--------------67D6496BB73B3B579E8A70E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
The attached patch against 2.1.55 does the following:
- Implement a uniform naming convention, using _ in names like all the
networking entries do.
- Remove the inode-max and inode-nr entries as they appear to me to be
obsolete (am I wrong?) Migrate the inode_status and file_nr and file_max
entries to /proc/sys/fs
- Migrate java entries and register them dynamically under
/proc/sys/bin/java
- Add coredump entries under /proc/sys/bin/elf and /proc/sys/bin/aout to
globally enable/disable core dumps for their respective binary formats.
- Add /proc/sys/bin/suid to globally enable/disable suid binaries on the
fly.
- Add /proc/sys/proc/min_tasks_left_for_root so now configurable on the
fly.
- Under /proc/sys/net/ipv4 added icmp_echo_broadcast, icmp_echo_request,
icmp_ts_broadcast, and icmp_ts_request controls. All options are enabled
by default and reset to their default when IP forwarding is enabled or
disabled.
- Started Documentation/sysctl.txt to document the available sysctl
entries.
If my attempt to reorganize things is not acceptable, I'll submit a
stripped down version of the patch. I did not migrate binfmt_misc to
/proc/sys/bin as it is actively maintained.
If anyone who plays around with this could let me know what they think,
it would be appreciated. Any corrections for the documentation I've
started would be welcome as well.
Thanks,
Chris
--------------67D6496BB73B3B579E8A70E
Content-Type: text/plain; charset=us-ascii; name="sysctl-patch-2.1.55"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="sysctl-patch-2.1.55"
diff -uNr /usr/src/linux-2.1.55-virgin/Documentation/java.txt /usr/src/linux/Documentation/java.txt
--- /usr/src/linux-2.1.55-virgin/Documentation/java.txt Thu Nov 21 04:00:33 1996
+++ /usr/src/linux/Documentation/java.txt Sat Sep 13 21:00:00 1997
@@ -20,9 +20,8 @@
One, edit fs/binfmt_java.c file and make the needed change to
the _PATH_JAVA definition at the top of that file.
Two, as root, issue the command:
- echo "/path/to/java/interpreter" > /proc/sys/kernel/java-interpreter
- (Currently, this does not work if you're using a module for
- Java support.)
+ echo "/path/to/java/interpreter" > /proc/sys/bin/java/java-interpreter
+ (If you're using a module for Java support it must be loaded first.)
2) You must chmod the '*.class' files you wish to execute with
the execute bit. This is not normally (till now) done with
@@ -94,9 +93,8 @@
One, edit fs/binfmt_java.c file and make the needed change to
the _PATH_APPLET definition at the top of that file.
Two, as root, issue the command:
- echo "/path/to/java/appletviewer" > /proc/sys/kernel/java-appletviewer
- (Currently, this does not work if you're using a module for
- Java support.)
+ echo "/path/to/java/appletviewer" > /proc/sys/bin/java/java-appletviewer
+ (If you're using a module for Java support it must be loaded first.)
3) You must chmod the '*.html' files you wish to execute with
the execute bit. This is not normally (till now) done with
diff -uNr /usr/src/linux-2.1.55-virgin/Documentation/networking/ip-sysctl.txt /usr/src/linux/Documentation/networking/ip-sysctl.txt
--- /usr/src/linux-2.1.55-virgin/Documentation/networking/ip-sysctl.txt Fri Sep 12 20:04:51 1997
+++ /usr/src/linux/Documentation/networking/ip-sysctl.txt Fri Sep 12 20:19:42 1997
@@ -143,6 +143,26 @@
tcp_max_syn_backlog - INTEGER
Undocumented (work in progress)
+ICMP variables :
+
+icmp_echo_broadcast - BOOLEAN
+ Whether or not to respond to broadcast/multicast ICMP echo
+ requests. Default is 0, which is yes.
+
+icmp_echo_request - BOOLEAN
+ Whether or not to respond to ICMP echo requests. This applies
+ to direct requests as well as broadcast/multicast requests.
+ Default is 0, which is yes.
+
+icmp_timestamp_broadcast - BOOLEAN
+ Whether or not to respond to broadcast/multicast ICMP timestamp
+ requests. Default is 0, which is yes.
