2 |
|
|
3 |
Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.37.4.tar.bz2 |
Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.37.4.tar.bz2 |
4 |
--- |
--- |
5 |
Documentation/Configure.help | 86 +++++++++++++++++++++++++++++++++++++++++++ |
arch/alpha/kernel/ptrace.c | 3 ++ |
6 |
arch/alpha/kernel/ptrace.c | 3 + |
arch/arm/kernel/ptrace.c | 3 ++ |
7 |
arch/arm/kernel/ptrace.c | 3 + |
arch/cris/kernel/ptrace.c | 3 ++ |
8 |
arch/cris/kernel/ptrace.c | 3 + |
arch/i386/kernel/ptrace.c | 3 ++ |
9 |
arch/i386/kernel/ptrace.c | 3 + |
arch/ia64/ia32/sys_ia32.c | 3 ++ |
10 |
arch/ia64/ia32/sys_ia32.c | 3 + |
arch/ia64/kernel/ptrace.c | 3 ++ |
11 |
arch/ia64/kernel/ptrace.c | 3 + |
arch/m68k/kernel/ptrace.c | 3 ++ |
12 |
arch/m68k/kernel/ptrace.c | 3 + |
arch/mips/kernel/ptrace.c | 3 ++ |
13 |
arch/mips/kernel/ptrace.c | 3 + |
arch/mips64/kernel/ptrace.c | 5 ++++ |
14 |
arch/mips64/kernel/ptrace.c | 5 ++ |
arch/parisc/kernel/ptrace.c | 3 ++ |
15 |
arch/parisc/kernel/ptrace.c | 3 + |
arch/ppc/kernel/ptrace.c | 3 ++ |
16 |
arch/ppc/kernel/ptrace.c | 3 + |
arch/ppc64/kernel/ptrace.c | 3 ++ |
17 |
arch/ppc64/kernel/ptrace.c | 3 + |
arch/ppc64/kernel/ptrace32.c | 3 ++ |
18 |
arch/ppc64/kernel/ptrace32.c | 3 + |
arch/s390/kernel/ptrace.c | 3 ++ |
19 |
arch/s390/kernel/ptrace.c | 3 + |
arch/s390x/kernel/ptrace.c | 3 ++ |
20 |
arch/s390x/kernel/ptrace.c | 3 + |
arch/sh/kernel/ptrace.c | 3 ++ |
21 |
arch/sh/kernel/ptrace.c | 3 + |
arch/sh64/kernel/ptrace.c | 3 ++ |
22 |
arch/sh64/kernel/ptrace.c | 3 + |
arch/sparc/kernel/ptrace.c | 5 ++++ |
23 |
arch/sparc/kernel/ptrace.c | 5 ++ |
arch/sparc64/kernel/ptrace.c | 5 ++++ |
24 |
arch/sparc64/kernel/ptrace.c | 5 ++ |
arch/x86_64/ia32/ptrace32.c | 3 ++ |
25 |
arch/x86_64/ia32/ptrace32.c | 3 + |
arch/x86_64/kernel/ptrace.c | 3 ++ |
26 |
arch/x86_64/kernel/ptrace.c | 3 + |
fs/Config.in | 3 ++ |
27 |
fs/Config.in | 3 + |
fs/Makefile | 2 + |
28 |
fs/Makefile | 2 - |
fs/attr.c | 4 +++ |
29 |
fs/attr.c | 4 ++ |
fs/exec.c | 12 ++++++++++- |
30 |
fs/exec.c | 12 +++++- |
fs/fcntl.c | 4 +++ |
31 |
fs/fcntl.c | 4 ++ |
fs/ioctl.c | 10 +++++++++ |
32 |
fs/ioctl.c | 10 +++++ |
fs/namei.c | 45 +++++++++++++++++++++++++++++++++++++++++++ |
33 |
fs/namei.c | 45 ++++++++++++++++++++++ |
fs/namespace.c | 34 +++++++++++++++++++++++++++++++- |
34 |
fs/namespace.c | 34 ++++++++++++++++- |
fs/open.c | 16 +++++++++++++++ |
|
fs/open.c | 16 ++++++++ |
|
|
fs/proc/Makefile | 4 ++ |
|
35 |
fs/proc/proc_misc.c | 1 |
fs/proc/proc_misc.c | 1 |
36 |
include/linux/sched.h | 6 +++ |
include/linux/sched.h | 6 +++++ |
37 |
kernel/kmod.c | 3 + |
kernel/kmod.c | 3 ++ |
38 |
kernel/module.c | 7 +++ |
kernel/module.c | 7 ++++++ |
39 |
kernel/sched.c | 3 + |
kernel/sched.c | 3 ++ |
40 |
kernel/signal.c | 5 ++ |
kernel/signal.c | 5 ++++ |
41 |
kernel/sys.c | 9 ++++ |
kernel/sys.c | 9 ++++++++ |
42 |
kernel/sysctl.c | 13 ++++++ |
kernel/sysctl.c | 13 +++++++++++- |
43 |
kernel/time.c | 7 +++ |
kernel/time.c | 7 ++++++ |
44 |
net/ipv4/raw.c | 4 ++ |
net/ipv4/raw.c | 4 +++ |
45 |
net/ipv4/tcp_ipv4.c | 5 ++ |
net/ipv4/tcp_ipv4.c | 5 ++++ |
46 |
net/ipv4/udp.c | 9 ++++ |
net/ipv4/udp.c | 9 ++++++++ |
47 |
net/ipv6/raw.c | 4 ++ |
net/ipv6/raw.c | 4 +++ |
48 |
net/ipv6/tcp_ipv6.c | 3 + |
net/ipv6/tcp_ipv6.c | 3 ++ |
49 |
net/ipv6/udp.c | 9 ++++ |
net/ipv6/udp.c | 9 ++++++++ |
