summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2011-06-24 05:27:45 -0400
committerAnthony G. Basile <blueness@gentoo.org>2011-06-24 05:27:45 -0400
commitc6baa98827887160c887934436bcceb3509d73fb (patch)
treed1b74cbdec040d7e7a7e3bca769f8b38769bb6ec
parentUpdate Grsec/PaX (diff)
downloadhardened-patchset-c6baa98827887160c887934436bcceb3509d73fb.tar.gz
hardened-patchset-c6baa98827887160c887934436bcceb3509d73fb.tar.bz2
hardened-patchset-c6baa98827887160c887934436bcceb3509d73fb.zip
Update Grsec/PaX20110621
2.2.2-2.6.32.41-201106211740 2.2.2-2.6.39.1-201106211740
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106211740.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch)98
-rw-r--r--2.6.39/0000_README2
-rw-r--r--2.6.39/4420_grsecurity-2.2.2-2.6.39.1-201106211740.patch (renamed from 2.6.39/4420_grsecurity-2.2.2-2.6.39.1-201106132135.patch)110
4 files changed, 198 insertions, 14 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 1b0ab21..e76ec00 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.41-201106211740.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106211740.patch
index 69e5b91..496711d 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106211740.patch
@@ -27407,6 +27407,27 @@ diff -urNp linux-2.6.32.41/drivers/char/vt_ioctl.c linux-2.6.32.41/drivers/char/
if (!perm) {
ret = -EPERM;
goto reterr;
+diff -urNp linux-2.6.32.41/drivers/connector/Kconfig linux-2.6.32.41/drivers/connector/Kconfig
+--- linux-2.6.32.41/drivers/connector/Kconfig 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.41/drivers/connector/Kconfig 2011-06-20 17:54:56.000000000 -0400
+@@ -1,7 +1,7 @@
+
+ menuconfig CONNECTOR
+ tristate "Connector - unified userspace <-> kernelspace linker"
+- depends on NET
++ depends on NET && !GRKERNSEC
+ ---help---
+ This is unified userspace <-> kernelspace connector working on top
+ of the netlink socket protocol.
+@@ -13,7 +13,7 @@ if CONNECTOR
+
+ config PROC_EVENTS
+ boolean "Report process events to userspace"
+- depends on CONNECTOR=y
++ depends on CONNECTOR=y && !GRKERNSEC
+ default y
+ ---help---
+ Provide a connector that reports process events to userspace. Send
diff -urNp linux-2.6.32.41/drivers/cpufreq/cpufreq.c linux-2.6.32.41/drivers/cpufreq/cpufreq.c
--- linux-2.6.32.41/drivers/cpufreq/cpufreq.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.41/drivers/cpufreq/cpufreq.c 2011-04-17 15:56:46.000000000 -0400
@@ -49485,7 +49506,7 @@ diff -urNp linux-2.6.32.41/grsecurity/grsec_chdir.c linux-2.6.32.41/grsecurity/g
+}
diff -urNp linux-2.6.32.41/grsecurity/grsec_chroot.c linux-2.6.32.41/grsecurity/grsec_chroot.c
--- linux-2.6.32.41/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.41/grsecurity/grsec_chroot.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.41/grsecurity/grsec_chroot.c 2011-06-20 19:44:00.000000000 -0400
@@ -0,0 +1,395 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
@@ -49781,7 +49802,7 @@ diff -urNp linux-2.6.32.41/grsecurity/grsec_chroot.c linux-2.6.32.41/grsecurity/
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
+ if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
-+ gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
++ gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name ? dev_name : "none" , dentry, mnt);
+ return -EPERM;
+ }
+#endif
@@ -51214,7 +51235,7 @@ diff -urNp linux-2.6.32.41/grsecurity/grsec_mem.c linux-2.6.32.41/grsecurity/grs
+}
diff -urNp linux-2.6.32.41/grsecurity/grsec_mount.c linux-2.6.32.41/grsecurity/grsec_mount.c
--- linux-2.6.32.41/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.41/grsecurity/grsec_mount.c 2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.41/grsecurity/grsec_mount.c 2011-06-20 19:47:03.000000000 -0400
@@ -0,0 +1,62 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -51247,7 +51268,7 @@ diff -urNp linux-2.6.32.41/grsecurity/grsec_mount.c linux-2.6.32.41/grsecurity/g
+{
+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
+ if (grsec_enable_mount && (retval >= 0))
-+ gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
++ gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from ? from : "none", to);
+#endif
+ return;
+}
@@ -63348,6 +63369,22 @@ diff -urNp linux-2.6.32.41/mm/kmemleak.c linux-2.6.32.41/mm/kmemleak.c
}
}
+diff -urNp linux-2.6.32.41/mm/ksm.c linux-2.6.32.41/mm/ksm.c
+--- linux-2.6.32.41/mm/ksm.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.41/mm/ksm.c 2011-06-20 19:38:36.000000000 -0400
+@@ -1215,6 +1215,12 @@ static struct rmap_item *scan_get_next_r
+ slot = list_entry(slot->mm_list.next, struct mm_slot, mm_list);
+ ksm_scan.mm_slot = slot;
+ spin_unlock(&ksm_mmlist_lock);
++ /*
++ * Although we tested list_empty() above, a racing __ksm_exit
++ * of the last mm on the list may have removed it since then.
