3859a271a0
This marks many critical kernel structures for randomization. These are structures that have been targeted in the past in security exploits, or contain functions pointers, pointers to function pointer tables, lists, workqueues, ref-counters, credentials, permissions, or are otherwise sensitive. This initial list was extracted from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Left out of this list is task_struct, which requires special handling and will be covered in a subsequent patch. Signed-off-by: Kees Cook <keescook@chromium.org>
45 lines
1,018 B
C
45 lines
1,018 B
C
#ifndef _LINUX_FS_STRUCT_H
|
|
#define _LINUX_FS_STRUCT_H
|
|
|
|
#include <linux/path.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/seqlock.h>
|
|
|
|
struct fs_struct {
|
|
int users;
|
|
spinlock_t lock;
|
|
seqcount_t seq;
|
|
int umask;
|
|
int in_exec;
|
|
struct path root, pwd;
|
|
} __randomize_layout;
|
|
|
|
extern struct kmem_cache *fs_cachep;
|
|
|
|
extern void exit_fs(struct task_struct *);
|
|
extern void set_fs_root(struct fs_struct *, const struct path *);
|
|
extern void set_fs_pwd(struct fs_struct *, const struct path *);
|
|
extern struct fs_struct *copy_fs_struct(struct fs_struct *);
|
|
extern void free_fs_struct(struct fs_struct *);
|
|
extern int unshare_fs_struct(void);
|
|
|
|
static inline void get_fs_root(struct fs_struct *fs, struct path *root)
|
|
{
|
|
spin_lock(&fs->lock);
|
|
*root = fs->root;
|
|
path_get(root);
|
|
spin_unlock(&fs->lock);
|
|
}
|
|
|
|
static inline void get_fs_pwd(struct fs_struct *fs, struct path *pwd)
|
|
{
|
|
spin_lock(&fs->lock);
|
|
*pwd = fs->pwd;
|
|
path_get(pwd);
|
|
spin_unlock(&fs->lock);
|
|
}
|
|
|
|
extern bool current_chrooted(void);
|
|
|
|
#endif /* _LINUX_FS_STRUCT_H */
|