]> git.pld-linux.org Git - packages/kernel.git/blob - linux-2.4.20-grsecurity-1.9.9e-kmem.patch
projects / packages / kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- obsolete
[packages/kernel.git] / linux-2.4.20-grsecurity-1.9.9e-kmem.patch
1 diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
2 --- linux-2.4.20.org/drivers/char/mem.c Mon Feb 17 10:01:43 2003
3 +++ linux-2.4.20/drivers/char/mem.c     Mon Feb 17 10:04:57 2003
4 @@ -115,8 +115,10 @@
5         unsigned long end_mem;
6  
7  #ifdef CONFIG_GRKERNSEC_KMEM
8 +if(grsec_enable_kmem){
9         gr_handle_mem_write();
10         return -EPERM;
11 +}
12  #endif
13  
14         end_mem = __pa(high_memory);
15 @@ -192,8 +192,10 @@
16         unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
17  
18  #ifdef CONFIG_GRKERNSEC_KMEM
19 +if (grsec_enable_kmem){
20         if (gr_handle_mem_mmap(offset, vma))
21                 return -EPERM;
22 +}
23  #endif
24  
25  
26 @@ -297,8 +297,10 @@
27         char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
28  
29  #ifdef CONFIG_GRKERNSEC_KMEM
30 +if(grsec_enable_kmem){
31         gr_handle_kmem_write();
32         return -EPERM;
33 +}
34  #endif
35  
36         if (p < (unsigned long) high_memory) {
37 @@ -534,8 +534,10 @@
38  static int open_port(struct inode * inode, struct file * filp)
39  {
40  #ifdef CONFIG_GRKERNSEC_KMEM
41 +if(grsec_enable_kmem){
42         gr_handle_open_port();
43         return -EPERM;
44 +}
45  #endif
46         return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
47  }
48 diff -Nur linux-2.4.20.org/grsecurity/grsec_init.c linux-2.4.20/grsecurity/grsec_init.c
49 --- linux-2.4.20.org/grsecurity/grsec_init.c    Mon Feb 17 10:01:44 2003
50 +++ linux-2.4.20/grsecurity/grsec_init.c        Mon Feb 17 10:05:54 2003
51 @@ -45,6 +45,7 @@
52  int grsec_socket_client_gid;
53  int grsec_enable_socket_server;
54  int grsec_socket_server_gid;
55 +int grsec_enable_kmem;
56  int grsec_lock;
57  
58  spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
59 @@ -194,6 +195,9 @@
60  grsec_enable_socket_server = 1;
61  grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
62  #endif
63 +#ifdef CONFIG_GRKERNSEC_KMEM
64 +grsec_enable_kmem = 1;
65 +#endif
66  #endif
67  
68  return;
69 diff -Nur linux-2.4.20.org/include/linux/grsecurity.h linux-2.4.20/include/linux/grsecurity.h
70 --- linux-2.4.20.org/include/linux/grsecurity.h Mon Feb 17 10:01:44 2003
71 +++ linux-2.4.20/include/linux/grsecurity.h     Mon Feb 17 10:12:15 2003
72 @@ -161,6 +161,7 @@
73  extern int grsec_enable_randsrc;
74  extern int grsec_enable_randping;
75  extern int grsec_enable_randrpc;
76 +extern int grsec_enable_kmem;
77  #endif
78  
79  #endif
80 diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
81 --- linux-2.4.20.org/kernel/sysctl.c    Mon Feb 17 10:01:44 2003
82 +++ linux-2.4.20/kernel/sysctl.c        Mon Feb 17 10:11:13 2003
83 @@ -283,7 +283,7 @@
84  GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
85  GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
86  GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
87 -GS_FINDTASK, GS_LOCK};
88 +GS_FINDTASK, GS_LOCK, GS_KMEM};
89  
90  static ctl_table grsecurity_table[] = {
91         {GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
92 @@ -453,6 +453,10 @@
93         {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
94          sizeof (int), 0600, NULL, &proc_dointvec},
95  #endif
96 +#ifdef CONFIG_GRKERNSEC_KMEM
97 +       {GS_FINDTASK, "kmem", &grsec_enable_kmem, 
98 +        sizeof (int), 0600, NULL, &proc_dointvec},
99 +#endif
100         {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
101          &proc_dointvec},
102  #endif
The Linux kernel (the core of the Linux operating system)
This page took 0.246196 seconds and 3 git commands to generate.