[gentoo-commits] proj/hardened-patchset:master commit in: 4.1.7/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-patchset:master commit in: 4.1.7/
Date:	Sun, 20 Sep 2015 19:14:08
Message-Id:	`1442776722.8625ea5b47f8eb2b6e622750fc667ce13bd199b0.blueness@gentoo`

1

commit:     8625ea5b47f8eb2b6e622750fc667ce13bd199b0

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Sun Sep 20 19:18:42 2015 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Sun Sep 20 19:18:42 2015 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8625ea5b

7

8

grsecurity-3.1-4.1.7-201509201149

9

10

 4.1.7/0000_README                                  |  2 +-

11

 ...> 4420_grsecurity-3.1-4.1.7-201509201149.patch} | 33 ++++++++++++----------

12

 2 files changed, 19 insertions(+), 16 deletions(-)

13

14

diff --git a/4.1.7/0000_README b/4.1.7/0000_README

15

index a82b514..29c7482 100644

16

--- a/4.1.7/0000_README

17

+++ b/4.1.7/0000_README

18

@@ -2,7 +2,7 @@ README

19

 -----------------------------------------------------------------------------

20

 Individual Patch Descriptions:

21

 -----------------------------------------------------------------------------

22

-Patch:	4420_grsecurity-3.1-4.1.7-201509131604.patch

23

+Patch:	4420_grsecurity-3.1-4.1.7-201509201149.patch

24

 From:	http://www.grsecurity.net

25

 Desc:	hardened-sources base patch from upstream grsecurity

26

27

28

diff --git a/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch b/4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch

29

similarity index 99%

30

rename from 4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch

31

rename to 4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch

32

index eb11268..4694239 100644

33

--- a/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch

34

+++ b/4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch

35

@@ -72155,7 +72155,7 @@ index 4c55668..eeae150 100644

36

  				fd_offset + ex.a_text);

37

  		if (error != N_DATADDR(ex))

38

 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c

39

-index cd46e41..244f778 100644

40

+index cd46e41..d67c3df 100644

41

 --- a/fs/binfmt_elf.c

42

 +++ b/fs/binfmt_elf.c

43

 @@ -35,6 +35,7 @@

44

@@ -72998,7 +72998,7 @@ index cd46e41..244f778 100644

45

 +				if (dyn.d_tag == DT_NULL)

46

 +					break;

47

 +				if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {

48

-+					gr_log_textrel(vma);

49

++					gr_log_textrel(vma, is_textrel_rw);

50

 +					if (is_textrel_rw)

51

 +						vma->vm_flags |= VM_MAYWRITE;

52

 +					else

53

@@ -91727,10 +91727,10 @@ index 0000000..8ef2b75

54

+}

55

 diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c

56

 new file mode 100644

57

-index 0000000..dbe0a6b

58

+index 0000000..0eac5aa

59

 --- /dev/null

60

 +++ b/grsecurity/grsec_log.c

61

-@@ -0,0 +1,341 @@

62

+@@ -0,0 +1,342 @@

63

 +#include <linux/kernel.h>

64

 +#include <linux/sched.h>

65

 +#include <linux/file.h>

66

@@ -91968,10 +91968,11 @@ index 0000000..dbe0a6b

67

 +		gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);

68

 +		break;

69

 +	case GR_TEXTREL:

70

++		str1 = va_arg(ap, char *);

71

 +		file = va_arg(ap, struct file *);

72

 +		ulong1 = va_arg(ap, unsigned long);

73

 +		ulong2 = va_arg(ap, unsigned long);

74

-+		gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);

75

++		gr_log_middle_varargs(audit, msg, str1, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);

76

 +		break;

77

 +	case GR_PTRACE:

78

 +		task = va_arg(ap, struct task_struct *);

79

@@ -92199,10 +92200,10 @@ index 0000000..fe02bf4

80

+}

81

 diff --git a/grsecurity/grsec_pax.c b/grsecurity/grsec_pax.c

82

 new file mode 100644

83

-index 0000000..6ee9d50

84

+index 0000000..2ad7b96

85

 --- /dev/null

86

 +++ b/grsecurity/grsec_pax.c

87

-@@ -0,0 +1,45 @@

88

+@@ -0,0 +1,47 @@

89

 +#include <linux/kernel.h>

90

 +#include <linux/sched.h>

91

 +#include <linux/mm.h>

92

@@ -92211,11 +92212,13 @@ index 0000000..6ee9d50

93

 +#include <linux/grsecurity.h>

94

+

95

 +void

96

-+gr_log_textrel(struct vm_area_struct * vma)

