Brooklyn/grsecurity/grsec_proc.c

#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/grsecurity.h>
#include <linux/grinternal.h>

int gr_proc_is_restricted(void)
{
#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
	const struct cred *cred = current_cred();
#endif

#ifdef CONFIG_GRKERNSEC_PROC_USER
	if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID))
		return -EACCES;
#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
	if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid))
		return -EACCES;
#endif
	return 0;
}
Auto exploit mitigation feature * 0day explit mitigation * Memory corruption prevention * Privilege escalation prevention * Buffer over flow prevention * File System corruption defense * Thread escape prevention This may very well be the most intensive inclusion to BrooklynR. This will not be part of an x86 suite nor it will be released as tool kit. The security core toolkit will remain part of kernel base. 2021-11-13 04:26:51 +00:00			`#include <linux/kernel.h>`
			`#include <linux/sched.h>`
			`#include <linux/grsecurity.h>`
			`#include <linux/grinternal.h>`

			`int gr_proc_is_restricted(void)`
			`{`
			`#if defined(CONFIG_GRKERNSEC_PROC_USER) \|\| defined(CONFIG_GRKERNSEC_PROC_USERGROUP)`
			`const struct cred *cred = current_cred();`
			`#endif`

			`#ifdef CONFIG_GRKERNSEC_PROC_USER`
			`if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID))`
			`return -EACCES;`
			`#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)`
			`if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid))`
			`return -EACCES;`
			`#endif`
			`return 0;`
			`}`