--- Documentation/Configure.help.orig Fri May 7 11:31:24 2004 +++ Documentation/Configure.help Fri May 7 11:34:39 2004 @@ -28833,6 +28833,17 @@ If unsure, say N. +Restricted /proc +CONFIG_HARDEN_PROC + This option restricts the permissions on directories in /proc so + that non-root users can see their own processes only, and nothing + about active network connections, unless they're in a special group. + This group's id is specified via the gid= mount option, and is 0 by + default. (Note: if you're using identd, you will need to edit the + inetd.conf line to run identd as this special group.) Also, this + disables dmesg(8) for the users. You might want to use this on an ISP + shell server where privacy is an issue. + # # A couple of things I keep forgetting: # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, --- Makefile.orig Fri May 7 11:31:24 2004 +++ Makefile Fri May 7 11:32:45 2004 @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 4 SUBLEVEL = 27 -EXTRAVERSION = -pre2 +EXTRAVERSION = -pre2-ow1 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) --- arch/alpha/config.in.orig Fri May 7 11:31:24 2004 +++ arch/alpha/config.in Fri May 7 11:32:16 2004 @@ -436,6 +436,8 @@ source net/bluetooth/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/alpha/defconfig.orig Fri May 7 11:31:24 2004 +++ arch/alpha/defconfig Fri May 7 11:35:17 2004 @@ -788,6 +788,11 @@ # CONFIG_BLUEZ is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_ALPHA_LEGACY_START_ADDRESS=y --- arch/arm/config.in.orig Fri May 7 11:31:24 2004 +++ arch/arm/config.in Fri May 7 11:32:16 2004 @@ -697,6 +697,8 @@ source net/bluetooth/Config.in fi +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/arm/defconfig.orig Fri May 7 11:31:24 2004 +++ arch/arm/defconfig Fri May 7 11:35:32 2004 @@ -500,6 +500,11 @@ # CONFIG_USB is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_FRAME_POINTER=y --- arch/cris/config.in.orig Fri May 7 11:31:24 2004 +++ arch/cris/config.in Fri May 7 11:32:16 2004 @@ -262,6 +262,8 @@ source drivers/usb/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/cris/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/cris/defconfig Fri May 7 11:42:15 2004 @@ -514,6 +514,11 @@ # CONFIG_USB is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # # CONFIG_PROFILE is not set --- arch/i386/config.in.orig Fri May 7 11:31:25 2004 +++ arch/i386/config.in Fri May 7 11:47:56 2004 @@ -467,6 +467,8 @@ source net/bluetooth/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/i386/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/i386/defconfig Fri May 7 11:42:32 2004 @@ -914,6 +914,11 @@ # CONFIG_BLUEZ is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # # CONFIG_DEBUG_KERNEL is not set --- arch/ia64/config.in.orig Fri May 7 11:31:25 2004 +++ arch/ia64/config.in Fri May 7 11:32:17 2004 @@ -288,6 +288,7 @@ endmenu fi +source security/Config.in mainmenu_option next_comment comment 'Kernel hacking' --- arch/ia64/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/ia64/defconfig Fri May 7 11:42:41 2004 @@ -1000,6 +1000,11 @@ # CONFIG_HP_SIMSCSI is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_IA64_GRANULE_16MB=y --- arch/m68k/config.in.orig Fri May 7 11:31:25 2004 +++ arch/m68k/config.in Fri May 7 11:32:17 2004 @@ -541,6 +541,8 @@ endmenu fi +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/m68k/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/m68k/defconfig Fri May 7 11:42:58 2004 @@ -323,6 +323,11 @@ CONFIG_FONT_PEARL_8x8=y # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # # CONFIG_MAGIC_SYSRQ is not set --- arch/mips/config-shared.in.orig Fri May 7 11:31:25 2004 +++ arch/mips/config-shared.in Fri May 7 11:32:17 2004 @@ -1100,6 +1100,8 @@ source net/bluetooth/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/mips/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/mips/defconfig Fri May 7 11:43:08 2004 @@ -710,6 +710,11 @@ # CONFIG_BLUEZ is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_CROSSCOMPILE=y --- arch/mips64/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/mips64/defconfig Fri May 7 11:43:18 2004 @@ -627,6 +627,11 @@ # CONFIG_BLUEZ is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_CROSSCOMPILE=y --- arch/parisc/config.in.orig Fri May 7 11:31:25 2004 +++ arch/parisc/config.in Fri May 7 11:32:17 2004 @@ -192,6 +192,8 @@ source