40 |
net/ipv6/inet6_hashtables.c | 5 ++++- |
net/ipv6/inet6_hashtables.c | 5 ++++- |
41 |
net/ipv6/raw.c | 4 ++++ |
net/ipv6/raw.c | 4 ++++ |
42 |
net/ipv6/udp.c | 4 ++++ |
net/ipv6/udp.c | 4 ++++ |
43 |
net/socket.c | 24 +++++++++++++++++++++++- |
net/socket.c | 22 +++++++++++++++++++++- |
44 |
net/unix/af_unix.c | 4 ++++ |
net/unix/af_unix.c | 4 ++++ |
45 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
46 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
47 |
42 files changed, 282 insertions(+), 8 deletions(-) |
42 files changed, 280 insertions(+), 8 deletions(-) |
48 |
|
|
49 |
--- linux-2.6.19.7.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.19.7.orig/arch/alpha/kernel/ptrace.c |
50 |
+++ linux-2.6.19.7/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.19.7/arch/alpha/kernel/ptrace.c |
695 |
if (entry) |
if (entry) |
696 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
697 |
#endif |
#endif |
698 |
+ printk(KERN_INFO "Hook version: 2.6.19.7 2009/09/24\n"); |
+ printk(KERN_INFO "Hook version: 2.6.19.7 2009/10/01\n"); |
699 |
} |
} |
700 |
--- linux-2.6.19.7.orig/include/linux/init_task.h |
--- linux-2.6.19.7.orig/include/linux/init_task.h |
701 |
+++ linux-2.6.19.7/include/linux/init_task.h |
+++ linux-2.6.19.7/include/linux/init_task.h |
1222 |
static int sock_no_open(struct inode *irrelevant, struct file *dontcare); |
static int sock_no_open(struct inode *irrelevant, struct file *dontcare); |
1223 |
static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, |
static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, |
1224 |
unsigned long nr_segs, loff_t pos); |
unsigned long nr_segs, loff_t pos); |
1225 |
@@ -548,9 +550,12 @@ static inline int __sock_sendmsg(struct |
@@ -548,9 +550,10 @@ static inline int __sock_sendmsg(struct |
1226 |
si->size = size; |
si->size = size; |
1227 |
|
|
1228 |
err = security_socket_sendmsg(sock, msg, size); |
err = security_socket_sendmsg(sock, msg, size); |
1229 |
+ if (!err) |
+ if (!err) |
1230 |
+ err = ccs_socket_sendmsg_permission(sock, (struct sockaddr *) |
+ err = ccs_socket_sendmsg_permission(sock, msg, size); |
|
+ msg->msg_name, |
|
|
+ msg->msg_namelen); |
|
1231 |
if (err) |
if (err) |
1232 |
return err; |
return err; |
1233 |
- |
- |
1234 |
return sock->ops->sendmsg(iocb, sock, msg, size); |
return sock->ops->sendmsg(iocb, sock, msg, size); |
1235 |
} |
} |
1236 |
|
|
1237 |
@@ -1077,6 +1082,8 @@ static int __sock_create(int family, int |
@@ -1077,6 +1080,8 @@ static int __sock_create(int family, int |
1238 |
} |
} |
1239 |
|
|
1240 |
err = security_socket_create(family, type, protocol, kern); |
err = security_socket_create(family, type, protocol, kern); |
1243 |
if (err) |
if (err) |
1244 |
return err; |
return err; |
1245 |
|
|
1246 |
@@ -1279,6 +1286,11 @@ asmlinkage long sys_bind(int fd, struct |
@@ -1279,6 +1284,11 @@ asmlinkage long sys_bind(int fd, struct |
1247 |
(struct sockaddr *)address, |
(struct sockaddr *)address, |
1248 |
addrlen); |
addrlen); |
1249 |
if (!err) |
if (!err) |
1255 |
err = sock->ops->bind(sock, |
err = sock->ops->bind(sock, |
1256 |
(struct sockaddr *) |
(struct sockaddr *) |
1257 |
address, addrlen); |
address, addrlen); |
1258 |
@@ -1308,6 +1320,8 @@ asmlinkage long sys_listen(int fd, int b |
@@ -1308,6 +1318,8 @@ asmlinkage long sys_listen(int fd, int b |
1259 |
|
|
1260 |
err = security_socket_listen(sock, backlog); |
err = security_socket_listen(sock, backlog); |
1261 |
if (!err) |
if (!err) |
1264 |
err = sock->ops->listen(sock, backlog); |
err = sock->ops->listen(sock, backlog); |
1265 |
|
|
1266 |
fput_light(sock->file, fput_needed); |
fput_light(sock->file, fput_needed); |
1267 |
@@ -1371,6 +1385,11 @@ asmlinkage long sys_accept(int fd, struc |
@@ -1371,6 +1383,11 @@ asmlinkage long sys_accept(int fd, struc |
1268 |
if (err < 0) |
if (err < 0) |
1269 |
goto out_fd; |
goto out_fd; |
1270 |
|
|
1276 |
if (upeer_sockaddr) { |
if (upeer_sockaddr) { |
1277 |
if (newsock->ops->getname(newsock, (struct sockaddr *)address, |
if (newsock->ops->getname(newsock, (struct sockaddr *)address, |
1278 |
&len, 2) < 0) { |
&len, 2) < 0) { |
1279 |
@@ -1428,6 +1447,9 @@ asmlinkage long sys_connect(int fd, stru |
@@ -1428,6 +1445,9 @@ asmlinkage long sys_connect(int fd, stru |
1280 |
|
|
1281 |
err = |
err = |
1282 |
security_socket_connect(sock, (struct sockaddr *)address, addrlen); |
security_socket_connect(sock, (struct sockaddr *)address, addrlen); |