[gentoo-commits] proj/hardened-patchset:master commit in: 4.4.5/

Mon, 14 Mar 2016 23:39:34 -0700 

commit:     5f68ceaa5da203d872ca143eb4260189ddee289e
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 06:48:40 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 06:48:40 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=5f68ceaa

grsecurity-3.1-4.4.5-201603142220

 4.4.5/0000_README                                  |  2 +-
 ...> 4420_grsecurity-3.1-4.4.5-201603142220.patch} | 94 +++++++++++-----------
 2 files changed, 47 insertions(+), 49 deletions(-)

diff --git a/4.4.5/0000_README b/4.4.5/0000_README
index c02a112..6d51814 100644
--- a/4.4.5/0000_README
+++ b/4.4.5/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.4.5-201603131305.patch
+Patch: 4420_grsecurity-3.1-4.4.5-201603142220.patch
 From:  http://www.grsecurity.net
 Desc:  hardened-sources base patch from upstream grsecurity
 

diff --git a/4.4.5/4420_grsecurity-3.1-4.4.5-201603131305.patch 
b/4.4.5/4420_grsecurity-3.1-4.4.5-201603142220.patch
similarity index 99%
rename from 4.4.5/4420_grsecurity-3.1-4.4.5-201603131305.patch
rename to 4.4.5/4420_grsecurity-3.1-4.4.5-201603142220.patch
index c5fcaad..dac56bb 100644
--- a/4.4.5/4420_grsecurity-3.1-4.4.5-201603131305.patch
+++ b/4.4.5/4420_grsecurity-3.1-4.4.5-201603142220.patch
@@ -83496,7 +83496,7 @@ index 14db05d..687f6d8 100644
  #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
  
 diff --git a/fs/namei.c b/fs/namei.c
-index d8ee4da..dc6d6b5 100644
+index d8ee4da..d6bf55e 100644
 --- a/fs/namei.c
 +++ b/fs/namei.c
 @@ -336,17 +336,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -83711,19 +83711,22 @@ index d8ee4da..dc6d6b5 100644
        if (flags & LOOKUP_ROOT) {
                struct dentry *root = nd->root.dentry;
                struct inode *inode = root->d_inode;
-@@ -2138,6 +2231,11 @@ static int path_lookupat(struct nameidata *nd, unsigned 
flags, struct path *path
+@@ -2138,6 +2231,14 @@ static int path_lookupat(struct nameidata *nd, unsigned 
flags, struct path *path
        if (!err)
                err = complete_walk(nd);
  
 +      if (!err && !(nd->flags & LOOKUP_PARENT)) {
 +              if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
 +                      err = -ENOENT;
++              if (!err)
++                      err = gr_chroot_pathat(nd->dfd, nd->path.dentry,
++                                              nd->path.mnt, nd->flags);
 +      }
 +
        if (!err && nd->flags & LOOKUP_DIRECTORY)
                if (!d_can_lookup(nd->path.dentry))
                        err = -ENOTDIR;
-@@ -2186,6 +2284,10 @@ static int path_parentat(struct nameidata *nd, unsigned 
flags,
+@@ -2186,6 +2287,14 @@ static int path_parentat(struct nameidata *nd, unsigned 
flags,
        err = link_path_walk(s, nd);
        if (!err)
                err = complete_walk(nd);
@@ -83731,10 +83734,14 @@ index d8ee4da..dc6d6b5 100644
 +      if (!err && gr_handle_nameidata_symlinkowner(nd, nd->inode))
 +              err = -EACCES;
 +
++      if (!err)
++              err = gr_chroot_pathat(nd->dfd, nd->path.dentry,
++                                      nd->path.mnt, nd->flags);
++
        if (!err) {
                *parent = nd->path;
                nd->path.mnt = NULL;
-@@ -2717,6 +2819,13 @@ static int may_open(struct path *path, int acc_mode, 
int flag)
+@@ -2717,6 +2826,13 @@ static int may_open(struct path *path, int acc_mode, 
int flag)
        if (flag & O_NOATIME && !inode_owner_or_capable(inode))
                return -EPERM;
  
