diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
--- linux-2.4.20.org/drivers/char/mem.c	Mon Feb 17 10:01:43 2003
+++ linux-2.4.20/drivers/char/mem.c	Mon Feb 17 10:04:57 2003
@@ -115,8 +115,10 @@
 	unsigned long end_mem;
 
 #ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_enable_kmem){
 	gr_handle_mem_write();
 	return -EPERM;
+}
 #endif
 
 	end_mem = __pa(high_memory);
@@ -192,8 +192,10 @@
 	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
 
 #ifdef CONFIG_GRKERNSEC_KMEM
+if (grsec_enable_kmem){
 	if (gr_handle_mem_mmap(offset, vma))
 		return -EPERM;
+}
 #endif
 
 
@@ -297,8 +297,10 @@
 	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
 
 #ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_enable_kmem){
 	gr_handle_kmem_write();
 	return -EPERM;
+}
 #endif
 
 	if (p < (unsigned long) high_memory) {
@@ -534,8 +534,10 @@
 static int open_port(struct inode * inode, struct file * filp)
 {
 #ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_enable_kmem){
 	gr_handle_open_port();
 	return -EPERM;
+}
 #endif
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }
diff -Nur linux-2.4.20.org/grsecurity/grsec_init.c linux-2.4.20/grsecurity/grsec_init.c
--- linux-2.4.20.org/grsecurity/grsec_init.c	Mon Feb 17 10:01:44 2003
+++ linux-2.4.20/grsecurity/grsec_init.c	Mon Feb 17 10:05:54 2003
@@ -45,6 +45,7 @@
 int grsec_socket_client_gid;
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
+int grsec_enable_kmem;
 int grsec_lock;
 
 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
@@ -194,6 +195,9 @@
 grsec_enable_socket_server = 1;
 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+grsec_enable_kmem = 1;
+#endif
 #endif
 
 return;
diff -Nur linux-2.4.20.org/include/linux/grsecurity.h linux-2.4.20/include/linux/grsecurity.h
--- linux-2.4.20.org/include/linux/grsecurity.h	Mon Feb 17 10:01:44 2003
+++ linux-2.4.20/include/linux/grsecurity.h	Mon Feb 17 10:12:15 2003
@@ -161,6 +161,7 @@
 extern int grsec_enable_randsrc;
 extern int grsec_enable_randping;
 extern int grsec_enable_randrpc;
+extern int grsec_enable_kmem;
 #endif
 
 #endif
diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
--- linux-2.4.20.org/kernel/sysctl.c	Mon Feb 17 10:01:44 2003
+++ linux-2.4.20/kernel/sysctl.c	Mon Feb 17 10:11:13 2003
@@ -283,7 +283,7 @@
 GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_FINDTASK, GS_LOCK};
+GS_FINDTASK, GS_LOCK, GS_KMEM};
 
 static ctl_table grsecurity_table[] = {
 	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
@@ -453,6 +453,10 @@
 	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
 	 sizeof (int), 0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+	{GS_FINDTASK, "kmem", &grsec_enable_kmem, 
+	 sizeof (int), 0600, NULL, &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 #endif