1 diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
2 --- linux-2.4.20.org/drivers/char/mem.c Sat Feb 1 11:29:04 2003
3 +++ linux-2.4.20/drivers/char/mem.c Sat Feb 1 11:44:42 2003
5 unsigned long p = *ppos;
8 -#ifdef CONFIG_GRKERNSEC_KMEM
9 +if(grsec_secure_kmem){
10 gr_handle_mem_write();
15 end_mem = __pa(high_memory);
19 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
21 -#ifdef CONFIG_GRKERNSEC_KMEM
22 +if (grsec_secure_kmem){
23 if (gr_handle_mem_mmap(offset, vma))
32 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
34 -#ifdef CONFIG_GRKERNSEC_KMEM
35 +if(grsec_secure_kmem){
36 gr_handle_kmem_write();
41 if (p < (unsigned long) high_memory) {
45 static int open_port(struct inode * inode, struct file * filp)
47 -#ifdef CONFIG_GRKERNSEC_KMEM
48 +if(grsec_secure_kmem){
49 gr_handle_open_port();
53 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
56 diff -Nur linux-2.4.20.org/grsecurity/grsecurity.c linux-2.4.20/grsecurity/grsecurity.c
57 --- linux-2.4.20.org/grsecurity/grsecurity.c Sat Feb 1 11:29:04 2003
58 +++ linux-2.4.20/grsecurity/grsecurity.c Sat Feb 1 11:40:46 2003
60 int grsec_socket_client_gid;
61 int grsec_enable_socket_server;
62 int grsec_socket_server_gid;
63 +int grsec_secure_kmem;
68 grsec_enable_socket_server = 1;
69 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
71 +#ifdef CONFIG_GRKERNSEC_KMEM
72 +grsec_secure_kmem = 1;
77 diff -Nur linux-2.4.20.org/include/linux/grinternal.h linux-2.4.20/include/linux/grinternal.h
78 --- linux-2.4.20.org/include/linux/grinternal.h Sat Feb 1 11:29:04 2003
79 +++ linux-2.4.20/include/linux/grinternal.h Sat Feb 1 11:39:19 2003
81 extern int grsec_enable_audit_ipc;
82 extern int grsec_enable_mount;
83 extern int grsec_enable_chdir;
84 +extern int grsec_secure_kmem;
85 extern int grsec_lock;
87 extern struct task_struct *child_reaper;
88 diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
89 --- linux-2.4.20.org/kernel/sysctl.c Sat Feb 1 11:29:04 2003
90 +++ linux-2.4.20/kernel/sysctl.c Sat Feb 1 11:40:06 2003
92 GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
93 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
94 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
95 -GS_FINDTASK, GS_LOCK};
96 +GS_FINDTASK, GS_LOCK, GS_KMEM};
98 static ctl_table grsecurity_table[] = {
99 {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
101 {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
102 sizeof (int), 0600, NULL, &proc_dointvec},
104 +#ifdef CONFIG_GRKERNSEC_KMEM
105 + {GS_FINDTASK, "kmem", &grsec_secure_kmem,
106 + sizeof (int), 0600, NULL, &proc_dointvec},
108 {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,