+
+icmp_timestamp_request - BOOLEAN
+ Whether or not to respond to ICMP timestamp requests. This
+ applies to direct requests as well as broadcast/multicast
+ requests. Default is 0, which is yes.
+
Alexey Kuznetsov.
kuznet@ms2.inr.ac.ru
diff -uNr /usr/src/linux-2.1.55-virgin/Documentation/sysctl.txt /usr/src/linux/Documentation/sysctl.txt
--- /usr/src/linux-2.1.55-virgin/Documentation/sysctl.txt Wed Dec 31 19:00:00 1969
+++ /usr/src/linux/Documentation/sysctl.txt Sat Sep 13 22:36:09 1997
@@ -0,0 +1,152 @@
+Sysctl entries mirrored beneath /proc/sys.
+
+Note: Not all of these may be present on all platforms, and a number of these
+may be registered and unregistered dynamically by modules or may or may not
+be present depending on what options where compiled into the kernel.
+
+/proc/sys/bin - Binary format parameters
+
+ suid - BOOLEAN
+ Globally enable or disable SUID binaries. Defaults to 1, enabled.
+
+ elf/coredump - BOOLEAN
+ Globally enable or disable ELF core dumps. Defaults to 1, enabled.
+
+ aout/coredump - BOOLEAN
+ Globally enable or disable AOUT core dumps. Defaults to 1, enabled.
+
+ java/java_interpreter - STRING
+ Path to the java interpreter. Defaults to /usr/bin/java.
+
+ java/java_appletviewer - STRING
+ Path to the java applet viewer. Defaults to /usr/bin/appletviewer.
+
+/proc/sys/debug - Debugging information and controls
+
+/proc/sys/dev - Device driver information and controls
+
+/proc/sys/fs - Filesystem layer information and controls
+
+ file_max - INTEGER
+ Maximum number of open file descriptors.
+
+ file_nr - INTEGER
+ Current number of file descriptors per process.
+
+ inode_state - STRUCTURE
+ Seven values as follows:
+ number inodes - Number of open inodes
+ free inodes - Number of free inodes
+ dummy values - to be further defined
+
+ real_root_dev - INTEGER
+ Real root device used by initrd
+
+ nfs_root_name - STRING
+ Name of NFS root
+
+ nfs_root_addrs - STRING
+ IP address of NFS root server
+
+/proc/sys/kernel - General kernel parameters and information
+
+ ctrl_alt_del - BOOLEAN
+ Enable or disable hard reset on ctrl-alt-del. Defaults to 0, disabled.
+ Not something that should generally be enabled.
+
+ domainname - STRING
+ The domain name.
+
+ hostname - STRING
+ The host name.
+
+ machine - STRING
+ The machine type.
+
+ osrelease - STRING
+ The kernel release level.
+
+ ostype - STRING
+ The os, in this case Linux.
+
+ panic - INTEGER
+ Number of seconds to wait till automatic reboot after kernel panic.
+ Defaults to 0, which disables reboot feature.
+
+ printk - STRUCTURE
+ Four values as follows :
+ console logging level - messages <= this value go to console
+ default message level - messages with no priority default to this
+ minimum console level - minimum log level people can use
+ default console level - anything more serious then KERN_DEBUG
+
+ reboot_cmd - STRING
+ Command to use for reboot on Sparc platform.
+
+ securelevel - INTEGER
+ System security level indicator.
+
+ version - STRING
+ Kernel compilation date and time information.
+
+/proc/sys/net - Networking parameters
+
+ These are documented separately. Look beneath the Documentation/networking
+ directory for further information.
+
+/proc/sys/proc - Process control parameters
+
+ min_tasks_left_for_root - INTEGER
+ The minimum number of tasks reserved for root in the event that
+ all of the available task slots have been filled.
+
+/proc/sys/vm - Virtual memory subsystem parameters
+
+ bdflush - STRUCTURE
+ Nine values as follows:
+ percent dirty - percentage of buffer cache dirty to activate bdflush
+ max dirty - Maximum number of dirty blocks to write out per wake cycle
+ number refill - Number of clean buffers to try to get when doing refill
+ refill dirty threshold - Dirty buffer threshold for activating bdflush
+ when trying to refill buffers
+ dummy - Unused
+ buffer age - Time for normal buffer to age before flushing it
+ superblock age - Time for superblock to age before flushing it
+ dummy - Unused
+ dummy - Unused
+
+ freepages - STRUCTURE
+ Three values as follows:
+ minimum free pages - number of pages to keep free in the system
+ free pages low - threshold to start high swapping
+ free pages high - threshold to start light swapping
+
+ overcommit_memory - BOOLEAN
+ Indicates whether or not should overcommit memory. Default to 0,
+ which is no.
