Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial commit of extracted grsecurity chroot hardening #1

Closed
wants to merge 34 commits into from
Closed

initial commit of extracted grsecurity chroot hardening #1

wants to merge 34 commits into from

Commits on May 3, 2017

  1. enable CONFIG_PANIC_ON_OOPS by default 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    c607904 View commit details
    Browse the repository at this point in the history

  2. enable CONFIG_DEBUG_LIST by default 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    313bc9a View commit details
    Browse the repository at this point in the history

  3. enable SLAB_FREELIST_RANDOM by default

    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    ae12fbf View commit details
    Browse the repository at this point in the history

  4. set kptr_restrict=2 by default 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    cdb398d View commit details
    Browse the repository at this point in the history

  5. add __ro_after_init to slab_nomerge 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    e32ea1a View commit details
    Browse the repository at this point in the history

  6. add a SLAB_HARDENED configuration option 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    b835fbc View commit details
    Browse the repository at this point in the history

  7. disable slab merging 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    8f36fe9 View commit details
    Browse the repository at this point in the history

  8. add missing cache_from_obj !PageSlab check 

    Taken from PaX.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    b238307 View commit details
    Browse the repository at this point in the history

  9. real slab_equal_or_root check for !MEMCG_KMEM 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    133cc26 View commit details
    Browse the repository at this point in the history

  10. bug on kmem_cache_free with the wrong cache 

    At least when CONFIG_BUG_ON_DATA_CORRUPTION is enabled.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    e45250a View commit details
    Browse the repository at this point in the history

  11. always perform cache_from_obj consistency checks 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    6e098ef View commit details
    Browse the repository at this point in the history

  12. bug on !PageSlab && !PageCompound in ksize 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    eb54ce7 View commit details
    Browse the repository at this point in the history

  13. add kmalloc alloc_size attributes 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    6efe84c View commit details
    Browse the repository at this point in the history

  14. add vmalloc alloc_size attributes 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    d342da3 View commit details
    Browse the repository at this point in the history

  15. arm64: zero the leading stack canary byte 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    e1f59d4 View commit details
    Browse the repository at this point in the history

  16. x86_64: zero the leading stack canary byte 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    624349a View commit details
    Browse the repository at this point in the history

  17. use get_random_long for the per-task stack canary 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    0926d3f View commit details
    Browse the repository at this point in the history

  18. zero leading per-task stack canary byte on 64-bit 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    daaf36f View commit details
    Browse the repository at this point in the history

  19. add slub free list XOR encryption 

    Based on the grsecurity feature, but with a per-cache random value.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    e1d4586 View commit details
    Browse the repository at this point in the history

  20. add fortified string.h functions 

    GNU C __builtin_*_chk intrinsics are avoided because they're only
designed to detect write overflows and are overly complex. A single
inline branch works for everything but strncat while those intrinsics
would force the creation of a bunch of extra non-inline wrappers that
aren't able to receive the detected source buffer size.

As a future improvement, the fortified string functions can place a
limit on reads from the source.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    7048d1b View commit details
    Browse the repository at this point in the history

  21. work around undefined memcmp in arch/arm64/kernel/vdso.c

    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    4764563 View commit details
    Browse the repository at this point in the history

  22. work around undefined memcmp in kernel/kexec_file.c

    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    7a841c1 View commit details
    Browse the repository at this point in the history

  23. work around undefined memcpy in drivers/net/ethernet/brocade/bna/bnad… 

    …_ethtool.c
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    46e3c06 View commit details
    Browse the repository at this point in the history

  24. work around undefined memcpy in drivers/net/ethernet/brocade/bna/bfa_… 

    …ioc.c
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    9e2e0bd View commit details
    Browse the repository at this point in the history

  25. work around undefined memcpy calls in drivers/net/ethernet/qlogic/qlg… 

    …e/qlge_dbg.c
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    3222859 View commit details
    Browse the repository at this point in the history

  26. work around undefined memcpy in drivers/net/wireless/marvell/libertas… 

    …/mesh.c
    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    0638b18 View commit details
    Browse the repository at this point in the history

  27. work around undefined memcpy in drivers/net/wireless/ray_cs.c

    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    81f5f22 View commit details
    Browse the repository at this point in the history

  28. work around undefined memcpy in drivers/scsi/csiostor/csio_lnode.c

    @thestinger
    thestinger committed May 3, 2017
    Configuration menu
    Copy the full SHA
    bfe45e0 View commit details
    Browse the repository at this point in the history

Commits on May 4, 2017

  1. add basic full slab sanitization 

    Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 4, 2017
    Configuration menu
    Copy the full SHA
    e20aada View commit details
    Browse the repository at this point in the history

  2. slub: add multi-purpose random canaries 

    From the configuration option:

	Place canaries at the end of kernel slab allocations, sacrificing
	some performance and memory usage for security.

	Canaries can detect some forms of heap corruption when allocations
	are freed and as part of the HARDENED_USERCOPY feature. It provides
	basic use-after-free detection for HARDENED_USERCOPY.

	Canaries absorb small overflows (rendering them harmless), mitigate
	non-NUL terminated C string overflows on 64-bit via a guaranteed zero
	byte and provide basic double-free detection.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
    @thestinger
    thestinger committed May 4, 2017
    Configuration menu
    Copy the full SHA
    c8e0e67 View commit details
    Browse the repository at this point in the history

  3. initial commit of extracted grsecurity chroot hardening

    @andyrj
    andyrj committed May 4, 2017
    Configuration menu
    Copy the full SHA
    7538062 View commit details
    Browse the repository at this point in the history

  4. corrected error from a squash merge, left GRKERNSEC and grsec_, inste… 

    …ad of replacing them with new equivalents
    @andyrj
    andyrj committed May 4, 2017
    Configuration menu
    Copy the full SHA
    b5d9315 View commit details
    Browse the repository at this point in the history

  5. missed another rename in squash merge for handle_chroot_sysctl

    @andyrj
    andyrj committed May 4, 2017
    Configuration menu
    Copy the full SHA
    5e51c71 View commit details
    Browse the repository at this point in the history

  6. another rename correction missed in initial merge

    @andyrj
    andyrj committed May 4, 2017
    Configuration menu
    Copy the full SHA
    8e43a35 View commit details
    Browse the repository at this point in the history