diff -aruN kernel-source-2.6.6-dist/include/net/inetpeer.h kernel-source-2.6.6/include/net/inetpeer.h --- kernel-source-2.6.6-dist/include/net/inetpeer.h 2002-10-18 23:01:09.000000000 -0500 +++ kernel-source-2.6.6/include/net/inetpeer.h 2004-06-10 12:12:52.000000000 -0500 @@ -34,6 +34,12 @@ /* can be called with or without local BH being disabled */ struct inet_peer *inet_getpeer(__u32 daddr, int create); +#ifdef CONFIG_SECURITY_NEEDIPRAND +extern int security_enable_randid; +extern __u16 ip_randomid(void); +extern __u32 ip_randomisn(void); +#endif + extern spinlock_t inet_peer_unused_lock; extern struct inet_peer *inet_peer_unused_head; extern struct inet_peer **inet_peer_unused_tailp; @@ -58,7 +64,12 @@ __u16 id; spin_lock_bh(&inet_peer_idlock); - id = p->ip_id_count; +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) + id = ip_randomid(); + else +#endif + id = p->ip_id_count; p->ip_id_count += 1 + more; spin_unlock_bh(&inet_peer_idlock); return id; diff -aruN kernel-source-2.6.6-dist/include/net/ip.h kernel-source-2.6.6/include/net/ip.h --- kernel-source-2.6.6-dist/include/net/ip.h 2003-07-02 15:50:58.000000000 -0500 +++ kernel-source-2.6.6/include/net/ip.h 2004-06-10 12:14:25.000000000 -0500 @@ -66,6 +66,12 @@ void (*destructor)(struct sock *); }; +#ifdef CONFIG_SECURITY_NEEDIPRAND +extern int security_enable_randid; +extern __u16 ip_randomid(void); +extern __u32 ip_randomisn(void); +#endif + extern struct ip_ra_chain *ip_ra_chain; extern rwlock_t ip_ra_lock; @@ -194,7 +200,12 @@ * does not change, they drop every other packet in * a TCP stream using header compression. */ - iph->id = (sk && inet_sk(sk)->daddr) ? +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) + iph->id = ip_randomid(); + else +#endif + iph->id = (sk && inet_sk(sk)->daddr) ? htons(inet_sk(sk)->id++) : 0; } else __ip_select_ident(iph, dst, 0); diff -aruN kernel-source-2.6.6-dist/kernel/pid.c kernel-source-2.6.6/kernel/pid.c --- kernel-source-2.6.6-dist/kernel/pid.c 2004-05-10 07:21:53.000000000 -0500 +++ kernel-source-2.6.6/kernel/pid.c 2004-06-10 12:16:56.000000000 -0500 @@ -26,6 +26,11 @@ #include #include +#ifdef CONFIG_SECURITY_RANDPID +#include +extern int security_enable_randpid; +#endif + #define pid_hashfn(nr) hash_long((unsigned long)nr, pidhash_shift) static struct list_head *pid_hash[PIDTYPE_MAX]; static int pidhash_shift; @@ -102,7 +107,15 @@ int pid, offset, max_steps = PIDMAP_ENTRIES + 1; pidmap_t *map; - pid = last_pid + 1; +#ifdef CONFIG_SECURITY_RANDPID + unsigned int randpid; + + if (security_enable_randpid && (last_pid >= RESERVED_PIDS)) { + get_random_bytes(&randpid,sizeof(randpid)); + pid = (randpid % (pid_max - RESERVED_PIDS)) + RESERVED_PIDS + 1; + } else +#endif + pid = last_pid + 1; if (pid >= pid_max) pid = RESERVED_PIDS; diff -aruN kernel-source-2.6.6-dist/net/core/Makefile kernel-source-2.6.6/net/core/Makefile --- kernel-source-2.6.6-dist/net/core/Makefile 2004-04-05 04:49:44.000000000 -0500 +++ kernel-source-2.6.6/net/core/Makefile 2004-06-10 12:18:01.000000000 -0500 @@ -2,12 +2,14 @@ # Makefile for the Linux networking core. # +rand-$(CONFIG_SECURITY_NEEDIPRAND) := obsd_rand.o + obj-y := sock.o skbuff.o iovec.o datagram.o scm.o obj-$(CONFIG_SYSCTL) += sysctl_net_core.o obj-y += flow.o dev.o ethtool.o net-sysfs.o dev_mcast.o dst.o \ - neighbour.o rtnetlink.o utils.o link_watch.o filter.o + neighbour.o rtnetlink.o utils.o link_watch.o filter.o $(rand-y) obj-$(CONFIG_NETFILTER) += netfilter.o obj-$(CONFIG_NET_DIVERT) += dv.o