Author: shadzik Date: Mon Mar 30 03:36:08 2009 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- eh, reverted
---- Files affected:
SOURCES:
kernel-desktop-grsec-minimal.patch (1.8 -> 1.9)
---- Diffs:
================================================================
Index: SOURCES/kernel-desktop-grsec-minimal.patch
diff -u SOURCES/kernel-desktop-grsec-minimal.patch:1.8
SOURCES/kernel-desktop-grsec-minimal.patch:1.9
--- SOURCES/kernel-desktop-grsec-minimal.patch:1.8 Sat Nov 18 02:19:32 2006
+++ SOURCES/kernel-desktop-grsec-minimal.patch Mon Mar 30 05:36:02 2009
@@ -1,28 +1,18 @@
---- linux-2.6.18.orig/Makefile 2006-11-18 01:09:45.000000000 +0000
-+++ linux-2.6.18.grsec-minimal/Makefile 2006-11-18 01:11:02.000000000
+0000
-@@ -552,7 +552,7 @@
-
-
- ifeq ($(KBUILD_EXTMOD),)
--core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
grsecurity/
-
- vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
- $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
---- linux-2.6.18.orig/arch/sparc/Makefile 2006-09-20 03:42:06.000000000
+0000
-+++ linux-2.6.18.grsec-minimal/arch/sparc/Makefile 2006-11-18
01:11:02.000000000 +0000
-@@ -34,7 +34,7 @@
- # Renaming is done to avoid confusing pattern matching rules in 2.5.45
(multy-)
- INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
- CORE_Y := $(core-y)
--CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
grsecurity/
- CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
- DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
- NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
---- linux-2.6.18.orig/drivers/char/keyboard.c 2006-09-20 03:42:06.000000000
+0000
-+++ linux-2.6.18.grsec-minimal/drivers/char/keyboard.c 2006-11-18
01:11:02.000000000 +0000
-@@ -618,6 +618,16 @@
+diff -Nru linux-2.6.29-orig/arch/sparc/Makefile
linux-2.6.29/arch/sparc/Makefile
+--- linux-2.6.29-orig/arch/sparc/Makefile 2009-03-24 00:12:14.000000000
+0100
++++ linux-2.6.29/arch/sparc/Makefile 2009-03-29 23:34:04.446725642 +0200
+@@ -72,6 +72,7 @@
+
+ core-y += arch/sparc/kernel/
+ core-y += arch/sparc/mm/ arch/sparc/math-emu/
++core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
grsecurity/
+
+ libs-y += arch/sparc/prom/
+ libs-y += arch/sparc/lib/
+diff -Nru linux-2.6.29-orig/drivers/char/keyboard.c
linux-2.6.29/drivers/char/keyboard.c
+--- linux-2.6.29-orig/drivers/char/keyboard.c 2009-03-24 00:12:14.000000000
+0100
++++ linux-2.6.29/drivers/char/keyboard.c 2009-03-29 23:34:04.446725642
+0200
+@@ -635,6 +635,16 @@
kbd->kbdmode == VC_MEDIUMRAW) &&
value != KVAL(K_SAK))
return; /* SAK is allowed even in raw mode */
@@ -36,55 +26,47 @@
+ }
+#endif
+
- fn_handler[value](vc, regs);
+ fn_handler[value](vc);
}
---- linux-2.6.18.orig/drivers/pci/proc.c 2006-09-20 03:42:06.000000000
+0000
-+++ linux-2.6.18.grsec-minimal/drivers/pci/proc.c 2006-11-18
01:11:02.000000000 +0000
-@@ -467,7 +467,15 @@
+diff -Nru linux-2.6.29-orig/drivers/pci/proc.c linux-2.6.29/drivers/pci/proc.c
+--- linux-2.6.29-orig/drivers/pci/proc.c 2009-03-24 00:12:14.000000000
+0100
++++ linux-2.6.29/drivers/pci/proc.c 2009-03-29 23:34:04.446725642 +0200
+@@ -480,7 +480,16 @@
+ static int __init pci_proc_init(void)
{
- struct proc_dir_entry *entry;
struct pci_dev *dev = NULL;
++
+#ifdef CONFIG_GRKERNSEC_PROC_ADD
+#ifdef CONFIG_GRKERNSEC_PROC_USER
-+ proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus);
++ proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR | S_IRGRP |
S_IXGRP, proc_bus);
++ proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR |
S_IRGRP | S_IXGRP, NULL);
+#endif
+#else
- proc_bus_pci_dir = proc_mkdir("pci", proc_bus);
+ proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
+#endif
- entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
- if (entry)
- entry->proc_fops = &proc_bus_pci_dev_operations;
---- linux-2.6.18.orig/fs/Kconfig 2006-09-20 03:42:06.000000000 +0000
-+++ linux-2.6.18.grsec-minimal/fs/Kconfig 2006-11-18 01:11:02.000000000
+0000
-@@ -817,7 +817,7 @@
-
- config PROC_KCORE
- bool "/proc/kcore support" if !ARM
-- depends on PROC_FS && MMU
-+ depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
-
- config PROC_VMCORE
- bool "/proc/vmcore support (EXPERIMENTAL)"
---- linux-2.6.18.orig/fs/namei.c 2006-09-20 03:42:06.000000000 +0000
-+++ linux-2.6.18.grsec-minimal/fs/namei.c 2006-11-18 01:11:02.000000000
+0000
+ proc_create("devices", 0, proc_bus_pci_dir,
+ &proc_bus_pci_dev_operations);
+ proc_initialized = 1;
+diff -Nru linux-2.6.29-orig/fs/namei.c linux-2.6.29/fs/namei.c
+--- linux-2.6.29-orig/fs/namei.c 2009-03-24 00:12:14.000000000 +0100
++++ linux-2.6.29/fs/namei.c 2009-03-29 23:34:04.450058682 +0200
@@ -32,6 +32,7 @@
- #include <linux/file.h>
#include <linux/fcntl.h>
- #include <linux/namei.h>
-+#include <linux/grsecurity.h>
- #include <asm/namei.h>
+ #include <linux/device_cgroup.h>
#include <asm/uaccess.h>
++#include <linux/grsecurity.h>
+
+ #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
-@@ -618,6 +619,13 @@
+@@ -653,6 +654,13 @@
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
+
+ if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
-+ path->dentry->d_inode, path->dentry,
nd->mnt)) {
++ path->dentry->d_inode, path->dentry)) {
+ err = -EACCES;
+ goto loop;
+ }
@@ -92,541 +74,346 @@
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1665,6 +1673,13 @@
+@@ -1730,6 +1738,12 @@
/*
* It already exists.
*/
+
-+ if (gr_handle_fifo(path.dentry, nd->mnt, dir, flag, acc_mode)) {
-+ mutex_unlock(&dir->d_inode->i_mutex);
++ if (gr_handle_fifo(path.dentry, dir, flag, acc_mode)) {
+ error = -EACCES;
-+ goto exit_dput;
++ goto exit_mutex_unlock;
+ }
+
mutex_unlock(&dir->d_inode->i_mutex);
- audit_inode_update(path.dentry->d_inode);
+ audit_inode(pathname, path.dentry);
-@@ -1720,6 +1735,13 @@
- error = security_inode_follow_link(path.dentry, nd);
+@@ -1815,6 +1829,13 @@
+ error = security_inode_follow_link(path.dentry, &nd);
if (error)
goto exit_dput;
+
+ if (gr_handle_follow_link(path.dentry->d_parent->d_inode,
path.dentry->d_inode,
-+ path.dentry, nd->mnt)) {
++ path.dentry)) {
+ error = -EACCES;
+ goto exit_dput;
+ }
+
- error = __do_follow_link(&path, nd);
+ error = __do_follow_link(&path, &nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -2281,7 +2303,14 @@
- new_dentry = lookup_create(&nd, 0);
+@@ -2450,6 +2471,13 @@
error = PTR_ERR(new_dentry);
- if (!IS_ERR(new_dentry)) {
-- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
-+ error = 0;
-+ if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
-+ old_nd.dentry->d_inode,
-+ old_nd.dentry->d_inode->i_mode, to))
-+ error = -EPERM;
-+ if (!error)
-+ error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
-+ new_dentry);
- dput(new_dentry);
- }
- mutex_unlock(&nd.dentry->d_inode->i_mutex);
---- linux-2.6.18.orig/fs/proc/array.c 2006-11-18 01:09:47.000000000 +0000
-+++ linux-2.6.18.grsec-minimal/fs/proc/array.c 2006-11-18 01:11:02.000000000
+0000
-@@ -486,3 +486,14 @@
- return sprintf(buffer,"%d %d %d %d %d %d %d\n",
- size, resident, shared, text, lib, data, 0);
+ if (IS_ERR(new_dentry))
+ goto out_unlock;
++
++ if (gr_handle_hardlink(old_path.dentry, old_path.dentry->d_inode,
++ old_path.dentry->d_inode->i_mode, to)) {
++ error = -EACCES;
++ goto out_dput;
++ }
++
+ error = mnt_want_write(nd.path.mnt);
+ if (error)
+ goto out_dput;
+diff -Nru linux-2.6.29-orig/fs/proc/array.c linux-2.6.29/fs/proc/array.c