@@ -83748,12 +83755,15 @@ index d8ee4da..dc6d6b5 100644
        return 0;
  }
  
-@@ -2983,6 +3092,18 @@ static int lookup_open(struct nameidata *nd, struct 
path *path,
+@@ -2983,6 +3099,21 @@ static int lookup_open(struct nameidata *nd, struct 
path *path,
        /* Negative dentry, just create the file */
        if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
                umode_t mode = op->mode;
 +
-+              
++              error = gr_chroot_pathat(nd->dfd, dentry, nd->path.mnt, 
nd->flags);
++              if (error)
++                      goto out_dput;
++
 +              if (gr_handle_nameidata_symlinkowner(nd, dir_inode)) {
 +                      error = -EACCES;
 +                      goto out_dput;
@@ -83767,7 +83777,7 @@ index d8ee4da..dc6d6b5 100644
                if (!IS_POSIXACL(dir->d_inode))
                        mode &= ~current_umask();
                /*
-@@ -3004,6 +3125,8 @@ static int lookup_open(struct nameidata *nd, struct path 
*path,
+@@ -3004,6 +3135,8 @@ static int lookup_open(struct nameidata *nd, struct path 
*path,
                                   nd->flags & LOOKUP_EXCL);
                if (error)
                        goto out_dput;
@@ -83776,7 +83786,7 @@ index d8ee4da..dc6d6b5 100644
        }
  out_no_open:
        path->dentry = dentry;
-@@ -3109,11 +3232,24 @@ retry_lookup:
+@@ -3109,11 +3242,24 @@ retry_lookup:
                goto finish_open_created;
        }
  
@@ -83802,7 +83812,7 @@ index d8ee4da..dc6d6b5 100644
  
        /*
         * If atomic_open() acquired write access it is dropped now due to
-@@ -3166,6 +3302,17 @@ finish_open:
+@@ -3166,6 +3312,21 @@ finish_open:
                path_put(&save_parent);
                return error;
        }
@@ -83812,6 +83822,10 @@ index d8ee4da..dc6d6b5 100644
 +              goto out;
 +      }
 +
++      error = gr_chroot_pathat(nd->dfd, nd->path.dentry, nd->path.mnt, 
nd->flags);
++      if (error)
++              goto out;
++
 +      if (gr_handle_nameidata_symlinkowner(nd, inode)) {
 +              error = -EACCES;
 +              goto out;
@@ -83820,23 +83834,7 @@ index d8ee4da..dc6d6b5 100644
        audit_inode(nd->name, nd->path.dentry, 0);
        if (unlikely(d_is_symlink(nd->path.dentry)) && !(open_flag & O_PATH)) {
                error = -ELOOP;
-@@ -3351,6 +3498,15 @@ out2:
-                               error = -ESTALE;
-               }
-               file = ERR_PTR(error);
-+      } else {
-+              error = gr_chroot_pathat(nd->dfd, file->f_path.dentry, 
file->f_path.mnt, flags);
-+              if (error == -ECHILD) {
-+                      fput(file);
-+                      file = ERR_PTR(error);
-+              } else if (!error) {
-+                      fput(file);
-+                      file = ERR_PTR(-ENOENT);
-+              }
-       }
-       return file;
- }
-@@ -3440,9 +3596,11 @@ static struct dentry *filename_create(int dfd, struct 
filename *name,
+@@ -3440,9 +3601,11 @@ static struct dentry *filename_create(int dfd, struct 
filename *name,
                goto unlock;
  
        error = -EEXIST;
@@ -83850,7 +83848,7 @@ index d8ee4da..dc6d6b5 100644
        /*
         * Special case - lookup gave negative, but... we had foo/bar/
         * From the vfs_mknod() POV we just have a negative dentry -
-@@ -3496,6 +3654,20 @@ inline struct dentry *user_path_create(int dfd, const 
char __user *pathname,
+@@ -3496,6 +3659,20 @@ inline struct dentry *user_path_create(int dfd, const 
char __user *pathname,
  }
  EXPORT_SYMBOL(user_path_create);
  
