diff -Naurp linux-2.4.20-wolk4.13-fullkernel/2.4-WOLK-CHANGELOG linux-2.4.20-wolk4.14-fullkernel/2.4-WOLK-CHANGELOG --- linux-2.4.20-wolk4.13-fullkernel/2.4-WOLK-CHANGELOG 2004-04-12 23:52:57.000000000 +0200 +++ linux-2.4.20-wolk4.14-fullkernel/2.4-WOLK-CHANGELOG 2004-04-14 20:09:49.000000000 +0200 @@ -1,6 +1,29 @@ +Changelog from v4.13s -> v4.14s +------------------------------- +o fixed: CAN-2004-0109: buffer overflow vulnerability in the + ISO9660 filesystem component of Linux kernel which + could be abused by an attacker to gain unauthorised + root access. +o fixed: CAN-2004-0177: information leak in the ext3 code. In a + worst case an attacker could read sensitive data such + as cryptographic keys which would otherwise never hit + disk media. +o fixed: CAN-2004-0178: denial of service condition in the Sound + Blaster driver. +o fixed: rsbac: compile problems +o fixed: rsbac: ACL: Network access control uses local template only +o fixed: rsbac: Busy inodes on umount +o fixed: rsbac: Some attributes are unprotected +o fixed: rsbac: deadlocks on mount or umount possible +o fixed: rsbac: rare oopses in rsbac_get_parent +o fixed: rsbac: wrong remote ports +o fixed: rsbac: Cannot umount initial ramdisk + + + Changelog from v4.12s -> v4.13s ------------------------------- -o fixed: compile problems with rmap changes in v4.12s with gcc 2.95.x +o fixed: compile problems with rmap changes in v4.12s with gcc 2.9x o fixed: load_elf_binary error path on unshare_files error o fixed: another load_elf_binary error path o fixed: make 2.4 boot when built with gcc 3.4 diff -Naurp linux-2.4.20-wolk4.13-fullkernel/2.4-WOLK-README linux-2.4.20-wolk4.14-fullkernel/2.4-WOLK-README --- linux-2.4.20-wolk4.13-fullkernel/2.4-WOLK-README 2004-04-14 11:47:35.000000000 +0200 +++ linux-2.4.20-wolk4.14-fullkernel/2.4-WOLK-README 2004-04-14 19:58:48.000000000 +0200 @@ -1,4 +1,4 @@ -Kernel - patched - WOLK v4.13s - Base: Linux kernel 2.4.20 +Kernel - patched - WOLK v4.14s - Base: Linux kernel 2.4.20 located at http://sf.net/projects/wolk by Marc-Christian Petersen -------------------------------------------------------------------------- diff -Naurp linux-2.4.20-wolk4.13-fullkernel/Makefile linux-2.4.20-wolk4.14-fullkernel/Makefile --- linux-2.4.20-wolk4.13-fullkernel/Makefile 2004-04-14 11:47:28.000000000 +0200 +++ linux-2.4.20-wolk4.14-fullkernel/Makefile 2004-04-14 19:58:39.000000000 +0200 @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 4 SUBLEVEL = 20 -EXTRAVERSION = -wolk4.13s +EXTRAVERSION = -wolk4.14s KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) diff -Naurp linux-2.4.20-wolk4.13-fullkernel/VERSION linux-2.4.20-wolk4.14-fullkernel/VERSION --- linux-2.4.20-wolk4.13-fullkernel/VERSION 2004-04-14 12:20:48.000000000 +0200 +++ linux-2.4.20-wolk4.14-fullkernel/VERSION 2004-04-14 19:58:43.000000000 +0200 @@ -1 +1 @@ -WOLK v4.13s "Server Edition" FINAL, based on 2.4.20 +WOLK v4.14s "Server Edition" FINAL, based on 2.4.20 diff -Naurp linux-2.4.20-wolk4.13-fullkernel/drivers/sound/sb_audio.c linux-2.4.20-wolk4.14-fullkernel/drivers/sound/sb_audio.c --- linux-2.4.20-wolk4.13-fullkernel/drivers/sound/sb_audio.c 2002-02-25 20:38:06.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/drivers/sound/sb_audio.c 2004-04-14 19:33:41.000000000 +0200 @@ -879,7 +879,7 @@ sb16_copy_from_user(int dev, c -= locallen; p += locallen; } /* used = ( samples * 16 bits size ) */ - *used = len << 1; + *used = max_in > ( max_out << 1) ? (max_out << 1) : max_in; /* returned = ( samples * 8 bits size ) */ *returned = len; } diff -Naurp linux-2.4.20-wolk4.13-fullkernel/fs/isofs/rock.c linux-2.4.20-wolk4.14-fullkernel/fs/isofs/rock.c --- linux-2.4.20-wolk4.13-fullkernel/fs/isofs/rock.c 2004-03-16 13:41:00.