Re: [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]
On Thu, Jan 13, 2005 at 12:31:50PM +0900, Horms wrote:
> On Fri, Jan 07, 2005 at 02:32:19PM -0500, Andres Salomon wrote:
> > Hey, and while we're at it.. more fun!
> >
> > I had 2.6.10 all ready and everything. damnit. Oh well, I guess there
> > will be 2.6.8, 2.6.9, and 2.6.10 uploaded today.
>
> I will look into this for 2.4.27 and report back.
I took a look and found that all these changes have already made it
upstream for 2.4 (except the scsi ioctly problem, which doesn't
effect 2.4).
Accordingly, I will add the following patches to SVN, I am just
verifying that the build first.
--
Horms
# origin: marcelo (BitKeeper)
# cset: 1.1558 (2.4) key=41e2c4fetTJmVti-Xxql21xXjfbpag
# inclusion: upstream
# descrition: Brad Spengler: Fix random poolsize sysctl (from 2.6.10-ac)
# revision date: Thu, 13 Jan 2005 15:14:00 +0900
#
# S rset: ChangeSet|1.1557..1.1558
# I rset: drivers/char/random.c|1.20..1.21
#
# Key:
# S: Skipped ChangeSet file only
# O: Original Followed by Updated
# U: Updated Included with updated range of versions
# I: Included Included verbatim
# E: Excluded Excluded on request from user
# D: Deleted Manually deleted by subsequent user edit
#
#
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/01/10 16:10:06-02:00 marcelo@logos.cnet
# Brad Spengler: Fix random poolsize sysctl (from 2.6.10-ac)
#
# drivers/char/random.c
# 2005/01/10 16:07:55-02:00 marcelo@logos.cnet +1 -1
# Brad Spengler: Fix random poolsize sysctl (from 2.6.10-ac)
#
#
===== drivers/char/random.c 1.20 vs 1.21 =====
--- 1.20/drivers/char/random.c 2004-08-10 08:09:10 +09:00
+++ 1.21/drivers/char/random.c 2005-01-11 03:07:55 +09:00
@@ -1771,7 +1771,7 @@
static int proc_do_poolsize(ctl_table *table, int write, struct file *filp,
void *buffer, size_t *lenp)
{
- int ret;
+ unsigned int ret;
sysctl_poolsize = random_state->poolinfo.POOLBYTES;
# origin: marcelo (BitKeeper)
# cset: 1.1559 (2.4) key=41e2c5fb3htiRRycYu5I4skGWXcv5g
# inclusion: upstream
# descrition: Alan Cox: Fix moxa serial bound checking issue (from 2.6.10-ac)
# revision date: Thu, 13 Jan 2005 15:16:21 +0900
#
# S rset: ChangeSet|1.1558..1.1559
# I rset: drivers/char/moxa.c|1.8..1.9
#
# Key:
# S: Skipped ChangeSet file only
# O: Original Followed by Updated
# U: Updated Included with updated range of versions
# I: Included Included verbatim
# E: Excluded Excluded on request from user
# D: Deleted Manually deleted by subsequent user edit
#
#
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/01/10 16:14:19-02:00 marcelo@logos.cnet
# Alan Cox: Fix moxa serial bound checking issue (from 2.6.10-ac)
#
# drivers/char/moxa.c
# 2005/01/10 16:11:04-02:00 marcelo@logos.cnet +2 -0
# Alan Cox: Fix moxa serial bound checking issue
#
#
===== drivers/char/moxa.c 1.8 vs 1.9 =====
--- 1.8/drivers/char/moxa.c 2004-12-17 00:14:38 +09:00
+++ 1.9/drivers/char/moxa.c 2005-01-11 03:11:04 +09:00
@@ -905,6 +905,8 @@
case TIOCSSERIAL:
return (moxa_set_serial_info(ch, (struct serial_struct *) arg));
default:
+ if(!capable(CAP_SYS_RAWIO))
+ return -EPERM;
retval = MoxaDriverIoctl(cmd, arg, port);
}
return (retval);
# origin: marcelo (BitKeeper)
# cset: 1.1560 (2.4) key=41e2ccd0OuVN0bKOhZvnda0zXqnTsA
# inclusion: upstream
# descrition: Brad Spengler: Fix RLIMIT_MEMLOCK issue
# revision date: Thu, 13 Jan 2005 15:12:37 +0900
#
# S rset: ChangeSet|1.1559..1.1560
# I rset: include/linux/mm.h|1.49..1.50
#
# Key:
# S: Skipped ChangeSet file only
# O: Original Followed by Updated
# U: Updated Included with updated range of versions
# I: Included Included verbatim
# E: Excluded Excluded on request from user
# D: Deleted Manually deleted by subsequent user edit
#
#
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/01/10 16:43:28-02:00 marcelo@logos.cnet
# Brad Spengler: Fix RLIMIT_MEMLOCK issue
#
# include/linux/mm.h
# 2005/01/10 16:41:47-02:00 marcelo@logos.cnet +8 -0
# Brad Spengler: Fix RLIMIT_MEMLOCK issue
# ,
#
#
===== include/linux/mm.h 1.49 vs 1.50 =====
--- 1.49/include/linux/mm.h 2005-01-07 20:14:01 +09:00
+++ 1.50/include/linux/mm.h 2005-01-11 03:41:47 +09:00
@@ -660,6 +660,14 @@
spin_unlock(&vma->vm_mm->page_table_lock);
return -ENOMEM;
}
+
+ if ((vma->vm_flags & VM_LOCKED) &&
+ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_MEMLOCK].rlim_cur) {
+ spin_unlock(&vma->vm_mm->page_table_lock);
+ return -ENOMEM;
+ }
+
+
vma->vm_start = address;
vma->vm_pgoff -= grow;
vma->vm_mm->total_vm += grow;
Reply to: