1 diff -urPX nopatch linux-2.4.22/Documentation/Configure.help linux-2.4.22-ow1/Documentation/Configure.help
2 --- linux-2.4.22/Documentation/Configure.help Mon Aug 25 15:44:39 2003
3 +++ linux-2.4.22-ow1/Documentation/Configure.help Thu Aug 28 06:23:03 2003
5 will be called binfmt_elf.o. Saying M or N here is dangerous because
6 some crucial programs on your system might be in ELF format.
8 +ELF binaries with a.out format interpreters or a.out libraries
9 +CONFIG_BINFMT_ELF_AOUT
10 + The kernel may support ELF executables which use an a.out format
11 + interpreter (dynamic linker) and/or a.out shared libraries, in
12 + addition to the usual ELF-ELF setups. You shouldn't need this.
14 Kernel support for a.out binaries
16 A.out (Assembler.OUTput) is a set of formats for libraries and
17 @@ -4213,13 +4219,11 @@
18 warrant removing support. However its removal is a good idea if you
19 wish to ensure that absolutely none of your programs will use this
20 older executable format. If you don't know what to answer at this
21 - point then answer Y. If someone told you "You need a kernel with
22 + point then answer N. If someone told you "You need a kernel with
23 QMAGIC support" then you'll have to say Y here. You may answer M to
24 compile a.out support as a module and later load the module when you
25 want to use a program or library in a.out format. The module will be
26 - called binfmt_aout.o. Saying M or N here is dangerous though,
27 - because some crucial programs on your system might still be in A.OUT
29 + called binfmt_aout.o.
31 OSF/1 v4 readv/writev compatibility
33 @@ -27486,6 +27490,96 @@
36 Quick & dirty crypto test module.
38 +Non-executable user stack area
40 + Most buffer overflow exploits are based on overwriting a function's
41 + return address on the stack to point to some arbitrary code, which is
42 + also put onto the stack. If the stack area is non-executable, buffer
43 + overflow vulnerabilities become harder to exploit. However, a few
44 + programs depend on the stack being executable, and might stop working
45 + unless you also enable GCC trampolines autodetection and emulation
46 + below, or enable the stack area execution permission for every such
47 + program separately using chstk.c. If you don't know what all this is
48 + about, or don't care about security that much, say N.
50 +Autodetect and emulate GCC trampolines
51 +CONFIG_HARDEN_STACK_SMART
52 + GCC generates trampolines on the stack to correctly pass control to
53 + nested functions when calling from outside. Normally, this requires
54 + the stack being executable. When this option is enabled, the kernel
55 + will trap faults resulting from trampoline calls, and will emulate the
56 + trampolines. However, in some cases this autodetection can be fooled
57 + in a buffer overflow exploit, so, if you've got no programs that use
58 + GCC trampolines, it is more secure to disable this option. If you're
59 + too lazy to find that out, answer Y. Note: if you're using glibc 2.0
60 + (and not libc 5 or glibc 2.1+), you have to say Y here, or the system
63 +Restricted links in /tmp
65 + There's a very common attack that involves a malicious user creating
66 + a symbolic link in /tmp, with a carefully chosen name, pointing at
67 + another user's file. When the victim then writes to that file name,
68 + without the required precautions, they inadvertently write to the
69 + wrong file. Enabling this option reduces the impact of this class of
70 + holes (some get fixed, many others allow for DoS attacks only, most
71 + of the rest become harder to exploit) by preventing a process from
72 + following a link which is in a +t directory, unless the link owner
73 + is trusted (that is, it's the user we're running as or the directory
74 + owner). To prevent from using a hard link in an attack instead, this
75 + option does not allow users to create hard links to files they don't
76 + own, unless they could read and write the file. This might break
77 + things. Say Y if security is more important.
79 +Restricted FIFOs in /tmp
81 + In addition to restricting links, you might also want to restrict
82 + writes into untrusted FIFOs (named pipes), to make data spoofing
83 + attacks harder. Enabling this option disallows writing into FIFOs
84 + not owned by the user in +t directories, unless the owner is the
85 + same as that of the directory or the FIFO is opened without the
90 + This option restricts the permissions on directories in /proc so
91 + that non-root users can see their own processes only, and nothing
92 + about active network connections, unless they're in a special group.
93 + This group's id is specified via the gid= mount option, and is 0 by
94 + default. (Note: if you're using identd, you will need to edit the
95 + inetd.conf line to run identd as this special group.) Also, this
96 + disables dmesg(8) for the users. You might want to use this on an ISP
97 + shell server where privacy is an issue.
99 +Enforce RLIMIT_NPROC on execve(2)
100 +CONFIG_HARDEN_RLIMIT_NPROC
101 + Linux lets you set a limit on how many processes a user can have, via
102 + a setrlimit(2) call with RLIMIT_NPROC. Unfortunately, this limit is
103 + only looked at when a new process is created on fork(2). If a process
104 + changes its UID, it might exceed the limit for its new UID. This is
105 + not a security issue by itself, as changing the UID is a privileged
106 + operation. However, there're privileged programs that want to switch
107 + to a user's context, including setting up some resource limits. The
108 + only fork(2) required (if at all) is done before switching the UID,
109 + and thus doesn't result in a check against RLIMIT_NPROC. Enable this
110 + option to enforce RLIMIT_NPROC on execve(2) calls.
112 +Destroy shared memory segments not in use
114 + Linux lets you set resource limits, including on how much memory one
115 + process can consume, via setrlimit(2). Unfortunately, shared memory
116 + segments are allowed to exist without association with any process,
117 + and thus might not be counted against any resource limits. This option
118 + automatically destroys shared memory segments when their attach count
119 + becomes zero after a detach or a process termination. It will also
120 + destroy segments that were created, but never attached to, on exit from
121 + the process. (In case you're curious, the only use left for IPC_RMID is
122 + to immediately destroy an unattached segment.) Of course, this breaks
123 + the way things are defined, so some applications might stop working.
124 + Note that this feature will do you no good unless you also configure
125 + your resource limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most
126 + systems don't need this.
129 # A couple of things I keep forgetting:
130 diff -urPX nopatch linux-2.4.22/arch/alpha/config.in linux-2.4.22-ow1/arch/alpha/config.in
131 --- linux-2.4.22/arch/alpha/config.in Mon Aug 25 15:44:39 2003
132 +++ linux-2.4.22-ow1/arch/alpha/config.in Thu Aug 28 06:20:31 2003
136 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
137 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
138 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
140 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
141 tristate 'Kernel support for Linux/Intel ELF binaries' CONFIG_BINFMT_EM86
142 source drivers/parport/Config.in
144 source drivers/usb/Config.in
146 source net/bluetooth/Config.in
148 +source security/Config.in
150 mainmenu_option next_comment
151 comment 'Kernel hacking'
152 diff -urPX nopatch linux-2.4.22/arch/alpha/defconfig linux-2.4.22-ow1/arch/alpha/defconfig
153 --- linux-2.4.22/arch/alpha/defconfig Fri Jun 13 18:51:29 2003
154 +++ linux-2.4.22-ow1/arch/alpha/defconfig Thu Aug 28 06:20:31 2003
156 # CONFIG_KCORE_AOUT is not set
157 # CONFIG_BINFMT_AOUT is not set
159 +# CONFIG_BINFMT_ELF_AOUT is not set
160 # CONFIG_BINFMT_MISC is not set
161 # CONFIG_BINFMT_EM86 is not set
166 # CONFIG_BLUEZ is not set
171 +CONFIG_HARDEN_LINK=y
172 +CONFIG_HARDEN_FIFO=y
173 +# CONFIG_HARDEN_PROC is not set
174 +CONFIG_HARDEN_RLIMIT_NPROC=y
175 +# CONFIG_HARDEN_SHM is not set
179 diff -urPX nopatch linux-2.4.22/arch/arm/config.in linux-2.4.22-ow1/arch/arm/config.in
180 --- linux-2.4.22/arch/arm/config.in Mon Aug 25 15:44:39 2003
181 +++ linux-2.4.22-ow1/arch/arm/config.in Thu Aug 28 06:25:19 2003
183 A.OUT CONFIG_KCORE_AOUT" ELF
184 tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT
185 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
186 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
187 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
189 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
190 dep_bool 'Power Management support (experimental)' CONFIG_PM $CONFIG_EXPERIMENTAL
191 dep_tristate 'RISC OS personality' CONFIG_ARTHUR $CONFIG_CPU_32
193 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
194 source net/bluetooth/Config.in