diff -aruN kernel-source-2.6.6-dist/net/core/obsd_rand.c kernel-source-2.6.6/net/core/obsd_rand.c --- kernel-source-2.6.6-dist/net/core/obsd_rand.c 1969-12-31 18:00:00.000000000 -0600 +++ kernel-source-2.6.6/net/core/obsd_rand.c 2004-06-10 12:18:22.000000000 -0500 @@ -0,0 +1,209 @@ + +/* + * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff. + * + * Version 1.89, last modified 19-Sep-99 + * + * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999. + * All rights reserved. + * + * Copyright 1998 Niels Provos + * All rights reserved. + * Theo de Raadt came up with the idea of using + * such a mathematical system to generate more random (yet non-repeating) + * ids to solve the resolver/named problem. But Niels designed the + * actual system based on the constraints. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer, + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +#define RU_OUT 180 +#define RU_MAX 30000 +#define RU_GEN 2 +#define RU_N 32749 +#define RU_AGEN 7 +#define RU_M 31104 +#define PFAC_N 3 +const static __u16 pfacts[PFAC_N] = { 2, 3, 2729 }; + +static __u16 ru_x; +static __u16 ru_seed, ru_seed2; +static __u16 ru_a, ru_b; +static __u16 ru_g; +static __u16 ru_counter = 0; +static __u16 ru_msb = 0; +static unsigned long ru_reseed = 0; + +#define TCP_RNDISS_ROUNDS 15 +#define TCP_RNDISS_OUT 7200 +#define TCP_RNDISS_MAX 30000 + +static __u8 tcp_rndiss_sbox[NR_CPUS][128]; +static __u16 tcp_rndiss_msb[NR_CPUS]; +static __u16 tcp_rndiss_cnt[NR_CPUS]; +static unsigned long tcp_rndiss_reseed[NR_CPUS]; + +static __u16 pmod(__u16, __u16, __u16); +static void ip_initid(void); +__u16 ip_randomid(void); + +static __u16 +pmod(__u16 gen, __u16 exp, __u16 mod) +{ + __u16 s, t, u; + + s = 1; + t = gen; + u = exp; + + while (u) { + if (u & 1) + s = (s * t) % mod; + u >>= 1; + t = (t * t) % mod; + } + return (s); +} + +static void +ip_initid(void) +{ + __u32 tmp; + int noprime = 1; + __u16 j, i; + + get_random_bytes(&tmp,4); + ru_x = (tmp & 0xFFFF) % RU_M; + + get_random_bytes(&tmp,4); + ru_seed = (tmp >> 16) & 0x7FFF; + ru_seed2 = tmp & 0x7FFF; + + get_random_bytes(&tmp,4); + ru_b = (tmp & 0xfffe) | 1; + ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M); + while (ru_b % 3 == 0) + ru_b += 2; + + get_random_bytes(&tmp,4); + j = tmp % RU_N; + tmp = tmp >> 16; + + while (noprime) { + for (i = 0; i < PFAC_N; i++) + if (j % pfacts[i] == 0) + break; + + if (i >= PFAC_N) + noprime = 0; + else + j = (j + 1) % RU_N; + } + + ru_g = pmod(RU_GEN, j, RU_N); + ru_counter = 0; + + ru_reseed = xtime.tv_sec + RU_OUT; + ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; +} + +__u16 +ip_randomid(void) +{ + int i, n; + __u32 tmp; + + if (ru_counter >= RU_MAX || time_after((unsigned long) xtime.tv_sec, ru_reseed)) + ip_initid(); + + if (!tmp) + get_random_bytes(&tmp,4); + + n = tmp & 0x3; + tmp = tmp >> 2; + if (ru_counter + n >= RU_MAX) + ip_initid(); + for (i = 0; i <= n; i++) + ru_x = (ru_a * ru_x + ru_b) % RU_M; + ru_counter += i; + + return ((ru_seed ^ pmod(ru_g, ru_seed2 ^ ru_x, RU_N)) | ru_msb); +} + +__u16 +tcp_rndiss_encrypt(__u16 val) +{ + __u16 sum = 0, i; + int cpu = smp_processor_id(); + + for (i = 0; i < TCP_RNDISS_ROUNDS; i++) { + sum += 0x79b9; + val ^= ((__u16) tcp_rndiss_sbox[cpu][(val ^ sum) ^ 0x7f]) << 7; + val = ((val & 0xff) << 7) | (val >> 8); + } + + return val; +} + +static void +tcp_rndiss_init(void) +{ + int cpu = smp_processor_id(); + + get_random_bytes(tcp_rndiss_sbox[cpu], sizeof (tcp_rndiss_sbox[0])); + tcp_rndiss_reseed[cpu] = xtime.tv_sec + TCP_RNDISS_OUT; + tcp_rndiss_msb[cpu] = tcp_rndiss_msb[cpu] == 0x8000 ? 