+--- linux-2.6.29-orig/fs/proc/array.c 2009-03-24 00:12:14.000000000 +0100
++++ linux-2.6.29/fs/proc/array.c 2009-03-29 23:34:04.450058682 +0200
+@@ -529,3 +529,10 @@
+
+ return 0;
}
+
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+int proc_pid_ipaddr(struct task_struct *task, char * buffer)
++int proc_pid_ipaddr(struct task_struct *task, char *buffer)
+{
-+ int len;
-+
-+ len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip));
-+ return len;
++ return sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip));
+}
+#endif
-+
---- linux-2.6.18.orig/fs/proc/base.c 2006-09-20 03:42:06.000000000 +0000
-+++ linux-2.6.18.grsec-minimal/fs/proc/base.c 2006-11-18 01:11:02.000000000
+0000
-@@ -136,6 +136,9 @@
- #ifdef CONFIG_AUDITSYSCALL
- PROC_TGID_LOGINUID,
- #endif
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ PROC_TGID_IPADDR,
-+#endif
- PROC_TGID_OOM_SCORE,
- PROC_TGID_OOM_ADJUST,
- PROC_TID_INO,
-@@ -220,6 +223,9 @@
- E(PROC_TGID_EXE, "exe", S_IFLNK|S_IRWXUGO),
- E(PROC_TGID_MOUNTS, "mounts", S_IFREG|S_IRUGO),
- E(PROC_TGID_MOUNTSTATS, "mountstats", S_IFREG|S_IRUSR),
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ E(PROC_TGID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
-+#endif
- #ifdef CONFIG_MMU
- E(PROC_TGID_SMAPS, "smaps", S_IFREG|S_IRUGO),
- #endif
-@@ -1321,6 +1327,9 @@
- if (task_dumpable(task)) {
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
-+#endif
- }
- security_task_to_inode(task, inode);
+diff -Nru linux-2.6.29-orig/fs/proc/base.c linux-2.6.29/fs/proc/base.c
+--- linux-2.6.29-orig/fs/proc/base.c 2009-03-24 00:12:14.000000000 +0100
++++ linux-2.6.29/fs/proc/base.c 2009-03-29 23:42:59.660794909 +0200
+@@ -80,6 +80,7 @@
+ #include <linux/oom.h>
+ #include <linux/elf.h>
+ #include <linux/pid_namespace.h>
++#include <linux/grsecurity.h>
+ #include "internal.h"
-@@ -1353,11 +1362,30 @@
- {
+ /* NOTE:
+@@ -1473,6 +1474,9 @@
struct inode *inode = dentry->d_inode;
- struct task_struct *task = get_proc_task(inode);
-- if (task) {
+ struct task_struct *task;
+ const struct cred *cred;
+#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ struct task_struct *tmp = current;
++ const struct cred *tmp = current_cred();
+#endif
+
+ generic_fillattr(inode, stat);
+
+@@ -1480,12 +1484,29 @@
+ stat->uid = 0;
+ stat->gid = 0;
+ task = pid_task(proc_pid(inode), PIDTYPE_PID);
+- if (task) {
++ cred = __task_cred(task);
+ if (task
-+ #if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ && (!tmp->uid || (tmp->uid == task->uid)
-+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ && (!tmp->uid || (tmp->uid == cred->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+ #endif
++#endif
+ )
-+ #endif
-+ ) {
++#endif
++ ) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
-+ #ifdef CONFIG_GRKERNSEC_PROC_USER
++#ifdef CONFIG_GRKERNSEC_PROC_USER
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
-+ #elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
-+ #endif
++#endif
task_dumpable(task)) {
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
-+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
-+ #endif
- } else {
- inode->i_uid = 0;
- inode->i_gid = 0;
-@@ -1383,9 +1411,17 @@
- task = pid_task(proc_pid(inode), PIDTYPE_PID);
+- cred = __task_cred(task);
+ stat->uid = cred->euid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ stat->gid = cred->egid;
++#endif
+ }
+ }
+ rcu_read_unlock();
+@@ -1517,11 +1538,20 @@
+
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
+#ifdef CONFIG_GRKERNSEC_PROC_USER
-+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
++ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ (inode->i_mode ==