97

++gr_log_textrel(struct vm_area_struct * vma, bool is_textrel_rw)

98

+{

99

 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG

100

 +	if (grsec_enable_log_rwxmaps)

101

-+		gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);

102

++		gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG,

103

++			is_textrel_rw ? "executable to writable" : "writable to executable",

104

++			vma->vm_file, vma->vm_start, vma->vm_pgoff);

105

 +#endif

106

 +	return;

107

+}

108

@@ -96465,7 +96468,7 @@ index 0000000..be66033

109

 +#endif

110

 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h

111

 new file mode 100644

112

-index 0000000..fb1de5d

113

+index 0000000..6245f9e

114

 --- /dev/null

115

 +++ b/include/linux/grinternal.h

116

 @@ -0,0 +1,230 @@

117

@@ -96682,7 +96685,7 @@ index 0000000..fb1de5d

118

 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)

119

 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)

120

 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)

121

-+#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)

122

++#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2)

123

 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)

124

 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)

125

 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)

126

@@ -96701,7 +96704,7 @@ index 0000000..fb1de5d

127

 +#endif

128

 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h

129

 new file mode 100644

130

-index 0000000..26ef560

131

+index 0000000..3092b3c

132

 --- /dev/null

133

 +++ b/include/linux/grmsg.h

134

 @@ -0,0 +1,118 @@

135

@@ -96811,7 +96814,7 @@ index 0000000..26ef560

136

 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "

137

 +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "

138

 +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "

139

-+#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "

140

++#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by "

141

 +#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "

142

 +#define GR_VM86_MSG "denied use of vm86 by "

143

 +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "

144

@@ -96825,7 +96828,7 @@ index 0000000..26ef560

145

 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "

146

 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h

147

 new file mode 100644

148

-index 0000000..085a746

149

+index 0000000..ae28a25

150

 --- /dev/null

151

 +++ b/include/linux/grsecurity.h

152

 @@ -0,0 +1,247 @@

153

@@ -96916,7 +96919,7 @@ index 0000000..085a746

154

 +void gr_log_remount(const char *devname, const int retval);

155

 +void gr_log_unmount(const char *devname, const int retval);

156

 +void gr_log_mount(const char *from, struct path *to, const int retval);

157

-+void gr_log_textrel(struct vm_area_struct *vma);

158

++void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw);

159

 +void gr_log_ptgnustack(struct file *file);

160

 +void gr_log_rwxmmap(struct file *file);

161

 +void gr_log_rwxmprotect(struct vm_area_struct *vma);