+
+ swapctl - STRUCTURE
+ Sixteen values as follows:
+ max page age - maximum page age
+ page advance - quanta for page rejuvenation
+ page decline - quanta for page aging
+ page initial age - initial age for new pages
+ max buffer age - maximum buffer age
+ buffer advance - quanta for buffer rejuventation
+ buffer decline - quanta for buffer aging
+ buffer initial age - initial age for new buffers
+ age cluster percentage - ?
+ age cluster minimum - ?
+ pageout weight - pageout weighting
+ bufferout weight - bufferout weighting
+ buffer grace - ?
+ number buffers to free - number of buffers to free
+ number pages to free - number of pages to free
+ reclaim/balancing policy - 0 = round robin, 1 = buffer first,
+ 2 = persistant
+
+ swapout_interval - INTEGER
+ Number of times per second kswapd checks for pages to swapout.
+
+
+9/13/97 - Chris Horn (chorn@warwick.net) - First draft
diff -uNr /usr/src/linux-2.1.55-virgin/fs/binfmt_aout.c /usr/src/linux/fs/binfmt_aout.c
--- /usr/src/linux-2.1.55-virgin/fs/binfmt_aout.c Fri Sep 12 20:05:19 1997
+++ /usr/src/linux/fs/binfmt_aout.c Sat Sep 13 20:52:44 1997
@@ -23,11 +23,16 @@
#include <linux/binfmts.h>
#include <linux/personality.h>
#include <linux/init.h>
+#include <linux/config.h>
#include <asm/system.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs);
static int load_aout_library(int fd);
static int aout_core_dump(long signr, struct pt_regs * regs);
@@ -42,6 +47,30 @@
#endif
};
+static int sysctl_aout_core_dump = 1;
+
+#ifdef CONFIG_SYSCTL
+
+static struct ctl_table_header *aout_table_header;
+
+static ctl_table aout_table[] = {
+ {BIN_AOUT_COREDUMP, "coredump",
+ &sysctl_aout_core_dump, sizeof(int), 0644, NULL, &proc_dointvec},
+ {0}
+};
+
+static ctl_table aout_dir_table[] = {
+ {BIN_AOUT, "aout", NULL, 0, 0555, aout_table},
+ {0}
+};
+
+static ctl_table aout_root_table[] = {
+ {CTL_BIN, "bin", NULL, 0, 0555, aout_dir_table},
+ {0}
+};
+
+#endif /* CONFIG_SYSCTL */
+
static void set_brk(unsigned long start, unsigned long end)
{
start = PAGE_ALIGN(start);
@@ -100,7 +129,7 @@
# define START_STACK(u) (u.start_stack)
#endif
- if (!current->dumpable || current->mm->count != 1)
+ if (!current->dumpable || current->mm->count != 1 || !sysctl_aout_core_dump)
return 0;
current->dumpable = 0;
@@ -555,6 +584,9 @@
__initfunc(int init_aout_binfmt(void))
{
+#ifdef CONFIG_SYSCTL
+ aout_table_header = register_sysctl_table(aout_root_table, 1);
+#endif
return register_binfmt(&aout_format);
}
@@ -565,5 +597,8 @@
void cleanup_module( void) {
unregister_binfmt(&aout_format);
+#ifdef CONFIG_SYSCTL
+ unregister_sysctl_table(aout_table_header);
+#endif
}
#endif
diff -uNr /usr/src/linux-2.1.55-virgin/fs/binfmt_elf.c /usr/src/linux/fs/binfmt_elf.c
--- /usr/src/linux-2.1.55-virgin/fs/binfmt_elf.c Fri Sep 12 20:05:19 1997
