main/ipfw-grsec: new aport

1 files changed, 40 insertions, 0 deletions

diff --git a/main/ipfw-grsec/ipfw-strict-uidgid.patch b/main/ipfw-grsec/ipfw-strict-uidgid.patch
new file mode 100644
index 0000000000..cf4376b956
--- /dev/null
+++ b/main/ipfw-grsec/ipfw-strict-uidgid.patch
@@ -0,0 +1,40 @@
+--- ipfw3-2012.orig/glue.h
++++ ipfw3-2012/glue.h
+@@ -102,6 +102,24 @@
+ #include <linux/in.h>		/* struct in_addr */
+ #include <linux/in6.h>		/* struct in6_addr */
+ #include <linux/icmp.h>
++
++#ifdef CONFIG_UIDGID_STRICT_TYPE_CHECKS
++#include <linux/uidgid.h>
++
++#define KUID_TO_SUID(x) (__kuid_val(x))
++#define KGID_TO_SGID(x) (__kgid_val(x))
++#define SUID_TO_KUID(x) (KUIDT_INIT(x))
++#define SGID_TO_KGID(x) (KGIDT_INIT(x))
++
++#else
++
++#define KUID_TO_SUID(x) (x)
++#define KGID_TO_SGID(x) (x)
++#define SUID_TO_KUID(x) (x)
++#define SGID_TO_KGID(x) (x)
++
++#endif
++
+ /*
+  * LIST_HEAD in queue.h conflict with linux/list.h
+  * some previous linux include need list.h definition
+--- ipfw3-2012.orig/kipfw/ipfw2_mod.c
++++ ipfw3-2012/kipfw/ipfw2_mod.c
+@@ -737,8 +737,8 @@
+ 	if ((1<<st) & GOOD_STATES) {
+ 		read_lock_bh(&sk->sk_callback_lock);
+ 		if (sk->sk_socket && sk->sk_socket->file) {
+-			u->uid = sk->sk_socket->file->_CURR_UID;
+-			u->gid = sk->sk_socket->file->_CURR_GID;
++			u->uid = KUID_TO_SUID(sk->sk_socket->file->_CURR_UID);
++			u->gid = KGID_TO_SGID(sk->sk_socket->file->_CURR_GID);
+ 		}
+ 		read_unlock_bh(&sk->sk_callback_lock);
+ 	} else {