(S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
++ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
+#endif
task_dumpable(task)) {
- stat->uid = task->euid;
- stat->gid = task->egid;
+ rcu_read_lock();
+ cred = __task_cred(task);
+ inode->i_uid = cred->euid;
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
++ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ inode->i_gid = cred->egid;
+#endif
- }
- }
- rcu_read_unlock();
-@@ -1721,6 +1757,12 @@
- inode->i_fop = &proc_info_file_operations;
- ei->op.proc_read = proc_pid_status;
- break;
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ case PROC_TGID_IPADDR:
-+ inode->i_fop = &proc_info_file_operations;
-+ ei->op.proc_read = proc_pid_ipaddr;
-+ break;
-+#endif
- case PROC_TID_STAT:
- inode->i_fop = &proc_info_file_operations;
- ei->op.proc_read = proc_tid_stat;
-@@ -2061,7 +2103,14 @@
+ rcu_read_unlock();
+ } else {
+ inode->i_uid = 0;
+@@ -1894,12 +1924,19 @@
+ static int proc_fd_permission(struct inode *inode, int mask)
+ {
+ int rv;
++ struct task_struct *task;
+
+ rv = generic_permission(inode, mask, NULL);
+- if (rv == 0)
+- return 0;
++
+ if (task_pid(current) == proc_pid(inode))
+ rv = 0;
++
++ task = get_proc_task(inode);
++ if (task == NULL)
++ return rv;
++
++ put_task_struct(task);
++
+ return rv;
+ }
+
+@@ -2685,7 +2722,14 @@
if (!inode)
- goto out_put_task;
+ goto out;
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
-+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
++ inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
+#else
inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+#endif
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2155,12 +2204,27 @@
- static struct task_struct *first_tgid(int tgid, unsigned int nr)
- {
- struct task_struct *pos;
-+ #if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ struct task_struct *tmp = current;
-+ #endif
- rcu_read_lock();
- if (tgid && nr) {
- pos = find_task_by_pid(tgid);
-+ if (pos
-+ #if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ && (tmp->uid && (pos->uid != tmp->uid)
-+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+ #endif
-+ )
-+ #endif
-+ )
-+ goto not_found;
-+
- if (pos && thread_group_leader(pos))
- goto found;
- }
-+ not_found:
- /* If nr exceeds the number of processes get out quickly */
- pos = NULL;
- if (nr && nr >= nr_processes())
-@@ -2175,6 +2239,16 @@
- pos = NULL;
- goto done;
- }
-+ if (pos
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ && (tmp->uid && (pos->uid != tmp->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ )
-+#endif
-+ )
-+ nr++;
- }
- found:
- get_task_struct(pos);
-@@ -2212,6 +2286,9 @@
+@@ -2792,6 +2836,10 @@
{
- char buf[PROC_NUMBUF];
unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
+ struct task_struct *reaper =
get_proc_task(filp->f_path.dentry->d_inode);
+#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ struct task_struct *tmp = current;
++ const struct cred *tmp = current_cred();
++ const struct cred *itercred;
+#endif
- struct task_struct *task;
- int tgid;
+ struct tgid_iter iter;
+ struct pid_namespace *ns;
-@@ -2234,6 +2311,17 @@
- task = next_tgid(task), filp->f_pos++) {
- int len;
- ino_t ino;
-+
+@@ -2810,6 +2858,18 @@
+ for (iter = next_tgid(ns, iter);
+ iter.task;
+ iter.tgid += 1, iter = next_tgid(ns, iter)) {
+#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (tmp->uid && (task->uid != tmp->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++ itercred = __task_cred(iter.task);
+#endif
-+ ) {
-+ continue;
-+ }
++#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ if (tmp->uid && (itercred->uid != tmp->uid)
++ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++ #endif
++ )
+#endif