+++ /usr/src/linux/fs/binfmt_elf.c Sat Sep 13 20:52:05 1997
@@ -38,6 +38,10 @@
#include <linux/elf.h>
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs);
static int load_elf_library(int fd);
extern int dump_fpu (struct pt_regs *, elf_fpregset_t *);
@@ -74,6 +78,30 @@
#endif
};
+static int sysctl_elf_core_dump = 1;
+
+#ifdef CONFIG_SYSCTL
+
+static struct ctl_table_header *elf_table_header;
+
+static ctl_table elf_table[] = {
+ {BIN_ELF_COREDUMP, "coredump",
+ &sysctl_elf_core_dump, sizeof(int), 0644, NULL, &proc_dointvec},
+ {0}
+};
+
+static ctl_table elf_dir_table[] = {
+ {BIN_ELF, "elf", NULL, 0, 0555, elf_table},
+ {0}
+};
+
+static ctl_table elf_root_table[] = {
+ {CTL_BIN, "bin", NULL, 0, 0555, elf_dir_table},
+ {0}
+};
+
+#endif /* CONFIG_SYSCTL */
+
static void set_brk(unsigned long start, unsigned long end)
{
start = ELF_PAGEALIGN(start);
@@ -1056,7 +1084,8 @@
elf_fpregset_t fpu; /* NT_PRFPREG */
struct elf_prpsinfo psinfo; /* NT_PRPSINFO */
- if (!current->dumpable || limit < ELF_EXEC_PAGESIZE || current->mm->count != 1)
+ if (!current->dumpable || limit < ELF_EXEC_PAGESIZE || current->mm->count != 1 || \
+ !sysctl_elf_core_dump)
return 0;
current->dumpable = 0;
@@ -1325,6 +1354,9 @@
__initfunc(int init_elf_binfmt(void))
{
+#ifdef CONFIG_SYSCTL
+ elf_table_header = register_sysctl_table(elf_root_table, 1);
+#endif
return register_binfmt(&elf_format);
}
@@ -1344,5 +1376,8 @@
{
/* Remove the COFF and ELF loaders. */
unregister_binfmt(&elf_format);
+#ifdef CONFIG_SYSCTL
+ unregister_sysctl_table(elf_table_header);
+#endif
}
#endif
diff -uNr /usr/src/linux-2.1.55-virgin/fs/binfmt_java.c /usr/src/linux/fs/binfmt_java.c
--- /usr/src/linux-2.1.55-virgin/fs/binfmt_java.c Mon Jul 14 13:28:48 1997
+++ /usr/src/linux/fs/binfmt_java.c Sat Sep 13 20:53:17 1997
@@ -15,6 +15,10 @@
#include <linux/binfmts.h>
#include <linux/init.h>
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
#define _PATH_JAVA "/usr/bin/java"
#define _PATH_APPLET "/usr/bin/appletviewer"
@@ -23,6 +27,31 @@
char binfmt_java_interpreter[65] = _PATH_JAVA;
char binfmt_java_appletviewer[65] = _PATH_APPLET;
+#ifdef CONFIG_SYSCTL
+
+static struct ctl_table_header *java_table_header;
+
+static ctl_table java_table[] = {
+ {BIN_JAVA_INTERPRETER, "java_interpreter",
+ binfmt_java_interpreter, 64, 0644, NULL, &proc_dostring, &sysctl_string},
+ {BIN_JAVA_APPLETVIEWER, "java_appletviewer",
+ binfmt_java_appletviewer, 64, 0644, NULL, &proc_dostring, &sysctl_string},
+ {0}
+};
+
+static ctl_table java_dir_table[] = {
+ {BIN_JAVA, "java", NULL, 0, 0555, java_table},
+ {0}
+};
+
+static ctl_table java_root_table[] = {
+ {CTL_BIN, "bin", NULL, 0, 0555, java_dir_table},
+ {0}
+};
+
+#endif /* CONFIG_SYSCTL */
+
+
static int do_load_java(struct linux_binprm *bprm,struct pt_regs *regs)
{