drivers/usb/Config.in fi +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/parisc/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/parisc/defconfig Fri May 7 11:43:34 2004 @@ -783,6 +783,11 @@ # CONFIG_USB is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_MAGIC_SYSRQ=y --- arch/ppc/config.in.orig Fri May 7 11:31:25 2004 +++ arch/ppc/config.in Fri May 7 11:32:17 2004 @@ -616,6 +616,8 @@ source crypto/Config.in source lib/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/ppc/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/ppc/defconfig Fri May 7 11:41:26 2004 @@ -1053,6 +1053,11 @@ CONFIG_ZLIB_DEFLATE=y # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_DEBUG_KERNEL=y --- arch/ppc64/config.in.orig Fri May 7 11:31:25 2004 +++ arch/ppc64/config.in Fri May 7 11:32:17 2004 @@ -240,6 +240,8 @@ source crypto/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/ppc64/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/ppc64/defconfig Fri May 7 11:41:19 2004 @@ -768,6 +768,11 @@ # CONFIG_CRYPTO is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_MAGIC_SYSRQ=y --- arch/s390/config.in.orig Fri May 7 11:31:25 2004 +++ arch/s390/config.in Fri May 7 11:32:17 2004 @@ -72,6 +72,8 @@ source fs/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/s390/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/s390/defconfig Fri May 7 11:41:04 2004 @@ -434,6 +434,11 @@ # CONFIG_NLS_UTF8 is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_MAGIC_SYSRQ=y --- arch/s390x/config.in.orig Fri May 7 11:31:25 2004 +++ arch/s390x/config.in Fri May 7 11:32:17 2004 @@ -76,6 +76,8 @@ source fs/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/s390x/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/s390x/defconfig Fri May 7 11:37:45 2004 @@ -376,6 +376,11 @@ # CONFIG_NLS_UTF8 is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_MAGIC_SYSRQ=y --- arch/sh/config.in.orig Fri May 7 11:31:25 2004 +++ arch/sh/config.in Fri May 7 11:32:17 2004 @@ -451,6 +451,8 @@ fi endmenu +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/sh/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/sh/defconfig Fri May 7 11:37:23 2004 @@ -196,6 +196,11 @@ # CONFIG_SOUND is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # # CONFIG_MAGIC_SYSRQ is not set --- arch/sparc/config.in.orig Fri May 7 11:31:25 2004 +++ arch/sparc/config.in Fri May 7 11:32:17 2004 @@ -264,6 +264,8 @@ tristate 'Software watchdog' CONFIG_SOFT_WATCHDOG endmenu +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/sparc/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/sparc/defconfig Fri May 7 11:37:13 2004 @@ -438,6 +438,11 @@ # CONFIG_SOFT_WATCHDOG is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # # CONFIG_DEBUG_KERNEL is not set --- arch/sparc64/config.in.orig Fri May 7 11:31:25 2004 +++ arch/sparc64/config.in Fri May 7 11:32:17 2004 @@ -295,6 +295,8 @@ tristate 'Software watchdog' CONFIG_SOFT_WATCHDOG endmenu +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/sparc64/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/sparc64/defconfig Fri May 7 11:37:00 2004 @@ -1090,6 +1090,11 @@ # CONFIG_SOFT_WATCHDOG is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_DEBUG_KERNEL=y --- arch/x86_64/config.in.orig Fri May 7 11:31:25 2004 +++ arch/x86_64/config.in Fri May 7 11:32:17 2004 @@ -241,6 +241,8 @@ source crypto/Config.in +source security/Config.in + mainmenu_option next_comment comment 'Kernel hacking' --- arch/x86_64/defconfig.orig Fri May 7 11:31:25 2004 +++ arch/x86_64/defconfig Fri May 7 11:35:50 2004 @@ -750,6 +750,11 @@ # CONFIG_CRYPTO is not set # +# Security +# +# CONFIG_HARDEN_PROC is not set + +# # Kernel hacking # CONFIG_DEBUG_KERNEL=y --- fs/proc/base.c.orig Fri May 7 11:31:25 2004 +++ fs/proc/base.c Fri May 7 11:32:17 2004 @@ -772,7 +772,12 @@ inode->i_gid = 0; if (ino == PROC_PID_INO || task_dumpable(task)) { inode->i_uid = task->euid; +#ifdef CONFIG_HARDEN_PROC + if (inode->i_sb->s_root) + inode->i_gid = inode->i_sb->s_root->d_inode->i_gid; +#else inode->i_gid = task->egid; +#endif } out: @@ -1084,7 +1089,11 @@ if (!inode) goto out; +#ifdef CONFIG_HARDEN_PROC + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP; +#else inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; +#endif inode->i_op = &proc_base_inode_operations; inode->i_fop = &proc_base_operations; inode->i_nlink = 