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/fs/isofs/rock.c 2004-04-14 19:20:04.000000000 +0200 @@ -14,6 +14,7 @@ #include #include #include +#include #include "rock.h" @@ -420,7 +421,7 @@ int parse_rock_ridge_inode_internal(stru return 0; } -static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr) +static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) { int slen; int rootflag; @@ -432,16 +433,25 @@ static char *get_symlink_chunk(char *rpn rootflag = 0; switch (slp->flags & ~1) { case 0: + if (slp->len > plimit - rpnt) + return NULL; memcpy(rpnt, slp->text, slp->len); rpnt+=slp->len; break; + case 2: + if (rpnt >= plimit) + return NULL; + *rpnt++='.'; + break; case 4: + if (2 > plimit - rpnt) + return NULL; *rpnt++='.'; - /* fallthru */ - case 2: *rpnt++='.'; break; case 8: + if (rpnt >= plimit) + return NULL; rootflag = 1; *rpnt++='/'; break; @@ -458,17 +468,23 @@ static char *get_symlink_chunk(char *rpn * If there is another SL record, and this component * record isn't continued, then add a slash. */ - if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1)) + if ((!rootflag) && (rr->u.SL.flags & 1) && + !(oldslp->flags & 1)) { + if (rpnt >= plimit) + return NULL; *rpnt++='/'; + } break; } /* * If this component record isn't continued, then append a '/'. */ - if (!rootflag && !(oldslp->flags & 1)) + if (!rootflag && !(oldslp->flags & 1)) { + if (rpnt >= plimit) + return NULL; *rpnt++='/'; - + } } return rpnt; } @@ -549,7 +565,10 @@ static int rock_ridge_symlink_readpage(s CHECK_SP(goto out); break; case SIG('S', 'L'): - rpnt = get_symlink_chunk(rpnt, rr); + rpnt = get_symlink_chunk(rpnt, rr, + link + (PAGE_SIZE - 1)); + if (rpnt == NULL) + goto out; break; case SIG('C', 'E'): /* This tells is if there is a continuation record */ diff -Naurp linux-2.4.20-wolk4.13-fullkernel/fs/jbd/journal.c linux-2.4.20-wolk4.14-fullkernel/fs/jbd/journal.c --- linux-2.4.20-wolk4.13-fullkernel/fs/jbd/journal.c 2004-03-16 13:41:22.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/fs/jbd/journal.c 2004-04-14 19:32:02.000000000 +0200 @@ -671,6 +671,7 @@ struct journal_head * journal_get_descri bh = getblk(journal->j_dev, blocknr, journal->j_blocksize); lock_buffer(bh); + memset(bh->b_data, 0, journal->j_blocksize); BUFFER_TRACE(bh, "return this buffer"); return journal_add_journal_head(bh); } diff -Naurp linux-2.4.20-wolk4.13-fullkernel/fs/namespace.c linux-2.4.20-wolk4.14-fullkernel/fs/namespace.c --- linux-2.4.20-wolk4.13-fullkernel/fs/namespace.c 2004-03-16 13:43:02.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/fs/namespace.c 2004-04-14 19:55:53.000000000 +0200 @@ -1256,6 +1256,9 @@ asmlinkage long sys_pivot_root(const cha error = -EPERM; goto out1; } + + /* Make the new root's cached rsbac.dat dentry be put to free the old root's dcache */ + rsbac_free_dat_dentries(); #endif read_lock(¤t->fs->lock); diff -Naurp linux-2.4.20-wolk4.13-fullkernel/fs/proc/base.c linux-2.4.20-wolk4.14-fullkernel/fs/proc/base.c --- linux-2.4.20-wolk4.13-fullkernel/fs/proc/base.c 2004-03-16 13:50:53.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/fs/proc/base.c 2004-04-14 19:49:26.000000000 +0200 @@ -271,37 +271,15 @@ static int proc_pid_environ(struct task_ struct mm_struct *mm; int res = 0; - if (!may_ptrace_attach(task)) - return -ESRCH; - - task_lock(task); - mm = task->mm; - if (mm) - atomic_inc(&mm->mm_users); - task_unlock(task); - if (mm) { - unsigned int len = mm->env_end - mm->env_start; - if (len > PAGE_SIZE) - len = PAGE_SIZE; - res = access_process_vm(task, mm->env_start, buffer, len, 0); - if (!may_ptrace_attach(task)) - res = -ESRCH; - mmput(mm); - } - return res; -} - -static int proc_pid_cmdline(struct task_struct *task, char * buffer) -{ - struct mm_struct *mm; - int res = 0; - /* RSBAC */ #ifdef CONFIG_RSBAC union rsbac_target_id_t rsbac_target_id; union rsbac_attribute_value_t rsbac_attribute_value; #endif + if (!may_ptrace_attach(task)) + return -ESRCH; + /* RSBAC */ #ifdef CONFIG_RSBAC #ifdef CONFIG_RSBAC_DEBUG @@ -321,6 +299,27 @@ static int proc_pid_cmdline(struct task_ } #endif + task_lock(task); + mm = task->mm; + if (mm) + atomic_inc(&mm->mm_users); + task_unlock(task); + if (mm) { + unsigned int len = mm->env_end - mm->env_start; + if (len > PAGE_SIZE) + len = PAGE_SIZE; + res = access_process_vm(task, mm->env_start, buffer, len, 0); + if (!may_ptrace_attach(task)) + res = -ESRCH; + mmput(mm); + } + return res; +} + +static int proc_pid_cmdline(struct task_struct *task, char * buffer) +{ + struct mm_struct *mm; + int res = 0; /* RSBAC */ #ifdef CONFIG_RSBAC diff -Naurp linux-2.4.20-wolk4.13-fullkernel/include/rsbac/aci.h linux-2.4.20-wolk4.14-fullkernel/include/rsbac/aci.h --- linux-2.4.20-wolk4.13-fullkernel/include/rsbac/aci.h 2004-04-14 11:22:33.000000000 +0200 +++ linux-2.4.20-wolk4.14-fullkernel/include/rsbac/aci.h 2004-04-14 20:07:54.000000000 +0200 @@ -51,6 +51,10 @@ extern int rsbac_umount(struct super_blo extern int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers); #endif +/* On pivot_root, we must unblock the dentry tree of the old root */ +/* by putting all cached rsbac.dat dentries */ +int rsbac_free_dat_dentries(void); + /* Some information about the current status is also available */ extern int rsbac_stats(void); diff -Naurp linux-2.4.20-wolk4.13-fullkernel/rsbac/adf/mac/mac_main.c linux-2.4.20-wolk4.14-fullkernel/rsbac/adf/mac/mac_main.c --- linux-2.4.20-wolk4.13-fullkernel/rsbac/adf/mac/mac_main.c 2004-03-16 13:41:08.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/rsbac/adf/mac/mac_main.c 2004-04-14 19:55:19.000000000 +0200 @@ -3126,6 +3126,10 @@ enum rsbac_adf_req_ret_t case A_mac_trusted_for_user: case A_mac_check: case A_mac_auto: + case A_mac_prop_trusted: + case A_mac_file_flags: + case A_initial_security_level: + case A_mac_initial_categories: #ifdef CONFIG_RSBAC_MAC_GEN_PROT case A_log_array_low: case A_log_array_high: @@ -3378,6 +3382,10 @@ enum rsbac_adf_req_ret_t case A_mac_trusted_for_user: case A_mac_check: case A_mac_auto: + case A_mac_prop_trusted: + case A_mac_file_flags: + case A_initial_security_level: + case A_mac_initial_categories: #ifdef CONFIG_RSBAC_MAC_GEN_PROT case A_log_array_low: case A_log_array_high: diff -Naurp linux-2.4.20-wolk4.13-fullkernel/rsbac/data_structures/aci_data_structures.c linux-2.4.20-wolk4.14-fullkernel/rsbac/data_structures/aci_data_structures.c --- linux-2.4.20-wolk4.13-fullkernel/rsbac/data_structures/aci_data_structures.c 2004-03-16 13:41:08.