char *i_name;
@@ -176,6 +205,9 @@
__initfunc(int init_java_binfmt(void))
{
+#ifdef CONFIG_SYSCTL
+ java_table_header = register_sysctl_table(java_root_table, 1);
+#endif
register_binfmt(&java_format);
return register_binfmt(&applet_format);
}
@@ -189,5 +221,8 @@
void cleanup_module( void) {
unregister_binfmt(&java_format);
unregister_binfmt(&applet_format);
+#ifdef CONFIG_SYSCTL
+ unregister_sysctl_table(java_table_header);
+#endif
}
#endif
diff -uNr /usr/src/linux-2.1.55-virgin/fs/exec.c /usr/src/linux/fs/exec.c
--- /usr/src/linux-2.1.55-virgin/fs/exec.c Fri Sep 12 20:04:45 1997
+++ /usr/src/linux/fs/exec.c Fri Sep 12 23:18:13 1997
@@ -53,6 +53,8 @@
#include <linux/kerneld.h>
#endif
+int sysctl_suid = 1;
+
asmlinkage int sys_exit(int exit_code);
asmlinkage int sys_brk(unsigned long);
@@ -569,7 +571,8 @@
|| (current->flags & PF_PTRACED)
|| (current->fs->count > 1)
|| (atomic_read(¤t->sig->count) > 1)
- || (current->files->count > 1)) {
+ || (current->files->count > 1)
+ || (!sysctl_suid)) {
if (!suser())
return -EPERM;
}
diff -uNr /usr/src/linux-2.1.55-virgin/include/linux/sysctl.h /usr/src/linux/include/linux/sysctl.h
--- /usr/src/linux-2.1.55-virgin/include/linux/sysctl.h Fri Sep 12 20:05:06 1997
+++ /usr/src/linux/include/linux/sysctl.h Sat Sep 13 22:01:40 1997
@@ -21,73 +21,56 @@
unsigned long __unused[4];
};
-/* Define sysctl names first */
-
-/* Top-level names: */
-
/* For internal pattern-matching use only: */
#ifdef __KERNEL__
#define CTL_ANY -1 /* Matches any name */
#define CTL_NONE 0
#endif
+/* /proc/sys */
enum
{
- CTL_KERN=1, /* General kernel info and control */
+ CTL_KERN = 1, /* General kernel info and control */
CTL_VM, /* VM management */
CTL_NET, /* Networking */
CTL_PROC, /* Process info */
CTL_FS, /* Filesystems */
CTL_DEBUG, /* Debugging */
CTL_DEV, /* Devices */
+ CTL_BIN /* Binary formats */
};
-
-/* CTL_KERN names: */
+/* /proc/sys/kernel */
enum
{
- KERN_OSTYPE=1, /* string: system version */
+ KERN_OSTYPE = 1, /* string: system version */
KERN_OSRELEASE, /* string: system release */
KERN_OSREV, /* int: system revision */
KERN_VERSION, /* string: compile time info */
- KERN_SECUREMASK, /* struct: maximum rights mask */
- KERN_PROF, /* table: profiling information */
+ KERN_MACHINE,
KERN_NODENAME,
KERN_DOMAINNAME,
- KERN_NRINODE,
- KERN_MAXINODE,
- KERN_NRFILE,
- KERN_MAXFILE,
KERN_SECURELVL, /* int: system security level */
KERN_PANIC, /* int: panic timeout */
- KERN_REALROOTDEV, /* real root device to mount after initrd */
- KERN_NFSRNAME, /* NFS root name */
- KERN_NFSRADDRS, /* NFS root addresses */
- KERN_JAVA_INTERPRETER, /* path to Java(tm) interpreter */
- KERN_JAVA_APPLETVIEWER, /* path to Java(tm) appletviewer */
KERN_SPARC_REBOOT, /* reboot command on Sparc */
KERN_CTLALTDEL, /* int: allow ctl-alt-del to reboot */
