3 |
Source code for this patch is "apt-get install linux-source-2.6.24" |
Source code for this patch is "apt-get install linux-source-2.6.24" |
4 |
--- |
--- |
5 |
arch/ia64/ia32/sys_ia32.c | 3 +++ |
arch/ia64/ia32/sys_ia32.c | 3 +++ |
6 |
arch/ia64/kernel/ptrace.c | 2 ++ |
arch/ia64/kernel/ptrace.c | 5 +++++ |
7 |
arch/mips/kernel/ptrace32.c | 2 ++ |
arch/mips/kernel/ptrace32.c | 5 +++++ |
8 |
arch/powerpc/kernel/ptrace32.c | 2 ++ |
arch/powerpc/kernel/ptrace32.c | 5 +++++ |
9 |
arch/s390/kernel/ptrace.c | 2 ++ |
arch/s390/kernel/ptrace.c | 5 +++++ |
10 |
arch/sparc/kernel/ptrace.c | 4 ++++ |
arch/sparc/kernel/ptrace.c | 7 +++++++ |
11 |
arch/sparc64/kernel/ptrace.c | 4 ++++ |
arch/sparc64/kernel/ptrace.c | 7 +++++++ |
12 |
arch/x86/ia32/ptrace32.c | 3 +++ |
arch/x86/ia32/ptrace32.c | 6 ++++++ |
13 |
fs/compat.c | 2 +- |
fs/compat.c | 2 +- |
14 |
fs/compat_ioctl.c | 3 +++ |
fs/compat_ioctl.c | 3 +++ |
15 |
fs/exec.c | 9 ++++++++- |
fs/exec.c | 9 ++++++++- |
27 |
kernel/fork.c | 5 +++++ |
kernel/fork.c | 5 +++++ |
28 |
kernel/kexec.c | 3 +++ |
kernel/kexec.c | 3 +++ |
29 |
kernel/module.c | 5 +++++ |
kernel/module.c | 5 +++++ |
30 |
kernel/ptrace.c | 2 ++ |
kernel/ptrace.c | 5 +++++ |
31 |
kernel/sched.c | 2 ++ |
kernel/sched.c | 2 ++ |
32 |
kernel/signal.c | 8 ++++++++ |
kernel/signal.c | 8 ++++++++ |
33 |
kernel/sys.c | 10 ++++++++++ |
kernel/sys.c | 10 ++++++++++ |
45 |
net/unix/af_unix.c | 6 ++++++ |
net/unix/af_unix.c | 6 ++++++ |
46 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
47 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
48 |
43 files changed, 222 insertions(+), 2 deletions(-) |
43 files changed, 246 insertions(+), 2 deletions(-) |
49 |
|
|
50 |
--- linux-2.6.24-31.99.orig/arch/ia64/ia32/sys_ia32.c |
--- linux-2.6.24-31.99.orig/arch/ia64/ia32/sys_ia32.c |
51 |
+++ linux-2.6.24-31.99/arch/ia64/ia32/sys_ia32.c |
+++ linux-2.6.24-31.99/arch/ia64/ia32/sys_ia32.c |
68 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
69 |
--- linux-2.6.24-31.99.orig/arch/ia64/kernel/ptrace.c |
--- linux-2.6.24-31.99.orig/arch/ia64/kernel/ptrace.c |
70 |
+++ linux-2.6.24-31.99/arch/ia64/kernel/ptrace.c |
+++ linux-2.6.24-31.99/arch/ia64/kernel/ptrace.c |
71 |
@@ -1422,6 +1422,8 @@ sys_ptrace (long request, pid_t pid, uns |
@@ -1422,6 +1422,11 @@ sys_ptrace (long request, pid_t pid, uns |
72 |
struct task_struct *child; |
struct task_struct *child; |
73 |
struct switch_stack *sw; |
struct switch_stack *sw; |
74 |
long ret; |
long ret; |
75 |
+ if (ccs_ptrace_permission(request, pid)) |
+ { |
76 |
+ return -EPERM; |
+ const int rc = ccs_ptrace_permission(request, pid); |
77 |
|
+ if (rc) |
78 |
|
+ return rc; |
79 |
|
+ } |
80 |
|
|
81 |
lock_kernel(); |
lock_kernel(); |
82 |
ret = -EPERM; |
ret = -EPERM; |
83 |
--- linux-2.6.24-31.99.orig/arch/mips/kernel/ptrace32.c |
--- linux-2.6.24-31.99.orig/arch/mips/kernel/ptrace32.c |
84 |
+++ linux-2.6.24-31.99/arch/mips/kernel/ptrace32.c |
+++ linux-2.6.24-31.99/arch/mips/kernel/ptrace32.c |
85 |
@@ -50,6 +50,8 @@ asmlinkage int sys32_ptrace(int request, |
@@ -50,6 +50,11 @@ asmlinkage int sys32_ptrace(int request, |
86 |
{ |
{ |
87 |
