linux-2.4.20-grsecurity-1.9.8-dev_mem.patch

   1 --- linux-2.4.20/kernel/sysctl.c.org    Tue Dec 31 21:38:21 2002
   2 +++ linux-2.4.20/kernel/sysctl.c        Tue Dec 31 22:17:01 2002
   3 @@ -277,7 +277,7 @@
   4  GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL,
   5  GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER,
   6  GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR,
   7 -GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK};
   8 +GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK, GS_MEM};
   9
  10  static ctl_table grsecurity_table[] = {
  11         {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
  12 @@ -431,6 +431,10 @@
  13         {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
  14          sizeof (int), 0600, NULL, &proc_dointvec},
  15  #endif
  16 +#ifdef CONFIG_GRKERNSEC_MEM
  17 +       {GS_MEM, "secure_mem", &grsec_enable_mem, sizeof (int), 0600, NULL,
  18 +        &proc_dointvec},
  19 +#endif
  20         {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
  21          &proc_dointvec},
  22  #endif
  23 --- linux-2.4.20/include/linux/grsecurity.h.org Tue Dec 31 21:38:18 2002
  24 +++ linux-2.4.20/include/linux/grsecurity.h     Tue Dec 31 22:11:04 2002
  25 @@ -102,6 +102,7 @@
  26  extern int grsec_enable_mount;
  27  extern int grsec_enable_chdir;
  28  extern int grsec_lock;
  29 +extern int grsec_enable_mem;
  30
  31  extern struct task_struct *child_reaper;
  32
  33 --- linux-2.4.20/drivers/char/mem.c.org Tue Dec 31 21:38:16 2002
  34 +++ linux-2.4.20/drivers/char/mem.c     Tue Dec 31 22:08:46 2002
  35 @@ -115,10 +115,10 @@
  36         unsigned long p = *ppos;
  37         unsigned long end_mem;
  38
  39 -#ifdef CONFIG_GRKERNSEC_MEM
  40 +if(grsec_enable_mem) {
  41          security_alert(GR_MEM_WRITE_MSG, GR_MEM_WRITE_FLD, DEFAULTSECARGS);
  42          return -EPERM;
  43 -#endif
  44 +}
  45
  46         end_mem = __pa(high_memory);
  47         if (p >= end_mem)
  48 @@ -192,7 +192,7 @@
  49  {
  50         unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
  51
  52 -#ifdef CONFIG_GRKERNSEC_MEM
  53 +if(grsec_enable_mem){
  54         if (offset < __pa(high_memory) &&
  55             (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
  56             (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) {
  57 @@ -200,7 +200,7 @@
  58                 return -EPERM;
  59         } else if (offset < __pa(high_memory))
  60                 vma->vm_flags &= ~VM_MAYWRITE;
  61 -#endif
  62 +}
  63
  64
  65         /*
  66 --- linux-2.4.20/grsecurity/grsecurity.c.org    Tue Dec 31 21:38:17 2002
  67 +++ linux-2.4.20/grsecurity/grsecurity.c        Tue Dec 31 22:04:35 2002
  68 @@ -53,6 +53,7 @@
  69  int grsec_enable_socket_server;
  70  int grsec_socket_server_gid;
  71  int grsec_lock;
  72 +int grsec_enable_mem;
  73
  74  /*
  75     handle the variables if parts of grsecurity are configured without sysctl
  76 @@ -167,6 +168,9 @@
  77  grsec_enable_socket_server = 1;
  78  grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
  79  #endif
  80 +#ifdef CONFIG_GRKERNSEC_MEM
  81 +grsec_enable_mem = 1;
  82 +#endif
  83  #endif
  84
  85  return;