1 --- linux-2.4.20/kernel/sysctl.c.org Tue Dec 31 21:38:21 2002
2 +++ linux-2.4.20/kernel/sysctl.c Tue Dec 31 22:17:01 2002
4 GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL,
5 GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER,
6 GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR,
7 -GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK};
8 +GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK, GS_MEM};
10 static ctl_table grsecurity_table[] = {
11 {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
13 {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
14 sizeof (int), 0600, NULL, &proc_dointvec},
16 +#ifdef CONFIG_GRKERNSEC_MEM
17 + {GS_MEM, "secure_mem", &grsec_enable_mem, sizeof (int), 0600, NULL,
20 {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
23 --- linux-2.4.20/include/linux/grsecurity.h.org Tue Dec 31 21:38:18 2002
24 +++ linux-2.4.20/include/linux/grsecurity.h Tue Dec 31 22:11:04 2002
26 extern int grsec_enable_mount;
27 extern int grsec_enable_chdir;
28 extern int grsec_lock;
29 +extern int grsec_enable_mem;
31 extern struct task_struct *child_reaper;
33 --- linux-2.4.20/drivers/char/mem.c.org Tue Dec 31 21:38:16 2002
34 +++ linux-2.4.20/drivers/char/mem.c Tue Dec 31 22:08:46 2002
36 unsigned long p = *ppos;
37 unsigned long end_mem;
39 -#ifdef CONFIG_GRKERNSEC_MEM
40 +if(grsec_enable_mem) {
41 security_alert(GR_MEM_WRITE_MSG, GR_MEM_WRITE_FLD, DEFAULTSECARGS);
46 end_mem = __pa(high_memory);
50 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
52 -#ifdef CONFIG_GRKERNSEC_MEM
53 +if(grsec_enable_mem){
54 if (offset < __pa(high_memory) &&
55 (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
56 (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) {
59 } else if (offset < __pa(high_memory))
60 vma->vm_flags &= ~VM_MAYWRITE;
66 --- linux-2.4.20/grsecurity/grsecurity.c.org Tue Dec 31 21:38:17 2002
67 +++ linux-2.4.20/grsecurity/grsecurity.c Tue Dec 31 22:04:35 2002
69 int grsec_enable_socket_server;
70 int grsec_socket_server_gid;
72 +int grsec_enable_mem;
75 handle the variables if parts of grsecurity are configured without sysctl
77 grsec_enable_socket_server = 1;
78 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
80 +#ifdef CONFIG_GRKERNSEC_MEM
81 +grsec_enable_mem = 1;