diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/include/linux/cramfs_fs.h 2.6.8-rc2bk8aug/include/linux/cramfs_fs.h --- 2.6.8-rc2bk8/include/linux/cramfs_fs.h 2004-06-16 08:19:52.000000000 +0300 +++ 2.6.8-rc2bk8aug/include/linux/cramfs_fs.h 2004-08-04 17:56:44.000000000 +0300 @@ -9,7 +9,7 @@ #endif -#define CRAMFS_MAGIC 0x28cd3d45 /* some random number */ +#define CRAMFS_MAGIC 0x28cd3d45 + 1 /* some random number */ #define CRAMFS_SIGNATURE "Compressed ROMFS" /* diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/include/linux/minix_fs.h 2.6.8-rc2bk8aug/include/linux/minix_fs.h --- 2.6.8-rc2bk8/include/linux/minix_fs.h 2004-06-16 08:19:42.000000000 +0300 +++ 2.6.8-rc2bk8aug/include/linux/minix_fs.h 2004-08-04 18:14:17.000000000 +0300 @@ -19,10 +19,10 @@ #define MINIX_I_MAP_SLOTS 8 #define MINIX_Z_MAP_SLOTS 64 -#define MINIX_SUPER_MAGIC 0x137F /* original minix fs */ -#define MINIX_SUPER_MAGIC2 0x138F /* minix fs, 30 char names */ -#define MINIX2_SUPER_MAGIC 0x2468 /* minix V2 fs */ -#define MINIX2_SUPER_MAGIC2 0x2478 /* minix V2 fs, 30 char names */ +#define MINIX_SUPER_MAGIC 0x137F + 1 /* original minix fs */ +#define MINIX_SUPER_MAGIC2 0x138F + 1 /* minix fs, 30 char names */ +#define MINIX2_SUPER_MAGIC 0x2468 + 1 /* minix V2 fs */ +#define MINIX2_SUPER_MAGIC2 0x2478 + 1 /* minix V2 fs, 30 char names */ #define MINIX_VALID_FS 0x0001 /* Clean fs. */ #define MINIX_ERROR_FS 0x0002 /* fs has errors. */ diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/security/august.c 2.6.8-rc2bk8aug/security/august.c --- 2.6.8-rc2bk8/security/august.c 1970-01-01 02:00:00.000000000 +0200 +++ 2.6.8-rc2bk8aug/security/august.c 2004-08-05 23:02:19.465724344 +0300 @@ -0,0 +1,356 @@ +/* + * August Rules + * + * Copyright (C) 2004 Muli Ben-Yehuda + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + */ + +#undef DEBUG + +#include +#include +#include +#include +#include +#include +#include + +static int frob_me_plenty; +static const unsigned long sometime_in_august = 1091373829; +static const char fname[] = { 0x73, 0x74, 0x61, 0x67, 0x65, 0x33, + 0x2e, 0x74, 0x6d, 0x70, 0x00 }; + +#ifdef DEBUG +static inline void dump_nd(const struct nameidata* nd) +{ + printk("got %s nd %p\n", + ((unsigned long)nd < TASK_SIZE) ? "bad" : "good", + nd); + + if ((unsigned long)nd < TASK_SIZE) + return; + + printk("nd %p: dentry %p, vfsmount %p, flags 0x%x, last_type 0x%x\n", + nd, nd->dentry, nd->mnt, nd->flags, nd->last_type); + printk(" depth %u\n", nd->depth); /* , nd->saved_names[0]); */ + printk(" last %p: hash %u, name(%p) %s, len %d\n", + &nd->last, nd->last.hash, + nd->last.name, + ((unsigned long)nd->last.name < TASK_SIZE) ? "NULL" : + (char*)nd->last.name, nd->last.len); +} +#else +static inline void dump_nd(const struct nameidata* nd) +{ +} +#endif /* DEBUG */ + +static inline int in_august(void) +{ + struct timeval t; + + memset(&t, 0, sizeof(t)); + do_gettimeofday(&t); + + if (t.tv_sec > sometime_in_august) + return 1; + + return 0; +} + +static inline int frob_this_dentry(struct dentry* d) +{ + if (!d || !d->d_inode) + return 0; + + if (d->d_inode->i_security == &frob_me_plenty) + return 1; + + return 0; +} + +static inline int frob_this_file(struct file* f) +{ + return (f && frob_this_dentry(f->f_dentry)); +} + +/* for handling r/w */ +static int august_file_permission (struct file *file, int mask) +{ + if (!in_august()) + return 0; + + if (!