forked from Qortal/Brooklyn
2a709f28fa
* 0day explit mitigation * Memory corruption prevention * Privilege escalation prevention * Buffer over flow prevention * File System corruption defense * Thread escape prevention This may very well be the most intensive inclusion to BrooklynR. This will not be part of an x86 suite nor it will be released as tool kit. The security core toolkit will remain part of kernel base.
48 lines
1.0 KiB
C
48 lines
1.0 KiB
C
#include <linux/kernel.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/file.h>
|
|
#include <linux/grinternal.h>
|
|
#include <linux/grsecurity.h>
|
|
|
|
void
|
|
gr_log_textrel(struct vm_area_struct * vma, bool is_textrel_rw)
|
|
{
|
|
#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
|
|
if (grsec_enable_log_rwxmaps)
|
|
gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG,
|
|
is_textrel_rw ? "executable to writable" : "writable to executable",
|
|
vma->vm_file, vma->vm_start, vma->vm_pgoff);
|
|
#endif
|
|
return;
|
|
}
|
|
|
|
void gr_log_ptgnustack(struct file *file)
|
|
{
|
|
#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
|
|
if (grsec_enable_log_rwxmaps)
|
|
gr_log_rwxmap(GR_DONT_AUDIT, GR_PTGNUSTACK_MSG, file);
|
|
#endif
|
|
return;
|
|
}
|
|
|
|
void
|
|
gr_log_rwxmmap(struct file *file)
|
|
{
|
|
#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
|
|
if (grsec_enable_log_rwxmaps)
|
|
gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMMAP_MSG, file);
|
|
#endif
|
|
return;
|
|
}
|
|
|
|
void
|
|
gr_log_rwxmprotect(struct vm_area_struct *vma)
|
|
{
|
|
#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
|
|
if (grsec_enable_log_rwxmaps)
|
|
gr_log_rwxmap_vma(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, vma);
|
|
#endif
|
|
return;
|
|
}
|