1 diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
2 --- linux-2.4.20.org/drivers/char/mem.c Mon Feb 17 10:01:43 2003
3 +++ linux-2.4.20/drivers/char/mem.c Mon Feb 17 10:04:57 2003
7 #ifdef CONFIG_GRKERNSEC_KMEM
8 +if(grsec_enable_kmem){
14 end_mem = __pa(high_memory);
16 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
18 #ifdef CONFIG_GRKERNSEC_KMEM
19 +if (grsec_enable_kmem){
20 if (gr_handle_mem_mmap(offset, vma))
27 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
29 #ifdef CONFIG_GRKERNSEC_KMEM
30 +if(grsec_enable_kmem){
31 gr_handle_kmem_write();
36 if (p < (unsigned long) high_memory) {
38 static int open_port(struct inode * inode, struct file * filp)
40 #ifdef CONFIG_GRKERNSEC_KMEM
41 +if(grsec_enable_kmem){
42 gr_handle_open_port();
46 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
48 diff -Nur linux-2.4.20.org/grsecurity/grsec_init.c linux-2.4.20/grsecurity/grsec_init.c
49 --- linux-2.4.20.org/grsecurity/grsec_init.c Mon Feb 17 10:01:44 2003
50 +++ linux-2.4.20/grsecurity/grsec_init.c Mon Feb 17 10:05:54 2003
52 int grsec_socket_client_gid;
53 int grsec_enable_socket_server;
54 int grsec_socket_server_gid;
55 +int grsec_enable_kmem;
58 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
60 grsec_enable_socket_server = 1;
61 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
63 +#ifdef CONFIG_GRKERNSEC_KMEM
64 +grsec_enable_kmem = 1;
69 diff -Nur linux-2.4.20.org/include/linux/grsecurity.h linux-2.4.20/include/linux/grsecurity.h
70 --- linux-2.4.20.org/include/linux/grsecurity.h Mon Feb 17 10:01:44 2003
71 +++ linux-2.4.20/include/linux/grsecurity.h Mon Feb 17 10:12:15 2003
73 extern int grsec_enable_randsrc;
74 extern int grsec_enable_randping;
75 extern int grsec_enable_randrpc;
76 +extern int grsec_enable_kmem;
80 diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
81 --- linux-2.4.20.org/kernel/sysctl.c Mon Feb 17 10:01:44 2003
82 +++ linux-2.4.20/kernel/sysctl.c Mon Feb 17 10:11:13 2003
84 GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
85 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
86 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
87 -GS_FINDTASK, GS_LOCK};
88 +GS_FINDTASK, GS_LOCK, GS_KMEM};
90 static ctl_table grsecurity_table[] = {
91 {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
93 {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
94 sizeof (int), 0600, NULL, &proc_dointvec},
96 +#ifdef CONFIG_GRKERNSEC_KMEM
97 + {GS_FINDTASK, "kmem", &grsec_enable_kmem,
98 + sizeof (int), 0600, NULL, &proc_dointvec},
100 {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,