[grsec] how to patch grsec for 2.4.29-pre2?

Carlos Carvalho carlos at fisica.ufpr.br
Tue Dec 21 12:45:18 EST 2004 

I'm pressed to run 2.4.29-pre2 because of the latest fixes for the
bugs reported by Paul Starzetz. However the 2.4.28 grsec patch produces
the two rejections below in fs/binfmt_elf.c that I don't know how to
apply:

***************
*** 86,91 ****
  	if (end <= start)
  		return;
  	do_brk(start, end - start);
  }
  
  
--- 89,100 ----
  	if (end <= start)
  		return;
  	do_brk(start, end - start);
+ 
+ #ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
+ 	if (current->flags & PF_PAX_RANDEXEC)
+ 		__do_mmap_pgoff(NULL, ELF_PAGEALIGN(start + current->mm->delta_exec), 0UL, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED | MAP_MIRROR, start);
+ #endif
+ 
  }
  
  
***************
*** 834,846 ****
  	current->mm->end_data = end_data;
  	current->mm->start_stack = bprm->p;
  
- 	/* Calling set_brk effectively mmaps the pages that we need
- 	 * for the bss and break sections
- 	 */
- 	set_brk(elf_bss, elf_brk);
- 
- 	padzero(elf_bss);
- 
  #if 0
  	printk("(start_brk) %lx\n" , (long) current->mm->start_brk);
  	printk("(end_code) %lx\n" , (long) current->mm->end_code);
--- 1188,1193 ----
  	current->mm->end_data = end_data;
  	current->mm->start_stack = bprm->p;
  
  #if 0
  	printk("(start_brk) %lx\n" , (long) current->mm->start_brk);
  	printk("(end_code) %lx\n" , (long) current->mm->end_code);

Also, I'm uncertain about proc_tty.c. It's easy to patch but I don't
know if the previous modification should be applied as is. Here's the diff:

***************
*** 174,180 ****
  	if (!proc_mkdir("tty", 0))
  		return;
  	proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);
  	proc_tty_driver = proc_mkdir("tty/driver", 0);
  
  	create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
  	create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);
--- 174,184 ----
  	if (!proc_mkdir("tty", 0))
  		return;
  	proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);
+ #ifdef CONFIG_GRKERNSEC_PROC
+ 	proc_tty_driver = proc_priv_mkdir("tty/driver", 0);
+ #else
  	proc_tty_driver = proc_mkdir("tty/driver", 0);
+ #endif
  
  	create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
  	create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);

Any help would be greatly appreciated.

More information about the grsecurity mailing list