39 |
net/ipv6/inet6_hashtables.c | 5 ++++- |
net/ipv6/inet6_hashtables.c | 5 ++++- |
40 |
net/ipv6/raw.c | 4 ++++ |
net/ipv6/raw.c | 4 ++++ |
41 |
net/ipv6/udp.c | 8 ++++++++ |
net/ipv6/udp.c | 8 ++++++++ |
42 |
net/socket.c | 25 +++++++++++++++++++++++-- |
net/socket.c | 23 +++++++++++++++++++++-- |
43 |
net/unix/af_unix.c | 4 ++++ |
net/unix/af_unix.c | 4 ++++ |
44 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
45 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
46 |
41 files changed, 288 insertions(+), 9 deletions(-) |
41 files changed, 286 insertions(+), 9 deletions(-) |
47 |
|
|
48 |
--- linux-2.6.18.8-0.13.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.18.8-0.13.orig/arch/alpha/kernel/ptrace.c |
49 |
+++ linux-2.6.18.8-0.13/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.18.8-0.13/arch/alpha/kernel/ptrace.c |
696 |
if (entry) |
if (entry) |
697 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
698 |
#endif |
#endif |
699 |
+ printk(KERN_INFO "Hook version: 2.6.18.8-0.13 2009/09/24\n"); |
+ printk(KERN_INFO "Hook version: 2.6.18.8-0.13 2009/10/01\n"); |
700 |
} |
} |
701 |
--- linux-2.6.18.8-0.13.orig/include/linux/init_task.h |
--- linux-2.6.18.8-0.13.orig/include/linux/init_task.h |
702 |
+++ linux-2.6.18.8-0.13/include/linux/init_task.h |
+++ linux-2.6.18.8-0.13/include/linux/init_task.h |
1225 |
static int sock_no_open(struct inode *irrelevant, struct file *dontcare); |
static int sock_no_open(struct inode *irrelevant, struct file *dontcare); |
1226 |
static ssize_t sock_aio_read(struct kiocb *iocb, char __user *buf, |
static ssize_t sock_aio_read(struct kiocb *iocb, char __user *buf, |
1227 |
size_t size, loff_t pos); |
size_t size, loff_t pos); |
1228 |
@@ -590,9 +592,12 @@ static inline int __sock_sendmsg(struct |
@@ -590,9 +592,10 @@ static inline int __sock_sendmsg(struct |
1229 |
si->size = size; |
si->size = size; |
1230 |
|
|
1231 |
err = security_socket_sendmsg(sock, msg, size); |
err = security_socket_sendmsg(sock, msg, size); |
1232 |
+ if (!err) |
+ if (!err) |
1233 |
+ err = ccs_socket_sendmsg_permission(sock, (struct sockaddr *) |
+ err = ccs_socket_sendmsg_permission(sock, msg, size); |
|
+ msg->msg_name, |
|
|
+ msg->msg_namelen); |
|
1234 |
if (err) |
if (err) |
1235 |
return err; |
return err; |
1236 |
- |
- |
1237 |
return sock->ops->sendmsg(iocb, sock, msg, size); |
return sock->ops->sendmsg(iocb, sock, msg, size); |
1238 |
} |
} |
1239 |
|
|
1240 |
@@ -1149,6 +1154,8 @@ static int __sock_create(int family, int |
@@ -1149,6 +1152,8 @@ static int __sock_create(int family, int |
1241 |
} |
} |
1242 |
|
|
1243 |
err = security_socket_create(family, type, protocol, kern); |
err = security_socket_create(family, type, protocol, kern); |
1246 |
if (err) |
if (err) |
1247 |
return err; |
return err; |
1248 |
|
|
1249 |
@@ -1343,6 +1350,11 @@ asmlinkage long sys_bind(int fd, struct |
@@ -1343,6 +1348,11 @@ asmlinkage long sys_bind(int fd, struct |
1250 |
if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) { |
if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) { |
1251 |
err = security_socket_bind(sock, (struct sockaddr *)address, addrlen); |
err = security_socket_bind(sock, (struct sockaddr *)address, addrlen); |
1252 |
if (!err) |
if (!err) |
1258 |
err = sock->ops->bind(sock, |
err = sock->ops->bind(sock, |
1259 |
(struct sockaddr *)address, addrlen); |
(struct sockaddr *)address, addrlen); |
1260 |
} |
} |
1261 |
@@ -1371,6 +1383,8 @@ asmlinkage long sys_listen(int fd, int b |
@@ -1371,6 +1381,8 @@ asmlinkage long sys_listen(int fd, int b |
1262 |
|
|
1263 |
err = security_socket_listen(sock, backlog); |
err = security_socket_listen(sock, backlog); |
1264 |
if (!err) |
if (!err) |
1267 |
err = sock->ops->listen(sock, backlog); |
err = sock->ops->listen(sock, backlog); |
1268 |
|
|
1269 |
fput_light(sock->file, fput_needed); |
fput_light(sock->file, fput_needed); |
1270 |
@@ -1434,6 +1448,11 @@ asmlinkage long sys_accept(int fd, struc |
@@ -1434,6 +1446,11 @@ asmlinkage long sys_accept(int fd, struc |
1271 |
if (err < 0) |
if (err < 0) |
1272 |
goto out_fd; |
goto out_fd; |
1273 |
|
|
1279 |
if (upeer_sockaddr) { |
if (upeer_sockaddr) { |
1280 |
if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) { |
if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) { |
1281 |
err = -ECONNABORTED; |
err = -ECONNABORTED; |
1282 |
@@ -1488,9 +1507,11 @@ asmlinkage long sys_connect(int fd, stru |
@@ -1488,9 +1505,11 @@ asmlinkage long sys_connect(int fd, stru |
1283 |
goto out_put; |
goto out_put; |
1284 |
|
|
1285 |
err = security_socket_connect(sock, (struct sockaddr *)address, addrlen); |
err = security_socket_connect(sock, (struct sockaddr *)address, addrlen); |