- KERN_PRINTK, /* sturct: control printk logging parameters */
- KERN_NAMETRANS, /* Name translation */
- KERN_STATINODE
+ KERN_PRINTK /* sturct: control printk logging parameters */
};
-
-/* CTL_VM names: */
+/* /proc/sys/vm */
enum
{
- VM_SWAPCTL=1, /* struct: Set vm swapping control */
+ VM_SWAPCTL = 1, /* struct: Set vm swapping control */
VM_SWAPOUT, /* int: Background pageout interval */
VM_FREEPG, /* struct: Set free page thresholds */
VM_BDFLUSH, /* struct: Control buffer cache flushing */
- VM_OVERCOMMIT_MEMORY, /* Turn off the virtual memory safety limit */
+ VM_OVERCOMMIT_MEMORY /* Turn off the virtual memory safety limit */
};
-
-/* CTL_NET names: */
+/* /proc/sys/net */
enum
{
- NET_CORE=1,
+ NET_CORE = 1,
NET_ETHER,
NET_802,
NET_UNIX,
@@ -104,15 +87,14 @@
NET_DECNET
};
-
/* /proc/sys/net/core */
enum
{
- NET_CORE_WMEM_MAX=1,
+ NET_CORE_WMEM_MAX = 1,
NET_CORE_RMEM_MAX,
NET_CORE_WMEM_DEFAULT,
NET_CORE_RMEM_DEFAULT,
- NET_CORE_DESTROY_DELAY,
+ NET_CORE_DESTROY_DELAY
};
/* /proc/sys/net/ethernet */
@@ -120,17 +102,16 @@
/* /proc/sys/net/802 */
/* /proc/sys/net/unix */
-
enum
{
- NET_UNIX_DESTROY_DELAY=1,
- NET_UNIX_DELETE_DELAY,
+ NET_UNIX_DESTROY_DELAY = 1,
+ NET_UNIX_DELETE_DELAY
};
/* /proc/sys/net/ipv4 */
enum
{
- NET_IPV4_ARP_RES_TIME=1,
+ NET_IPV4_ARP_RES_TIME = 1,
NET_IPV4_ARP_DEAD_RES_TIME,
NET_IPV4_ARP_MAX_TRIES,
NET_IPV4_ARP_MAX_PINGS,
@@ -175,9 +156,12 @@
NET_TCP_STDURG,
NET_TCP_SYN_TAILDROP,
NET_TCP_MAX_SYN_BACKLOG,
+ NET_IPV4_ICMP_ECHO_BROAD,
+ NET_IPV4_ICMP_ECHO_REQ,
+ NET_IPV4_ICMP_TIMESTAMP_BROAD,
+ NET_IPV4_ICMP_TIMESTAMP_REQ
};
-
/* /proc/sys/net/ipv6 */
enum {
NET_IPV6_FORWARDING = 1,
@@ -196,21 +180,19 @@
NET_IPV6_DAD_TRANSMITS,
NET_IPV6_RTR_SOLICITS,
NET_IPV6_RTR_SOLICIT_INTERVAL,
- NET_IPV6_RTR_SOLICIT_DELAY,
+ NET_IPV6_RTR_SOLICIT_DELAY
};
/* /proc/sys/net/ipx */
-
/* /proc/sys/net/appletalk */
enum {
NET_ATALK_AARP_EXPIRY_TIME = 1,
NET_ATALK_AARP_TICK_TIME,
NET_ATALK_AARP_RETRANSMIT_LIMIT,
- NET_ATALK_AARP_RESOLVE_TIME,
+ NET_ATALK_AARP_RESOLVE_TIME
};
-
/* /proc/sys/net/netrom */
enum {
NET_NETROM_DEFAULT_PATH_QUALITY = 1,
@@ -270,7 +252,7 @@
/* /proc/sys/net/token-ring */
enum
{
- NET_TR_RIF_TIMEOUT=1
+ NET_TR_RIF_TIMEOUT = 1
};
/* /proc/sys/net/decnet */
@@ -283,13 +265,48 @@
NET_DECNET_DEBUG_LEVEL
};
-/* CTL_PROC names: */
+/* /proc/sys/bin */
+enum {
+ BIN_SUID = 1, /* Global enable/disable SUID */
+ BIN_ELF,
+ BIN_AOUT,
+ BIN_JAVA
+};
+
+/* /proc/sys/bin/elf */
+enum {
+ BIN_ELF_COREDUMP = 1
+};
-/* CTL_FS names: */
+/* /proc/sys/bin/aout */
+enum {
+ BIN_AOUT_COREDUMP = 1
+};
+
+/* /proc/sys/bin/java */
+enum {
+ BIN_JAVA_INTERPRETER = 1,
+ BIN_JAVA_APPLETVIEWER
+};
+
+/* /proc/sys/fs */
+enum {
+ FS_STATINODE = 1,
+ FS_NRFILE,
+ FS_MAXFILE,
+ FS_REALROOTDEV, /* Real root device to mount after initrd */