197 +source security/Config.in
199 mainmenu_option next_comment
200 comment 'Kernel hacking'
201 diff -urPX nopatch linux-2.4.22/arch/arm/defconfig linux-2.4.22-ow1/arch/arm/defconfig
202 --- linux-2.4.22/arch/arm/defconfig Sun May 20 04:43:05 2001
203 +++ linux-2.4.22-ow1/arch/arm/defconfig Thu Aug 28 06:20:31 2003
207 # CONFIG_KCORE_AOUT is not set
208 -CONFIG_BINFMT_AOUT=y
209 +# CONFIG_BINFMT_AOUT is not set
211 +# CONFIG_BINFMT_ELF_AOUT is not set
212 # CONFIG_BINFMT_MISC is not set
213 # CONFIG_PM is not set
214 # CONFIG_ARTHUR is not set
218 # CONFIG_USB is not set
223 +CONFIG_HARDEN_LINK=y
224 +CONFIG_HARDEN_FIFO=y
225 +# CONFIG_HARDEN_PROC is not set
226 +CONFIG_HARDEN_RLIMIT_NPROC=y
227 +# CONFIG_HARDEN_SHM is not set
231 diff -urPX nopatch linux-2.4.22/arch/cris/config.in linux-2.4.22-ow1/arch/cris/config.in
232 --- linux-2.4.22/arch/cris/config.in Mon Aug 25 15:44:39 2003
233 +++ linux-2.4.22-ow1/arch/cris/config.in Thu Aug 28 06:20:31 2003
235 bool 'Sysctl support' CONFIG_SYSCTL
237 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
238 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
239 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
242 string 'Kernel command line' CONFIG_ETRAX_CMDLINE "root=/dev/mtdblock3"
247 source drivers/usb/Config.in
249 +source security/Config.in
251 mainmenu_option next_comment
252 comment 'Kernel hacking'
253 diff -urPX nopatch linux-2.4.22/arch/cris/defconfig linux-2.4.22-ow1/arch/cris/defconfig
254 --- linux-2.4.22/arch/cris/defconfig Mon Aug 25 15:44:39 2003
255 +++ linux-2.4.22-ow1/arch/cris/defconfig Thu Aug 28 06:20:31 2003
257 # CONFIG_BSD_PROCESS_ACCT is not set
258 # CONFIG_SYSCTL is not set
260 +# CONFIG_BINFMT_ELF_AOUT is not set
261 # CONFIG_ETRAX_KGDB is not set
262 # CONFIG_ETRAX_WATCHDOG is not set
267 # CONFIG_USB is not set
272 +CONFIG_HARDEN_LINK=y
273 +CONFIG_HARDEN_FIFO=y
274 +# CONFIG_HARDEN_PROC is not set
275 +CONFIG_HARDEN_RLIMIT_NPROC=y
276 +# CONFIG_HARDEN_SHM is not set
280 diff -urPX nopatch linux-2.4.22/arch/i386/config.in linux-2.4.22-ow1/arch/i386/config.in
281 --- linux-2.4.22/arch/i386/config.in Mon Aug 25 15:44:39 2003
282 +++ linux-2.4.22-ow1/arch/i386/config.in Thu Aug 28 06:20:31 2003
285 tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT
286 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
287 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
288 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
290 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
292 bool 'Power Management support' CONFIG_PM
294 source drivers/usb/Config.in
296 source net/bluetooth/Config.in
298 +mainmenu_option next_comment
299 +comment 'Security options'
301 +bool 'Non-executable user stack area' CONFIG_HARDEN_STACK
302 +if [ "$CONFIG_HARDEN_STACK" = "y" ]; then
303 + bool ' Autodetect and emulate GCC trampolines' CONFIG_HARDEN_STACK_SMART
306 +source security/Common.in
310 mainmenu_option next_comment
311 comment 'Kernel hacking'
312 diff -urPX nopatch linux-2.4.22/arch/i386/defconfig linux-2.4.22-ow1/arch/i386/defconfig
313 --- linux-2.4.22/arch/i386/defconfig Fri Nov 29 02:53:09 2002
314 +++ linux-2.4.22-ow1/arch/i386/defconfig Thu Aug 28 06:20:31 2003
318 # CONFIG_KCORE_AOUT is not set
319 -CONFIG_BINFMT_AOUT=y
320 +# CONFIG_BINFMT_AOUT is not set
322 -CONFIG_BINFMT_MISC=y
323 +# CONFIG_BINFMT_ELF_AOUT is not set
324 +# CONFIG_BINFMT_MISC is not set
326 # CONFIG_APM is not set
331 # CONFIG_BLUEZ is not set
336 +CONFIG_HARDEN_STACK=y
337 +CONFIG_HARDEN_STACK_SMART=y
338 +CONFIG_HARDEN_LINK=y
339 +CONFIG_HARDEN_FIFO=y
340 +# CONFIG_HARDEN_PROC is not set
341 +CONFIG_HARDEN_RLIMIT_NPROC=y
342 +# CONFIG_HARDEN_SHM is not set
346 diff -urPX nopatch linux-2.4.22/arch/i386/kernel/head.S linux-2.4.22-ow1/arch/i386/kernel/head.S
347 --- linux-2.4.22/arch/i386/kernel/head.S Fri Jun 13 18:51:29 2003
348 +++ linux-2.4.22-ow1/arch/i386/kernel/head.S Thu Aug 28 06:20:31 2003
350 .quad 0x0000000000000000 /* not used */
351 .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
352 .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
353 +#ifdef CONFIG_HARDEN_STACK
354 + .quad 0x00cbfa000000f7ff /* 0x23 user 3GB-8MB code at 0 */
356 .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */
358 .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */
359 .quad 0x0000000000000000 /* not used */
360 .quad 0x0000000000000000 /* not used */
361 diff -urPX nopatch linux-2.4.22/arch/i386/kernel/signal.c linux-2.4.22-ow1/arch/i386/kernel/signal.c
362 --- linux-2.4.22/arch/i386/kernel/signal.c Sat Aug 3 04:39:42 2002
363 +++ linux-2.4.22-ow1/arch/i386/kernel/signal.c Thu Aug 28 06:20:31 2003
364 @@ -421,11 +421,15 @@
365 if (ka->sa.sa_flags & SA_RESTORER) {
366 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);
368 +#ifdef CONFIG_HARDEN_STACK
369 + err |= __put_user(MAGIC_SIGRETURN, &frame->pretcode);
371 err |= __put_user(frame->retcode, &frame->pretcode);
372 /* This is popl %eax ; movl $,%eax ; int $0x80 */
373 err |= __put_user(0xb858, (short *)(frame->retcode+0));
374 err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2));
375 err |= __put_user(0x80cd, (short *)(frame->retcode+6));
380 @@ -496,11 +500,15 @@
381 if (ka->sa.sa_flags & SA_RESTORER) {
382 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);
384 +#ifdef CONFIG_HARDEN_STACK
385 + err |= __put_user(MAGIC_RT_SIGRETURN, &frame->pretcode);
387 err |= __put_user(frame->retcode, &frame->pretcode);
388 /* This is movl $,%eax ; int $0x80 */
389 err |= __put_user(0xb8, (char *)(frame->retcode+0));
390 err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1));
391 err |= __put_user(0x80cd, (short *)(frame->retcode+5));
396 diff -urPX nopatch linux-2.4.22/arch/i386/kernel/traps.c linux-2.4.22-ow1/arch/i386/kernel/traps.c
397 --- linux-2.4.22/arch/i386/kernel/traps.c Fri Nov 29 02:53:09 2002
398 +++ linux-2.4.22-ow1/arch/i386/kernel/traps.c Thu Aug 28 06:20:31 2003
399 @@ -397,13 +397,202 @@
400 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
401 DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, get_cr2())
403 +#if defined(CONFIG_HARDEN_STACK) && defined(CONFIG_HARDEN_STACK_SMART)
405 + * These two functions aren't performance critical (trampolines are
406 + * extremely rare and slow even without emulation).
408 +static unsigned long *get_reg(struct pt_regs *regs, unsigned char regnum)
411 + case 0: return ®s->eax;
412 + case 1: return ®s->ecx;
413 + case 2: return ®s->edx;
414 + case 3: return ®s->ebx;
415 + case 4: return ®s->esp;
416 + case 5: return ®s->ebp;
417 + case 6: return ®s->esi;
418 + case 7: return ®s->edi;
424 +static unsigned long get_modrm(struct pt_regs *regs, int *err)
426 + unsigned char modrm, sib;
428 + unsigned long rel32;
429 + int size, regnum, scale;
430 + unsigned long index, base, addr, value;
432 + *err |= __get_user(modrm, (unsigned char *)(regs->eip + 1));
434 + regnum = modrm & 7;
435 + addr = *get_reg(regs, regnum);
436 + if (regnum == 4 && (modrm & 0xC0) != 0xC0) {
437 + *err |= __get_user(sib, (unsigned char *)(regs->eip + 2));
440 + index = *get_reg(regs, (sib >> 3) & 7);
441 + base = *get_reg(regs, sib & 7);
442 + addr = base + (index << scale);
445 + switch (modrm & 0xC0) {
448 + *err |= __get_user(addr,
449 + (unsigned long *)(regs->eip + 2));
452 + *err |= get_user(value, (unsigned long *)addr);
456 + *err |= __get_user(rel8, (signed char *)(regs->eip + size));
459 + *err |= get_user(value, (unsigned long *)addr);
463 + *err |= __get_user(rel32, (unsigned long *)(regs->eip + size));
466 + *err |= get_user(value, (unsigned long *)addr);
474 + if (*err) return 0;
480 asmlinkage void do_general_protection(struct pt_regs * regs, long error_code)
482 +#ifdef CONFIG_HARDEN_STACK
483 + unsigned long addr;
484 + unsigned char insn;
485 +#ifdef CONFIG_HARDEN_STACK_SMART
490 if (regs->eflags & VM_MASK)
493 if (!(regs->xcs & 3))
496 +#ifdef CONFIG_HARDEN_STACK
497 + if ((regs->xcs & 0xFFFF) != __USER_CS ||
498 + __get_user(insn, (unsigned char *)regs->eip))
501 +/* Check if it was a return instruction */
502 + if (insn == 0xC3) {
503 + if (get_user(addr, (unsigned long *)regs->esp))
506 +/* Check if it was return from a signal handler */
507 + if ((addr & 0xFFFFFFFE) == MAGIC_SIGRETURN) {
508 +/* Call sys_sigreturn() or sys_rt_sigreturn() to restore the context */
510 + __asm__("movl %3,%%esi\n\t"
511 + "subl %1,%%esp\n\t"
512 + "movl %2,%%ecx\n\t"
513 + "movl %%esp,%%edi\n\t"
517 + "call sys_sigreturn\n\t"
518 + "leal %3,%%edi\n\t"
521 + "call sys_rt_sigreturn\n\t"
522 + "leal %3,%%edi\n\t"
524 + "addl %1,%%edi\n\t"
525 + "movl %%esp,%%esi\n\t"
526 + "movl %2,%%ecx\n\t"
527 + "movl (%%edi),%%edi\n\t"
531 +/* %eax is returned separately */
534 + "i" (sizeof(*regs)),
535 + "i" (sizeof(*regs) >> 2),
539 + "cx", "dx", "si", "di", "cc", "memory");
544 + * Check if we're returning to the stack area, which is only likely to happen
545 + * when attempting to exploit a buffer overflow.