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/rsbac/data_structures/aci_data_structures.c 2004-04-14 19:55:53.000000000 +0200 @@ -102,7 +102,6 @@ static char compiled_modules[80]; kdev_t rsbac_root_dev; #if defined(CONFIG_RSBAC_REG) EXPORT_SYMBOL(rsbac_root_dev); -EXPORT_SYMBOL(rsbac_write_sem); #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(2,3,0) struct semaphore rsbac_write_sem = MUTEX; @@ -279,9 +278,7 @@ boolean writable(struct super_block * sb if (!sb_p || !sb_p->s_dev) return(FALSE); if ( -#ifdef CONFIG_RSBAC_DEBUG rsbac_debug_no_write || -#endif (sb_p->s_flags & MS_RDONLY) || in_interrupt()) return(FALSE); @@ -1819,11 +1816,9 @@ static void clear_device_item(struct rsb if(!item_p) return; - #if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,0) /* dput() rsbac_dir_dentry_p, if set */ if(item_p->rsbac_dir_dentry_p) dput(item_p->rsbac_dir_dentry_p); - #endif /* OK, lets remove the device item itself */ rsbac_kfree(item_p); }; /* end of clear_device_item() */ @@ -2293,7 +2288,7 @@ int rsbac_write_open(char * name, "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n", name, MAJOR(kdev),MINOR(kdev)); } - /* unlock parent dir */ + /* unlock parent dir (also dput's it) */ unlock_dir(old_dir_p); /* free file dentry */ dput(file_dentry_p); @@ -2323,7 +2318,7 @@ int rsbac_write_open(char * name, err = -RSBAC_EWRITEFAILED; goto out; } - if (new_file_dentry_p->d_inode) + if (file_dentry_p->d_inode) { printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n", @@ -2380,8 +2375,8 @@ int rsbac_write_open(char * name, name); #endif unlock_dir(ldir_dentry_p); - dput(file_dentry_p); err = -RSBAC_EWRITEFAILED; + goto out_dput; } /* try to create file in rsbac dir */ /* if (rsbac_debug_write) @@ -7459,6 +7454,13 @@ static int rsbacd(void * dummy) /* lock_kernel(); */ + sys_close(0); + sys_close(1); + sys_close(2); +#ifdef CONFIG_RSBAC_INIT_DELAY + reparent_to_init(); +#endif + #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_auto) printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n"); @@ -7496,7 +7498,7 @@ static int rsbacd(void * dummy) interruptible_sleep_on(&rsbacd_wait); /* sleep */ /* schedule_timeout(auto_interval); */ - if(rsbac_initialized) + if(rsbac_initialized && !rsbac_debug_no_write) { int err; /* @@ -7507,7 +7509,9 @@ static int rsbacd(void * dummy) #endif */ /* call rsbac_write with lock_kernel() */ + down(&rsbac_write_sem); err = rsbac_write(TRUE); + up(&rsbac_write_sem); if(err < 0) { if(name) @@ -7653,6 +7657,7 @@ int rsbac_mount(struct super_block * sb_ struct rsbac_device_list_item_t * device_p; struct rsbac_device_list_item_t * new_device_p; u_long flags; + boolean old_no_write; if(!sb_p) { @@ -7725,6 +7730,10 @@ int rsbac_mount(struct super_block * sb_ (unsigned long) n - (unsigned long)(current+1)); } #endif + down(&rsbac_write_sem); + old_no_write = rsbac_debug_no_write; + rsbac_debug_no_write = TRUE; + up(&rsbac_write_sem); /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &flags); device_p = lookup_device(sb_p->s_dev); @@ -7772,6 +7781,7 @@ int rsbac_mount(struct super_block * sb_ #endif if(!new_device_p) { + rsbac_debug_no_write = old_no_write; return -RSBAC_ECOULDNOTADDDEVICE; } @@ -7800,6 +7810,7 @@ int rsbac_mount(struct super_block * sb_ printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); clear_device_item(new_device_p); + rsbac_debug_no_write = old_no_write; return -RSBAC_ECOULDNOTADDDEVICE; } } @@ -7881,6 +7892,7 @@ int rsbac_mount(struct super_block * sb_ #endif #endif /* REG */ + rsbac_debug_no_write = old_no_write; return(err); }; @@ -7895,6 +7907,9 @@ int rsbac_umount(struct super_block * sb { u_long flags; struct rsbac_device_list_item_t * device_p; +#if defined(CONFIG_RSBAC_AUTO_WRITE) + boolean need_up = FALSE; +#endif if(!sb_p) { @@ -7915,11 +7930,16 @@ int rsbac_umount(struct super_block * sb #endif /* sync attribute lists */ #if defined(CONFIG_RSBAC_AUTO_WRITE) + if(!rsbac_debug_no_write) + { + down(&rsbac_write_sem); + need_up = TRUE; #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) - rsbac_write(TRUE); + rsbac_write(TRUE); #else - rsbac_write(FALSE); + rsbac_write(FALSE); #endif + } #endif /* CONFIG_RSBAC_AUTO_WRITE */ /* call other umount functions */ #if defined(CONFIG_RSBAC_AUTH) @@ -7972,8 +7992,49 @@ int rsbac_umount(struct super_block * sb /* allow access */ rsbac_write_unlock_irq(&device_list_head.lock, &flags); +#if defined(CONFIG_RSBAC_AUTO_WRITE) + if(need_up) + { + up(&rsbac_write_sem); + } +#endif /* CONFIG_RSBAC_AUTO_WRITE */ return(0); - }; + } + +/* On pivot_root, we must unblock the dentry tree of the old root */ +/* by putting all cached rsbac.dat dentries */ + +int rsbac_free_dat_dentries(void) + { + u_long flags; + struct rsbac_device_list_item_t * device_p; + + if (!rsbac_initialized) + { + printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n"); + return(-RSBAC_ENOTINITIALIZED); + } + + printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n"); + + /* wait for write access to device_list_head */ + rsbac_write_lock_irq(&device_list_head.lock, &flags); + /* OK, nobody else is working on it... */ + device_p = device_list_head.head; + while(device_p) + { + if(device_p->rsbac_dir_dentry_p) + { + dput(device_p->rsbac_dir_dentry_p); + device_p->rsbac_dir_dentry_p = NULL; + } + device_p = device_p->next; + } + /* allow access */ + rsbac_write_unlock_irq(&device_list_head.lock, &flags); + + return(0); + } /***************************************************/ /* We also need some status information... */ @@ -9190,10 +9251,8 @@ int rsbac_write(boolean need_lock) printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } -#ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_no_write) return 0; -#endif subcount = rsbac_write_lists(need_lock); if(subcount > 0) @@ -9254,8 +9313,9 @@ int rsbac_write(boolean need_lock) /* get the parent of a target * returns -RSBAC_EINVALIDTARGET for non-fs targets * and -RSBAC_ENOTFOUND, if no parent available - * In kernels >= 2.4.0, device_p->d_covers is used and the item is properly - * locked for reading, so never call with a write lock held on device_p! + * In kernels >= 2.4.0, device_p->d_covers is used and the device_p item is + * properly locked for reading, so never call with a write lock held on + * device_p! */ #if defined(CONFIG_RSBAC_REG) EXPORT_SYMBOL(rsbac_get_parent); @@ -9317,7 +9377,9 @@ int rsbac_get_parent(enum rsbac_target_t *parent_target_p = T_DIR; /* Is this dentry root of a mounted device? */ - if(tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p) + if( tid.file.dentry_p->d_sb + && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p) + ) { struct rsbac_device_list_item_t * device_p; u_long dflags; @@ -9344,12 +9406,24 @@ int rsbac_get_parent(enum rsbac_target_t } else { /* no root of filesystem -> simply use d_parent, dev keeps unchanged */ + if(!tid.file.dentry_p->d_parent) + { + printk(KERN_WARNING + "rsbac_get_parent(): oops - d_parent is NULL!\n"); + return -RSBAC_ENOTFOUND; + } if(tid.file.dentry_p == tid.file.dentry_p->d_parent) { printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n"); return -RSBAC_ENOTFOUND; } + if(!tid.file.dentry_p->d_parent->d_inode) + { + printk(KERN_WARNING + "rsbac_get_parent(): oops - d_parent has no d_inode!