++ */
++ if (slot == &ksm_mm_head)
++ return NULL;
+ next_mm:
+ ksm_scan.address = 0;
+ ksm_scan.rmap_item = list_entry(&slot->rmap_list,
diff -urNp linux-2.6.32.41/mm/maccess.c linux-2.6.32.41/mm/maccess.c
--- linux-2.6.32.41/mm/maccess.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.41/mm/maccess.c 2011-04-17 15:56:46.000000000 -0400
@@ -67384,7 +67421,7 @@ diff -urNp linux-2.6.32.41/net/ieee802154/raw.c linux-2.6.32.41/net/ieee802154/r
}
diff -urNp linux-2.6.32.41/net/ipv4/inet_diag.c linux-2.6.32.41/net/ipv4/inet_diag.c
--- linux-2.6.32.41/net/ipv4/inet_diag.c 2011-04-17 17:00:52.000000000 -0400
-+++ linux-2.6.32.41/net/ipv4/inet_diag.c 2011-04-17 17:04:18.000000000 -0400
++++ linux-2.6.32.41/net/ipv4/inet_diag.c 2011-06-20 19:31:13.000000000 -0400
@@ -113,8 +113,13 @@ static int inet_csk_diag_fill(struct soc
r->idiag_retrans = 0;
@@ -67430,7 +67467,56 @@ diff -urNp linux-2.6.32.41/net/ipv4/inet_diag.c linux-2.6.32.41/net/ipv4/inet_di
err = -ENOMEM;
rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
-@@ -581,8 +595,14 @@ static int inet_diag_fill_req(struct sk_
+@@ -436,7 +450,7 @@ static int valid_cc(const void *bc, int
+ return 0;
+ if (cc == len)
+ return 1;
+- if (op->yes < 4)
++ if (op->yes < 4 || op->yes & 3)
+ return 0;
+ len -= op->yes;
+ bc += op->yes;
+@@ -446,11 +460,11 @@ static int valid_cc(const void *bc, int
+
+ static int inet_diag_bc_audit(const void *bytecode, int bytecode_len)
+ {
+- const unsigned char *bc = bytecode;
++ const void *bc = bytecode;
+ int len = bytecode_len;
+
+ while (len > 0) {
+- struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)bc;
++ const struct inet_diag_bc_op *op = bc;
+
+ //printk("BC: %d %d %d {%d} / %d\n", op->code, op->yes, op->no, op[1].no, len);
+ switch (op->code) {
+@@ -461,22 +475,20 @@ static int inet_diag_bc_audit(const void
+ case INET_DIAG_BC_S_LE:
+ case INET_DIAG_BC_D_GE:
+ case INET_DIAG_BC_D_LE:
+- if (op->yes < 4 || op->yes > len + 4)
+- return -EINVAL;
+ case INET_DIAG_BC_JMP:
+- if (op->no < 4 || op->no > len + 4)
++ if (op->no < 4 || op->no > len + 4 || op->no & 3)
+ return -EINVAL;
+ if (op->no < len &&
+ !valid_cc(bytecode, bytecode_len, len - op->no))
+ return -EINVAL;
+ break;
+ case INET_DIAG_BC_NOP:
+- if (op->yes < 4 || op->yes > len + 4)
+- return -EINVAL;
+ break;
+ default:
+ return -EINVAL;
+ }
++ if (op->yes < 4 || op->yes > len + 4 || op->yes & 3)
++ return -EINVAL;
+ bc += op->yes;
+ len -= op->yes;
+ }
+@@ -581,8 +593,14 @@ static int inet_diag_fill_req(struct sk_
r->idiag_retrans = req->retrans;
r->id.idiag_if = sk->sk_bound_dev_if;
diff --git a/2.6.39/0000_README b/2.6.39/0000_README
index f82a66c..ccb6a00 100644
--- a/2.6.39/0000_README
+++ b/2.6.39/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.39.1-201106132135.patch
+Patch: 4420_grsecurity-2.2.2-2.6.39.1-201106211740.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.1-201106132135.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.1-201106211740.patch
index 9d35972..5a34c16 100644
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.1-201106132135.patch
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.1-201106211740.patch
@@ -28599,6 +28599,27 @@ diff -urNp linux-2.6.39.1/drivers/char/xilinx_hwicap/xilinx_hwicap.c linux-2.6.3
.get_configuration = fifo_icap_get_configuration,
.set_configuration = fifo_icap_set_configuration,
.get_status = fifo_icap_get_status,
+diff -urNp linux-2.6.39.1/drivers/connector/Kconfig linux-2.6.39.1/drivers/connector/Kconfig
+--- linux-2.6.39.1/drivers/connector/Kconfig 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.1/drivers/connector/Kconfig 2011-06-20 17:54:16.000000000 -0400
+@@ -1,7 +1,7 @@
+
+ menuconfig CONNECTOR
+ tristate "Connector - unified userspace <-> kernelspace linker"
+- depends on NET
++ depends on NET && !GRKERNSEC
+ ---help---
+ This is unified userspace <-> kernelspace connector working on top
+ of the netlink socket protocol.