547 + if (addr >= PAGE_OFFSET - _STK_LIM && addr < PAGE_OFFSET)
548 + security_alert("return onto stack running as "
549 + "UID %d, EUID %d, process %s:%d",
550 + "returns onto stack",
551 + current->uid, current->euid,
552 + current->comm, current->pid);
555 +#ifdef CONFIG_HARDEN_STACK_SMART
556 +/* Check if it could have been a trampoline call */
558 + if (insn == 0xFF &&
559 + !__get_user(insn, (unsigned char *)(regs->eip + 1)) &&
560 + (insn & 0x38) == 0x10 && insn != 0xD4) { /* call mod r/m */
561 +/* First, emulate the call */
563 + addr = get_modrm(regs, &err);
566 + err = put_user(regs->eip, (unsigned long *)regs->esp);
569 +/* Then, start emulating the trampoline itself */
571 + while (!err && !__get_user(insn, (unsigned char *)regs->eip++))
572 + if ((insn & 0xF8) == 0xB8) { /* movl imm32,%reg */
573 +/* We only have 8 GP registers, no reason to initialize one twice */
574 + if (count++ >= 8) break;
575 + err |= __get_user(addr, (unsigned long *)regs->eip);
577 + *get_reg(regs, insn & 7) = addr;
579 + if (insn == 0xFF) {
580 + err |= __get_user(insn, (unsigned char *)regs->eip);
581 + if ((insn & 0xF8) == 0xE0) { /* jmp *%reg */
582 + regs->eip = *get_reg(regs, insn & 7);
583 + if (err) break; else return;
587 + if (insn == 0xE9) { /* jmp rel32 */
588 + err |= __get_user(addr, (unsigned long *)regs->eip);
590 + regs->eip += 4 + addr;
600 current->thread.error_code = error_code;
601 current->thread.trap_no = 13;
602 diff -urPX nopatch linux-2.4.22/arch/ia64/config.in linux-2.4.22-ow1/arch/ia64/config.in
603 --- linux-2.4.22/arch/ia64/config.in Mon Aug 25 15:44:39 2003
604 +++ linux-2.4.22-ow1/arch/ia64/config.in Thu Aug 28 06:20:31 2003
606 bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
607 bool 'Sysctl support' CONFIG_SYSCTL
608 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
609 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
610 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
612 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
614 if [ "$CONFIG_IA64_HP_SIM" = "n" ]; then
619 +source security/Config.in
621 mainmenu_option next_comment
622 comment 'Kernel hacking'
623 diff -urPX nopatch linux-2.4.22/arch/ia64/defconfig linux-2.4.22-ow1/arch/ia64/defconfig
624 --- linux-2.4.22/arch/ia64/defconfig Mon Aug 25 15:44:39 2003
625 +++ linux-2.4.22-ow1/arch/ia64/defconfig Thu Aug 28 06:20:31 2003
627 # CONFIG_BSD_PROCESS_ACCT is not set
630 +# CONFIG_BINFMT_ELF_AOUT is not set
631 # CONFIG_BINFMT_MISC is not set
635 # CONFIG_HP_SIMETH is not set
636 # CONFIG_HP_SIMSERIAL is not set
637 # CONFIG_HP_SIMSCSI is not set
642 +CONFIG_HARDEN_LINK=y
643 +CONFIG_HARDEN_FIFO=y
644 +# CONFIG_HARDEN_PROC is not set
645 +CONFIG_HARDEN_RLIMIT_NPROC=y
646 +# CONFIG_HARDEN_SHM is not set
650 diff -urPX nopatch linux-2.4.22/arch/ia64/ia32/sys_ia32.c linux-2.4.22-ow1/arch/ia64/ia32/sys_ia32.c
651 --- linux-2.4.22/arch/ia64/ia32/sys_ia32.c Mon Aug 25 15:44:39 2003
652 +++ linux-2.4.22-ow1/arch/ia64/ia32/sys_ia32.c Thu Aug 28 06:20:31 2003
654 *ap++ = (char *) A(addr);
655 arg += sizeof(unsigned int);
657 + if (n >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *))
662 diff -urPX nopatch linux-2.4.22/arch/m68k/config.in linux-2.4.22-ow1/arch/m68k/config.in
663 --- linux-2.4.22/arch/m68k/config.in Mon Aug 25 15:44:39 2003
664 +++ linux-2.4.22-ow1/arch/m68k/config.in Thu Aug 28 06:20:31 2003
667 tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT
668 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
669 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
670 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
672 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
674 if [ "$CONFIG_AMIGA" = "y" ]; then
676 source drivers/video/Config.in
680 +source security/Config.in
682 mainmenu_option next_comment
683 comment 'Kernel hacking'
684 diff -urPX nopatch linux-2.4.22/arch/m68k/defconfig linux-2.4.22-ow1/arch/m68k/defconfig
685 --- linux-2.4.22/arch/m68k/defconfig Mon Jun 19 23:56:08 2000
686 +++ linux-2.4.22-ow1/arch/m68k/defconfig Thu Aug 28 06:20:31 2003
690 # CONFIG_KCORE_AOUT is not set
691 -CONFIG_BINFMT_AOUT=y
692 +# CONFIG_BINFMT_AOUT is not set
694 +# CONFIG_BINFMT_ELF_AOUT is not set
695 # CONFIG_BINFMT_MISC is not set
697 # CONFIG_AMIGA_PCMCIA is not set
701 CONFIG_FONT_PEARL_8x8=y
706 +CONFIG_HARDEN_LINK=y
707 +CONFIG_HARDEN_FIFO=y
708 +# CONFIG_HARDEN_PROC is not set
709 +CONFIG_HARDEN_RLIMIT_NPROC=y
710 +# CONFIG_HARDEN_SHM is not set
714 diff -urPX nopatch linux-2.4.22/arch/mips/config-shared.in linux-2.4.22-ow1/arch/mips/config-shared.in
715 --- linux-2.4.22/arch/mips/config-shared.in Mon Aug 25 15:44:39 2003
716 +++ linux-2.4.22-ow1/arch/mips/config-shared.in Thu Aug 28 06:20:31 2003
718 define_bool CONFIG_KCORE_AOUT n
719 define_bool CONFIG_BINFMT_AOUT n
720 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
721 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
722 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
724 dep_bool 'Kernel support for Linux/MIPS 32-bit binary compatibility' CONFIG_MIPS32_COMPAT $CONFIG_MIPS64
725 dep_bool 'Kernel support for o32 binaries' CONFIG_MIPS32_O32 $CONFIG_MIPS32_COMPAT
726 dep_bool 'Kernel support for n32 binaries' CONFIG_MIPS32_N32 $CONFIG_MIPS32_COMPAT
727 @@ -1025,6 +1028,8 @@
728 source drivers/usb/Config.in
730 source net/bluetooth/Config.in
732 +source security/Config.in
734 mainmenu_option next_comment
735 comment 'Kernel hacking'
736 diff -urPX nopatch linux-2.4.22/arch/mips/defconfig linux-2.4.22-ow1/arch/mips/defconfig
737 --- linux-2.4.22/arch/mips/defconfig Mon Aug 25 15:44:39 2003
738 +++ linux-2.4.22-ow1/arch/mips/defconfig Thu Aug 28 06:20:31 2003
740 # CONFIG_KCORE_AOUT is not set
741 # CONFIG_BINFMT_AOUT is not set
743 +# CONFIG_BINFMT_ELF_AOUT is not set
744 # CONFIG_MIPS32_COMPAT is not set
745 # CONFIG_MIPS32_O32 is not set
746 # CONFIG_MIPS32_N32 is not set
750 # CONFIG_BLUEZ is not set
755 +CONFIG_HARDEN_LINK=y
756 +CONFIG_HARDEN_FIFO=y
757 +# CONFIG_HARDEN_PROC is not set
758 +CONFIG_HARDEN_RLIMIT_NPROC=y
759 +# CONFIG_HARDEN_SHM is not set
763 diff -urPX nopatch linux-2.4.22/arch/mips/kernel/irixelf.c linux-2.4.22-ow1/arch/mips/kernel/irixelf.c
764 --- linux-2.4.22/arch/mips/kernel/irixelf.c Mon Aug 25 15:44:40 2003
765 +++ linux-2.4.22-ow1/arch/mips/kernel/irixelf.c Thu Aug 28 06:20:31 2003
767 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
770 +#include <linux/config.h>
771 #include <linux/module.h>
773 #include <linux/fs.h>
775 extern int dump_fpu (elf_fpregset_t *);
777 static struct linux_binfmt irix_format = {
778 - NULL, THIS_MODULE, load_irix_binary, load_irix_library,
779 + NULL, THIS_MODULE, load_irix_binary,
780 +#ifdef CONFIG_BINFMT_ELF_AOUT
785 irix_core_dump, PAGE_SIZE
792 +#ifdef CONFIG_BINFMT_ELF_AOUT
793 /* This is really simpleminded and specialized - we are loading an
794 * a.out library that is given an ELF header.
802 /* Called through irix_syssgi() to map an elf image given an FD,
803 * a phdr ptr USER_PHDRP in userspace, and a count CNT telling how many
804 diff -urPX nopatch linux-2.4.22/arch/mips64/defconfig linux-2.4.22-ow1/arch/mips64/defconfig
805 --- linux-2.4.22/arch/mips64/defconfig Mon Aug 25 15:44:40 2003
806 +++ linux-2.4.22-ow1/arch/mips64/defconfig Thu Aug 28 06:20:31 2003
808 # CONFIG_KCORE_AOUT is not set
809 # CONFIG_BINFMT_AOUT is not set
811 +# CONFIG_BINFMT_ELF_AOUT is not set
812 CONFIG_MIPS32_COMPAT=y
814 # CONFIG_MIPS32_N32 is not set
818 # CONFIG_BLUEZ is not set
823 +CONFIG_HARDEN_LINK=y
824 +CONFIG_HARDEN_FIFO=y
825 +# CONFIG_HARDEN_PROC is not set
826 +CONFIG_HARDEN_RLIMIT_NPROC=y
827 +# CONFIG_HARDEN_SHM is not set
831 diff -urPX nopatch linux-2.4.22/arch/mips64/kernel/linux32.c linux-2.4.22-ow1/arch/mips64/kernel/linux32.c
832 --- linux-2.4.22/arch/mips64/kernel/linux32.c Mon Aug 25 15:44:40 2003
833 +++ linux-2.4.22-ow1/arch/mips64/kernel/linux32.c Thu Aug 28 06:32:24 2003
838 +#ifdef CONFIG_HARDEN_RLIMIT_NPROC
840 + * This check is similar to that done in kernel/fork.c, except that we
841 + * are not going to allocate a new task slot here.
843 + * Note that we can only exceed the limit if our UID has changed.
846 + if (atomic_read(¤t->user->processes) >
847 + current->rlim[RLIMIT_NPROC].rlim_cur &&
848 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
854 bprm.dentry = dentry;
855 bprm.filename = filename;
858 *ap++ = (char *) A(addr);
859 arg += sizeof(unsigned int);
861 + if (n >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *))
866 diff -urPX nopatch linux-2.4.22/arch/parisc/config.in linux-2.4.22-ow1/arch/parisc/config.in
867 --- linux-2.4.22/arch/parisc/config.in Mon Aug 25 15:44:40 2003
868 +++ linux-2.4.22-ow1/arch/parisc/config.in Thu Aug 28 06:20:31 2003
870 bool 'Sysctl support' CONFIG_SYSCTL
871 define_bool CONFIG_KCORE_ELF y
872 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
873 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
874 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
876 tristate 'Kernel support for SOM binaries' CONFIG_BINFMT_SOM
877 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
880 if [ "$CONFIG_SUPERIO" = "y" ]; then
881 source drivers/usb/Config.in
884 +source security/Config.in
886 mainmenu_option next_comment
887 comment 'Kernel hacking'
888 diff -urPX nopatch linux-2.4.22/arch/parisc/defconfig linux-2.4.22-ow1/arch/parisc/defconfig
889 --- linux-2.4.22/arch/parisc/defconfig Fri Jun 13 18:51:31 2003
890 +++ linux-2.4.22-ow1/arch/parisc/defconfig Thu Aug 28 06:20:31 2003
895 +# CONFIG_BINFMT_ELF_AOUT is not set
897 # CONFIG_BINFMT_MISC is not set
898 # CONFIG_PM is not set
902 # CONFIG_USB is not set
907 +CONFIG_HARDEN_LINK=y
908 +CONFIG_HARDEN_FIFO=y
909 +# CONFIG_HARDEN_PROC is not set
910 +CONFIG_HARDEN_RLIMIT_NPROC=y
911 +# CONFIG_HARDEN_SHM is not set
915 diff -urPX nopatch linux-2.4.22/arch/parisc/kernel/sys_parisc32.c linux-2.4.22-ow1/arch/parisc/kernel/sys_parisc32.c
916 --- linux-2.4.22/arch/parisc/kernel/sys_parisc32.c Fri Jun 13 18:51:31 2003
917 +++ linux-2.4.22-ow1/arch/parisc/kernel/sys_parisc32.c Thu Aug 28 06:20:31 2003
920 DBG(("do_execve32(%s, %p, %p, %p)\n", filename, argv, envp, regs));
922 +#ifdef CONFIG_HARDEN_RLIMIT_NPROC
924 + * This check is similar to that done in kernel/fork.c, except that we
925 + * are not going to allocate a new task slot here.
927 + * Note that we can only exceed the limit if our UID has changed.