+ FS_NFSRNAME, /* NFS root name */
+ FS_NFSRADDRS /* NFS root addresses */
+};
+
+/* /proc/sys/proc */
+enum {
+ PROC_TASKS_ROOT = 1
+};
-/* CTL_DEBUG names: */
+/* /proc/sys/debug */
-/* CTL_DEV names: */
+/* /proc/sys/dev */
#ifdef __KERNEL__
diff -uNr /usr/src/linux-2.1.55-virgin/include/net/ip.h /usr/src/linux/include/net/ip.h
--- /usr/src/linux-2.1.55-virgin/include/net/ip.h Mon Aug 18 20:11:13 1997
+++ /usr/src/linux/include/net/ip.h Sat Sep 13 22:22:19 1997
@@ -130,6 +130,10 @@
struct ipv4_config
{
+ int icmp_echo_broadcast;
+ int icmp_echo_request;
+ int icmp_ts_broadcast;
+ int icmp_ts_request;
int accept_redirects;
int secure_redirects;
int rfc1620_redirects;
diff -uNr /usr/src/linux-2.1.55-virgin/kernel/fork.c /usr/src/linux/kernel/fork.c
--- /usr/src/linux-2.1.55-virgin/kernel/fork.c Fri Sep 12 20:04:47 1997
+++ /usr/src/linux/kernel/fork.c Sat Sep 13 21:57:27 1997
@@ -34,6 +34,8 @@
unsigned long int total_forks=0; /* Handle normal Linux uptimes. */
int last_pid=0;
+int sysctl_min_tasks_left_for_root=MIN_TASKS_LEFT_FOR_ROOT;
+
/* SLAB cache for mm_struct's. */
kmem_cache_t *mm_cachep;
@@ -144,7 +146,7 @@
if(current->uid) {
int error;
- if(nr_tasks >= NR_TASKS - MIN_TASKS_LEFT_FOR_ROOT)
+ if(nr_tasks >= NR_TASKS - sysctl_min_tasks_left_for_root)
return -EAGAIN;
if((error = charge_uid(current, 1)) < 0)
return error;
diff -uNr /usr/src/linux-2.1.55-virgin/kernel/sysctl.c /usr/src/linux/kernel/sysctl.c
--- /usr/src/linux-2.1.55-virgin/kernel/sysctl.c Wed Jul 16 22:22:51 1997
+++ /usr/src/linux/kernel/sysctl.c Sat Sep 13 22:00:54 1997
@@ -36,11 +36,10 @@
#ifdef CONFIG_SYSCTL
/* External variables not in a header file. */
-extern int panic_timeout;
+extern int panic_timeout, sysctl_min_tasks_left_for_root;
extern int console_loglevel, C_A_D, swapout_interval;
extern int bdf_prm[], bdflush_min[], bdflush_max[];
-extern char binfmt_java_interpreter[], binfmt_java_appletviewer[];
-extern int sysctl_overcommit_memory;
+extern int sysctl_overcommit_memory, sysctl_suid;
#ifdef __sparc__
extern char reboot_command [];
@@ -63,6 +62,7 @@
static ctl_table fs_table[];
static ctl_table debug_table[];
static ctl_table dev_table[];
+static ctl_table bin_table[];
/* /proc declarations: */
@@ -127,10 +127,13 @@
{CTL_FS, "fs", NULL, 0, 0555, fs_table},
{CTL_DEBUG, "debug", NULL, 0, 0555, debug_table},
{CTL_DEV, "dev", NULL, 0, 0555, dev_table},
+ {CTL_BIN, "bin", NULL, 0, 0555, bin_table},
{0}
};
static ctl_table kern_table[] = {
+ {KERN_MACHINE, "machine", system_utsname.machine, 64,
+ 0444, NULL, &proc_dostring, &sysctl_string},
{KERN_OSTYPE, "ostype", system_utsname.sysname, 64,
0444, NULL, &proc_dostring, &sysctl_string},
{KERN_OSRELEASE, "osrelease", system_utsname.release, 64,
@@ -141,41 +144,15 @@
0644, NULL, &proc_dostring, &sysctl_string},