@@ -83871,7 +83869,7 @@ index d8ee4da..dc6d6b5 100644
  int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t 
dev)
  {
        int error = may_create(dir, dentry);
-@@ -3559,6 +3731,17 @@ retry:
+@@ -3559,6 +3736,17 @@ retry:
  
        if (!IS_POSIXACL(path.dentry->d_inode))
                mode &= ~current_umask();
@@ -83889,7 +83887,7 @@ index d8ee4da..dc6d6b5 100644
        error = security_path_mknod(&path, dentry, mode, dev);
        if (error)
                goto out;
-@@ -3574,6 +3757,8 @@ retry:
+@@ -3574,6 +3762,8 @@ retry:
                        error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
                        break;
        }
@@ -83898,7 +83896,7 @@ index d8ee4da..dc6d6b5 100644
  out:
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
-@@ -3628,9 +3813,16 @@ retry:
+@@ -3628,9 +3818,16 @@ retry:
  
        if (!IS_POSIXACL(path.dentry->d_inode))
                mode &= ~current_umask();
@@ -83915,7 +83913,7 @@ index d8ee4da..dc6d6b5 100644
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
                lookup_flags |= LOOKUP_REVAL;
-@@ -3663,7 +3855,7 @@ void dentry_unhash(struct dentry *dentry)
+@@ -3663,7 +3860,7 @@ void dentry_unhash(struct dentry *dentry)
  {
        shrink_dcache_parent(dentry);
        spin_lock(&dentry->d_lock);
@@ -83924,7 +83922,7 @@ index d8ee4da..dc6d6b5 100644
                __d_drop(dentry);
        spin_unlock(&dentry->d_lock);
  }
-@@ -3716,6 +3908,8 @@ static long do_rmdir(int dfd, const char __user 
*pathname)
+@@ -3716,6 +3913,8 @@ static long do_rmdir(int dfd, const char __user 
*pathname)
        struct path path;
        struct qstr last;
        int type;
@@ -83933,7 +83931,7 @@ index d8ee4da..dc6d6b5 100644
        unsigned int lookup_flags = 0;
  retry:
        name = user_path_parent(dfd, pathname,
-@@ -3748,10 +3942,20 @@ retry:
+@@ -3748,10 +3947,20 @@ retry:
                error = -ENOENT;
                goto exit3;
        }
@@ -83954,7 +83952,7 @@ index d8ee4da..dc6d6b5 100644
  exit3:
        dput(dentry);
  exit2:
-@@ -3846,6 +4050,8 @@ static long do_unlinkat(int dfd, const char __user 
*pathname)
+@@ -3846,6 +4055,8 @@ static long do_unlinkat(int dfd, const char __user 
*pathname)
        int type;
        struct inode *inode = NULL;
        struct inode *delegated_inode = NULL;
@@ -83963,7 +83961,7 @@ index d8ee4da..dc6d6b5 100644
        unsigned int lookup_flags = 0;
  retry:
        name = user_path_parent(dfd, pathname,
-@@ -3872,10 +4078,21 @@ retry_deleg:
+@@ -3872,10 +4083,21 @@ retry_deleg:
                if (d_is_negative(dentry))
                        goto slashes;
                ihold(inode);
@@ -83985,7 +83983,7 @@ index d8ee4da..dc6d6b5 100644
  exit2:
                dput(dentry);
        }
-@@ -3964,9 +4181,17 @@ retry:
+@@ -3964,9 +4186,17 @@ retry:
        if (IS_ERR(dentry))
                goto out_putname;
  