930 + if (atomic_read(¤t->user->processes) >
931 + current->rlim[RLIMIT_NPROC].rlim_cur &&
932 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
933 + allow_write_access(file);
940 bprm.filename = filename;
942 diff -urPX nopatch linux-2.4.22/arch/ppc/config.in linux-2.4.22-ow1/arch/ppc/config.in
943 --- linux-2.4.22/arch/ppc/config.in Mon Aug 25 15:44:40 2003
944 +++ linux-2.4.22-ow1/arch/ppc/config.in Thu Aug 28 06:20:31 2003
947 define_bool CONFIG_BINFMT_ELF y
948 define_bool CONFIG_KERNEL_ELF y
949 +bool 'ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
950 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
952 source drivers/pci/Config.in
955 source crypto/Config.in
958 +source security/Config.in
960 mainmenu_option next_comment
961 comment 'Kernel hacking'
962 diff -urPX nopatch linux-2.4.22/arch/ppc/defconfig linux-2.4.22-ow1/arch/ppc/defconfig
963 --- linux-2.4.22/arch/ppc/defconfig Fri Jun 13 18:51:31 2003
964 +++ linux-2.4.22-ow1/arch/ppc/defconfig Thu Aug 28 06:20:31 2003
966 # CONFIG_BSD_PROCESS_ACCT is not set
969 +# CONFIG_BINFMT_ELF_AOUT is not set
971 -CONFIG_BINFMT_MISC=m
972 +# CONFIG_BINFMT_MISC is not set
976 @@ -1051,6 +1052,15 @@
978 CONFIG_ZLIB_INFLATE=y
979 CONFIG_ZLIB_DEFLATE=y
984 +CONFIG_HARDEN_LINK=y
985 +CONFIG_HARDEN_FIFO=y
986 +# CONFIG_HARDEN_PROC is not set
987 +CONFIG_HARDEN_RLIMIT_NPROC=y
988 +# CONFIG_HARDEN_SHM is not set
992 diff -urPX nopatch linux-2.4.22/arch/ppc64/config.in linux-2.4.22-ow1/arch/ppc64/config.in
993 --- linux-2.4.22/arch/ppc64/config.in Mon Aug 25 15:44:40 2003
994 +++ linux-2.4.22-ow1/arch/ppc64/config.in Thu Aug 28 06:34:13 2003
998 bool 'Kernel support for 64 bit ELF binaries' CONFIG_BINFMT_ELF
999 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1000 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1003 tristate 'Kernel support for 32 bit ELF binaries' CONFIG_BINFMT_ELF32
1006 source lib/Config.in
1008 source crypto/Config.in
1010 +source security/Config.in
1012 mainmenu_option next_comment
1013 comment 'Kernel hacking'
1014 diff -urPX nopatch linux-2.4.22/arch/ppc64/defconfig linux-2.4.22-ow1/arch/ppc64/defconfig
1015 --- linux-2.4.22/arch/ppc64/defconfig Mon Aug 25 15:44:40 2003
1016 +++ linux-2.4.22-ow1/arch/ppc64/defconfig Thu Aug 28 06:20:31 2003
1018 # CONFIG_BSD_PROCESS_ACCT is not set
1021 +# CONFIG_BINFMT_ELF_AOUT is not set
1022 CONFIG_BINFMT_ELF32=y
1023 # CONFIG_BINFMT_MISC is not set
1025 @@ -725,6 +726,15 @@
1027 # CONFIG_ZLIB_INFLATE is not set
1028 # CONFIG_ZLIB_DEFLATE is not set
1033 +CONFIG_HARDEN_LINK=y
1034 +CONFIG_HARDEN_FIFO=y
1035 +# CONFIG_HARDEN_PROC is not set
1036 +CONFIG_HARDEN_RLIMIT_NPROC=y
1037 +# CONFIG_HARDEN_SHM is not set
1041 diff -urPX nopatch linux-2.4.22/arch/ppc64/kernel/sys_ppc32.c linux-2.4.22-ow1/arch/ppc64/kernel/sys_ppc32.c
1042 --- linux-2.4.22/arch/ppc64/kernel/sys_ppc32.c Mon Aug 25 15:44:40 2003
1043 +++ linux-2.4.22-ow1/arch/ppc64/kernel/sys_ppc32.c Thu Aug 28 06:20:31 2003
1044 @@ -3902,6 +3902,23 @@
1048 +#ifdef CONFIG_HARDEN_RLIMIT_NPROC
1050 + * This check is similar to that done in kernel/fork.c, except that we
1051 + * are not going to allocate a new task slot here.
1053 + * Note that we can only exceed the limit if our UID has changed.
1055 + if (current->user)
1056 + if (atomic_read(¤t->user->processes) >
1057 + current->rlim[RLIMIT_NPROC].rlim_cur &&
1058 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
1059 + allow_write_access(file);
1066 bprm.filename = filename;
1068 diff -urPX nopatch linux-2.4.22/arch/s390/config.in linux-2.4.22-ow1/arch/s390/config.in
1069 --- linux-2.4.22/arch/s390/config.in Mon Aug 25 15:44:40 2003
1070 +++ linux-2.4.22-ow1/arch/s390/config.in Thu Aug 28 06:20:31 2003
1072 bool 'Sysctl support' CONFIG_SYSCTL
1073 define_bool CONFIG_KCORE_ELF y
1074 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
1075 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1076 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1078 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
1079 bool 'Show crashed user process info' CONFIG_PROCESS_DEBUG
1080 bool 'Pseudo page fault support' CONFIG_PFAULT
1086 +source security/Config.in
1088 mainmenu_option next_comment
1089 comment 'Kernel hacking'
1090 diff -urPX nopatch linux-2.4.22/arch/s390/defconfig linux-2.4.22-ow1/arch/s390/defconfig
1091 --- linux-2.4.22/arch/s390/defconfig Mon Aug 25 15:44:40 2003
1092 +++ linux-2.4.22-ow1/arch/s390/defconfig Thu Aug 28 06:38:24 2003
1097 +# CONFIG_BINFMT_ELF_AOUT is not set
1098 # CONFIG_BINFMT_MISC is not set
1099 # CONFIG_PROCESS_DEBUG is not set
1101 @@ -408,6 +409,15 @@
1102 # CONFIG_NLS_KOI8_R is not set
1103 # CONFIG_NLS_KOI8_U is not set
1104 # CONFIG_NLS_UTF8 is not set
1109 +CONFIG_HARDEN_LINK=y
1110 +CONFIG_HARDEN_FIFO=y
1111 +# CONFIG_HARDEN_PROC is not set
1112 +CONFIG_HARDEN_RLIMIT_NPROC=y
1113 +# CONFIG_HARDEN_SHM is not set
1117 diff -urPX nopatch linux-2.4.22/arch/s390x/config.in linux-2.4.22-ow1/arch/s390x/config.in
1118 --- linux-2.4.22/arch/s390x/config.in Mon Aug 25 15:44:40 2003
1119 +++ linux-2.4.22-ow1/arch/s390x/config.in Thu Aug 28 06:20:31 2003
1121 bool 'Sysctl support' CONFIG_SYSCTL
1122 define_bool CONFIG_KCORE_ELF y
1123 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
1124 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1125 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1127 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
1128 bool 'Show crashed user process info' CONFIG_PROCESS_DEBUG
1129 bool 'Pseudo page fault support' CONFIG_PFAULT
1135 +source security/Config.in
1137 mainmenu_option next_comment
1138 comment 'Kernel hacking'
1139 diff -urPX nopatch linux-2.4.22/arch/s390x/defconfig linux-2.4.22-ow1/arch/s390x/defconfig
1140 --- linux-2.4.22/arch/s390x/defconfig Mon Aug 25 15:44:40 2003
1141 +++ linux-2.4.22-ow1/arch/s390x/defconfig Thu Aug 28 06:39:39 2003
1146 +# CONFIG_BINFMT_ELF_AOUT is not set
1147 # CONFIG_BINFMT_MISC is not set
1148 # CONFIG_PROCESS_DEBUG is not set
1150 @@ -352,6 +353,15 @@
1151 # CONFIG_NLS_KOI8_R is not set
1152 # CONFIG_NLS_KOI8_U is not set
1153 # CONFIG_NLS_UTF8 is not set
1158 +CONFIG_HARDEN_LINK=y
1159 +CONFIG_HARDEN_FIFO=y
1160 +# CONFIG_HARDEN_PROC is not set
1161 +CONFIG_HARDEN_RLIMIT_NPROC=y
1162 +# CONFIG_HARDEN_SHM is not set
1166 diff -urPX nopatch linux-2.4.22/arch/s390x/kernel/linux32.c linux-2.4.22-ow1/arch/s390x/kernel/linux32.c
1167 --- linux-2.4.22/arch/s390x/kernel/linux32.c Mon Aug 25 15:44:40 2003
1168 +++ linux-2.4.22-ow1/arch/s390x/kernel/linux32.c Thu Aug 28 06:20:31 2003
1169 @@ -3218,6 +3218,23 @@
1173 +#ifdef CONFIG_HARDEN_RLIMIT_NPROC
1175 + * This check is similar to that done in kernel/fork.c, except that we
1176 + * are not going to allocate a new task slot here.
1178 + * Note that we can only exceed the limit if our UID has changed.
