rpms/kernel/devel linux-2.6-execshield.patch,1.35,1.36
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Oct 20 22:49:29 UTC 2006
Author: davej
Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27623
Modified Files:
linux-2.6-execshield.patch
Log Message:
Further exec-shield improvements.
linux-2.6-execshield.patch:
2/arch/i386/kernel/sysenter.c | 2
2/mm/mmap.c | 2
linux-2.6.17-rc3-mm1-davej/arch/i386/mm/pageattr.c | 9 +
linux-2.6.18.noarch/arch/x86_64/kernel/setup64.c | 29 ---
linux-2.6.18.noarch/fs/proc/base.c | 8
linux-2.6.18.noarch/kernel/sysctl.c | 9 -
linux-810/arch/i386/kernel/cpu/common.c | 7
linux-810/arch/i386/kernel/process.c | 59 ++++++
linux-810/arch/i386/kernel/smp.c | 3
linux-810/arch/i386/kernel/sysenter.c | 3
linux-810/arch/i386/kernel/traps.c | 93 ++++++++++
linux-810/arch/i386/mm/init.c | 6
linux-810/arch/i386/mm/mmap.c | 6
linux-810/arch/ia64/ia32/binfmt_elf32.c | 2
linux-810/arch/powerpc/kernel/vdso.c | 3
linux-810/arch/x86_64/ia32/ia32_binfmt.c | 6
linux-810/arch/x86_64/ia32/syscall32.c | 4
linux-810/arch/x86_64/kernel/process.c | 6
linux-810/arch/x86_64/mm/fault.c | 2
linux-810/arch/x86_64/mm/mmap.c | 98 ++++++++---
linux-810/drivers/char/random.c | 7
linux-810/fs/binfmt_elf.c | 147 ++++++++++++----
linux-810/fs/proc/array.c | 8
linux-810/fs/proc/task_mmu.c | 29 ++-
linux-810/include/asm-i386/a.out.h | 2
linux-810/include/asm-i386/desc.h | 14 +
linux-810/include/asm-i386/elf.h | 6
linux-810/include/asm-i386/mmu.h | 4
linux-810/include/asm-i386/page.h | 5
linux-810/include/asm-i386/pgalloc.h | 1
linux-810/include/asm-i386/processor.h | 8
linux-810/include/asm-ia64/pgalloc.h | 4
linux-810/include/asm-powerpc/elf.h | 3
linux-810/include/asm-powerpc/pgalloc.h | 5
linux-810/include/asm-ppc/pgalloc.h | 5
linux-810/include/asm-s390/pgalloc.h | 4
linux-810/include/asm-sparc/pgalloc.h | 4
linux-810/include/asm-sparc64/pgalloc.h | 4
linux-810/include/asm-x86_64/pgalloc.h | 7
linux-810/include/linux/mm.h | 16 +
linux-810/include/linux/resource.h | 5
linux-810/include/linux/sched.h | 9 +
linux-810/include/linux/sysctl.h | 3
linux-810/kernel/signal.c | 33 +++
linux-810/kernel/sysctl.c | 57 ++++++
linux-810/mm/fremap.c | 16 +
linux-810/mm/mmap.c | 183 ++++++++++++++++++++-
linux-810/mm/mprotect.c | 6
linux-810/mm/mremap.c | 4
49 files changed, 813 insertions(+), 143 deletions(-)
Index: linux-2.6-execshield.patch
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/linux-2.6-execshield.patch,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- linux-2.6-execshield.patch 15 Oct 2006 00:32:33 -0000 1.35
+++ linux-2.6-execshield.patch 20 Oct 2006 22:49:27 -0000 1.36
@@ -1897,3 +1897,41 @@
ret = addr;
goto up_fail;
+
+--- linux-2.6.17-rc3-mm1-davej/arch/i386/mm/pageattr.c.org 2006-05-04 09:23:56.000000000 +0200
++++ linux-2.6.17-rc3-mm1-davej/arch/i386/mm/pageattr.c 2006-05-04 09:27:21.000000000 +0200
+@@ -9,6 +9,7 @@
+ #include <linux/highmem.h>
+ #include <linux/module.h>
+ #include <linux/slab.h>
++#include <linux/kernel.h>
+ #include <asm/uaccess.h>
+ #include <asm/processor.h>
+ #include <asm/tlbflush.h>
+@@ -18,6 +19,7 @@
+ static DEFINE_SPINLOCK(cpa_lock);
+ static struct list_head df_list = LIST_HEAD_INIT(df_list);
+
++extern char __start_rodata, __end_rodata;
+
+ pte_t *lookup_address(unsigned long address)
+ {
+@@ -127,10 +129,17 @@
+ pte_t *kpte;
+ unsigned long address;
+ struct page *kpte_page;
++ static int once = 0;
+
+ BUG_ON(PageHighMem(page));
+ address = (unsigned long)page_address(page);
+
++ if (address >= __start_rodata && address <= __end_rodata && prot != PAGE_KERNEL_RO && once++ == 0) {
++ printk(KERN_ERR "Possible trojan or rootkit detected!\n");
++ add_taint(TAINT_MACHINE_CHECK);
++ return 0;
++ }
++
+ kpte = lookup_address(address);
+ if (!kpte)
+ return -EINVAL;
+
More information about the fedora-cvs-commits
mailing list