50 |
net/socket.c | 26 ++++++++++++- |
net/socket.c | 26 ++++++++++++++++++++++-- |
51 |
net/unix/af_unix.c | 4 ++ |
net/unix/af_unix.c | 4 +++ |
52 |
49 files changed, 401 insertions(+), 6 deletions(-) |
47 files changed, 312 insertions(+), 5 deletions(-) |
53 |
|
|
|
--- linux-2.4.37.4.orig/Documentation/Configure.help |
|
|
+++ linux-2.4.37.4/Documentation/Configure.help |
|
|
@@ -29158,6 +29158,92 @@ CONFIG_SOUND_WM97XX |
|
|
|
|
|
If unsure, say N. |
|
|
|
|
|
+CONFIG_SAKURA |
|
|
+ Say Y here to support the Domain-Free Mandatory Access Control. |
|
|
+ |
|
|
+ SAKURA stands for |
|
|
+ "Security Advancement Know-how Upon Read-only Approach". |
|
|
+ As the name shows, SAKURA was originally a methodology to make |
|
|
+ root fs read-only to avoid tampering the system files. |
|
|
+ But now, SAKURA is not only a methodology but also a kernel patch |
|
|
+ that improves the system security with less effort. |
|
|
+ |
|
|
+ SAKURA can restrict operations that affect systemwide. |
|
|
+ |
|
|
+CONFIG_TOMOYO |
|
|
+ Say Y here to support the Domain-Based Mandatory Access Control. |
|
|
+ |
|
|
+ TOMOYO stands for "Task Oriented Management Obviates Your Onus". |
|
|
+ TOMOYO is intended to provide the Domain-Based MAC |
|
|
+ utilizing task_struct. |
|
|
+ |
|
|
+ The word "domain" in TOMOYO is a class that a process |
|
|
+ (i.e. task_struct) belong to. |
|
|
+ The domain of a process changes whenever the process |
|
|
+ executes a program. |
|
|
+ This allows you to classify at the finest level. |
|
|
+ The access permission is granted to domains, not to processes. |
|
|
+ Policy is defined as "Which domain can access to which resource.". |
|
|
+ |
|
|
+ The biggest feature of TOMOYO is that TOMOYO has "learning mode". |
|
|
+ The learning mode can automatically generate policy definition, |
|
|
+ and dramatically reduces the policy definition labors. |
|
|
+ |
|
|
+ TOMOYO is applicable to figuring out the system's behavior, for |
|
|
+ TOMOYO uses the canonicalized absolute pathnames and |
|
|
+ TreeView style domain transitions. |
|
|
+ |
|
|
+ You can make custom root fs with minimum files |
|
|
+ to run minimum applications with TOMOYO. |
|
|
+ |
|
|
+CONFIG_TOMOYO_MAX_ACCEPT_ENTRY |
|
|
+ This is the default value for maximal ACL entries |
|
|
+ that are automatically appended into policy at "learning mode". |
|
|
+ Some programs access thousands of objects, so running |
|
|
+ such programs in "learning mode" dulls the system response |
|
|
+ and consumes much memory. |
|
|
+ This is the safeguard for such programs. |
|
|
+ |
|
|
+CONFIG_TOMOYO_MAX_GRANT_LOG |
|
|
+ This is the default value for maximal entries for |
|
|
+ access grant logs that the kernel can hold on memory. |
|
|
+ You can read the log via /proc/ccs/grant_log. |
|
|
+ If you don't need access grant logs, |
|
|
+ you may set this value to 0. |
|
|
+ |
|
|
+CONFIG_TOMOYO_MAX_REJECT_LOG |
|
|
+ This is the default value for maximal entries for |
|
|
+ access reject logs that the kernel can hold on memory. |
|
|
+ You can read the log via /proc/ccs/reject_log. |
|
|
+ If you don't need access reject logs, |
|
|
+ you may set this value to 0. |
|
|
+ |
|
|
+CONFIG_SYAORAN |
|
|
+ Say Y or M here to support the Tamper-Proof Device Filesystem. |
|
|
+ |
|
|
+ SYAORAN stands for |
