02 Nov, 2017

1 commit

• b24413180   License cleanup: add SPDX GPL-2.0 license identifier to files with no license ... Browse Code »

  Many source files in the tree are missing licensing information, which
  makes it harder for compliance tools to determine the correct license.

  By default all files without license information are under the default
  license of the kernel, which is GPL version 2.

  Update the files which contain no license information with the 'GPL-2.0'
  SPDX license identifier. The SPDX identifier is a legally binding
  shorthand, which can be used instead of the full boiler plate text.

  This patch is based on work done by Thomas Gleixner and Kate Stewart and
  Philippe Ombredanne.

  How this work was done:

  Patches were generated and checked against linux-4.14-rc6 for a subset of
  the use cases:
  - file had no licensing information it it.
  - file was a */uapi/* one with no licensing information in it,
  - file was a */uapi/* one with existing licensing information,

  Further patches will be generated in subsequent months to fix up cases
  where non-standard license headers were used, and references to license
  had to be inferred by heuristics based on keywords.

  The analysis to determine which SPDX License Identifier to be applied to
  a file was done in a spreadsheet of side by side results from of the
  output of two independent scanners (ScanCode & Windriver) producing SPDX
  tag:value files created by Philippe Ombredanne. Philippe prepared the
  base worksheet, and did an initial spot review of a few 1000 files.

  The 4.13 kernel was the starting point of the analysis with 60,537 files
  assessed. Kate Stewart did a file by file comparison of the scanner
  results in the spreadsheet to determine which SPDX license identifier(s)
  to be applied to the file. She confirmed any determination that was not
  immediately clear with lawyers working with the Linux Foundation.

  Criteria used to select files for SPDX license identifier tagging was:
  - Files considered eligible had to be source code files.
  - Make and config files were included as candidates if they contained >5
  lines of source
  - File already had some variant of a license header in it (even if
  Reviewed-by: Philippe Ombredanne
  Reviewed-by: Thomas Gleixner
  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2017-11-02 18:10:55 +0800  

14 May, 2010

1 commit

• 4ae69e6b7   mmap_min_addr check CAP_SYS_RAWIO only for write ... Browse Code »

  Redirecting directly to lsm, here's the patch discussed on lkml:
  http://lkml.org/lkml/2010/4/22/219

  The mmap_min_addr value is useful information for an admin to see without
  being root ("is my system vulnerable to kernel NULL pointer attacks?") and
  its setting is trivially easy for an attacker to determine by calling
  mmap() in PAGE_SIZE increments starting at 0, so trying to keep it private
  has no value.

  Only require CAP_SYS_RAWIO if changing the value, not reading it.

  Comment from Serge :

  Me, I like to write my passwords with light blue pen on dark blue
  paper, pasted on my window - if you're going to get my password, you're
  gonna get a headache.

  Signed-off-by: Kees Cook
  Acked-by: Serge Hallyn
  Signed-off-by: James Morris
  (cherry picked from commit 822cceec7248013821d655545ea45d1c6a9d15b3)

  Kees Cook

  2010-05-14 17:03:15 +0800  

17 Dec, 2009

1 commit

• dd880fbe8   security/min_addr.c: make init_mmap_min_addr() static ... Browse Code »

  init_mmap_min_addr() is a pure_initcall and should be static.

  Signed-off-by: H Hartley Sweeten
  Signed-off-by: Andrew Morton
  Signed-off-by: James Morris

  H Hartley Sweeten

  2009-12-17 06:24:22 +0800  

09 Nov, 2009

1 commit

• 0e1a6ef2d   sysctl: require CAP_SYS_RAWIO to set mmap_min_addr ... Browse Code »

  Currently the mmap_min_addr value can only be bypassed during mmap when
  the task has CAP_SYS_RAWIO. However, the mmap_min_addr sysctl value itself
  can be adjusted to 0 if euid == 0, allowing a bypass without CAP_SYS_RAWIO.
  This patch adds a check for the capability before allowing mmap_min_addr to
  be changed.

  Signed-off-by: Kees Cook
  Acked-by: Serge Hallyn
  Signed-off-by: James Morris

  Kees Cook

  2009-11-09 05:34:22 +0800  

24 Sep, 2009

1 commit

• 8d65af789   sysctl: remove "struct file *" argument of ->proc_handler ... Browse Code »

  It's unused.

  It isn't needed -- read or write flag is already passed and sysctl
  shouldn't care about the rest.

  It _was_ used in two places at arch/frv for some reason.

  Signed-off-by: Alexey Dobriyan
  Cc: David Howells
  Cc: "Eric W. Biederman"
  Cc: Al Viro
  Cc: Ralf Baechle
  Cc: Martin Schwidefsky
  Cc: Ingo Molnar
  Cc: "David S. Miller"
  Cc: James Morris
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Alexey Dobriyan

  2009-09-24 22:21:04 +0800  

17 Aug, 2009

1 commit

• 788084aba   Security/SELinux: seperate lsm specific mmap_min_addr ... Browse Code »

  Currently SELinux enforcement of controls on the ability to map low memory
  is determined by the mmap_min_addr tunable. This patch causes SELinux to
  ignore the tunable and instead use a seperate Kconfig option specific to how
  much space the LSM should protect.

  The tunable will now only control the need for CAP_SYS_RAWIO and SELinux
  permissions will always protect the amount of low memory designated by
  CONFIG_LSM_MMAP_MIN_ADDR.

  This allows users who need to disable the mmap_min_addr controls (usual reason
  being they run WINE as a non-root user) to do so and still have SELinux
  controls preventing confined domains (like a web server) from being able to
  map some area of low memory.

  Signed-off-by: Eric Paris
  Signed-off-by: James Morris

  Eric Paris

  2009-08-17 13:09:11 +0800