1	commit: 8625ea5b47f8eb2b6e622750fc667ce13bd199b0
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Sun Sep 20 19:18:42 2015 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Sun Sep 20 19:18:42 2015 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8625ea5b
7
8	grsecurity-3.1-4.1.7-201509201149
9
10	4.1.7/0000_README \| 2 +-
11	...> 4420_grsecurity-3.1-4.1.7-201509201149.patch} \| 33 ++++++++++++----------
12	2 files changed, 19 insertions(+), 16 deletions(-)
13
14	diff --git a/4.1.7/0000_README b/4.1.7/0000_README
15	index a82b514..29c7482 100644
16	--- a/4.1.7/0000_README
17	+++ b/4.1.7/0000_README
18	@@ -2,7 +2,7 @@ README
19	-----------------------------------------------------------------------------
20	Individual Patch Descriptions:
21	-----------------------------------------------------------------------------
22	-Patch: 4420_grsecurity-3.1-4.1.7-201509131604.patch
23	+Patch: 4420_grsecurity-3.1-4.1.7-201509201149.patch
24	From: http://www.grsecurity.net
25	Desc: hardened-sources base patch from upstream grsecurity
26
27
28	diff --git a/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch b/4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch
29	similarity index 99%
30	rename from 4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
31	rename to 4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch
32	index eb11268..4694239 100644
33	--- a/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
34	+++ b/4.1.7/4420_grsecurity-3.1-4.1.7-201509201149.patch
35	@@ -72155,7 +72155,7 @@ index 4c55668..eeae150 100644
36	fd_offset + ex.a_text);
37	if (error != N_DATADDR(ex))
38	diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
39	-index cd46e41..244f778 100644
40	+index cd46e41..d67c3df 100644
41	--- a/fs/binfmt_elf.c
42	+++ b/fs/binfmt_elf.c
43	@@ -35,6 +35,7 @@
44	@@ -72998,7 +72998,7 @@ index cd46e41..244f778 100644
45	+ if (dyn.d_tag == DT_NULL)
46	+ break;
47	+ if (dyn.d_tag == DT_TEXTREL \|\| (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
48	-+ gr_log_textrel(vma);
49	++ gr_log_textrel(vma, is_textrel_rw);
50	+ if (is_textrel_rw)
51	+ vma->vm_flags \|= VM_MAYWRITE;
52	+ else
53	@@ -91727,10 +91727,10 @@ index 0000000..8ef2b75
54	+}
55	diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c
56	new file mode 100644
57	-index 0000000..dbe0a6b
58	+index 0000000..0eac5aa
59	--- /dev/null
60	+++ b/grsecurity/grsec_log.c
61	-@@ -0,0 +1,341 @@
62	+@@ -0,0 +1,342 @@
63	+#include <linux/kernel.h>
64	+#include <linux/sched.h>
65	+#include <linux/file.h>
66	@@ -91968,10 +91968,11 @@ index 0000000..dbe0a6b
67	+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
68	+ break;
69	+ case GR_TEXTREL:
70	++ str1 = va_arg(ap, char *);
71	+ file = va_arg(ap, struct file *);
72	+ ulong1 = va_arg(ap, unsigned long);
73	+ ulong2 = va_arg(ap, unsigned long);
74	-+ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
75	++ gr_log_middle_varargs(audit, msg, str1, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
76	+ break;
77	+ case GR_PTRACE:
78	+ task = va_arg(ap, struct task_struct *);
79	@@ -92199,10 +92200,10 @@ index 0000000..fe02bf4
80	+}
81	diff --git a/grsecurity/grsec_pax.c b/grsecurity/grsec_pax.c
82	new file mode 100644
83	-index 0000000..6ee9d50
84	+index 0000000..2ad7b96
85	--- /dev/null
86	+++ b/grsecurity/grsec_pax.c
87	-@@ -0,0 +1,45 @@
88	+@@ -0,0 +1,47 @@
89	+#include <linux/kernel.h>
90	+#include <linux/sched.h>
91	+#include <linux/mm.h>
92	@@ -92211,11 +92212,13 @@ index 0000000..6ee9d50
93	+#include <linux/grsecurity.h>
94	+
95	+void
96	-+gr_log_textrel(struct vm_area_struct * vma)
97	++gr_log_textrel(struct vm_area_struct * vma, bool is_textrel_rw)
98	+{
99	+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
100	+ if (grsec_enable_log_rwxmaps)
101	-+ gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
102	++ gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG,
103	++ is_textrel_rw ? "executable to writable" : "writable to executable",
104	++ vma->vm_file, vma->vm_start, vma->vm_pgoff);
105	+#endif
106	+ return;
107	+}
108	@@ -96465,7 +96468,7 @@ index 0000000..be66033
109	+#endif
110	diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
111	new file mode 100644
112	-index 0000000..fb1de5d
113	+index 0000000..6245f9e
114	--- /dev/null
115	+++ b/include/linux/grinternal.h
116	@@ -0,0 +1,230 @@
117	@@ -96682,7 +96685,7 @@ index 0000000..fb1de5d
118	+#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
119	+#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
120	+#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
121	-+#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
122	++#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2)
123	+#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
124	+#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
125	+#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
126	@@ -96701,7 +96704,7 @@ index 0000000..fb1de5d
127	+#endif
128	diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
129	new file mode 100644
130	-index 0000000..26ef560
131	+index 0000000..3092b3c
132	--- /dev/null
133	+++ b/include/linux/grmsg.h
134	@@ -0,0 +1,118 @@
135	@@ -96811,7 +96814,7 @@ index 0000000..26ef560
136	+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
137	+#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
138	+#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
139	-+#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "
140	++#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by "
141	+#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
142	+#define GR_VM86_MSG "denied use of vm86 by "
143	+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
144	@@ -96825,7 +96828,7 @@ index 0000000..26ef560
145	+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
146	diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
147	new file mode 100644
148	-index 0000000..085a746
149	+index 0000000..ae28a25
150	--- /dev/null
151	+++ b/include/linux/grsecurity.h
152	@@ -0,0 +1,247 @@
153	@@ -96916,7 +96919,7 @@ index 0000000..085a746
154	+void gr_log_remount(const char *devname, const int retval);
155	+void gr_log_unmount(const char *devname, const int retval);
156	+void gr_log_mount(const char from, struct path to, const int retval);
157	-+void gr_log_textrel(struct vm_area_struct *vma);
158	++void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw);
159	+void gr_log_ptgnustack(struct file *file);
160	+void gr_log_rwxmmap(struct file *file);
161	+void gr_log_rwxmprotect(struct vm_area_struct *vma);

Gentoo Archives: gentoo-commits