struct task_struct *child; |
struct task_struct *child; |
88 |
int ret; |
int ret; |
89 |
+ if (ccs_ptrace_permission(request, pid)) |
+ { |
90 |
+ return -EPERM; |
+ const int rc = ccs_ptrace_permission(request, pid); |
91 |
|
+ if (rc) |
92 |
|
+ return rc; |
93 |
|
+ } |
94 |
|
|
95 |
#if 0 |
#if 0 |
96 |
printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n", |
printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n", |
97 |
--- linux-2.6.24-31.99.orig/arch/powerpc/kernel/ptrace32.c |
--- linux-2.6.24-31.99.orig/arch/powerpc/kernel/ptrace32.c |
98 |
+++ linux-2.6.24-31.99/arch/powerpc/kernel/ptrace32.c |
+++ linux-2.6.24-31.99/arch/powerpc/kernel/ptrace32.c |
99 |
@@ -89,6 +89,8 @@ long compat_sys_ptrace(int request, int |
@@ -89,6 +89,11 @@ long compat_sys_ptrace(int request, int |
100 |
{ |
{ |
101 |
struct task_struct *child; |
struct task_struct *child; |
102 |
int ret; |
int ret; |
103 |
+ if (ccs_ptrace_permission(request, pid)) |
+ { |
104 |
+ return -EPERM; |
+ const int rc = ccs_ptrace_permission(request, pid); |
105 |
|
+ if (rc) |
106 |
|
+ return rc; |
107 |
|
+ } |
108 |
|
|
109 |
lock_kernel(); |
lock_kernel(); |
110 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
111 |
--- linux-2.6.24-31.99.orig/arch/s390/kernel/ptrace.c |
--- linux-2.6.24-31.99.orig/arch/s390/kernel/ptrace.c |
112 |
+++ linux-2.6.24-31.99/arch/s390/kernel/ptrace.c |
+++ linux-2.6.24-31.99/arch/s390/kernel/ptrace.c |
113 |
@@ -701,6 +701,8 @@ sys_ptrace(long request, long pid, long |
@@ -700,6 +700,11 @@ sys_ptrace(long request, long pid, long |
114 |
|
{ |
115 |
struct task_struct *child; |
struct task_struct *child; |
116 |
int ret; |
int ret; |
117 |
|
+ { |
118 |
|
+ const int rc = ccs_ptrace_permission(request, pid); |
119 |
|
+ if (rc) |
120 |
|
+ return rc; |
121 |
|
+ } |
122 |
|
|
|
+ if (ccs_ptrace_permission(request, pid)) |
|
|
+ return -EPERM; |
|
123 |
lock_kernel(); |
lock_kernel(); |
124 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
|
ret = ptrace_traceme(); |
|
125 |
--- linux-2.6.24-31.99.orig/arch/sparc/kernel/ptrace.c |
--- linux-2.6.24-31.99.orig/arch/sparc/kernel/ptrace.c |
126 |
+++ linux-2.6.24-31.99/arch/sparc/kernel/ptrace.c |
+++ linux-2.6.24-31.99/arch/sparc/kernel/ptrace.c |
127 |
@@ -267,6 +267,10 @@ asmlinkage void do_ptrace(struct pt_regs |
@@ -267,6 +267,13 @@ asmlinkage void do_ptrace(struct pt_regs |
128 |
unsigned long addr2 = regs->u_regs[UREG_I4]; |
unsigned long addr2 = regs->u_regs[UREG_I4]; |
129 |
struct task_struct *child; |
struct task_struct *child; |
130 |
int ret; |
int ret; |
131 |
+ if (ccs_ptrace_permission(request, pid)) { |
+ { |
132 |
+ pt_error_return(regs, EPERM); |
+ const int rc = ccs_ptrace_permission(request, pid); |
133 |
+ return; |
+ if (rc) { |
134 |
|
+ pt_error_return(regs, -rc); |
135 |
|
+ return; |
136 |
|
+ } |
137 |
+ } |
+ } |
138 |
|
|
139 |
lock_kernel(); |
lock_kernel(); |
140 |
#ifdef DEBUG_PTRACE |
#ifdef DEBUG_PTRACE |
141 |
--- linux-2.6.24-31.99.orig/arch/sparc64/kernel/ptrace.c |
--- linux-2.6.24-31.99.orig/arch/sparc64/kernel/ptrace.c |
142 |
+++ linux-2.6.24-31.99/arch/sparc64/kernel/ptrace.c |
