333,6 +1404,14 @@
12305 err=sock->ops->shutdown(sock, how);
12309 +#ifdef CONFIG_GRKERNSEC
12310 + if (likely(!err && current->used_accept)) {
12311 + current->used_accept = 0;
12312 + current->curr_ip = 0;
12319 diff -urN linux-2.4.22/net/sunrpc/xprt.c linux-2.4.22/net/sunrpc/xprt.c
12320 --- linux-2.4.22/net/sunrpc/xprt.c 2003-09-01 22:19:11.000000000 -0400
12321 +++ linux-2.4.22/net/sunrpc/xprt.c 2003-09-02 19:29:42.000000000 -0400
12323 #include <linux/unistd.h>
12324 #include <linux/sunrpc/clnt.h>
12325 #include <linux/file.h>
12326 +#include <linux/grsecurity.h>
12328 #include <net/sock.h>
12329 #include <net/checksum.h>
12330 @@ -1290,6 +1291,12 @@
12333 spin_unlock(&xid_lock);
12335 +#ifdef CONFIG_GRKERNSEC_RANDRPC
12336 + if (grsec_enable_randrpc)
12337 + ret = (u32) get_random_long();
12343 diff -urN linux-2.4.22/net/unix/af_unix.c linux-2.4.22/net/unix/af_unix.c
12344 --- linux-2.4.22/net/unix/af_unix.c 2003-09-01 22:19:08.000000000 -0400
12345 +++ linux-2.4.22/net/unix/af_unix.c 2003-09-02 19:29:42.000000000 -0400
12346 @@ -109,6 +109,7 @@
12347 #include <linux/poll.h>
12348 #include <linux/smp_lock.h>
12349 #include <linux/rtnetlink.h>
12350 +#include <linux/grsecurity.h>
12352 #include <asm/checksum.h>
12354 @@ -599,6 +600,11 @@
12358 + if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) {
12363 err = -ECONNREFUSED;
12364 if (!S_ISSOCK(nd.dentry->d_inode->i_mode))
12366 @@ -622,6 +628,13 @@
12368 struct dentry *dentry;
12369 dentry = u->protinfo.af_unix.dentry;
12371 + if (!gr_handle_chroot_unix(u->peercred.pid)) {
12378 UPDATE_ATIME(dentry->d_inode);
12380 @@ -720,9 +733,19 @@
12381 * All right, let's create it.
12383 mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
12385 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
12387 + goto out_mknod_dput;
12390 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
12393 goto out_mknod_dput;
12395 + gr_handle_create(dentry, nd.mnt);
12397 up(&nd.dentry->d_inode->i_sem);
12399 nd.dentry = dentry;
12400 @@ -740,6 +763,10 @@
12404 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
12405 + sk->peercred.pid = current->pid;
12408 list = &unix_socket_table[addr->hash];
12410 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
12411 @@ -866,6 +893,9 @@
12415 +#ifdef CONFIG_GRKERNSEC
12416 + struct task_struct *p, **htable;
12419 err = unix_mkname(sunaddr, addr_len, &hash);
12421 @@ -989,6 +1019,17 @@
12422 /* Set credentials */
12423 sk->peercred = other->peercred;
12425 +#ifdef CONFIG_GRKERNSEC
12426 + read_lock(&tasklist_lock);
12427 + htable = &pidhash[pid_hashfn(other->peercred.pid)];
12428 + for (p = *htable; p && p->pid != other->peercred.pid; p = p->pidhash_next);
12430 + p->curr_ip = current->curr_ip;
12431 + p->used_accept = 1;
12433 + read_unlock(&tasklist_lock);
12437 unix_peer(sk)=newsk;
12438 sock->state=SS_CONNECTED;