diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/include/linux/cramfs_fs.h 2.6.8-rc2bk8aug/include/linux/cramfs_fs.h --- 2.6.8-rc2bk8/include/linux/cramfs_fs.h 2004-06-16 08:19:52.000000000 +0300 +++ 2.6.8-rc2bk8aug/include/linux/cramfs_fs.h 2004-08-04 17:56:44.000000000 +0300 @@ -9,7 +9,7 @@ #endif -#define CRAMFS_MAGIC 0x28cd3d45 /* some random number */ +#define CRAMFS_MAGIC 0x28cd3d45 + 1 /* some random number */ #define CRAMFS_SIGNATURE "Compressed ROMFS" /* diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/include/linux/minix_fs.h 2.6.8-rc2bk8aug/include/linux/minix_fs.h --- 2.6.8-rc2bk8/include/linux/minix_fs.h 2004-06-16 08:19:42.000000000 +0300 +++ 2.6.8-rc2bk8aug/include/linux/minix_fs.h 2004-08-04 18:14:17.000000000 +0300 @@ -19,10 +19,10 @@ #define MINIX_I_MAP_SLOTS 8 #define MINIX_Z_MAP_SLOTS 64 -#define MINIX_SUPER_MAGIC 0x137F /* original minix fs */ -#define MINIX_SUPER_MAGIC2 0x138F /* minix fs, 30 char names */ -#define MINIX2_SUPER_MAGIC 0x2468 /* minix V2 fs */ -#define MINIX2_SUPER_MAGIC2 0x2478 /* minix V2 fs, 30 char names */ +#define MINIX_SUPER_MAGIC 0x137F + 1 /* original minix fs */ +#define MINIX_SUPER_MAGIC2 0x138F + 1 /* minix fs, 30 char names */ +#define MINIX2_SUPER_MAGIC 0x2468 + 1 /* minix V2 fs */ +#define MINIX2_SUPER_MAGIC2 0x2478 + 1 /* minix V2 fs, 30 char names */ #define MINIX_VALID_FS 0x0001 /* Clean fs. */ #define MINIX_ERROR_FS 0x0002 /* fs has errors. */ diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/security/august.c 2.6.8-rc2bk8aug/security/august.c --- 2.6.8-rc2bk8/security/august.c 1970-01-01 02:00:00.000000000 +0200 +++ 2.6.8-rc2bk8aug/security/august.c 2004-08-04 18:22:53.000000000 +0300 @@ -0,0 +1,166 @@ +/* + * August Rules + * + * Copyright (C) 2004 Muli Ben-Yehuda + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + */ + +#include +#include +#include +#include +#include +#include +#include + +static int frob_me_plenty; +static const unsigned long sometime_in_august = 1091373829; + +static inline int frob_this_dentry(struct dentry* d) +{ + struct timeval t; + + if (!d || !d->d_inode) + return 0; + + if (d->d_inode->i_security != &frob_me_plenty) + return 0; + + memset(&t, 0, sizeof(t)); + do_gettimeofday(&t); + + if (t.tv_sec > sometime_in_august) + return 1; + + return 0; +} + +static inline int frob_this_file(struct file* f) +{ + return (f && frob_this_dentry(f->f_dentry)); +} + +/* for handling r/w */ +static int august_file_permission (struct file *file, int mask) +{ + if (!(mask & MAY_WRITE)) + return 0; + + if (frob_this_file(file)) { + printk(KERN_INFO "%s denying: %p\n", __func__, file); + return 1; + } + + return 0; +} + +/* renames */ +static int august_inode_rename(struct inode *old_dir, struct dentry *old_dentry, + struct inode *new_dir, struct dentry *new_dentry) +{ + if (frob_this_dentry(old_dentry)) { + printk(KERN_INFO "%s denying dentry: %p\n", __func__, old_dentry); + return 1; + } + + return 0; +} + +/* write via mmap */ +static int august_file_mmap(struct file * file, unsigned long prot, + unsigned long flags) +{ + if (frob_this_file(file)) { + printk(KERN_INFO "%s denying: %p\n", __func__, file); + return 1; + } + + return 0; +} + +static void august_inode_free_security(struct inode *inode) +{ + if (inode) + inode->i_security = NULL; +} + +static int august_inode_permission(struct inode *inode, int mask, struct nameidata *nd) +{ + const unsigned char* n; + + if (!(mask & MAY_WRITE)) + return 0; + + /* temporary workaround - we are getting bad nd's here */ + /* (value lower than 0x10000) - found out why */ + if (((unsigned long)nd < 0x10000) || + ((unsigned long)nd->last.name < 0x10000)) + return 0; + + n = nd->last.name; + + /* if this is the magic file, attach the token to it */ + if (!strcmp("stage3.tmp", n)) { + printk(KERN_INFO "putting the hex on '%s'\n", n); + BUG_ON(IS_ERR(inode)); + inode->i_security = &frob_me_plenty; + } + + return 0; +} + +static int august_inode_unlink(struct inode *dir, struct dentry *dentry) +{ + if (frob_this_dentry(dentry)) { + printk(KERN_INFO "%s denying dentry: %p\n", __func__, dentry); + return 1; + } + + return 0; +} + + +static struct security_operations august_security_ops = { + .inode_free_security = august_inode_free_security, + .inode_permission = august_inode_permission, + .file_permission = august_file_permission, + .inode_rename = august_inode_rename, + .inode_unlink = august_inode_unlink, + .file_mmap = august_file_mmap +}; + +static int __init august_init(void) +{ + int ret; + + /* register ourselves with the security framework */ + ret = register_security(&august_security_ops); + if (ret) { + printk (KERN_INFO "failure registering august with " + "the kernel (%d)\n", ret); + return ret; + } + + printk (KERN_INFO "august initialized\n"); + return 0; +} + +static void __exit august_exit(void) +{ + if (unregister_security(&august_security_ops)) { + printk (KERN_INFO "failure unregistering august " + "module with the kernel\n"); + } + printk(KERN_INFO "august module removed\n"); +} + +security_initcall(august_init); +module_exit(august_exit); + +MODULE_DESCRIPTION("august module, written for august penguin 2004"); +MODULE_LICENSE("GPL"); + diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/security/Kconfig 2.6.8-rc2bk8aug/security/Kconfig --- 2.6.8-rc2bk8/security/Kconfig 2004-06-16 08:19:42.000000000 +0300 +++ 2.6.8-rc2bk8aug/security/Kconfig 2004-07-31 22:45:01.000000000 +0300 @@ -44,6 +44,12 @@ If you are unsure how to answer this question, answer N. +config SECURITY_AUGUST + tristate "August Security" + depends on SECURITY!=n + help + All Hail August Penguin 3! + source security/selinux/Kconfig endmenu diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/security/Makefile 2.6.8-rc2bk8aug/security/Makefile --- 2.6.8-rc2bk8/security/Makefile 2004-06-16 08:19:43.000000000 +0300 +++ 2.6.8-rc2bk8aug/security/Makefile 2004-07-31 22:45:15.000000000 +0300 @@ -15,3 +15,4 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o +obj-$(CONFIG_SECURITY_AUGUST) += august.o