@@ -84003,7 +84001,7 @@ index d8ee4da..dc6d6b5 100644
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
                lookup_flags |= LOOKUP_REVAL;
-@@ -4070,6 +4295,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user 
*, oldname,
+@@ -4070,6 +4300,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user 
*, oldname,
        struct dentry *new_dentry;
        struct path old_path, new_path;
        struct inode *delegated_inode = NULL;
@@ -84011,7 +84009,7 @@ index d8ee4da..dc6d6b5 100644
        int how = 0;
        int error;
  
-@@ -4093,7 +4319,7 @@ retry:
+@@ -4093,7 +4324,7 @@ retry:
        if (error)
                return error;
  
@@ -84020,7 +84018,7 @@ index d8ee4da..dc6d6b5 100644
                                        (how & LOOKUP_REVAL));
        error = PTR_ERR(new_dentry);
        if (IS_ERR(new_dentry))
-@@ -4105,11 +4331,26 @@ retry:
+@@ -4105,11 +4336,26 @@ retry:
        error = may_linkat(&old_path);
        if (unlikely(error))
                goto out_dput;
@@ -84047,7 +84045,7 @@ index d8ee4da..dc6d6b5 100644
        done_path_create(&new_path, new_dentry);
        if (delegated_inode) {
                error = break_deleg_wait(&delegated_inode);
-@@ -4424,6 +4665,20 @@ retry_deleg:
+@@ -4424,6 +4670,20 @@ retry_deleg:
        if (new_dentry == trap)
                goto exit5;
  
@@ -84068,7 +84066,7 @@ index d8ee4da..dc6d6b5 100644
        error = security_path_rename(&old_path, old_dentry,
                                     &new_path, new_dentry, flags);
        if (error)
-@@ -4431,6 +4686,9 @@ retry_deleg:
+@@ -4431,6 +4691,9 @@ retry_deleg:
        error = vfs_rename(old_path.dentry->d_inode, old_dentry,
                           new_path.dentry->d_inode, new_dentry,
                           &delegated_inode, flags);
@@ -84078,7 +84076,7 @@ index d8ee4da..dc6d6b5 100644
  exit5:
        dput(new_dentry);
  exit4:
-@@ -4487,14 +4745,24 @@ EXPORT_SYMBOL(vfs_whiteout);
+@@ -4487,14 +4750,24 @@ EXPORT_SYMBOL(vfs_whiteout);
  
  int readlink_copy(char __user *buffer, int buflen, const char *link)
  {
@@ -95954,7 +95952,7 @@ index 0000000..bc0be01
 +}
 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
 new file mode 100644
-index 0000000..aa6fed5
+index 0000000..1964ab1c
 --- /dev/null
 +++ b/grsecurity/grsec_chroot.c
 @@ -0,0 +1,506 @@
@@ -96223,17 +96221,17 @@ index 0000000..aa6fed5
 +      struct path file_path;
 +
 +      if (!grsec_enable_chroot_fchdir)
-+              return 1;
++              return 0;
 +
 +      if (!proc_is_chrooted(current) || dfd == -1 || dfd == AT_FDCWD)
-+              return 1;
++              return 0;
 +
 +      if (flags & LOOKUP_RCU)
 +              return -ECHILD;
 +
 +      f = fdget_raw(dfd);
 +      if (!f.file)
-+              return 1;
++              return 0;
 +
 +      fd_path = f.file->f_path;
 +      path_get(&fd_path);
@@ -96245,11 +96243,11 @@ index 0000000..aa6fed5
 +      if (!gr_is_outside_chroot(u_dentry, u_mnt) && 
!path_is_under(&file_path, &fd_path)) {
 +              path_put(&fd_path);
 +              gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_PATHAT_MSG, 
u_dentry, u_mnt);
-+              return 0;
++              return -ENOENT;
 +      }
 +      path_put(&fd_path);
 +#endif
-+      return 1;
++      return 0;
 +}
 +
 +int

Reply via email to