\n"); + return -RSBAC_ENOTFOUND; + } parent_tid_p->dir.device = tid.file.device; parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino; parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent; @@ -14125,7 +14199,7 @@ int rsbac_net_lookup_templates(struct rs { rsbac_net_desc.address = &netobj.sock_p->sk->daddr; rsbac_net_desc.address_len = sizeof(__u32); - rsbac_net_desc.port = netobj.sock_p->sk->dport; + rsbac_net_desc.port = ntohs(netobj.sock_p->sk->dport); } dev = ip_dev_find(*(__u32 *)rsbac_net_desc.address); if(dev) diff -Naurp linux-2.4.20-wolk4.13-fullkernel/rsbac/data_structures/acl_data_structures.c linux-2.4.20-wolk4.14-fullkernel/rsbac/data_structures/acl_data_structures.c --- linux-2.4.20-wolk4.13-fullkernel/rsbac/data_structures/acl_data_structures.c 2004-03-16 13:41:08.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/rsbac/data_structures/acl_data_structures.c 2004-04-14 19:55:10.000000000 +0200 @@ -6710,9 +6710,14 @@ int rsbac_acl_get_single_right (enum r { rsbac_net_temp_id_t temp = 0; - rsbac_net_lookup_templates(tid.netobj, - &temp, - NULL); + if(rsbac_net_remote_request(right)) + rsbac_net_lookup_templates(tid.netobj, + NULL, + &temp); + else + rsbac_net_lookup_templates(tid.netobj, + &temp, + NULL); if( temp && !rsbac_list_lol_get_subdata(nettemp_handle, &temp, diff -Naurp linux-2.4.20-wolk4.13-fullkernel/rsbac/data_structures/gen_lists.c linux-2.4.20-wolk4.14-fullkernel/rsbac/data_structures/gen_lists.c --- linux-2.4.20-wolk4.13-fullkernel/rsbac/data_structures/gen_lists.c 2004-03-16 13:41:08.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/rsbac/data_structures/gen_lists.c 2004-04-14 19:55:22.000000000 +0200 @@ -2659,14 +2659,14 @@ static int write_list(struct rsbac_list_ rsbac_read_unlock(&list->lock, &flags); /* get rsbac write-to-disk semaphore */ - down(&rsbac_write_sem); +// down(&rsbac_write_sem); /* open file */ if ((err = rsbac_write_open(list->name, &file, list->device) )) { - up(&rsbac_write_sem); +// up(&rsbac_write_sem); /* free buffer */ rsbac_vkfree(buffer, vmalloc_used); return(err); @@ -2711,7 +2711,7 @@ static int write_list(struct rsbac_list_ /* End of write access */ rsbac_write_close(&file); /* free overall sem */ - up(&rsbac_write_sem); +// up(&rsbac_write_sem); /* free buffer */ rsbac_vkfree(buffer, vmalloc_used); /* update file timestamp list - but not for filelist itself to avoid looping */ @@ -2832,14 +2832,14 @@ static int write_lol_list(struct rsbac_l rsbac_read_unlock(&list->lock, &flags); /* get rsbac write-to-disk semaphore */ - down(&rsbac_write_sem); +// down(&rsbac_write_sem); /* open file */ if ((err = rsbac_write_open(list->name, &file, list->device) )) { - up(&rsbac_write_sem); +// up(&rsbac_write_sem); /* free buffer */ rsbac_vkfree(buffer, vmalloc_used); return(err); @@ -2884,7 +2884,7 @@ static int write_lol_list(struct rsbac_l /* End of write access */ rsbac_write_close(&file); /* free overall sem */ - up(&rsbac_write_sem); +// up(&rsbac_write_sem); /* free buffer */ rsbac_vkfree(buffer, vmalloc_used); /* update file timestamp list */ diff -Naurp linux-2.4.20-wolk4.13-fullkernel/rsbac/help/getname.c linux-2.4.20-wolk4.14-fullkernel/rsbac/help/getname.c --- linux-2.4.20-wolk4.13-fullkernel/rsbac/help/getname.c 2004-03-16 13:41:08.000000000 +0100 +++ linux-2.4.20-wolk4.14-fullkernel/rsbac/help/getname.c 2004-04-14 19:55:29.000000000 +0200 @@ -896,7 +896,7 @@ char * get_target_name(char * target_typ else { daddr = tid.netobj.sock_p->sk->daddr; - dport = tid.netobj.sock_p->sk->dport; + dport = ntohs(tid.netobj.sock_p->sk->dport); } dev = ip_dev_find(saddr); if(dev)