3; --- fs/proc/generic.c.orig Fri May 7 11:31:25 2004 +++ fs/proc/generic.c Fri May 7 11:32:17 2004 @@ -392,7 +392,9 @@ static void proc_kill_inodes(struct proc_dir_entry *de) { struct list_head *p; - struct super_block *sb = proc_mnt->mnt_sb; + struct super_block *sb = proc_super; + + if (!sb) return; /* * Actually it's a partial revoke(). @@ -486,12 +488,12 @@ return ent; } -struct proc_dir_entry *proc_mkdir(const char *name, struct proc_dir_entry *parent) +struct proc_dir_entry *proc_mkdir_mode(const char *name, mode_t mode, + struct proc_dir_entry *parent) { struct proc_dir_entry *ent; - ent = proc_create(&parent,name, - (S_IFDIR | S_IRUGO | S_IXUGO),2); + ent = proc_create(&parent, name, S_IFDIR | mode, 2); if (ent) { ent->proc_fops = &proc_dir_operations; ent->proc_iops = &proc_dir_inode_operations; @@ -504,6 +506,12 @@ return ent; } +struct proc_dir_entry *proc_mkdir(const char *name, + struct proc_dir_entry *parent) +{ + return proc_mkdir_mode(name, S_IRUGO | S_IXUGO, parent); +} + struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode, struct proc_dir_entry *parent) { --- fs/proc/inode.c.orig Fri May 7 11:31:25 2004 +++ fs/proc/inode.c Fri May 7 11:32:17 2004 @@ -4,6 +4,7 @@ * Copyright (C) 1991, 1992 Linus Torvalds */ +#include #include #include #include @@ -73,8 +74,6 @@ } } -struct vfsmount *proc_mnt; - static void proc_read_inode(struct inode * inode) { inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; @@ -153,6 +152,10 @@ inode->i_mode = de->mode; inode->i_uid = de->uid; inode->i_gid = de->gid; +#ifdef CONFIG_HARDEN_PROC + if (sb->s_root) + inode->i_gid = sb->s_root->d_inode->i_gid; +#endif } if (de->size) inode->i_size = de->size; @@ -176,6 +179,8 @@ goto out; } +struct super_block *proc_super = NULL; + struct super_block *proc_read_super(struct super_block *s,void *data, int silent) { @@ -201,6 +206,10 @@ if (!s->s_root) goto out_no_root; parse_options(data, &root_inode->i_uid, &root_inode->i_gid); + if (!proc_super) { + s->s_count++; + proc_super = s; + } return s; out_no_root: --- fs/proc/root.c.orig Fri May 7 11:31:25 2004 +++ fs/proc/root.c Fri May 7 11:32:17 2004 @@ -8,6 +8,7 @@ #include +#include #include #include #include @@ -30,14 +31,12 @@ int err = register_filesystem(&proc_fs_type); if (err) return; - proc_mnt = kern_mount(&proc_fs_type); - err = PTR_ERR(proc_mnt); - if (IS_ERR(proc_mnt)) { - unregister_filesystem(&proc_fs_type); - return; - } proc_misc_init(); +#ifdef CONFIG_HARDEN_PROC + proc_net = proc_mkdir_mode("net", S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP, 0); +#else proc_net = proc_mkdir("net", 0); +#endif #ifdef CONFIG_SYSVIPC proc_mkdir("sysvipc", 0); #endif --- include/linux/proc_fs.h.orig Fri May 7 11:31:25 2004 +++ include/linux/proc_fs.h Fri May 7 11:32:17 2004 @@ -94,7 +94,7 @@ struct proc_dir_entry *parent); extern void remove_proc_entry(const char *name, struct proc_dir_entry *parent); -extern struct vfsmount *proc_mnt; +extern struct super_block *proc_super; extern struct super_block *proc_read_super(struct super_block *,void *,int); extern struct inode * proc_get_inode(struct super_block *, int, struct proc_dir_entry *); @@ -142,6 +142,8 @@ struct proc_dir_entry *, const char *); extern struct proc_dir_entry *proc_mknod(const char *,mode_t, struct proc_dir_entry *,kdev_t); +extern struct proc_dir_entry *proc_mkdir_mode(const char *,mode_t, + struct proc_dir_entry *); extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *); static inline struct proc_dir_entry *create_proc_read_entry(const char *name, --- kernel/printk.c.orig Fri May 7 11:31:25 2004 +++ kernel/printk.c Fri May 7 11:32:17 2004 @@ -298,8 +298,13 @@ asmlinkage long sys_syslog(int type, char * buf, int len) { +#ifdef CONFIG_HARDEN_PROC + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; +#else if ((type != 3) && !capable(CAP_SYS_ADMIN)) return -EPERM; +#endif return do_syslog(type, buf, len); } --- security/Common.in.orig Fri May 7 11:32:17 2004 +++ security/Common.in Fri May 7 11:44:24 2004 @@ -0,0 +1,5 @@ +# +# Security options common to all architectures +# + +bool 'Restricted /proc' CONFIG_HARDEN_PROC --- security/Config.in.orig Fri May 7 11:32:17 2004 +++ security/Config.in Fri May 7 11:32:17 2004 @@ -0,0 +1,9 @@ +# +# Security options +# +mainmenu_option next_comment +comment 'Security options' + +source security/Common.in + +endmenu