Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--4.5.7/0000_README2
-rw-r--r--4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch (renamed from 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch)32
2 files changed, 18 insertions, 16 deletions
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index b74a9dd..bdf9f5e 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606280009.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
index 3d3b9d3..f3179f6 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
@@ -98058,7 +98058,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..f651515 100644
+index dcd4ac7..7a1a7dc 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -98572,7 +98572,7 @@ index dcd4ac7..f651515 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1749,3 +1930,316 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -98719,10 +98719,7 @@ index dcd4ac7..f651515 100644
+ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-+ preempt_disable();
-+ show_regs(regs);
-+ preempt_enable();
-+ force_sig_info(SIGKILL, SEND_SIG_FORCED, current);
++ BUG();
+}
+#endif
+
@@ -139266,7 +139263,7 @@ index c112abb..49d919f 100644
if (wo->wo_flags & __WNOTHREAD)
break;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 2e391c7..4af22a9 100644
+index 2e391c7..87a5bfe 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)
@@ -139655,7 +139652,7 @@ index 2e391c7..4af22a9 100644
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (p->real_cred->user != INIT_USER &&
-@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1568,6 +1681,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_cancel_cgroup;
}
@@ -139664,10 +139661,15 @@ index 2e391c7..4af22a9 100644
+ */
+ gr_copy_label(p);
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (p->delayed_cred)
++ get_cred(p->delayed_cred);
++#endif
++
if (likely(p->pid)) {
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
-@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:
+@@ -1657,6 +1780,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -139676,7 +139678,7 @@ index 2e391c7..4af22a9 100644
return ERR_PTR(retval);
}
-@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,
+@@ -1719,6 +1844,7 @@ long _do_fork(unsigned long clone_flags,
p = copy_process(clone_flags, stack_start, stack_size,
child_tidptr, NULL, trace, tls);
@@ -139684,7 +139686,7 @@ index 2e391c7..4af22a9 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,
+@@ -1735,6 +1861,8 @@ long _do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -139693,7 +139695,7 @@ index 2e391c7..4af22a9 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)
+@@ -1871,7 +1999,7 @@ void __init proc_caches_init(void)
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
NULL);
@@ -139702,7 +139704,7 @@ index 2e391c7..4af22a9 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1919,7 +2047,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -139711,7 +139713,7 @@ index 2e391c7..4af22a9 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2032,7 +2160,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -139721,7 +139723,7 @@ index 2e391c7..4af22a9 100644
new_fs = NULL;
else
new_fs = fs;
-@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)
+@@ -2096,7 +2225,7 @@ int unshare_files(struct files_struct **displaced)
int sysctl_max_threads(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{