SOURCES (LINUX_2_6): linux-2.6-grsec-common.patch - updated for 2.6.27.4

zbyniu Tue, 28 Oct 2008 14:09:37 -0700

Author: zbyniu                       Date: Tue Oct 28 21:09:27 2008 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- updated for 2.6.27.4


---- Files affected:
SOURCES:
   linux-2.6-grsec-common.patch (1.1.2.2.2.8 -> 1.1.2.2.2.9) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec-common.patch
diff -u SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.8 
SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.9
--- SOURCES/linux-2.6-grsec-common.patch:1.1.2.2.2.8    Mon Sep  8 21:55:15 2008
+++ SOURCES/linux-2.6-grsec-common.patch        Tue Oct 28 22:09:21 2008
@@ -33,7 +33,7 @@
  {
 +      if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
 +              return 0;
-       if ((security_capable(current, cap) == 0) && gr_is_capable_nolog(cap)) {
+       if (has_capability(current, cap) && gr_is_capable_nolog(cap)) {
                current->flags |= PF_SUPERPRIV;
                return 1;
 ===
@@ -67,18 +67,24 @@
        return 0;
  }
  
---- i/grsecurity/gracl_shm.c~  2008-09-08 17:28:55.000000000 +0200
-+++ i/grsecurity/gracl_shm.c   2008-09-08 17:29:39.004293022 +0200
-@@ -17,10 +17,10 @@
-       if (!gr_acl_is_enabled())
-               return 1;
- 
--      task = find_task_by_pid(shm_cprid);
-+      task = find_task_by_real_pid(shm_cprid);
+===
+=== vserver hooks in cap_capable_nolog
+===
+--- i/security/commoncap.c1    2008-10-28 21:28:07.873037469 +0100
++++ i/security/commoncap.c     2008-10-28 21:36:20.429660261 +0100
+@@ -76,8 +76,14 @@ int cap_capable (struct task_struct *tsk
  
-       if (unlikely(!task))
--              task = find_task_by_pid(shm_lapid);
-+              task = find_task_by_real_pid(shm_lapid);
+ int cap_capable_nolog (struct task_struct *tsk, int cap)
+ {
++      struct vx_info *vxi = tsk->vx_info;
++      /* special case SETUP */  /* co to jest? - zbyniu */
++      if (vx_info_flags(vxi, VXF_STATE_SETUP, 0) &&
++              cap_raised(tsk->cap_effective, cap))
++              return 0;
++
+       /* tsk = current for all callers */
+-      if (cap_raised(tsk->cap_effective, cap) && gr_is_capable_nolog(cap))
++      if (vx_cap_raised(vxi, tsk->cap_effective, cap) && 
gr_is_capable_nolog(cap))
+               return 0;
  
-       if (unlikely(task && (time_before_eq((unsigned 
long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
-                             (task->pid == shm_lapid)) &&
+       return -EPERM;
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec-common.patch?r1=1.1.2.2.2.8&r2=1.1.2.2.2.9&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

SOURCES (LINUX_2_6): linux-2.6-grsec-common.patch - updated for 2.6.27.4

Reply via email to