1180 + if (current->user)
1181 + if (atomic_read(¤t->user->processes) >
1182 + current->rlim[RLIMIT_NPROC].rlim_cur &&
1183 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
1184 + allow_write_access(file);
1191 bprm.filename = filename;
1193 diff -urPX nopatch linux-2.4.22/arch/sh/config.in linux-2.4.22-ow1/arch/sh/config.in
1194 --- linux-2.4.22/arch/sh/config.in Mon Aug 25 15:44:40 2003
1195 +++ linux-2.4.22-ow1/arch/sh/config.in Thu Aug 28 06:20:31 2003
1197 A.OUT CONFIG_KCORE_AOUT" ELF
1199 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
1200 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1201 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1203 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
1205 source drivers/parport/Config.in
1207 source drivers/sound/Config.in
1211 +source security/Config.in
1213 mainmenu_option next_comment
1214 comment 'Kernel hacking'
1215 diff -urPX nopatch linux-2.4.22/arch/sh/defconfig linux-2.4.22-ow1/arch/sh/defconfig
1216 --- linux-2.4.22/arch/sh/defconfig Tue Oct 16 00:36:48 2001
1217 +++ linux-2.4.22-ow1/arch/sh/defconfig Thu Aug 28 06:20:31 2003
1220 # CONFIG_KCORE_AOUT is not set
1222 +# CONFIG_BINFMT_ELF_AOUT is not set
1223 # CONFIG_BINFMT_MISC is not set
1226 @@ -195,6 +196,15 @@
1229 # CONFIG_SOUND is not set
1234 +CONFIG_HARDEN_LINK=y
1235 +CONFIG_HARDEN_FIFO=y
1236 +# CONFIG_HARDEN_PROC is not set
1237 +CONFIG_HARDEN_RLIMIT_NPROC=y
1238 +# CONFIG_HARDEN_SHM is not set
1242 diff -urPX nopatch linux-2.4.22/arch/sparc/config.in linux-2.4.22-ow1/arch/sparc/config.in
1243 --- linux-2.4.22/arch/sparc/config.in Mon Aug 25 15:44:40 2003
1244 +++ linux-2.4.22-ow1/arch/sparc/config.in Thu Aug 28 06:20:31 2003
1247 tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT
1248 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
1249 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1250 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1252 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
1253 bool 'SunOS binary emulation' CONFIG_SUNOS_EMUL
1254 source drivers/parport/Config.in
1257 tristate 'Software watchdog' CONFIG_SOFT_WATCHDOG
1260 +source security/Config.in
1262 mainmenu_option next_comment
1263 comment 'Kernel hacking'
1264 diff -urPX nopatch linux-2.4.22/arch/sparc/defconfig linux-2.4.22-ow1/arch/sparc/defconfig
1265 --- linux-2.4.22/arch/sparc/defconfig Sat Aug 3 04:39:43 2002
1266 +++ linux-2.4.22-ow1/arch/sparc/defconfig Thu Aug 28 06:20:31 2003
1268 # CONFIG_BSD_PROCESS_ACCT is not set
1271 -CONFIG_BINFMT_AOUT=y
1272 +# CONFIG_BINFMT_AOUT is not set
1274 -CONFIG_BINFMT_MISC=m
1275 +# CONFIG_BINFMT_ELF_AOUT is not set
1276 +# CONFIG_BINFMT_MISC is not set
1280 @@ -411,6 +412,15 @@
1283 # CONFIG_SOFT_WATCHDOG is not set
1288 +CONFIG_HARDEN_LINK=y
1289 +CONFIG_HARDEN_FIFO=y
1290 +# CONFIG_HARDEN_PROC is not set
1291 +CONFIG_HARDEN_RLIMIT_NPROC=y
1292 +# CONFIG_HARDEN_SHM is not set
1296 diff -urPX nopatch linux-2.4.22/arch/sparc64/config.in linux-2.4.22-ow1/arch/sparc64/config.in
1297 --- linux-2.4.22/arch/sparc64/config.in Mon Aug 25 15:44:40 2003
1298 +++ linux-2.4.22-ow1/arch/sparc64/config.in Thu Aug 28 06:20:31 2003
1300 bool ' Kernel support for 32-bit (ie. SunOS) a.out binaries' CONFIG_BINFMT_AOUT32
1302 tristate 'Kernel support for 64-bit ELF binaries' CONFIG_BINFMT_ELF
1303 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1304 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1306 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
1307 bool 'SunOS binary emulation' CONFIG_SUNOS_EMUL
1308 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
1311 tristate 'Software watchdog' CONFIG_SOFT_WATCHDOG
1314 +source security/Config.in
1316 mainmenu_option next_comment
1317 comment 'Kernel hacking'
1318 diff -urPX nopatch linux-2.4.22/arch/sparc64/defconfig linux-2.4.22-ow1/arch/sparc64/defconfig
1319 --- linux-2.4.22/arch/sparc64/defconfig Mon Aug 25 15:44:40 2003
1320 +++ linux-2.4.22-ow1/arch/sparc64/defconfig Thu Aug 28 06:20:31 2003
1322 CONFIG_BINFMT_ELF32=y
1323 # CONFIG_BINFMT_AOUT32 is not set
1325 -CONFIG_BINFMT_MISC=m
1326 +# CONFIG_BINFMT_ELF_AOUT is not set
1327 +# CONFIG_BINFMT_MISC is not set
1328 # CONFIG_SUNOS_EMUL is not set
1329 CONFIG_SOLARIS_EMUL=m
1331 @@ -1018,6 +1019,15 @@
1334 # CONFIG_SOFT_WATCHDOG is not set
1339 +CONFIG_HARDEN_LINK=y
1340 +CONFIG_HARDEN_FIFO=y
1341 +# CONFIG_HARDEN_PROC is not set
1342 +CONFIG_HARDEN_RLIMIT_NPROC=y
1343 +# CONFIG_HARDEN_SHM is not set
1347 diff -urPX nopatch linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c linux-2.4.22-ow1/arch/sparc64/kernel/sys_sparc32.c
1348 --- linux-2.4.22/arch/sparc64/kernel/sys_sparc32.c Mon Aug 25 15:44:40 2003
1349 +++ linux-2.4.22-ow1/arch/sparc64/kernel/sys_sparc32.c Thu Aug 28 06:20:31 2003
1350 @@ -3243,6 +3243,23 @@
1354 +#ifdef CONFIG_HARDEN_RLIMIT_NPROC
1356 + * This check is similar to that done in kernel/fork.c, except that we
1357 + * are not going to allocate a new task slot here.
1359 + * Note that we can only exceed the limit if our UID has changed.
1361 + if (current->user)
1362 + if (atomic_read(¤t->user->processes) >
1363 + current->rlim[RLIMIT_NPROC].rlim_cur &&
1364 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
1365 + allow_write_access(file);
1372 bprm.filename = filename;
1374 diff -urPX nopatch linux-2.4.22/arch/x86_64/config.in linux-2.4.22-ow1/arch/x86_64/config.in
1375 --- linux-2.4.22/arch/x86_64/config.in Mon Aug 25 15:44:40 2003
1376 +++ linux-2.4.22-ow1/arch/x86_64/config.in Thu Aug 28 06:41:49 2003
1379 #tristate 'Kernel support for a.out binaries' CONFIG_BINFMT_AOUT
1380 tristate 'Kernel support for ELF binaries' CONFIG_BINFMT_ELF
1381 +if [ "$CONFIG_BINFMT_ELF" != "n" ]; then
1382 + bool ' ELF binaries with a.out format interpreters or a.out libraries' CONFIG_BINFMT_ELF_AOUT
1384 tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
1386 bool 'Power Management support' CONFIG_PM
1388 source net/bluetooth/Config.in
1390 source crypto/Config.in
1392 +source security/Config.in
1394 mainmenu_option next_comment
1395 comment 'Kernel hacking'
1396 diff -urPX nopatch linux-2.4.22/arch/x86_64/defconfig linux-2.4.22-ow1/arch/x86_64/defconfig
1397 --- linux-2.4.22/arch/x86_64/defconfig Mon Aug 25 15:44:40 2003
1398 +++ linux-2.4.22-ow1/arch/x86_64/defconfig Thu Aug 28 06:20:31 2003
1403 +# CONFIG_BINFMT_ELF_AOUT is not set
1404 # CONFIG_BINFMT_MISC is not set
1406 CONFIG_IA32_EMULATION=y
1407 @@ -701,6 +702,15 @@
1410 # CONFIG_BLUEZ is not set
1415 +CONFIG_HARDEN_LINK=y
1416 +CONFIG_HARDEN_FIFO=y
1417 +# CONFIG_HARDEN_PROC is not set
1418 +CONFIG_HARDEN_RLIMIT_NPROC=y
1419 +# CONFIG_HARDEN_SHM is not set
1423 diff -urPX nopatch linux-2.4.22/arch/x86_64/ia32/sys_ia32.c linux-2.4.22-ow1/arch/x86_64/ia32/sys_ia32.c
1424 --- linux-2.4.22/arch/x86_64/ia32/sys_ia32.c Mon Aug 25 15:44:40 2003
1425 +++ linux-2.4.22-ow1/arch/x86_64/ia32/sys_ia32.c Thu Aug 28 06:20:31 2003
1426 @@ -2135,7 +2135,7 @@
1427 dst[cnt] = (char *)(u64)val;
1430 - if (cnt >= (MAX_ARG_PAGES*PAGE_SIZE)/sizeof(void*))
1431 + if (cnt >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *))
1435 diff -urPX nopatch linux-2.4.22/drivers/scsi/st.c linux-2.4.22-ow1/drivers/scsi/st.c
1436 --- linux-2.4.22/drivers/scsi/st.c Mon Aug 25 15:44:42 2003
1437 +++ linux-2.4.22-ow1/drivers/scsi/st.c Thu Aug 28 06:44:05 2003
1438 @@ -1639,7 +1639,7 @@
1439 if (STps->drv_block >= 0)
1440 STps->drv_block += 1;
1441 (STp->buffer)->buffer_bytes = 0;
1445 (STp->buffer)->buffer_bytes = bytes - transfer;
1447 diff -urPX nopatch linux-2.4.22/fs/binfmt_aout.c linux-2.4.22-ow1/fs/binfmt_aout.c
1448 --- linux-2.4.22/fs/binfmt_aout.c Sat Nov 3 04:39:20 2001
1449 +++ linux-2.4.22-ow1/fs/binfmt_aout.c Thu Aug 28 06:20:52 2003
1451 * Copyright (C) 1991, 1992, 1996 Linus Torvalds
1454 +#include <linux/config.h>
1455 #include <linux/module.h>
1457 #include <linux/sched.h>
1459 current->mm->mmap = NULL;
1460 compute_creds(bprm);
1461 current->flags &= ~PF_FORKNOEXEC;
1462 +#ifdef CONFIG_HARDEN_STACK
1463 + if (N_FLAGS(ex) & F_STACKEXEC) current->flags |= PF_STACKEXEC;
1466 if (N_MAGIC(ex) == NMAGIC) {
1467 loff_t pos = fd_offset;
1468 diff -urPX nopatch linux-2.4.22/fs/binfmt_elf.c linux-2.4.22-ow1/fs/binfmt_elf.c
1469 --- linux-2.4.22/fs/binfmt_elf.c Mon Aug 25 15:44:43 2003
1470 +++ linux-2.4.22-ow1/fs/binfmt_elf.c Thu Aug 28 06:46:34 2003
1472 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
1475 +#include <linux/config.h>
1476 #include <linux/module.h>
1478 #include <linux/fs.h>
1480 #include <linux/elf.h>
1482 static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs);
1483 +#ifdef CONFIG_BINFMT_ELF_AOUT
1484 static int load_elf_library(struct file*);
1486 static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int);
1487 extern int dump_fpu (struct pt_regs *, elf_fpregset_t *);
1488 extern void dump_thread(struct pt_regs *, struct user *);
1490 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
1491 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
1493 -static struct linux_binfmt elf_format = {
1494 - NULL, THIS_MODULE, load_elf_binary, load_elf_library, elf_core_dump, ELF_EXEC_PAGESIZE
1495 +#ifndef CONFIG_HARDEN_STACK
1498 +struct linux_binfmt elf_format = {
1499 + NULL, THIS_MODULE, load_elf_binary,
1500 +#ifdef CONFIG_BINFMT_ELF_AOUT
1505 + elf_core_dump, ELF_EXEC_PAGESIZE
1508 #define BAD_ADDR(x) ((unsigned long)(x) > TASK_SIZE)
1513 +#ifdef CONFIG_BINFMT_ELF_AOUT
1514 static unsigned long load_aout_interp(struct exec * interp_ex,
1515 struct file * interpreter)
