Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-09-20 15:18:42 -0400
committerAnthony G. Basile <blueness@gentoo.org>2015-09-20 15:18:42 -0400
commit8625ea5b47f8eb2b6e622750fc667ce13bd199b0 (patch)
tree7f9d8158ec2bd2220bcff459b1c05d8ce0a5d374
parentEOL: 3.2 and 3.14 series. (diff)
downloadhardened-patchset-8625ea5b47f8eb2b6e622750fc667ce13bd199b0.tar.gz
hardened-patchset-8625ea5b47f8eb2b6e622750fc667ce13bd199b0.tar.bz2
hardened-patchset-8625ea5b47f8eb2b6e622750fc667ce13bd199b0.zip
grsecurity-3.1-4.1.7-20150920114920150920
Diffstat
-rw-r--r--4.1.7/0000_README2
-rw-r--r--4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch (renamed from 4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch)33
2 files changed, 19 insertions, 16 deletions
diff --git a/4.1.7/0000_README b/4.1.7/0000_README
index a82b514..29c7482 100644
--- a/4.1.7/0000_README
+++ b/4.1.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.1.7-201509131604.patch
+Patch: 4420_grsecurity-3.1-4.1.7-201509201149.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch b/4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch
index eb11268..4694239 100644
--- a/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
+++ b/4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch
@@ -72155,7 +72155,7 @@ index 4c55668..eeae150 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex))
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index cd46e41..244f778 100644
+index cd46e41..d67c3df 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -35,6 +35,7 @@
@@ -72998,7 +72998,7 @@ index cd46e41..244f778 100644
+ if (dyn.d_tag == DT_NULL)
+ break;
+ if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
-+ gr_log_textrel(vma);
++ gr_log_textrel(vma, is_textrel_rw);
+ if (is_textrel_rw)
+ vma->vm_flags |= VM_MAYWRITE;
+ else
@@ -91727,10 +91727,10 @@ index 0000000..8ef2b75
+}
diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c
new file mode 100644
-index 0000000..dbe0a6b
+index 0000000..0eac5aa
--- /dev/null
+++ b/grsecurity/grsec_log.c
-@@ -0,0 +1,341 @@
+@@ -0,0 +1,342 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -91968,10 +91968,11 @@ index 0000000..dbe0a6b
+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
+ break;
+ case GR_TEXTREL:
++ str1 = va_arg(ap, char *);
+ file = va_arg(ap, struct file *);
+ ulong1 = va_arg(ap, unsigned long);
+ ulong2 = va_arg(ap, unsigned long);
-+ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
++ gr_log_middle_varargs(audit, msg, str1, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
+ break;
+ case GR_PTRACE:
+ task = va_arg(ap, struct task_struct *);
@@ -92199,10 +92200,10 @@ index 0000000..fe02bf4
+}
diff --git a/grsecurity/grsec_pax.c b/grsecurity/grsec_pax.c
new file mode 100644
-index 0000000..6ee9d50
+index 0000000..2ad7b96
--- /dev/null
+++ b/grsecurity/grsec_pax.c
-@@ -0,0 +1,45 @@
+@@ -0,0 +1,47 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -92211,11 +92212,13 @@ index 0000000..6ee9d50
+#include <linux/grsecurity.h>
+
+void
-+gr_log_textrel(struct vm_area_struct * vma)
++gr_log_textrel(struct vm_area_struct * vma, bool is_textrel_rw)
+{
+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
+ if (grsec_enable_log_rwxmaps)
-+ gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
++ gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG,
++ is_textrel_rw ? "executable to writable" : "writable to executable",
++ vma->vm_file, vma->vm_start, vma->vm_pgoff);
+#endif
+ return;
+}
@@ -96465,7 +96468,7 @@ index 0000000..be66033
+#endif
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
new file mode 100644
-index 0000000..fb1de5d
+index 0000000..6245f9e
--- /dev/null
+++ b/include/linux/grinternal.h
@@ -0,0 +1,230 @@
@@ -96682,7 +96685,7 @@ index 0000000..fb1de5d
+#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
+#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
+#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
-+#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
++#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2)
+#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
+#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
+#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
@@ -96701,7 +96704,7 @@ index 0000000..fb1de5d
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..26ef560
+index 0000000..3092b3c
--- /dev/null
+++ b/include/linux/grmsg.h
@@ -0,0 +1,118 @@
@@ -96811,7 +96814,7 @@ index 0000000..26ef560
+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
+#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
+#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
-+#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "
++#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by "
+#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
+#define GR_VM86_MSG "denied use of vm86 by "
+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
@@ -96825,7 +96828,7 @@ index 0000000..26ef560
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..085a746
+index 0000000..ae28a25
--- /dev/null
+++ b/include/linux/grsecurity.h
@@ -0,0 +1,247 @@
@@ -96916,7 +96919,7 @@ index 0000000..085a746
+void gr_log_remount(const char *devname, const int retval);
+void gr_log_unmount(const char *devname, const int retval);
+void gr_log_mount(const char *from, struct path *to, const int retval);
-+void gr_log_textrel(struct vm_area_struct *vma);
++void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw);
+void gr_log_ptgnustack(struct file *file);
+void gr_log_rwxmmap(struct file *file);
+void gr_log_rwxmprotect(struct vm_area_struct *vma);