19 |
kernel/fork.c | 5 +++++ |
kernel/fork.c | 5 +++++ |
20 |
kernel/kexec.c | 3 +++ |
kernel/kexec.c | 3 +++ |
21 |
kernel/module.c | 5 +++++ |
kernel/module.c | 5 +++++ |
22 |
kernel/ptrace.c | 4 ++++ |
kernel/ptrace.c | 10 ++++++++++ |
23 |
kernel/sched.c | 2 ++ |
kernel/sched.c | 2 ++ |
24 |
kernel/signal.c | 8 ++++++++ |
kernel/signal.c | 8 ++++++++ |
25 |
kernel/sys.c | 10 ++++++++++ |
kernel/sys.c | 10 ++++++++++ |
36 |
net/unix/af_unix.c | 6 ++++++ |
net/unix/af_unix.c | 6 ++++++ |
37 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
38 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
39 |
34 files changed, 211 insertions(+), 3 deletions(-) |
34 files changed, 217 insertions(+), 3 deletions(-) |
40 |
|
|
41 |
--- linux-2.6.28.10.orig/fs/compat.c |
--- linux-2.6.28.10.orig/fs/compat.c |
42 |
+++ linux-2.6.28.10/fs/compat.c |
+++ linux-2.6.28.10/fs/compat.c |
395 |
+ |
+ |
396 |
+static int __init ccs_show_version(void) |
+static int __init ccs_show_version(void) |
397 |
+{ |
+{ |
398 |
+ printk(KERN_INFO "Hook version: 2.6.28.10 2011/06/14\n"); |
+ printk(KERN_INFO "Hook version: 2.6.28.10 2012/03/08\n"); |
399 |
+ return 0; |
+ return 0; |
400 |
+} |
+} |
401 |
+module_init(ccs_show_version); |
+module_init(ccs_show_version); |
555 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
556 |
--- linux-2.6.28.10.orig/kernel/ptrace.c |
--- linux-2.6.28.10.orig/kernel/ptrace.c |
557 |
+++ linux-2.6.28.10/kernel/ptrace.c |
+++ linux-2.6.28.10/kernel/ptrace.c |
558 |
@@ -549,6 +549,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
@@ -549,6 +549,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
559 |
{ |
{ |
560 |
struct task_struct *child; |
struct task_struct *child; |
561 |
long ret; |
long ret; |
562 |
+ if (ccs_ptrace_permission(request, pid)) |
+ { |
563 |
+ return -EPERM; |
+ const int rc = ccs_ptrace_permission(request, pid); |
564 |
|
+ if (rc) |
565 |
|
+ return rc; |
566 |
|
+ } |
567 |
|
|
568 |
/* |
/* |
569 |
* This lock_kernel fixes a subtle race with suid exec |
* This lock_kernel fixes a subtle race with suid exec |
570 |
@@ -672,6 +674,8 @@ asmlinkage long compat_sys_ptrace(compat |
@@ -672,6 +677,11 @@ asmlinkage long compat_sys_ptrace(compat |
571 |
{ |
{ |
572 |
struct task_struct *child; |
struct task_struct *child; |
573 |
long ret; |
long ret; |
574 |
+ if (ccs_ptrace_permission(request, pid)) |
+ { |
575 |
+ return -EPERM; |
+ const int rc = ccs_ptrace_permission(request, pid); |
576 |
|
+ if (rc) |
577 |
|
+ return rc; |
578 |
|
+ } |
579 |
|
|
580 |
/* |
/* |
581 |
* This lock_kernel fixes a subtle race with suid exec |
* This lock_kernel fixes a subtle race with suid exec |