+++ linux-2.6.24-31.99/arch/sparc64/kernel/ptrace.c |
143 |
@@ -180,6 +180,10 @@ asmlinkage void do_ptrace(struct pt_regs |
@@ -180,6 +180,13 @@ asmlinkage void do_ptrace(struct pt_regs |
144 |
unsigned long addr2 = regs->u_regs[UREG_I4]; |
unsigned long addr2 = regs->u_regs[UREG_I4]; |
145 |
struct task_struct *child; |
struct task_struct *child; |
146 |
int ret; |
int ret; |
147 |
+ if (ccs_ptrace_permission(request, pid)) { |
+ { |
148 |
+ pt_error_return(regs, EPERM); |
+ const int rc = ccs_ptrace_permission(request, pid); |
149 |
+ return; |
+ if (rc) { |
150 |
|
+ pt_error_return(regs, -rc); |
151 |
|
+ return; |
152 |
|
+ } |
153 |
+ } |
+ } |
154 |
|
|
155 |
if (test_thread_flag(TIF_32BIT)) { |
if (test_thread_flag(TIF_32BIT)) { |
164 |
|
|
165 |
/* |
/* |
166 |
* Determines which flags the user has access to [1 = access, 0 = no access]. |
* Determines which flags the user has access to [1 = access, 0 = no access]. |
167 |
@@ -235,6 +236,8 @@ asmlinkage long sys32_ptrace(long reques |
@@ -235,6 +236,11 @@ asmlinkage long sys32_ptrace(long reques |
168 |
void __user *datap = compat_ptr(data); |
void __user *datap = compat_ptr(data); |
169 |
int ret; |
int ret; |
170 |
__u32 val; |
__u32 val; |
171 |
+ if (ccs_ptrace_permission(request, pid)) |
+ { |
172 |
+ return -EPERM; |
+ const int rc = ccs_ptrace_permission(request, pid); |
173 |
|
+ if (rc) |
174 |
|
+ return rc; |
175 |
|
+ } |
176 |
|
|
177 |
switch (request) { |
switch (request) { |
178 |
case PTRACE_TRACEME: |
case PTRACE_TRACEME: |
505 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
506 |
} |
} |
507 |
#endif |
#endif |
508 |
+ printk(KERN_INFO "Hook version: 2.6.24-31.99 2012/03/06\n"); |
+ printk(KERN_INFO "Hook version: 2.6.24-31.99 2012/03/08\n"); |
509 |
} |
} |
510 |
--- linux-2.6.24-31.99.orig/fs/stat.c |
--- linux-2.6.24-31.99.orig/fs/stat.c |
511 |
+++ linux-2.6.24-31.99/fs/stat.c |
+++ linux-2.6.24-31.99/fs/stat.c |
663 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
664 |
--- linux-2.6.24-31.99.orig/kernel/ptrace.c |
--- linux-2.6.24-31.99.orig/kernel/ptrace.c |
665 |
+++ linux-2.6.24-31.99/kernel/ptrace.c |
+++ linux-2.6.24-31.99/kernel/ptrace.c |
666 |
@@ -467,6 +467,8 @@ asmlinkage long sys_ptrace(long request, |
@@ -463,6 +463,11 @@ asmlinkage long sys_ptrace(long request, |
667 |
|
{ |
668 |
|
struct task_struct *child; |
669 |
|
long ret; |
670 |
|
+ { |
671 |
|
+ const int rc = ccs_ptrace_permission(request, pid); |
672 |
|
+ if (rc) |
673 |
|
+ return rc; |
674 |
|
+ } |
675 |
|
|
676 |
/* |
/* |
677 |
* This lock_kernel fixes a subtle race with suid exec |
* This lock_kernel fixes a subtle race with suid exec |
|
*/ |
|
|
+ if (ccs_ptrace_permission(request, pid)) |
|
|
+ return -EPERM; |
|
|
lock_kernel(); |
|
|
if (request == PTRACE_TRACEME) { |
|
|
ret = ptrace_traceme(); |
|
678 |
--- linux-2.6.24-31.99.orig/kernel/sched.c |
--- linux-2.6.24-31.99.orig/kernel/sched.c |
679 |
+++ linux-2.6.24-31.99/kernel/sched.c |
+++ linux-2.6.24-31.99/kernel/sched.c |
680 |
@@ -4181,6 +4181,8 @@ int can_nice(const struct task_struct *p |
@@ -4181,6 +4181,8 @@ int can_nice(const struct task_struct *p |