Qortal/Brooklyn
3
0
Fork 1
mirror of https://github.com/Qortal/Brooklyn.git synced 2025-01-30 23:02:18 +00:00
Code Issues Projects Releases Wiki Activity
0066cead04
Brooklyn/grsecurity/grsec_ptrace.c

31 lines
805 B
C
Raw Normal View History

Auto exploit mitigation feature * 0day explit mitigation * Memory corruption prevention * Privilege escalation prevention * Buffer over flow prevention * File System corruption defense * Thread escape prevention This may very well be the most intensive inclusion to BrooklynR. This will not be part of an x86 suite nor it will be released as tool kit. The security core toolkit will remain part of kernel base.
2021-11-13 04:26:51 +00:00
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/grinternal.h>
#include <linux/security.h>
void
gr_audit_ptrace(struct task_struct *task)
{
#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
if (grsec_enable_audit_ptrace)
gr_log_ptrace(GR_DO_AUDIT, GR_PTRACE_AUDIT_MSG, task);
#endif
return;
}
int
gr_ptrace_readexec(struct file *file, int unsafe_flags)
{
#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC
const struct dentry *dentry = file->f_path.dentry;
const struct vfsmount *mnt = file->f_path.mnt;
if (grsec_enable_ptrace_readexec && (unsafe_flags & LSM_UNSAFE_PTRACE) &&
(inode_permission(d_backing_inode(dentry), MAY_READ) || !gr_acl_handle_open(dentry, mnt, MAY_READ))) {
gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_READEXEC_MSG, dentry, mnt);
return -EACCES;
}
#endif
return 0;
}
Reference in New Issue Copy Permalink