--- linux-2.4.20/kernel/sysctl.c.org	Tue Dec 31 21:38:21 2002
+++ linux-2.4.20/kernel/sysctl.c	Tue Dec 31 22:17:01 2002
@@ -277,7 +277,7 @@
 GS_SIDCAPS, GS_RANDPID, GS_RANDID, GS_RANDSRC, GS_RANDPING, GS_SOCKET_ALL, 
 GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, 
 GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS, GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, 
-GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK};
+GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC, GS_FINDTASK, GS_LOCK, GS_MEM};
 
 static ctl_table grsecurity_table[] = {
 	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
@@ -431,6 +431,10 @@
 	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
 	 sizeof (int), 0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_MEM
+	{GS_MEM, "secure_mem", &grsec_enable_mem, sizeof (int), 0600, NULL,
+	 &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 #endif
--- linux-2.4.20/include/linux/grsecurity.h.org	Tue Dec 31 21:38:18 2002
+++ linux-2.4.20/include/linux/grsecurity.h	Tue Dec 31 22:11:04 2002
@@ -102,6 +102,7 @@
 extern int grsec_enable_mount;
 extern int grsec_enable_chdir;
 extern int grsec_lock;
+extern int grsec_enable_mem;
 
 extern struct task_struct *child_reaper;
 
--- linux-2.4.20/drivers/char/mem.c.org	Tue Dec 31 21:38:16 2002
+++ linux-2.4.20/drivers/char/mem.c	Tue Dec 31 22:08:46 2002
@@ -115,10 +115,10 @@
 	unsigned long p = *ppos;
 	unsigned long end_mem;
 
-#ifdef CONFIG_GRKERNSEC_MEM
+if(grsec_enable_mem) {
         security_alert(GR_MEM_WRITE_MSG, GR_MEM_WRITE_FLD, DEFAULTSECARGS);
         return -EPERM;
-#endif
+}
 
 	end_mem = __pa(high_memory);
 	if (p >= end_mem)
@@ -192,7 +192,7 @@
 {
 	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
 
-#ifdef CONFIG_GRKERNSEC_MEM
+if(grsec_enable_mem){
 	if (offset < __pa(high_memory) &&
 	    (pgprot_val(vma->vm_page_prot) & PROT_WRITE) &&
 	    (offset != 0xa0000 || ((vma->vm_end - vma->vm_start) > 0x20000))) {
@@ -200,7 +200,7 @@
 		return -EPERM;
 	} else if (offset < __pa(high_memory))
 		vma->vm_flags &= ~VM_MAYWRITE;
-#endif
+}
 
 
 	/*
--- linux-2.4.20/grsecurity/grsecurity.c.org	Tue Dec 31 21:38:17 2002
+++ linux-2.4.20/grsecurity/grsecurity.c	Tue Dec 31 22:04:35 2002
@@ -53,6 +53,7 @@
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
 int grsec_lock;
+int grsec_enable_mem;
 
 /* 
    handle the variables if parts of grsecurity are configured without sysctl 
@@ -167,6 +168,9 @@
 grsec_enable_socket_server = 1;
 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_MEM
+grsec_enable_mem = 1;
+#endif
 #endif
 
 return;