![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 5 Nov 1998 09:55:42 +0100
From: Ernst Jan Plugge <rmc@DDS.NL>
Subject: Secure-linux patch
To: BUGTRAQ@NETSPACE.ORG
Now that Red Hat 5.2 is out, with a pre-2.0.36 kernel, people will find
that Solar Designer's secure-linux patch doesn't apply cleanly to the new
source tree. The following patch against the 2.0.35 version of the patch
will make it apply cleanly with the -p 1 option. The changes are trivial.
Please note that this is a patch against the patch -- it is NOT a full
version of the secure-linux patch. Solar Designer's patch can be found at
<http://www.false.com/security/linux/>.
The new patch will probably not apply cleanly to a stock pre-2.0.36
kernel, because of Red Hat's own kernel patches, although the difference
should be no more than a few line offsets.
Whether or not the new patch will apply cleanly to 2.0.36 when it is
officially released is not known. This small patch is just intended for
Red Hat 5.2 users wishing to do a quick upgrade or install new machines
without missing out on secure-linux's features.
Y.T.,
Ernst Jan Plugge - rmc@dds.nl
Network Security Consultant
--
--- secure-linux-2.0.35.diff Thu Jul 30 01:54:40 1998
+++ secure-linux-2.0.36.diff Thu Nov 5 09:22:06 1998
@@ -1,9 +1,9 @@
diff -urPX nopatch linux-2.0.35/Documentation/Configure.help linux/Documentation/Configure.help
--- linux-2.0.35/Documentation/Configure.help Sat Jul 18 22:46:27 1998
+++ linux/Documentation/Configure.help Sat Jul 18 23:42:07 1998
-@@ -4593,6 +4593,75 @@
- removed from the running kernel whenever you want), say M and read
- Documentation/modules.txt. If unsure, say Y.
+@@ -4702,6 +4702,75 @@
+ rules require. If you have a PPro or later SMP and one or more CPU's
+ report a value of about 2-3 bogomips enable this.
+Non-executable user stack area
+CONFIG_SECURE_STACK
@@ -109,7 +109,7 @@
diff -urPX nopatch linux-2.0.35/arch/i386/config.in linux/arch/i386/config.in
--- linux-2.0.35/arch/i386/config.in Mon May 13 08:17:23 1996
+++ linux/arch/i386/config.in Sat Jul 18 23:42:07 1998
-@@ -104,6 +104,21 @@
+@@ -110,6 +110,21 @@
endmenu
mainmenu_option next_comment
@@ -134,8 +134,8 @@
diff -urPX nopatch linux-2.0.35/arch/i386/defconfig linux/arch/i386/defconfig
--- linux-2.0.35/arch/i386/defconfig Sat Jul 18 22:46:29 1998
+++ linux/arch/i386/defconfig Sat Jul 18 23:42:07 1998
-@@ -204,6 +204,16 @@
- # CONFIG_SOUND is not set
+@@ -501,6 +501,16 @@
+ # CONFIG_AEDSP16_MPU401 is not set
#
+# Security
@@ -300,15 +300,7 @@
return;
if (regs->cs & 3) {
esp = regs->esp;
-@@ -192,12 +192,19 @@
- DO_ERROR(17, SIGSEGV, "alignment check", alignment_check, current)
- DO_ERROR(18, SIGSEGV, "reserved", reserved, current)
-
--/* signal_return is directly after ret_from_sys_call in entry.S */
-+/* divide_error is after ret_from_sys_call in entry.S */
- asmlinkage void ret_from_sys_call(void) __asm__("ret_from_sys_call");
--asmlinkage void signal_return(void) __asm__("signal_return");
-+asmlinkage void divide_error(void) __asm__("divide_error");
+@@ -198,6 +198,13 @@
asmlinkage void do_general_protection(struct pt_regs * regs, long error_code)
{
@@ -322,18 +314,15 @@
if (regs->eflags & VM_MASK) {
handle_vm86_fault((struct vm86_regs *) regs, error_code);
return;
-@@ -208,9 +215,9 @@
+@@ -208,7 +215,7 @@
* barfage for 2.0 has been put into the too-hard basket but having
* a user producing endless GPFs is unacceptable as well. - Paul G.
*/
- if ((regs->cs & 3) != 3) {
+ if ((regs->cs & 3) < 2) {
if (regs->eip >= (unsigned long)ret_from_sys_call &&
-- regs->eip < (unsigned long)signal_return) {
-+ regs->eip < (unsigned long)divide_error) {
+ regs->eip < (unsigned long)divide_error) {
static int moancount = 0;
- if (moancount < 5) {
- printk(KERN_INFO "Ignoring GPF attempt from program \"%s\" (pid %d).\n",
@@ -219,9 +226,111 @@
}
do_exit(SIGSEGV);
@@ -895,7 +884,7 @@
/*
* System setup and hardware bug flags..
-@@ -41,7 +43,17 @@
+@@ -88,7 +90,17 @@
*/
#define TASK_SIZE (0xC0000000UL)
#define MAX_USER_ADDR TASK_SIZE
@@ -913,7 +902,7 @@
/*
* Size of io_bitmap in longwords: 32 is ports 0-0x3ff.
-@@ -136,14 +148,6 @@
+@@ -183,14 +195,6 @@
#define alloc_kernel_stack() __get_free_page(GFP_KERNEL)
#define free_kernel_stack(page) free_page((page))
@@ -928,7 +917,7 @@
/*
* Return saved PC of a blocked thread.
*/
-@@ -153,3 +157,25 @@
+@@ -200,3 +204,25 @@
}
#endif /* __ASM_I386_PROCESSOR_H */