1 |
commit: fe9cd0792773d512df74e504d2ef92946d02f6da |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jun 28 11:24:47 2016 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jun 28 11:24:47 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fe9cd079 |
7 |
|
8 |
grsecurity-3.1-4.5.7-201606280009 |
9 |
|
10 |
4.5.7/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.5.7-201606280009.patch} | 32 ++++++++++++---------- |
12 |
2 files changed, 18 insertions(+), 16 deletions(-) |
13 |
|
14 |
diff --git a/4.5.7/0000_README b/4.5.7/0000_README |
15 |
index b74a9dd..bdf9f5e 100644 |
16 |
--- a/4.5.7/0000_README |
17 |
+++ b/4.5.7/0000_README |
18 |
@@ -2,7 +2,7 @@ README |
19 |
----------------------------------------------------------------------------- |
20 |
Individual Patch Descriptions: |
21 |
----------------------------------------------------------------------------- |
22 |
-Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.5.7-201606280009.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch |
29 |
similarity index 99% |
30 |
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch |
31 |
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch |
32 |
index 3d3b9d3..f3179f6 100644 |
33 |
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch |
34 |
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch |
35 |
@@ -98058,7 +98058,7 @@ index e4141f2..d8263e8 100644 |
36 |
i += packet_length_size; |
37 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
38 |
diff --git a/fs/exec.c b/fs/exec.c |
39 |
-index dcd4ac7..f651515 100644 |
40 |
+index dcd4ac7..7a1a7dc 100644 |
41 |
--- a/fs/exec.c |
42 |
+++ b/fs/exec.c |
43 |
@@ -56,8 +56,20 @@ |
44 |
@@ -98572,7 +98572,7 @@ index dcd4ac7..f651515 100644 |
45 |
out: |
46 |
if (bprm->mm) { |
47 |
acct_arg_size(bprm, 0); |
48 |
-@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
49 |
+@@ -1749,3 +1930,316 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
50 |
argv, envp, flags); |
51 |
} |
52 |
#endif |
53 |
@@ -98719,10 +98719,7 @@ index dcd4ac7..f651515 100644 |
54 |
+ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), |
55 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
56 |
+ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); |
57 |
-+ preempt_disable(); |
58 |
-+ show_regs(regs); |
59 |
-+ preempt_enable(); |
60 |
-+ force_sig_info(SIGKILL, SEND_SIG_FORCED, current); |
61 |
++ BUG(); |
62 |
+} |
63 |
+#endif |
64 |
+ |
65 |
@@ -139266,7 +139263,7 @@ index c112abb..49d919f 100644 |
66 |
if (wo->wo_flags & __WNOTHREAD) |
67 |
break; |
68 |
diff --git a/kernel/fork.c b/kernel/fork.c |
69 |
-index 2e391c7..4af22a9 100644 |
70 |
+index 2e391c7..87a5bfe 100644 |
71 |
--- a/kernel/fork.c |
72 |
+++ b/kernel/fork.c |
73 |
@@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti) |
74 |
@@ -139655,7 +139652,7 @@ index 2e391c7..4af22a9 100644 |
75 |
if (atomic_read(&p->real_cred->user->processes) >= |
76 |
task_rlimit(p, RLIMIT_NPROC)) { |
77 |
if (p->real_cred->user != INIT_USER && |
78 |
-@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, |
79 |
+@@ -1568,6 +1681,16 @@ static struct task_struct *copy_process(unsigned long clone_flags, |
80 |
goto bad_fork_cancel_cgroup; |
81 |
} |
82 |
|
83 |
@@ -139664,10 +139661,15 @@ index 2e391c7..4af22a9 100644 |
84 |
+ */ |
85 |
+ gr_copy_label(p); |
86 |
+ |
87 |
++#ifdef CONFIG_GRKERNSEC_SETXID |
88 |
++ if (p->delayed_cred) |
89 |
++ get_cred(p->delayed_cred); |
90 |
++#endif |
91 |
++ |
92 |
if (likely(p->pid)) { |
93 |
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); |
94 |
|
95 |
-@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count: |
96 |
+@@ -1657,6 +1780,8 @@ bad_fork_cleanup_count: |
97 |
bad_fork_free: |
98 |
free_task(p); |
99 |
fork_out: |
100 |
@@ -139676,7 +139678,7 @@ index 2e391c7..4af22a9 100644 |
101 |
return ERR_PTR(retval); |
102 |
} |
103 |
|
104 |
-@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags, |
105 |
+@@ -1719,6 +1844,7 @@ long _do_fork(unsigned long clone_flags, |
106 |
|
107 |
p = copy_process(clone_flags, stack_start, stack_size, |
108 |
child_tidptr, NULL, trace, tls); |
109 |
@@ -139684,7 +139686,7 @@ index 2e391c7..4af22a9 100644 |
110 |
/* |
111 |
* Do this prior waking up the new thread - the thread pointer |
112 |
* might get invalid after that point, if the thread exits quickly. |
113 |
-@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags, |
114 |
+@@ -1735,6 +1861,8 @@ long _do_fork(unsigned long clone_flags, |
115 |
if (clone_flags & CLONE_PARENT_SETTID) |
116 |
put_user(nr, parent_tidptr); |
117 |
|
118 |
@@ -139693,7 +139695,7 @@ index 2e391c7..4af22a9 100644 |
119 |
if (clone_flags & CLONE_VFORK) { |
120 |
p->vfork_done = &vfork; |
121 |
init_completion(&vfork); |
122 |
-@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void) |
123 |
+@@ -1871,7 +1999,7 @@ void __init proc_caches_init(void) |
124 |
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, |
125 |
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, |
126 |
NULL); |
127 |
@@ -139702,7 +139704,7 @@ index 2e391c7..4af22a9 100644 |
128 |
mmap_init(); |
129 |
nsproxy_cache_init(); |
130 |
} |
131 |
-@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) |
132 |
+@@ -1919,7 +2047,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) |
133 |
return 0; |
134 |
|
135 |
/* don't need lock here; in the worst case we'll do useless copy */ |
136 |
@@ -139711,7 +139713,7 @@ index 2e391c7..4af22a9 100644 |
137 |
return 0; |
138 |
|
139 |
*new_fsp = copy_fs_struct(fs); |
140 |
-@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) |
141 |
+@@ -2032,7 +2160,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) |
142 |
fs = current->fs; |
143 |
spin_lock(&fs->lock); |
144 |
current->fs = new_fs; |
145 |
@@ -139721,7 +139723,7 @@ index 2e391c7..4af22a9 100644 |
146 |
new_fs = NULL; |
147 |
else |
148 |
new_fs = fs; |
149 |
-@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced) |
150 |
+@@ -2096,7 +2225,7 @@ int unshare_files(struct files_struct **displaced) |
151 |
int sysctl_max_threads(struct ctl_table *table, int write, |
152 |
void __user *buffer, size_t *lenp, loff_t *ppos) |
153 |
{ |