diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-09-26 16:03:27 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-09-26 16:03:27 -0400 |
commit | e9e183a63e0e7ff5a02bf1d7feb68573b8c82276 (patch) | |
tree | 794a2409ec8e16487a8df5c27e614f097edbc635 | |
parent | Grsec/PaX: 2.2.2-2.6.32.46-201109240842 + 2.2.2-3.0.4-201109240842 (diff) | |
download | hardened-patchset-e9e183a63e0e7ff5a02bf1d7feb68573b8c82276.tar.gz hardened-patchset-e9e183a63e0e7ff5a02bf1d7feb68573b8c82276.tar.bz2 hardened-patchset-e9e183a63e0e7ff5a02bf1d7feb68573b8c82276.zip |
Grsec/PaX: 2.2.2-2.6.32.46-201109261052 + 2.2.2-3.0.4-201109261052.patch20110926
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch) | 62 | ||||
-rw-r--r-- | 3.0.4/0000_README | 2 | ||||
-rw-r--r-- | 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch (renamed from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch) | 62 |
4 files changed, 98 insertions, 30 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index e3aa423..4cb87d7 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch index 0d9b6ae..bab9029 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch @@ -56495,8 +56495,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_link.c linux-2.6.32.46/grsecurity/gr +} diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grsec_log.c --- linux-2.6.32.46/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-14 23:16:01.000000000 -0400 -@@ -0,0 +1,313 @@ ++++ linux-2.6.32.46/grsecurity/grsec_log.c 2011-09-26 10:44:49.000000000 -0400 +@@ -0,0 +1,315 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -56549,6 +56549,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; ++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0) + unsigned long curr_secs = get_seconds(); + + if (audit == GR_DO_AUDIT) @@ -56557,18 +56558,19 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs + if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { + grsec_alert_wtime = curr_secs; + grsec_alert_fyet = 0; -+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { -+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) { -+ grsec_alert_fyet++; -+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { -+ grsec_alert_wtime = curr_secs; -+ grsec_alert_fyet++; -+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); -+ return FLOODING; -+ } -+ } else return FLOODING; ++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME) ++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { ++ grsec_alert_fyet++; ++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { ++ grsec_alert_wtime = curr_secs; ++ grsec_alert_fyet++; ++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); ++ return FLOODING; ++ } ++ else return FLOODING; + +set_fmt: ++#endif + memset(buf, 0, PAGE_SIZE); + if (current->signal->curr_ip && gr_acl_is_enabled()) { + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) "); @@ -73053,7 +73055,7 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c --- linux-2.6.32.46/mm/slub.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.46/mm/slub.c 2011-09-24 08:36:34.000000000 -0400 ++++ linux-2.6.32.46/mm/slub.c 2011-09-25 22:23:01.000000000 -0400 @@ -201,7 +201,7 @@ struct track { enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -73258,7 +73260,39 @@ diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c .filter = uevent_filter, }; -@@ -4785,7 +4824,13 @@ static const struct file_operations proc +@@ -4564,6 +4603,7 @@ static char *create_unique_id(struct kme + return name; + } + ++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD) + static int sysfs_slab_add(struct kmem_cache *s) + { + int err; +@@ -4619,6 +4659,7 @@ static void sysfs_slab_remove(struct kme + kobject_del(&s->kobj); + kobject_put(&s->kobj); + } ++#endif + + /* + * Need to buffer aliases during bootup until sysfs becomes +@@ -4632,6 +4673,7 @@ struct saved_alias { + + static struct saved_alias *alias_list; + ++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD) + static int sysfs_slab_alias(struct kmem_cache *s, const char *name) + { + struct saved_alias *al; +@@ -4654,6 +4696,7 @@ static int sysfs_slab_alias(struct kmem_ + alias_list = al; + return 0; + } ++#endif + + static int __init slab_sysfs_init(void) + { +@@ -4785,7 +4828,13 @@ static const struct file_operations proc static int __init slab_proc_init(void) { diff --git a/3.0.4/0000_README b/3.0.4/0000_README index 6cdadcb..5afed8c 100644 --- a/3.0.4/0000_README +++ b/3.0.4/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-3.0.4-201109240842.patch +Patch: 4420_grsecurity-2.2.2-3.0.4-201109261052.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch index 5e86d2b..cce98cf 100644 --- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch +++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch @@ -51655,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link +} diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c --- linux-3.0.4/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-14 23:17:55.000000000 -0400 -@@ -0,0 +1,313 @@ ++++ linux-3.0.4/grsecurity/grsec_log.c 2011-09-26 10:46:21.000000000 -0400 +@@ -0,0 +1,315 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -51709,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; ++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0) + unsigned long curr_secs = get_seconds(); + + if (audit == GR_DO_AUDIT) @@ -51717,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c + if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { + grsec_alert_wtime = curr_secs; + grsec_alert_fyet = 0; -+ } else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) { -+ if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) { -+ grsec_alert_fyet++; -+ } else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { -+ grsec_alert_wtime = curr_secs; -+ grsec_alert_fyet++; -+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); -+ return FLOODING; -+ } -+ } else return FLOODING; ++ } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME) ++ && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { ++ grsec_alert_fyet++; ++ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { ++ grsec_alert_wtime = curr_secs; ++ grsec_alert_fyet++; ++ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); ++ return FLOODING; ++ } ++ else return FLOODING; + +set_fmt: ++#endif + memset(buf, 0, PAGE_SIZE); + if (current->signal->curr_ip && gr_acl_is_enabled()) { + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) "); @@ -67506,7 +67508,7 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c --- linux-3.0.4/mm/slub.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/mm/slub.c 2011-09-24 08:37:26.000000000 -0400 ++++ linux-3.0.4/mm/slub.c 2011-09-25 22:15:40.000000000 -0400 @@ -200,7 +200,7 @@ struct track { enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -67699,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c } SLAB_ATTR_RO(aliases); -@@ -4894,7 +4935,13 @@ static const struct file_operations proc +@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme + return name; + } + ++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD) + static int sysfs_slab_add(struct kmem_cache *s) + { + int err; +@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme + kobject_del(&s->kobj); + kobject_put(&s->kobj); + } ++#endif + + /* + * Need to buffer aliases during bootup until sysfs becomes +@@ -4737,6 +4780,7 @@ struct saved_alias { + + static struct saved_alias *alias_list; + ++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD) + static int sysfs_slab_alias(struct kmem_cache *s, const char *name) + { + struct saved_alias *al; +@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_ + alias_list = al; + return 0; + } ++#endif + + static int __init slab_sysfs_init(void) + { +@@ -4894,7 +4939,13 @@ static const struct file_operations proc static int __init slab_proc_init(void) { |