1524 * These are the functions used to load ELF style executables and shared
1528 #define INTERPRETER_NONE 0
1529 +#ifdef CONFIG_BINFMT_ELF_AOUT
1530 #define INTERPRETER_AOUT 1
1532 #define INTERPRETER_ELF 2
1536 struct elfhdr elf_ex;
1537 struct elfhdr interp_elf_ex;
1538 struct exec interp_ex;
1539 +#ifdef CONFIG_BINFMT_ELF_AOUT
1540 char passed_fileno[6];
1542 struct files_struct *files;
1544 /* Get the exec-header */
1547 /* Some simple consistency checks for the interpreter */
1548 if (elf_interpreter) {
1549 +#ifdef CONFIG_BINFMT_ELF_AOUT
1550 interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT;
1552 /* Now figure out which format our binary is */
1554 (N_MAGIC(interp_ex) != ZMAGIC) &&
1555 (N_MAGIC(interp_ex) != QMAGIC))
1556 interpreter_type = INTERPRETER_ELF;
1558 + interpreter_type = INTERPRETER_ELF;
1561 if (memcmp(interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1562 interpreter_type &= ~INTERPRETER_ELF;
1564 if (!interpreter_type)
1565 goto out_free_dentry;
1567 +#ifdef CONFIG_BINFMT_ELF_AOUT
1568 /* Make sure only one type was selected */
1569 if ((interpreter_type & INTERPRETER_ELF) &&
1570 interpreter_type != INTERPRETER_ELF) {
1572 // printk(KERN_WARNING "ELF: Ambiguous type, using ELF\n");
1573 interpreter_type = INTERPRETER_ELF;
1577 /* Executables without an interpreter also need a personality */
1578 SET_PERSONALITY(elf_ex, ibcs2_interpreter);
1580 /* OK, we are done with that, now set up the arg stuff,
1581 and then start this sucker up */
1583 +#ifdef CONFIG_BINFMT_ELF_AOUT
1584 if (!bprm->sh_bang) {
1593 /* Flush all traces of the currently running executable */
1594 retval = flush_old_exec(bprm);
1596 current->mm->end_code = 0;
1597 current->mm->mmap = NULL;
1598 current->flags &= ~PF_FORKNOEXEC;
1599 +#ifdef CONFIG_HARDEN_STACK
1600 + if (elf_ex.e_flags & EF_STACKEXEC) current->flags |= PF_STACKEXEC;
1602 elf_entry = (unsigned long) elf_ex.e_entry;
1604 /* Do this so that we can load the interpreter, if need be. We will
1605 @@ -714,10 +743,12 @@
1606 end_data += load_bias;
1608 if (elf_interpreter) {
1609 +#ifdef CONFIG_BINFMT_ELF_AOUT
1610 if (interpreter_type == INTERPRETER_AOUT)
1611 elf_entry = load_aout_interp(&interp_ex,
1615 elf_entry = load_elf_interp(&interp_elf_ex,
1622 +#ifdef CONFIG_BINFMT_ELF_AOUT
1623 if (interpreter_type != INTERPRETER_AOUT)
1625 sys_close(elf_exec_fileno);
1627 set_binfmt(&elf_format);
1628 @@ -749,10 +782,14 @@
1630 load_addr, load_bias,
1632 +#ifdef CONFIG_BINFMT_ELF_AOUT
1633 (interpreter_type == INTERPRETER_AOUT ? 0 : 1));
1634 /* N.B. passed_fileno might not be initialized? */
1635 if (interpreter_type == INTERPRETER_AOUT)
1636 current->mm->arg_start += strlen(passed_fileno) + 1;
1640 current->mm->start_brk = current->mm->brk = elf_brk;
1641 current->mm->end_code = end_code;
1642 current->mm->start_code = start_code;
1647 +#ifdef CONFIG_BINFMT_ELF_AOUT
1648 /* This is really simpleminded and specialized - we are loading an
1649 a.out library that is given an ELF header. */
1651 static int load_elf_library(struct file *file)
1653 struct elf_phdr *elf_phdata;
1661 * Note that some platforms still use traditional core dumps and not
1662 diff -urPX nopatch linux-2.4.22/fs/exec.c linux-2.4.22-ow1/fs/exec.c
1663 --- linux-2.4.22/fs/exec.c Mon Aug 25 15:44:43 2003
1664 +++ linux-2.4.22-ow1/fs/exec.c Thu Aug 28 06:20:52 2003
1667 asmlinkage long sys_uselib(const char * library)
1669 +#if defined(CONFIG_BINFMT_AOUT) || defined(CONFIG_BINFMT_ELF_AOUT)
1671 struct nameidata nd;
1683 @@ -610,6 +614,10 @@
1685 current->comm[i] = '\0';
1687 +#ifdef CONFIG_HARDEN_STACK
1688 + current->flags &= ~PF_STACKEXEC;
1695 || atomic_read(¤t->fs->count) > 1
1696 || atomic_read(¤t->files->count) > 1
1697 || atomic_read(¤t->sig->count) > 1) {
1698 + /* XXX: should fail rather than execute with no raised
1699 + * effective privileges */
1700 if(!capable(CAP_SETUID)) {
1701 bprm->e_uid = current->uid;
1702 bprm->e_gid = current->gid;
1703 @@ -913,6 +923,23 @@
1704 retval = PTR_ERR(file);
1708 +#ifdef CONFIG_HARDEN_RLIMIT_NPROC
1710 + * This check is similar to that done in kernel/fork.c, except that we
1711 + * are not going to allocate a new task slot here.
1713 + * Note that we can only exceed the limit if our UID has changed.
1715 + if (current->user)
1716 + if (atomic_read(¤t->user->processes) >
1717 + current->rlim[RLIMIT_NPROC].rlim_cur &&
1718 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
1719 + allow_write_access(file);
1725 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
1726 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
1727 diff -urPX nopatch linux-2.4.22/fs/namei.c linux-2.4.22-ow1/fs/namei.c
1728 --- linux-2.4.22/fs/namei.c Mon Aug 25 15:44:43 2003
1729 +++ linux-2.4.22-ow1/fs/namei.c Thu Aug 28 06:20:52 2003
1731 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
1734 +#include <linux/config.h>
1735 #include <linux/init.h>
1736 #include <linux/slab.h>
1737 #include <linux/fs.h>
1738 @@ -325,6 +326,40 @@
1742 +#ifdef CONFIG_HARDEN_LINK
1743 +/* Keep this code separately (non-inline) */
1744 +static void security_alert_symlink(struct inode *inode)
1746 + security_alert("not followed symlink of %d.%d "
1747 + "by UID %d, EUID %d, process %s:%d",
1748 + "symlinks not followed",
1749 + inode->i_uid, inode->i_gid,
1750 + current->uid, current->euid, current->comm, current->pid);
1753 +static inline int check_link(struct dentry *dentry)
1755 + struct inode *inode, *dir;
1757 + inode = dentry->d_inode;
1758 + /* XXX: no locking, races possible */
1759 + dir = dentry->d_parent->d_inode;
1762 + * Don't follow links that we don't own in +t directories,
1763 + * unless the link is owned by the owner of the directory.
1765 + if ((dir->i_mode & S_ISVTX) &&
1766 + inode->i_uid != dir->i_uid &&
1767 + current->fsuid != inode->i_uid) {
1768 + security_alert_symlink(inode);
1777 * This limits recursive symlink follows to 8, while
1778 * limiting consecutive symlinks to 40.
1779 @@ -335,10 +370,15 @@
1780 static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
1783 - if (current->link_count >= 5)
1784 + if (current->link_count >= 8)
1786 if (current->total_link_count >= 40)
1788 +#ifdef CONFIG_HARDEN_LINK
1789 + err = check_link(dentry);
1793 if (current->need_resched) {
1794 current->state = TASK_RUNNING;
1796 @@ -350,8 +390,10 @@
1797 current->link_count--;
1807 static inline int __follow_up(struct vfsmount **mnt, struct dentry **base)
1808 @@ -1064,6 +1106,32 @@
1810 * It already exists.
1813 +#ifdef CONFIG_HARDEN_FIFO
1815 + * Don't write to FIFOs that we don't own in +t directories,
1816 + * unless the FIFO is owned by the owner of the directory.
1818 + * Do this check early while we hold the directory.
1820 + inode = dentry->d_inode;
1821 + if (S_ISFIFO(inode->i_mode) && !(flag & O_EXCL) &&
1822 + (dir->d_inode->i_mode & S_ISVTX) &&
1823 + inode->i_uid != dir->d_inode->i_uid &&
1824 + current->fsuid != inode->i_uid) {
1825 + up(&dir->d_inode->i_sem);
1826 + if (!permission(inode, acc_mode))
1827 + security_alert("denied writing FIFO of %d.%d "
1828 + "by UID %d, EUID %d, process %s:%d",
1829 + "writes into a FIFO denied",
1830 + inode->i_uid, inode->i_gid,
1831 + current->uid, current->euid,
1832 + current->comm, current->pid);
1838 up(&dir->d_inode->i_sem);
1841 @@ -1184,6 +1252,11 @@
1842 * stored in nd->last.name and we will have to putname() it when we
1843 * are done. Procfs-like symlinks just set LAST_BIND.
1845 +#ifdef CONFIG_HARDEN_LINK
1846 + error = check_link(dentry);
1850 UPDATE_ATIME(dentry->d_inode);
1851 error = dentry->d_inode->i_op->follow_link(dentry, nd);
1853 @@ -1605,6 +1678,32 @@
1854 inode = old_dentry->d_inode;
1858 +#ifdef CONFIG_HARDEN_LINK
1860 + * Don't allow users to create hard links to files they don't own,
1861 + * unless they could read and write the file or have CAP_FOWNER.
1863 + * The real UID check is here as a workaround for atd(8) only, to
1864 + * be removed one day.
1867 + if (current->fsuid != inode->i_uid &&
1868 + (!S_ISREG(inode->i_mode) ||
1869 + (inode->i_mode & S_ISUID) ||
1870 + ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
1871 + (error = permission(inode, MAY_READ | MAY_WRITE))) &&
1872 + !capable(CAP_FOWNER) &&
1874 + security_alert("denied hard link to %d.%d "
1875 + "for UID %d, EUID %d, process %s:%d",
1876 + "hard links denied",
1877 + inode->i_uid, inode->i_gid,
1878 + current->uid, current->euid,
1879 + current->comm, current->pid);
1884 error = may_create(dir, new_dentry);
1886 diff -urPX nopatch linux-2.4.22/fs/proc/base.c linux-2.4.22-ow1/fs/proc/base.c
1887 --- linux-2.4.22/fs/proc/base.c Mon Aug 25 15:44:43 2003
1888 +++ linux-2.4.22-ow1/fs/proc/base.c Thu Aug 28 07:10:20 2003
1889 @@ -167,15 +167,16 @@
1891 atomic_inc(&mm->mm_users);
1894 - unsigned int len = mm->env_end - mm->env_start;
1895 + if (mm && mm->env_start && mm->env_start < mm->env_end) {
1896 + unsigned long len = mm->env_end - mm->env_start;
1897 if (len > PAGE_SIZE)
1899 res = access_process_vm(task, mm->env_start, buffer, len, 0);
1900 - if (!may_ptrace_attach(task))
1901 + if (res >= 0 && !may_ptrace_attach(task))
1910 @@ -188,31 +189,30 @@
1912 atomic_inc(&mm->mm_users);
1915 - int len = mm->arg_end - mm->arg_start;
1916 + if (mm && mm->arg_start && mm->arg_start < mm->arg_end) {
1917 + unsigned long len = mm->arg_end - mm->arg_start;
1918 if (len > PAGE_SIZE)
1920 res = access_process_vm(task, mm->arg_start, buffer, len, 0);
1921 - // If the nul at the end of args has been overwritten, then
1922 - // assume application is using setproctitle(3).