+@@ -13,7 +13,7 @@ if CONNECTOR
+
+ config PROC_EVENTS
+ boolean "Report process events to userspace"
+- depends on CONNECTOR=y
++ depends on CONNECTOR=y && !GRKERNSEC
+ default y
+ ---help---
+ Provide a connector that reports process events to userspace. Send
diff -urNp linux-2.6.39.1/drivers/crypto/hifn_795x.c linux-2.6.39.1/drivers/crypto/hifn_795x.c
--- linux-2.6.39.1/drivers/crypto/hifn_795x.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.1/drivers/crypto/hifn_795x.c 2011-05-22 19:36:31.000000000 -0400
@@ -57150,7 +57171,7 @@ diff -urNp linux-2.6.39.1/grsecurity/grsec_chdir.c linux-2.6.39.1/grsecurity/grs
+}
diff -urNp linux-2.6.39.1/grsecurity/grsec_chroot.c linux-2.6.39.1/grsecurity/grsec_chroot.c
--- linux-2.6.39.1/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.1/grsecurity/grsec_chroot.c 2011-05-22 19:41:42.000000000 -0400
++++ linux-2.6.39.1/grsecurity/grsec_chroot.c 2011-06-20 19:44:48.000000000 -0400
@@ -0,0 +1,355 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
@@ -57406,7 +57427,7 @@ diff -urNp linux-2.6.39.1/grsecurity/grsec_chroot.c linux-2.6.39.1/grsecurity/gr
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
+ if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
-+ gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
++ gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name ? dev_name : "none", dentry, mnt);
+ return -EPERM;
+ }
+#endif
@@ -58836,7 +58857,7 @@ diff -urNp linux-2.6.39.1/grsecurity/grsec_mem.c linux-2.6.39.1/grsecurity/grsec
+}
diff -urNp linux-2.6.39.1/grsecurity/grsec_mount.c linux-2.6.39.1/grsecurity/grsec_mount.c
--- linux-2.6.39.1/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.1/grsecurity/grsec_mount.c 2011-05-22 19:41:42.000000000 -0400
++++ linux-2.6.39.1/grsecurity/grsec_mount.c 2011-06-20 19:46:18.000000000 -0400
@@ -0,0 +1,62 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -58869,7 +58890,7 @@ diff -urNp linux-2.6.39.1/grsecurity/grsec_mount.c linux-2.6.39.1/grsecurity/grs
+{
+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
+ if (grsec_enable_mount && (retval >= 0))
-+ gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
++ gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from ? from : "none", to);
+#endif
+ return;
+}
@@ -71672,6 +71693,22 @@ diff -urNp linux-2.6.39.1/mm/kmemleak.c linux-2.6.39.1/mm/kmemleak.c
}
}
+diff -urNp linux-2.6.39.1/mm/ksm.c linux-2.6.39.1/mm/ksm.c
+--- linux-2.6.39.1/mm/ksm.c 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.1/mm/ksm.c 2011-06-20 19:42:16.000000000 -0400
+@@ -1301,6 +1301,12 @@ static struct rmap_item *scan_get_next_r
+ slot = list_entry(slot->mm_list.next, struct mm_slot, mm_list);
+ ksm_scan.mm_slot = slot;
+ spin_unlock(&ksm_mmlist_lock);
++ /*
++ * Although we tested list_empty() above, a racing __ksm_exit
++ * of the last mm on the list may have removed it since then.