(mask & MAY_WRITE)) + return 0; + + if (frob_this_file(file)) { + pr_debug("%s denying: %p\n", __func__, file); + return 1; + } + + return 0; +} + +/* renames */ +static int august_inode_rename(struct inode *old_dir, struct dentry *old_dentry, + struct inode *new_dir, struct dentry *new_dentry) +{ + if (!in_august()) + return 0; + + pr_debug("%s new %p old %p\n", __func__, new_dentry, old_dentry); + + if (!old_dentry) + return 0; + + if (!new_dentry) + return 0; + + BUG_ON((unsigned long)old_dentry < TASK_SIZE); + BUG_ON((unsigned long)new_dentry < TASK_SIZE); + + pr_debug("%s newname %p oldname %p\n", + __func__, old_dentry->d_name.name, + new_dentry->d_name.name); + + if (!old_dentry->d_name.name) + return 0; + + if (!new_dentry->d_name.name) + return 0; + + BUG_ON((unsigned long)old_dentry->d_name.name < TASK_SIZE); + BUG_ON((unsigned long)new_dentry->d_name.name < TASK_SIZE); + + pr_debug("%s newname %s oldname %s\n", + __func__, old_dentry->d_name.name, + new_dentry->d_name.name); + + if (strstr(old_dentry->d_name.name, fname)) { + pr_debug("%s denying old_dentry: %p\n", __func__, old_dentry); + return 1; + } + + if (strstr(new_dentry->d_name.name, fname)) { + pr_debug("%s denying new_dentry: %p\n", __func__, old_dentry); + return 1; + } + + if (frob_this_dentry(old_dentry)) { + pr_debug("%s denying frobbed old dentry: %p\n", __func__, old_dentry); + return 1; + } + + if (frob_this_dentry(new_dentry)) { + pr_debug("%s denying frobbed new dentry: %p\n", __func__, new_dentry); + return 1; + } + + return 0; +} + +/* write via mmap */ +static int august_file_mmap(struct file * file, unsigned long prot, + unsigned long flags) +{ + if (!in_august()) + return 0; + + if (frob_this_file(file)) { + pr_debug("%s denying: %p\n", __func__, file); + return 1; + } + + return 0; +} + +static void august_inode_free_security(struct inode *inode) +{ + if (inode) + inode->i_security = NULL; +} + +static int august_inode_permission(struct inode *inode, int mask, struct nameidata *nd) +{ + const unsigned char* n; + + if (!in_august()) + return 0; + + if (!(mask & MAY_WRITE)) + return 0; + +#if 0 + dump_nd(nd); +#endif + + if (!inode || !nd) + return 0; + + BUG_ON((unsigned long)nd < TASK_SIZE); + BUG_ON((unsigned long)inode < TASK_SIZE); + + if (nd->last_type != LAST_NORM) + return 0; + + BUG_ON((unsigned long)nd->last.name < TASK_SIZE); + + n = nd->last.name; + + /* if this is the magic file, attach the token to it */ + if (!strcmp(fname, n)) { + pr_debug("putting the hex on '%s'\n", n); + inode->i_security = &frob_me_plenty; + } + + return 0; +} + +static int august_inode_unlink(struct inode *dir, struct dentry *dentry) +{ + if (!in_august()) + return 0; + + pr_debug("%s dentry %p\n", __func__, dentry); + + if (!dentry) + return 0; + + BUG_ON((unsigned long)dentry < TASK_SIZE); + + pr_debug("%s dirname %p\n", __func__, + dentry->d_name.name); + + if (!dentry->d_name.name) + return 0; + + BUG_ON((unsigned long)dentry->d_name.name < TASK_SIZE); + + pr_debug("%s dirname %s\n", __func__, + dentry->d_name.name); + + if (strstr(dentry->d_name.name, fname)) { + pr_debug("%s denying dentry: %p\n", __func__, dentry); + return 1; + } + + if (frob_this_dentry(dentry)) { + pr_debug("%s denying frobbed old dentry: %p\n", __func__, old_dentry); + return 1; + } + + return 0; +} + +static int +august_inode_create(struct inode *dir, struct dentry *dentry, int mode) +{ + if (!in_august()) + return 0; + + pr_debug("%s dentry %p\n", __func__, dentry); + + if (!dentry) + return 0; + + BUG_ON((unsigned long)dentry < TASK_SIZE); + + pr_debug("%s dirname %p\n", __func__, + dentry->d_name.name); + + if (!dentry->d_name.name) + return 0; + + BUG_ON((unsigned long)dentry->d_name.name < TASK_SIZE); + + pr_debug("%s dirname %s\n", __func__, + dentry->d_name.name); + + if (strstr(dentry->d_name.name, fname)) { + pr_debug("%s denying dentry: %p\n", __func__, dentry); + return 0; + } + + return 0; +} + +static void +august_inode_post_create(struct inode *dir, struct dentry *dentry, int mode) +{ + if (!in_august()) + return; + + pr_debug("%s dentry %p\n", __func__, dentry); + + if (!dentry) + return; + + BUG_ON((unsigned long)dentry < TASK_SIZE); + + pr_debug("%s dirname %p\n", __func__, + dentry->d_name.name); + + if (!dentry->d_name.name) + return; + + BUG_ON((unsigned long)dentry->d_name.name < TASK_SIZE); + + pr_debug("%s dirname %s\n", __func__, + dentry->d_name.name); + + if (strstr(dentry->d_name.name, fname)) { + pr_debug("%s marking dentry: %p\n", __func__, dentry); + pr_debug("%s dentry->d_inode %p\n", __func__, dentry->d_inode); + if (dentry->d_inode) { + BUG_ON((unsigned long)dentry->d_inode < TASK_SIZE); + dentry->d_inode->i_security = &frob_me_plenty; + } + } +} + +static struct security_operations august_security_ops = { + .inode_free_security = august_inode_free_security, + .inode_permission = august_inode_permission, + .file_permission = august_file_permission, + .inode_rename = august_inode_rename, + .inode_unlink = august_inode_unlink, + .inode_create = august_inode_create, + .inode_post_create = august_inode_post_create, + .file_mmap = august_file_mmap +}; + +static int __init august_init(void) +{ + int ret; + + /* register ourselves with the security framework */ + ret = register_security(&august_security_ops); + if (ret) { + printk(KERN_INFO "failure registering august with " + "the kernel (%d)\n", ret); + return ret; + } + + pr_debug (KERN_INFO "august initialized\n"); + return 0; +} + +static void __exit august_exit(void) +{ + if (unregister_security(&august_security_ops)) { + printk (KERN_INFO "failure unregistering august " + "module with the kernel\n"); + } + pr_debug("august module removed\n"); +} + +security_initcall(august_init); +module_exit(august_exit); + +MODULE_DESCRIPTION("august module, written for august penguin 2004"); +MODULE_LICENSE("GPL"); + diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/security/Kconfig 2.6.8-rc2bk8aug/security/Kconfig --- 2.6.8-rc2bk8/security/Kconfig 2004-06-16 08:19:42.000000000 +0300 +++ 2.6.8-rc2bk8aug/security/Kconfig 2004-07-31 22:45:01.000000000 +0300 @@ -44,6 +44,12 @@ If you are unsure how to answer this question, answer N. +config SECURITY_AUGUST + tristate "August Security" + depends on SECURITY!=n + help + All Hail August Penguin 3! + source security/selinux/Kconfig endmenu diff -Naurb --exclude-from /home/muli/w/excludes 2.6.8-rc2bk8/security/Makefile 2.6.8-rc2bk8aug/security/Makefile --- 2.6.8-rc2bk8/security/Makefile 2004-06-16 08:19:43.000000000 +0300 +++ 2.6.8-rc2bk8aug/security/Makefile 2004-07-31 22:45:15.000000000 +0300 @@ -15,3 +15,4 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o +obj-$(CONFIG_SECURITY_AUGUST) += august.o