0 : 0x8000; + tcp_rndiss_cnt[cpu] = 0; +} + +__u32 +ip_randomisn(void) +{ + __u32 tmp; + int cpu = smp_processor_id(); + + if (tcp_rndiss_cnt[cpu] >= TCP_RNDISS_MAX || + time_after((unsigned long) xtime.tv_sec, tcp_rndiss_reseed[cpu])) + tcp_rndiss_init(); + + get_random_bytes(&tmp,4); + return (((tcp_rndiss_encrypt(tcp_rndiss_cnt[cpu]++) | + tcp_rndiss_msb[cpu]) << 16) | (tmp & 0x7fff)); +} + +/* +#ifdef CONFIG_SECURITY_RANDID +#ifdef CONFIG_MODULES +EXPORT_SYMBOL(ip_randomid); +#endif +#endif +*/ diff -aruN kernel-source-2.6.6-dist/net/ipv4/af_inet.c kernel-source-2.6.6/net/ipv4/af_inet.c --- kernel-source-2.6.6-dist/net/ipv4/af_inet.c 2004-05-10 04:48:09.000000000 -0500 +++ kernel-source-2.6.6/net/ipv4/af_inet.c 2004-06-10 12:19:45.000000000 -0500 @@ -387,7 +387,12 @@ else inet->pmtudisc = IP_PMTUDISC_WANT; - inet->id = 0; +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) + inet->id = htons(ip_randomid()); + else +#endif + inet->id = 0; sock_init_data(sock, sk); sk_set_owner(sk, THIS_MODULE); diff -aruN kernel-source-2.6.6-dist/net/ipv4/ip_output.c kernel-source-2.6.6/net/ipv4/ip_output.c --- kernel-source-2.6.6-dist/net/ipv4/ip_output.c 2004-04-05 04:49:44.000000000 -0500 +++ kernel-source-2.6.6/net/ipv4/ip_output.c 2004-06-10 12:30:34.000000000 -0500 @@ -1164,7 +1164,13 @@ if (!df) { __ip_select_ident(iph, &rt->u.dst, 0); } else { - iph->id = htons(inet->id++); +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) { + iph->id = ip_randomid(); + inet->id = ip_randomid(); + } else +#endif + iph->id = htons(inet->id++); } iph->ttl = ttl; iph->protocol = sk->sk_protocol; diff -aruN kernel-source-2.6.6-dist/net/ipv4/tcp_ipv4.c kernel-source-2.6.6/net/ipv4/tcp_ipv4.c --- kernel-source-2.6.6-dist/net/ipv4/tcp_ipv4.c 2004-05-10 07:21:54.000000000 -0500 +++ kernel-source-2.6.6/net/ipv4/tcp_ipv4.c 2004-06-10 15:06:53.000000000 -0500 @@ -85,6 +85,17 @@ /* Socket used for sending RSTs */ static struct socket *tcp_socket; +/* Various security enhancements */ +#ifdef CONFIG_SECURITY_RANDSRC +extern int security_enable_randsrc; +#endif +#ifdef CONFIG_SECURITY_RANDISN +extern int security_enable_randisn; +#endif +#ifdef CONFIG_SECURITY_RANDID +extern int security_enable_randid; +#endif + void tcp_v4_send_check(struct sock *sk, struct tcphdr *th, int len, struct sk_buff *skb); @@ -224,9 +235,18 @@ spin_lock(&tcp_portalloc_lock); rover = tcp_port_rover; do { - rover++; - if (rover < low || rover > high) - rover = low; +#ifdef CONFIG_SECURITY_RANDSRC + if (security_enable_randsrc && (high > low)) { + int randport; + get_random_bytes(&randport,sizeof(randport)); + rover = low + (randport % (high - low)); + } else +#endif + { + rover++; + if (rover < low || rover > high) + rover = low; + } head = &tcp_bhash[tcp_bhashfn(rover)]; spin_lock(&head->lock); tb_for_each(tb, node, &head->chain) @@ -537,6 +557,11 @@ static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb) { +#ifdef CONFIG_SECURITY_RANDISN + if (likely(security_enable_randisn)) + return ip_randomisn(); + else +#endif return secure_tcp_sequence_number(skb->nh.iph->daddr, skb->nh.iph->saddr, skb->h.th->dest, @@ -671,9 +696,18 @@ rover = tcp_port_rover; do { - rover++; - if ((rover < low) || (rover > high)) - rover = low; +#ifdef CONFIG_SECURITY_RANDSRC + if (security_enable_randsrc && (high > low)) { + int randport; + get_random_bytes(&randport,sizeof(randport)); + rover = low + (randport % (high - low)); + } else +#endif + { + rover++; + if ((rover < low) || (rover > high)) + rover = low; + } head = &tcp_bhash[tcp_bhashfn(rover)]; spin_lock(&head->lock); @@ -843,12 +877,23 @@ tcp_v4_setup_caps(sk, &rt->u.dst); tp->ext2_header_len = rt->u.dst.header_len; - if (!tp->write_seq) - tp->write_seq = secure_tcp_sequence_number(inet->saddr, + if (!tp->write_seq) { +#ifdef CONFIG_SECURITY_RANDISN + if (likely(security_enable_randisn)) + tp->write_seq = ip_randomisn(); + else +#endif + tp->write_seq = secure_tcp_sequence_number(inet->saddr, inet->daddr, inet->sport, usin->sin_port); + } +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) + inet->id = ip_randomid(); + else +#endif inet->id = tp->write_seq ^ jiffies; err = tcp_connect(sk); @@ -1593,6 +1638,11 @@ if (newinet->opt) newtp->ext_header_len = newinet->opt->optlen; newtp->ext2_header_len = dst->header_len; +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) + newinet->id = ip_randomid(); + else +#endif newinet->id = newtp->write_seq ^ jiffies; tcp_sync_mss(newsk, dst_pmtu(dst)); diff -aruN kernel-source-2.6.6-dist/net/ipv4/udp.c kernel-source-2.6.6/net/ipv4/udp.c --- kernel-source-2.6.6-dist/net/ipv4/udp.c 2004-05-10 04:48:09.000000000 -0500 +++ kernel-source-2.6.6/net/ipv4/udp.c 2004-06-10 12:43:13.000000000 -0500 @@ -901,6 +901,11 @@ inet->daddr = rt->rt_dst; inet->dport = usin->sin_port; sk->sk_state = TCP_ESTABLISHED; +#ifdef CONFIG_SECURITY_RANDID + if (security_enable_randid) + inet->id = ip_randomid(); + else +#endif inet->id = jiffies; sk_dst_set(sk, &rt->u.dst); diff -aruN kernel-source-2.6.6-dist/net/sunrpc/xprt.c kernel-source-2.6.6/net/sunrpc/xprt.c --- kernel-source-2.6.6-dist/net/sunrpc/xprt.c 2004-05-10 04:48:10.000000000 -0500 +++ kernel-source-2.6.6/net/sunrpc/xprt.c 2004-06-10 15:30:39.000000000 -0500 @@ -64,6 +64,12 @@ #include #include +/* Security enhancements */ +#ifdef CONFIG_SECURITY_RANDRPC +#include +extern int security_enable_randrpc; +#endif + /* * Local variables */ @@ -1308,6 +1314,14 @@ */ static inline u32 xprt_alloc_xid(struct rpc_xprt *xprt) { +#ifdef CONFIG_SECURITY_RANDRPC + if (security_enable_randrpc) { + u32 ret; + get_random_bytes(&ret,sizeof(ret)); + return ret; + } + else +#endif return xprt->xid++; } diff -aruN kernel-source-2.6.6-dist/security/Kconfig kernel-source-2.6.6/security/Kconfig --- kernel-source-2.6.6-dist/security/Kconfig 2003-08-09 03:12:04.000000000 -0500 +++ kernel-source-2.6.6/security/Kconfig 2004-06-10 13:49:50.000000000 -0500 @@ -4,6 +4,74 @@ menu "Security options" +menu "Randomization options" + +config SECURITY_RANDPID + bool "Randomized PID generation" + default n + help + If you say Y here, all PIDs created on the system will be + pseudo-randomly generated. This is extremely effective along + with the /proc restrictions to disallow an attacker from guessing + pids of daemons, etc. PIDs are also used in some cases as part + of a naming system for temporary files, so this option would keep + those filenames from being predicted as well. We also use code + to make sure that PID numbers aren't reused too soon. If the sysctl + option is enabled, a sysctl option with name "rand_pids" is created. + +config SECURITY_RANDID + bool "Randomized IP IDs" + default n + help + If you say Y here, all the id field on all outgoing packets + will be randomized. This hinders os fingerprinters and + keeps your machine from being used as a bounce for an untraceable + portscan. Ids are used for fragmented packets, fragments belonging + to the same packet have the same id. By default linux only + increments the id value on each packet sent to an individual host. + We use a port of the OpenBSD random ip id code to achieve the + randomness, while keeping the possibility of id duplicates to + near none. If the sysctl option is enabled, a sysctl option with name + "rand_ip_ids" is created. + +config SECURITY_RANDISN + bool "Randomized TCP ISN selection" + default n + help + If you say Y here, Linux's default selection of TCP Initial Sequence + Numbers (ISNs) will be replaced with that of OpenBSD. Linux uses + an MD4 hash based on the connection plus a time value to create the + ISN, while OpenBSD's selection is random. If the sysctl option is + enabled, a sysctl option with name "rand_isns" is created. + +config SECURITY_RANDSRC + bool "Randomized TCP source ports" + default n + help + If you say Y here, situations where a source port is generated on the + fly for the TCP protocol (ie. with connect() ) will be altered so that + the source port is generated at random, instead of a simple incrementing + algorithm. If the sysctl option is enabled, a sysctl option with name + "rand_tcp_src_ports" is created. + +config SECURITY_RANDRPC + bool "Randomized RPC XIDs" + default n + help + If you say Y here, the method of determining XIDs for RPC requests will + be randomized, instead of using linux's default behavior of simply + incrementing the XID. If you want your RPC connections to be more + secure, say Y here. If the sysctl option is enabled, a sysctl option + with name "rand_rpc" is created. +config SECURITY_NEEDIPRAND + def_bool SECURITY_RANDID || SECURITY_RANDISN || SECURITY_RANDSRC + +config SECURITY_MISC + def_bool SECURITY_NEEDIPRAND || SECURITY_RANDPID || SECURITY_SYSCTL + +endmenu + + config SECURITY bool "Enable different security models" help diff -aruN kernel-source-2.6.6-dist/security/Makefile kernel-source-2.6.6/security/Makefile --- kernel-source-2.6.6-dist/security/Makefile 2004-02-05 02:20:00.000000000 -0600 +++ kernel-source-2.6.6/security/Makefile 2004-06-10 13:47:45.000000000 -0500 @@ -15,3 +15,4 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o +obj-$(CONFIG_SECURITY_MISC) += misc_init.o diff -aruN kernel-source-2.6.6-dist/security/misc_init.c kernel-source-2.6.6/security/misc_init.c --- kernel-source-2.6.6-dist/security/misc_init.c 1969-12-31 18:00:00.000000000 -0600 +++ kernel-source-2.6.6/security/misc_init.c 2004-06-10 12:50:48.000000000 -0500 @@ -0,0 +1,49 @@ +/* + * Miscellaneous security features + * + * Copyright (C) 2004 Valdis Kletnieks + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This code is based on the 'grsecurity' patch for the 2.4 kernel + * available from http://www.grsecurity.net + */ + +#include +#include + +#ifdef CONFIG_SECURITY_RANDPID +int security_enable_randpid = 1; +#endif + +#ifdef CONFIG_SECURITY_RANDID +int security_enable_randid = 1; +#ifdef CONFIG_MODULES +EXPORT_SYMBOL(security_enable_randid); +#endif +#endif + +#ifdef CONFIG_SECURITY_RANDID +extern int ip_randomid(void); +#ifdef CONFIG_MODULES +EXPORT_SYMBOL(ip_randomid); +#endif +#endif + +#ifdef CONFIG_SECURITY_RANDISN +int security_enable_randisn = 1; +#endif + +#ifdef CONFIG_SECURITY_RANDSRC +int security_enable_randsrc = 1; +#endif + +#ifdef CONFIG_SECURITY_RANDRPC +int security_enable_randrpc = 1; +#ifdef CONFIG_MODULES +EXPORT_SYMBOL(security_enable_randrpc); +#endif +#endif