++ continue;
+
- tgid = task->pid;
- len = snprintf(buf, sizeof(buf), "%d", tgid);
- ino = fake_ino(tgid, PROC_TGID_INO);
---- linux-2.6.18.orig/fs/proc/inode.c 2006-09-20 03:42:06.000000000 +0000
-+++ linux-2.6.18.grsec-minimal/fs/proc/inode.c 2006-11-18 01:11:02.000000000
+0000
-@@ -166,7 +166,11 @@
- if (de->mode) {
- inode->i_mode = de->mode;
- inode->i_uid = de->uid;
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
-+#else
- inode->i_gid = de->gid;
-+#endif
- }
- if (de->size)
- inode->i_size = de->size;
---- linux-2.6.18.orig/fs/proc/internal.h 2006-09-20 03:42:06.000000000
+0000
-+++ linux-2.6.18.grsec-minimal/fs/proc/internal.h 2006-11-18
01:11:02.000000000 +0000
-@@ -36,6 +36,9 @@
- extern int proc_tgid_stat(struct task_struct *, char *);
- extern int proc_pid_status(struct task_struct *, char *);
- extern int proc_pid_statm(struct task_struct *, char *);
+ filp->f_pos = iter.tgid + TGID_OFFSET;
+ if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
+ put_task_struct(iter.task);
+@@ -2891,6 +2951,9 @@
+ #ifdef CONFIG_TASK_IO_ACCOUNTING
+ INF("io", S_IRUGO, proc_tid_io_accounting),
+ #endif
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+extern int proc_pid_ipaddr(struct task_struct*,char*);
++ INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
+#endif
+ };
+
+ static int proc_tid_base_readdir(struct file * filp,
+diff -Nru linux-2.6.29-orig/fs/proc/cmdline.c linux-2.6.29/fs/proc/cmdline.c
+--- linux-2.6.29-orig/fs/proc/cmdline.c 2009-03-24 00:12:14.000000000
+0100
++++ linux-2.6.29/fs/proc/cmdline.c 2009-03-29 23:34:04.452349599 +0200
+@@ -23,7 +23,15 @@
- extern struct file_operations proc_maps_operations;
- extern struct file_operations proc_numa_maps_operations;
---- linux-2.6.18.orig/fs/proc/proc_misc.c 2006-09-20 03:42:06.000000000
+0000
-+++ linux-2.6.18.grsec-minimal/fs/proc/proc_misc.c 2006-11-18
01:11:02.000000000 +0000
-@@ -655,6 +655,10 @@
- void __init proc_misc_init(void)
+ static int __init proc_cmdline_init(void)
{
- struct proc_dir_entry *entry;
-+#ifdef CONFIG_GRKERNSEC_PROC
+- proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
+ int gr_mode = 0;
-+#endif
-+
- static struct {
- char *name;
- int (*read_proc)(char*,char**,off_t,int,int*,void*);
-@@ -670,7 +674,9 @@
- {"stram", stram_read_proc},
- #endif
- {"filesystems", filesystems_read_proc},
-+#ifndef CONFIG_GRKERNSEC_PROC_ADD
- {"cmdline", cmdline_read_proc},
-+#endif
- {"locks", locks_read_proc},
- {"execdomains", execdomains_read_proc},
- {NULL,}
-@@ -678,19 +684,37 @@
- for (p = simple_ones; p->name; p++)
- create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
-
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ gr_mode = S_IRUSR;
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ gr_mode = S_IRUSR | S_IRGRP;
+#endif
+#ifdef CONFIG_GRKERNSEC_PROC_ADD
-+ create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc,
NULL);
++ proc_create("cmdline", gr_mode, NULL, &cmdline_proc_fops);
+#endif
-+
- proc_symlink("mounts", NULL, "self/mounts");
-
- /* And now for trickier ones */
- entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
- if (entry)
- entry->proc_fops = &proc_kmsg_operations;
-+
-+#ifdef CONFIG_GRKERNSEC_PROC_ADD
-+ create_seq_entry("devices", gr_mode, &proc_devinfo_operations);
-+#else
- create_seq_entry("devices", 0, &proc_devinfo_operations);
-+#endif
- create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
- create_seq_entry("partitions", 0, &proc_partitions_operations);
- create_seq_entry("stat", 0, &proc_stat_operations);
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-desktop-grsec-minimal.patch?r1=1.8&r2=1.9&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