1923 - if ( res > 0 && buffer[res-1] != '\0' )
1925 - len = strnlen( buffer, res );
1932 + /* If the nul at the end of args has been overwritten, then
1933 + assume application is using setproctitle(3). */
1934 + if (res > 0 && buffer[res - 1] != '\0') {
1935 + len = strnlen(buffer, res);
1939 + if (mm->env_start < mm->env_end && res <= PAGE_SIZE) {
1940 len = mm->env_end - mm->env_start;
1941 if (len > PAGE_SIZE - res)
1942 len = PAGE_SIZE - res;
1943 res += access_process_vm(task, mm->env_start, buffer+res, len, 0);
1944 - res = strnlen( buffer, res );
1946 + res = strnlen(buffer, res);
1957 @@ -750,7 +750,12 @@
1959 if (ino == PROC_PID_INO || task_dumpable(task)) {
1960 inode->i_uid = task->euid;
1961 +#ifdef CONFIG_HARDEN_PROC
1962 + if (inode->i_sb->s_root)
1963 + inode->i_gid = inode->i_sb->s_root->d_inode->i_gid;
1965 inode->i_gid = task->egid;
1970 @@ -1062,7 +1067,11 @@
1974 +#ifdef CONFIG_HARDEN_PROC
1975 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
1977 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
1979 inode->i_op = &proc_base_inode_operations;
1980 inode->i_fop = &proc_base_operations;
1982 diff -urPX nopatch linux-2.4.22/fs/proc/generic.c linux-2.4.22-ow1/fs/proc/generic.c
1983 --- linux-2.4.22/fs/proc/generic.c Fri Jun 13 18:51:37 2003
1984 +++ linux-2.4.22-ow1/fs/proc/generic.c Thu Aug 28 06:20:52 2003
1986 static void proc_kill_inodes(struct proc_dir_entry *de)
1988 struct list_head *p;
1989 - struct super_block *sb = proc_mnt->mnt_sb;
1990 + struct super_block *sb = proc_super;
1995 * Actually it's a partial revoke().
1996 @@ -485,12 +487,12 @@
2000 -struct proc_dir_entry *proc_mkdir(const char *name, struct proc_dir_entry *parent)
2001 +struct proc_dir_entry *proc_mkdir_mode(const char *name, mode_t mode,
2002 + struct proc_dir_entry *parent)
2004 struct proc_dir_entry *ent;
2006 - ent = proc_create(&parent,name,
2007 - (S_IFDIR | S_IRUGO | S_IXUGO),2);
2008 + ent = proc_create(&parent, name, S_IFDIR | mode, 2);
2010 ent->proc_fops = &proc_dir_operations;
2011 ent->proc_iops = &proc_dir_inode_operations;
2012 @@ -501,6 +503,12 @@
2018 +struct proc_dir_entry *proc_mkdir(const char *name,
2019 + struct proc_dir_entry *parent)
2021 + return proc_mkdir_mode(name, S_IRUGO | S_IXUGO, parent);
2024 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
2025 diff -urPX nopatch linux-2.4.22/fs/proc/inode.c linux-2.4.22-ow1/fs/proc/inode.c
2026 --- linux-2.4.22/fs/proc/inode.c Fri Jun 13 18:51:37 2003
2027 +++ linux-2.4.22-ow1/fs/proc/inode.c Thu Aug 28 06:21:10 2003
2029 * Copyright (C) 1991, 1992 Linus Torvalds
2032 +#include <linux/config.h>
2033 #include <linux/sched.h>
2034 #include <linux/proc_fs.h>
2035 #include <linux/kernel.h>
2040 -struct vfsmount *proc_mnt;
2042 static void proc_read_inode(struct inode * inode)
2044 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
2045 @@ -153,6 +152,10 @@
2046 inode->i_mode = de->mode;
2047 inode->i_uid = de->uid;
2048 inode->i_gid = de->gid;
2049 +#ifdef CONFIG_HARDEN_PROC
2051 + inode->i_gid = sb->s_root->d_inode->i_gid;
2055 inode->i_size = de->size;
2060 +struct super_block *proc_super = NULL;
2062 struct super_block *proc_read_super(struct super_block *s,void *data,
2065 @@ -200,6 +205,10 @@
2068 parse_options(data, &root_inode->i_uid, &root_inode->i_gid);
2069 + if (!proc_super) {
2076 diff -urPX nopatch linux-2.4.22/fs/proc/proc_tty.c linux-2.4.22-ow1/fs/proc/proc_tty.c
2077 --- linux-2.4.22/fs/proc/proc_tty.c Sat Apr 22 02:17:57 2000
2078 +++ linux-2.4.22-ow1/fs/proc/proc_tty.c Thu Aug 28 06:20:52 2003
2083 - * Thsi function is called by register_tty_driver() to handle
2084 + * This function is called by tty_register_driver() to handle
2085 * registering the driver's /proc handler into /proc/tty/driver/<foo>
2087 void proc_tty_register_driver(struct tty_driver *driver)
2092 - * This function is called by unregister_tty_driver()
2093 + * This function is called by tty_unregister_driver()
2095 void proc_tty_unregister_driver(struct tty_driver *driver)
2097 @@ -174,7 +174,13 @@
2098 if (!proc_mkdir("tty", 0))
2100 proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);
2101 - proc_tty_driver = proc_mkdir("tty/driver", 0);
2103 + * /proc/tty/driver/serial reveals the exact character counts for
2104 + * serial links which is just too easy to abuse for inferring
2105 + * password lengths and inter-keystroke timings during password
2108 + proc_tty_driver = proc_mkdir_mode("tty/driver", S_IRUSR | S_IXUSR, 0);
2110 create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
2111 create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);
2112 diff -urPX nopatch linux-2.4.22/fs/proc/root.c linux-2.4.22-ow1/fs/proc/root.c
2113 --- linux-2.4.22/fs/proc/root.c Sat Aug 3 04:39:45 2002
2114 +++ linux-2.4.22-ow1/fs/proc/root.c Thu Aug 28 06:20:52 2003
2117 #include <asm/uaccess.h>
2119 +#include <linux/config.h>
2120 #include <linux/errno.h>
2121 #include <linux/sched.h>
2122 #include <linux/proc_fs.h>
2124 int err = register_filesystem(&proc_fs_type);
2127 - proc_mnt = kern_mount(&proc_fs_type);
2128 - err = PTR_ERR(proc_mnt);
2129 - if (IS_ERR(proc_mnt)) {
2130 - unregister_filesystem(&proc_fs_type);
2134 +#ifdef CONFIG_HARDEN_PROC
2135 + proc_net = proc_mkdir_mode("net", S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0);
2137 proc_net = proc_mkdir("net", 0);
2139 #ifdef CONFIG_SYSVIPC
2140 proc_mkdir("sysvipc", 0);
2142 diff -urPX nopatch linux-2.4.22/include/asm-i386/a.out.h linux-2.4.22-ow1/include/asm-i386/a.out.h
2143 --- linux-2.4.22/include/asm-i386/a.out.h Fri Jun 16 22:33:06 1995
2144 +++ linux-2.4.22-ow1/include/asm-i386/a.out.h Thu Aug 28 06:20:52 2003
2149 +#include <linux/config.h>
2151 +#ifdef CONFIG_HARDEN_STACK
2152 +#define STACK_TOP ( \
2153 + (current->flags & PF_STACKEXEC) \
2154 + ? TASK_SIZE - _STK_LIM \
2157 #define STACK_TOP TASK_SIZE
2162 diff -urPX nopatch linux-2.4.22/include/asm-i386/processor.h linux-2.4.22-ow1/include/asm-i386/processor.h
2163 --- linux-2.4.22/include/asm-i386/processor.h Mon Aug 25 15:44:43 2003
2164 +++ linux-2.4.22-ow1/include/asm-i386/processor.h Thu Aug 28 06:20:52 2003
2165 @@ -261,10 +261,28 @@
2167 #define TASK_SIZE (PAGE_OFFSET)
2170 + * Magic addresses to return to the kernel from signal handlers. These two
2171 + * should be beyond user code segment limit, adjacent, and MAGIC_SIGRETURN
2174 +#define MAGIC_SIGRETURN (PAGE_OFFSET + 0xDE0000)
2175 +#define MAGIC_RT_SIGRETURN (PAGE_OFFSET + 0xDE0001)
2177 /* This decides where the kernel will search for a free chunk of vm
2178 * space during mmap's.
2180 +#if defined(CONFIG_HARDEN_STACK) && defined(CONFIG_BINFMT_ELF)
2181 +extern struct linux_binfmt elf_format;
2182 +#define TASK_UNMAPPED_BASE(size) ( \
2183 + current->binfmt == &elf_format && \
2184 + !(current->flags & PF_STACKEXEC) && \
2185 + (size) < 0x00ef0000UL \
2189 #define TASK_UNMAPPED_BASE (TASK_SIZE / 3)
2193 * Size of io_bitmap in longwords: 32 is ports 0-0x3ff.
2194 diff -urPX nopatch linux-2.4.22/include/linux/a.out.h linux-2.4.22-ow1/include/linux/a.out.h
2195 --- linux-2.4.22/include/linux/a.out.h Thu Nov 22 22:46:18 2001
2196 +++ linux-2.4.22-ow1/include/linux/a.out.h Thu Aug 28 06:20:52 2003
2198 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
2201 +/* Constants for the N_FLAGS field */
2202 +#define F_STACKEXEC 1 /* Executable stack area forced */
2204 #if !defined (N_MAGIC)
2205 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
2207 diff -urPX nopatch linux-2.4.22/include/linux/binfmts.h linux-2.4.22-ow1/include/linux/binfmts.h
2208 --- linux-2.4.22/include/linux/binfmts.h Thu Nov 22 22:46:19 2001
2209 +++ linux-2.4.22-ow1/include/linux/binfmts.h Thu Aug 28 06:20:52 2003
2211 #ifndef _LINUX_BINFMTS_H
2212 #define _LINUX_BINFMTS_H
2214 +#include <linux/config.h>
2215 #include <linux/ptrace.h>
2216 #include <linux/capability.h>
2218 diff -urPX nopatch linux-2.4.22/include/linux/elf.h linux-2.4.22-ow1/include/linux/elf.h
2219 --- linux-2.4.22/include/linux/elf.h Fri Nov 29 02:53:15 2002
2220 +++ linux-2.4.22-ow1/include/linux/elf.h Thu Aug 28 06:20:52 2003
2222 #define R_MIPS_LOVENDOR 100
2223 #define R_MIPS_HIVENDOR 127
2225 +/* Constants for the e_flags field */
2226 +#define EF_STACKEXEC 1 /* Executable stack area forced */
2229 * Sparc ELF relocation types
2230 diff -urPX nopatch linux-2.4.22/include/linux/kernel.h linux-2.4.22-ow1/include/linux/kernel.h
2231 --- linux-2.4.22/include/linux/kernel.h Fri Nov 29 02:53:15 2002
2232 +++ linux-2.4.22-ow1/include/linux/kernel.h Thu Aug 28 06:20:52 2003
2234 extern long long simple_strtoll(const char *,char **,unsigned int);
2235 extern int sprintf(char * buf, const char * fmt, ...)
2236 __attribute__ ((format (printf, 2, 3)));
2237 -extern int vsprintf(char *buf, const char *, va_list);
2238 +extern int vsprintf(char *buf, const char *, va_list)
2239 + __attribute__ ((format (printf, 2, 0)));
2240 extern int snprintf(char * buf, size_t size, const char * fmt, ...)
2241 __attribute__ ((format (printf, 3, 4)));
2242 -extern int vsnprintf(char *buf, size_t size, const char *fmt, va_list args);
2243 +extern int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
2244 + __attribute__ ((format (printf, 3, 0)));
2246 extern int sscanf(const char *, const char *, ...)