|
|
+ "Simple Yet All-important Object Realizing Abiding Nexus". |
|
|
+ SYAORAN is a filesystem for /dev with Mandatory Access Control. |
|
|
+ |
|
|
+ SAKURA can make root fs read-only, but the system can't work |
|
|
+ if /dev is read-only. Therefore you need to mount a writable |
|
|
+ filesystem (such as tmpfs) for /dev if root fs is read-only. |
|
|
+ |
|
|
+ But the writable /dev means that files on /dev might be tampered. |
|
|
+ For example, if /dev/null is deleted and re-created as a symbolic |
|
|
+ link to /dev/hda by an attacker, the contents of the IDE HDD |
|
|
+ will be destroyed at a blow. |
|
|
+ |
|
|
+ Also, TOMOYO controls file access by pathnames, |
|
|
+ not by security labels. |
|
|
+ Therefore /dev/null, for example, might be tampered |
|
|
+ if a process have write permission to /dev/null . |
|
|
+ |
|
|
+ SYAORAN can ensure /dev/null is a character device file |
|
|
+ with major=1 minor=3. |
|
|
+ |
|
|
+ You can use SAKURA to make /dev not unmountable. |
|
|
+ |
|
|
# |
|
|
# A couple of things I keep forgetting: |
|
|
# capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, |
|
54 |
--- linux-2.4.37.4.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.4.37.4.orig/arch/alpha/kernel/ptrace.c |
55 |
+++ linux-2.4.37.4/arch/alpha/kernel/ptrace.c |
+++ linux-2.4.37.4/arch/alpha/kernel/ptrace.c |
56 |
@@ -18,6 +18,7 @@ |
@@ -18,6 +18,7 @@ |
470 |
endmenu |
endmenu |
471 |
source fs/nls/Config.in |
source fs/nls/Config.in |
472 |
+ |
+ |
473 |
+source fs/Config.ccs.in |
+source security/ccsecurity/Config.in |
474 |
+ |
+ |
475 |
endmenu |
endmenu |
476 |
--- linux-2.4.37.4.orig/fs/Makefile |
--- linux-2.4.37.4.orig/fs/Makefile |
477 |
+++ linux-2.4.37.4/fs/Makefile |
+++ linux-2.4.37.4/fs/Makefile |
478 |
@@ -80,5 +80,5 @@ obj-$(CONFIG_BINFMT_ELF) += binfmt_elf.o |
@@ -77,6 +77,8 @@ obj-y += binfmt_script.o |
479 |
|
|
480 |
|
obj-$(CONFIG_BINFMT_ELF) += binfmt_elf.o |
481 |
|
|
482 |
|
+subdir-$(CONFIG_CCSECURITY) += ccsecurity |
483 |
|
+ |
484 |
# persistent filesystems |
# persistent filesystems |
485 |
obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o)) |
obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o)) |
486 |
|
|
|
- |
|
|
+include Makefile-2.4.ccs |
|
|
include $(TOPDIR)/Rules.make |
|
487 |
--- linux-2.4.37.4.orig/fs/attr.c |
--- linux-2.4.37.4.orig/fs/attr.c |
488 |
+++ linux-2.4.37.4/fs/attr.c |
+++ linux-2.4.37.4/fs/attr.c |
489 |
@@ -12,6 +12,7 @@ |
@@ -12,6 +12,7 @@ |
902 |
if (capable(CAP_SYS_TTY_CONFIG)) { |
if (capable(CAP_SYS_TTY_CONFIG)) { |
903 |
tty_vhangup(current->tty); |
tty_vhangup(current->tty); |
904 |
return 0; |
return 0; |
|
--- linux-2.4.37.4.orig/fs/proc/Makefile |
|
|
+++ linux-2.4.37.4/fs/proc/Makefile |
|
|
@@ -18,4 +18,8 @@ ifeq ($(CONFIG_PROC_DEVICETREE),y) |
|
|
obj-y += proc_devtree.o |
|
|
endif |
|
|
|
|
|
+export-objs += ccs_proc.o |
|
|
+obj-$(CONFIG_SAKURA) += ccs_proc.o |
|
|
+obj-$(CONFIG_TOMOYO) += ccs_proc.o |
|
|
+ |
|
|
include $(TOPDIR)/Rules.make |
|
905 |
--- linux-2.4.37.4.orig/fs/proc/proc_misc.c |
--- linux-2.4.37.4.orig/fs/proc/proc_misc.c |
906 |
+++ linux-2.4.37.4/fs/proc/proc_misc.c |
+++ linux-2.4.37.4/fs/proc/proc_misc.c |
907 |
@@ -670,4 +670,5 @@ void __init proc_misc_init(void) |
@@ -670,4 +670,5 @@ void __init proc_misc_init(void) |