++ */
++ if (slot == &ksm_mm_head)
++ return NULL;
+ next_mm:
+ ksm_scan.address = 0;
+ ksm_scan.rmap_list = &slot->rmap_list;
diff -urNp linux-2.6.39.1/mm/maccess.c linux-2.6.39.1/mm/maccess.c
--- linux-2.6.39.1/mm/maccess.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.1/mm/maccess.c 2011-05-22 19:36:33.000000000 -0400
@@ -76261,7 +76298,7 @@ diff -urNp linux-2.6.39.1/net/ipv4/fib_semantics.c linux-2.6.39.1/net/ipv4/fib_s
}
diff -urNp linux-2.6.39.1/net/ipv4/inet_diag.c linux-2.6.39.1/net/ipv4/inet_diag.c
--- linux-2.6.39.1/net/ipv4/inet_diag.c 2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39.1/net/ipv4/inet_diag.c 2011-05-22 19:41:42.000000000 -0400
++++ linux-2.6.39.1/net/ipv4/inet_diag.c 2011-06-20 19:27:58.000000000 -0400
@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct soc
r->idiag_retrans = 0;
@@ -76308,7 +76345,56 @@ diff -urNp linux-2.6.39.1/net/ipv4/inet_diag.c linux-2.6.39.1/net/ipv4/inet_diag
err = -ENOMEM;
rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
-@@ -582,8 +597,14 @@ static int inet_diag_fill_req(struct sk_
+@@ -437,7 +452,7 @@ static int valid_cc(const void *bc, int
+ return 0;
+ if (cc == len)
+ return 1;
+- if (op->yes < 4)
++ if (op->yes < 4 || op->yes & 3)
+ return 0;
+ len -= op->yes;
+ bc += op->yes;
+@@ -447,11 +462,11 @@ static int valid_cc(const void *bc, int
+
+ static int inet_diag_bc_audit(const void *bytecode, int bytecode_len)
+ {
+- const unsigned char *bc = bytecode;
++ const void *bc = bytecode;
+ int len = bytecode_len;
+
+ while (len > 0) {
+- struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)bc;
++ const struct inet_diag_bc_op *op = bc;
+
+ //printk("BC: %d %d %d {%d} / %d\n", op->code, op->yes, op->no, op[1].no, len);
+ switch (op->code) {
+@@ -462,22 +477,20 @@ static int inet_diag_bc_audit(const void
+ case INET_DIAG_BC_S_LE:
+ case INET_DIAG_BC_D_GE:
+ case INET_DIAG_BC_D_LE:
+- if (op->yes < 4 || op->yes > len + 4)
+- return -EINVAL;
+ case INET_DIAG_BC_JMP:
+- if (op->no < 4 || op->no > len + 4)
++ if (op->no < 4 || op->no > len + 4 || op->no & 3)
+ return -EINVAL;
+ if (op->no < len &&
+ !valid_cc(bytecode, bytecode_len, len - op->no))
+ return -EINVAL;
+ break;
+ case INET_DIAG_BC_NOP:
+- if (op->yes < 4 || op->yes > len + 4)
+- return -EINVAL;
+ break;
+ default:
+ return -EINVAL;
+ }
++ if (op->yes < 4 || op->yes > len + 4 || op->yes & 3)
++ return -EINVAL;
+ bc += op->yes;
+ len -= op->yes;
+ }
+@@ -582,8 +595,14 @@ static int inet_diag_fill_req(struct sk_
r->idiag_retrans = req->retrans;
r->id.idiag_if = sk->sk_bound_dev_if;
@@ -80166,6 +80252,18 @@ diff -urNp linux-2.6.39.1/security/smack/smack_lsm.c linux-2.6.39.1/security/sma
.name = "smack",
.ptrace_access_check = smack_ptrace_access_check,
+diff -urNp linux-2.6.39.1/security/tomoyo/mount.c linux-2.6.39.1/security/tomoyo/mount.c
+--- linux-2.6.39.1/security/tomoyo/mount.c 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.1/security/tomoyo/mount.c 2011-06-20 19:40:22.000000000 -0400
+@@ -138,7 +138,7 @@ static int tomoyo_mount_acl(struct tomoy
+ }
+ if (need_dev) {
+ /* Get mount point or device file. */
+- if (kern_path(dev_name, LOOKUP_FOLLOW, &path)) {
++ if (!dev_name || kern_path(dev_name, LOOKUP_FOLLOW, &path)) {
+ error = -ENOENT;
+ goto out;
+ }
diff -urNp linux-2.6.39.1/security/tomoyo/tomoyo.c linux-2.6.39.1/security/tomoyo/tomoyo.c
--- linux-2.6.39.1/security/tomoyo/tomoyo.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.1/security/tomoyo/tomoyo.c 2011-05-22 19:36:35.000000000 -0400