2247 - __attribute__ ((format (scanf,2,3)));
2248 -extern int vsscanf(const char *, const char *, va_list);
2249 + __attribute__ ((format (scanf, 2, 3)));
2250 +extern int vsscanf(const char *, const char *, va_list)
2251 + __attribute__ ((format (scanf, 2, 0)));
2253 extern int get_option(char **str, int *pint);
2254 extern char *get_options(char *str, int nints, int *ints);
2255 @@ -170,6 +173,26 @@
2256 ({ type __x = (x); type __y = (y); __x < __y ? __x: __y; })
2257 #define max_t(type,x,y) \
2258 ({ type __x = (x); type __y = (y); __x > __y ? __x: __y; })
2260 +#define security_alert(normal_msg, flood_msg, args...) \
2262 + static unsigned long warning_time = 0, no_flood_yet = 0; \
2263 + static spinlock_t security_alert_lock = SPIN_LOCK_UNLOCKED; \
2265 + spin_lock(&security_alert_lock); \
2267 +/* Make sure at least one minute passed since the last warning logged */ \
2268 + if (!warning_time || jiffies - warning_time > 60 * HZ) { \
2269 + warning_time = jiffies; no_flood_yet = 1; \
2270 + printk(KERN_ALERT "Security: " normal_msg "\n", ## args); \
2271 + } else if (no_flood_yet) { \
2272 + warning_time = jiffies; no_flood_yet = 0; \
2273 + printk(KERN_ALERT "Security: more " flood_msg \
2274 + ", logging disabled for a minute\n"); \
2277 + spin_unlock(&security_alert_lock); \
2280 extern void __out_of_line_bug(int line) ATTRIB_NORET;
2281 #define out_of_line_bug() __out_of_line_bug(__LINE__)
2282 diff -urPX nopatch linux-2.4.22/include/linux/proc_fs.h linux-2.4.22-ow1/include/linux/proc_fs.h
2283 --- linux-2.4.22/include/linux/proc_fs.h Sat Aug 3 04:39:45 2002
2284 +++ linux-2.4.22-ow1/include/linux/proc_fs.h Thu Aug 28 06:20:52 2003
2286 struct proc_dir_entry *parent);
2287 extern void remove_proc_entry(const char *name, struct proc_dir_entry *parent);
2289 -extern struct vfsmount *proc_mnt;
2290 +extern struct super_block *proc_super;
2291 extern struct super_block *proc_read_super(struct super_block *,void *,int);
2292 extern struct inode * proc_get_inode(struct super_block *, int, struct proc_dir_entry *);
2295 struct proc_dir_entry *, const char *);
2296 extern struct proc_dir_entry *proc_mknod(const char *,mode_t,
2297 struct proc_dir_entry *,kdev_t);
2298 +extern struct proc_dir_entry *proc_mkdir_mode(const char *,mode_t,
2299 + struct proc_dir_entry *);
2300 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);
2302 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
2303 diff -urPX nopatch linux-2.4.22/include/linux/sched.h linux-2.4.22-ow1/include/linux/sched.h
2304 --- linux-2.4.22/include/linux/sched.h Fri Jun 13 18:51:39 2003
2305 +++ linux-2.4.22-ow1/include/linux/sched.h Thu Aug 28 06:20:52 2003
2308 #define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */
2310 +#define PF_STACKEXEC 0x01000000 /* Executable stack area forced */
2315 diff -urPX nopatch linux-2.4.22/ipc/shm.c linux-2.4.22-ow1/ipc/shm.c
2316 --- linux-2.4.22/ipc/shm.c Sat Aug 3 04:39:46 2002
2317 +++ linux-2.4.22-ow1/ipc/shm.c Thu Aug 28 06:20:52 2003
2318 @@ -149,13 +149,40 @@
2319 shp->shm_lprid = current->pid;
2320 shp->shm_dtim = CURRENT_TIME;
2322 +#ifdef CONFIG_HARDEN_SHM
2323 + if(shp->shm_nattch == 0) {
2324 + shp->shm_flags |= SHM_DEST;
2325 + shm_destroy (shp);
2328 if(shp->shm_nattch == 0 &&
2329 shp->shm_flags & SHM_DEST)
2337 +#ifdef CONFIG_HARDEN_SHM
2338 +void shm_exit (void)
2341 + struct shmid_kernel *shp;
2343 + for (i = 0; i <= shm_ids.max_id; i++) {
2345 + if (!shp) continue;
2347 + if (shp->shm_cprid != current->pid) continue;
2349 + if (shp->shm_nattch <= 0) {
2350 + shp->shm_flags |= SHM_DEST;
2351 + shm_destroy (shp);
2357 static int shm_mmap(struct file * file, struct vm_area_struct * vma)
2359 diff -urPX nopatch linux-2.4.22/ipc/util.c linux-2.4.22-ow1/ipc/util.c
2360 --- linux-2.4.22/ipc/util.c Mon Aug 25 15:44:44 2003
2361 +++ linux-2.4.22-ow1/ipc/util.c Thu Aug 28 06:20:52 2003
2362 @@ -346,8 +346,15 @@
2364 void sem_exit (void)
2370 +#ifdef CONFIG_HARDEN_SHM
2371 +void shm_exit (void)
2377 asmlinkage long sys_semget (key_t key, int nsems, int semflg)
2379 diff -urPX nopatch linux-2.4.22/kernel/exit.c linux-2.4.22-ow1/kernel/exit.c
2380 --- linux-2.4.22/kernel/exit.c Fri Nov 29 02:53:15 2002
2381 +++ linux-2.4.22-ow1/kernel/exit.c Thu Aug 28 06:20:52 2003
2383 #include <asm/mmu_context.h>
2385 extern void sem_exit (void);
2386 +#ifdef CONFIG_HARDEN_SHM
2387 +extern void shm_exit (void);
2389 extern struct task_struct *child_reaper;
2391 int getrusage(struct task_struct *, int, struct rusage *);
2396 +#ifdef CONFIG_HARDEN_SHM
2401 exit_namespace(tsk);
2402 diff -urPX nopatch linux-2.4.22/kernel/printk.c linux-2.4.22-ow1/kernel/printk.c
2403 --- linux-2.4.22/kernel/printk.c Mon Aug 25 15:44:44 2003
2404 +++ linux-2.4.22-ow1/kernel/printk.c Thu Aug 28 06:20:52 2003
2405 @@ -294,8 +294,13 @@
2407 asmlinkage long sys_syslog(int type, char * buf, int len)
2409 +#ifdef CONFIG_HARDEN_PROC
2410 + if (!capable(CAP_SYS_ADMIN))
2413 if ((type != 3) && !capable(CAP_SYS_ADMIN))
2416 return do_syslog(type, buf, len);
2419 diff -urPX nopatch linux-2.4.22/kernel/sysctl.c linux-2.4.22-ow1/kernel/sysctl.c
2420 --- linux-2.4.22/kernel/sysctl.c Mon Aug 25 15:44:44 2003
2421 +++ linux-2.4.22-ow1/kernel/sysctl.c Thu Aug 28 06:20:52 2003
2424 if (!oldlenp || get_user(old_len, oldlenp))
2426 + /* XXX: insufficient for SMP, but should be redundant anyway */
2427 + if ((ssize_t)old_len < 0)
2430 tmp = &root_table_header.ctl_entry;
2432 diff -urPX nopatch linux-2.4.22/mm/mmap.c linux-2.4.22-ow1/mm/mmap.c
2433 --- linux-2.4.22/mm/mmap.c Fri Jun 13 18:51:39 2003
2434 +++ linux-2.4.22-ow1/mm/mmap.c Thu Aug 28 06:20:52 2003
2439 +#include <linux/config.h>
2440 #include <linux/slab.h>
2441 #include <linux/shm.h>
2442 #include <linux/mman.h>
2443 @@ -626,7 +627,11 @@
2444 (!vma || addr + len <= vma->vm_start))
2447 +#if defined(CONFIG_HARDEN_STACK) && defined(CONFIG_BINFMT_ELF)
2448 + addr = PAGE_ALIGN(TASK_UNMAPPED_BASE(len));
2450 addr = PAGE_ALIGN(TASK_UNMAPPED_BASE);
2453 for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {
2454 /* At this point: (!vma || addr < vma->vm_end). */
2455 diff -urPX nopatch linux-2.4.22/mm/swapfile.c linux-2.4.22-ow1/mm/swapfile.c
2456 --- linux-2.4.22/mm/swapfile.c Mon Aug 25 15:44:44 2003
2457 +++ linux-2.4.22-ow1/mm/swapfile.c Thu Aug 28 06:20:52 2003
2458 @@ -738,8 +738,10 @@
2459 for (type = swap_list.head; type >= 0; type = swap_info[type].next) {
2460 p = swap_info + type;
2461 if ((p->flags & SWP_WRITEOK) == SWP_WRITEOK) {
2462 - if (p->swap_file == nd.dentry)
2464 + if (p->swap_file == nd.dentry ||
2465 + (S_ISBLK(nd.dentry->d_inode->i_mode) &&
2466 + p->swap_device == nd.dentry->d_inode->i_rdev))
2471 diff -urPX nopatch linux-2.4.22/net/socket.c linux-2.4.22-ow1/net/socket.c
2472 --- linux-2.4.22/net/socket.c Mon Aug 25 15:44:44 2003
2473 +++ linux-2.4.22-ow1/net/socket.c Thu Aug 28 06:20:52 2003
2474 @@ -1305,10 +1305,18 @@
2475 asmlinkage long sys_getsockopt(int fd, int level, int optname, char *optval, int *optlen)
2479 struct socket *sock;
2481 if ((sock = sockfd_lookup(fd, &err))!=NULL)
2483 + /* XXX: insufficient for SMP, but should be redundant anyway */
2484 + if (get_user(len, optlen))
2490 if (level == SOL_SOCKET)
2491 err=sock_getsockopt(sock,level,optname,optval,optlen);
2493 diff -urPX nopatch linux-2.4.22/security/Common.in linux-2.4.22-ow1/security/Common.in
2494 --- linux-2.4.22/security/Common.in Thu Jan 1 03:00:00 1970
2495 +++ linux-2.4.22-ow1/security/Common.in Thu Aug 28 06:20:52 2003
2498 +# Security options common to all architectures
2501 +bool 'Restricted links in /tmp' CONFIG_HARDEN_LINK
2502 +bool 'Restricted FIFOs in /tmp' CONFIG_HARDEN_FIFO
2503 +bool 'Restricted /proc' CONFIG_HARDEN_PROC
2504 +bool 'Enforce RLIMIT_NPROC on execve(2)' CONFIG_HARDEN_RLIMIT_NPROC
2505 +if [ "$CONFIG_SYSVIPC" = "y" ]; then
2506 + bool 'Destroy shared memory segments not in use' CONFIG_HARDEN_SHM
2508 diff -urPX nopatch linux-2.4.22/security/Config.in linux-2.4.22-ow1/security/Config.in
2509 --- linux-2.4.22/security/Config.in Thu Jan 1 03:00:00 1970
2510 +++ linux-2.4.22-ow1/security/Config.in Thu Aug 28 06:20:52 2003
2515 +mainmenu_option next_comment
2516 +comment 'Security options'
2518 +source security/Common.in