{KERN_DOMAINNAME, "domainname", system_utsname.domainname, 64,
0644, NULL, &proc_dostring, &sysctl_string},
- {KERN_NRINODE, "inode-nr", &inodes_stat, 2*sizeof(int),
- 0444, NULL, &proc_dointvec},
- {KERN_STATINODE, "inode-state", &inodes_stat, 7*sizeof(int),
- 0444, NULL, &proc_dointvec},
- {KERN_MAXINODE, "inode-max", &max_inodes, sizeof(int),
- 0644, NULL, &proc_dointvec},
- {KERN_NRFILE, "file-nr", &nr_files, sizeof(int),
- 0444, NULL, &proc_dointvec},
- {KERN_MAXFILE, "file-max", &max_files, sizeof(int),
- 0644, NULL, &proc_dointvec},
{KERN_SECURELVL, "securelevel", &securelevel, sizeof(int),
0444, NULL, &proc_dointvec, (ctl_handler *)&do_securelevel_strategy},
{KERN_PANIC, "panic", &panic_timeout, sizeof(int),
0644, NULL, &proc_dointvec},
-#ifdef CONFIG_BLK_DEV_INITRD
- {KERN_REALROOTDEV, "real-root-dev", &real_root_dev, sizeof(int),
- 0644, NULL, &proc_dointvec},
-#endif
-#ifdef CONFIG_ROOT_NFS
- {KERN_NFSRNAME, "nfs-root-name", nfs_root_name, NFS_ROOT_NAME_LEN,
- 0644, NULL, &proc_dostring, &sysctl_string },
- {KERN_NFSRADDRS, "nfs-root-addrs", nfs_root_addrs, NFS_ROOT_ADDRS_LEN,
- 0644, NULL, &proc_dostring, &sysctl_string },
-#endif
-#ifdef CONFIG_BINFMT_JAVA
- {KERN_JAVA_INTERPRETER, "java-interpreter", binfmt_java_interpreter,
- 64, 0644, NULL, &proc_dostring, &sysctl_string },
- {KERN_JAVA_APPLETVIEWER, "java-appletviewer", binfmt_java_appletviewer,
- 64, 0644, NULL, &proc_dostring, &sysctl_string },
-#endif
#ifdef __sparc__
- {KERN_SPARC_REBOOT, "reboot-cmd", reboot_command,
+ {KERN_SPARC_REBOOT, "reboot_cmd", reboot_command,
256, 0644, NULL, &proc_dostring, &sysctl_string },
#endif
- {KERN_CTLALTDEL, "ctrl-alt-del", &C_A_D, sizeof(int),
+ {KERN_CTLALTDEL, "ctrl_alt_del", &C_A_D, sizeof(int),
0644, NULL, &proc_dointvec},
{KERN_PRINTK, "printk", &console_loglevel, 4*sizeof(int),
0644, NULL, &proc_dointvec},
@@ -193,15 +170,40 @@
&proc_dointvec_minmax, &sysctl_intvec, NULL,
&bdflush_min, &bdflush_max},
{VM_OVERCOMMIT_MEMORY, "overcommit_memory", &sysctl_overcommit_memory,
- sizeof(sysctl_overcommit_memory), 0644, NULL, &proc_dointvec},
+ sizeof(sysctl_overcommit_memory), 0600, NULL, &proc_dointvec},
+ {0}
+};
+
+static ctl_table bin_table[] = {
+ {BIN_SUID, "suid",
+ &sysctl_suid, sizeof(int), 0600, NULL, &proc_dointvec},
{0}
};
static ctl_table proc_table[] = {
+ {PROC_TASKS_ROOT, "min_tasks_left_for_root",
+ &sysctl_min_tasks_left_for_root,
+ sizeof(int), 0600, NULL, &proc_dointvec},
{0}
};
static ctl_table fs_table[] = {
+ {FS_STATINODE, "inode_state", &inodes_stat, 7*sizeof(int),
+ 0444, NULL, &proc_dointvec},
+ {FS_NRFILE, "file_nr", &nr_files, sizeof(int),
+ 0444, NULL, &proc_dointvec},
+ {FS_MAXFILE, "file_max", &max_files, sizeof(int),
+ 0644, NULL, &proc_dointvec},
+#ifdef CONFIG_BLK_DEV_INITRD
+ {FS_REALROOTDEV, "real_root_dev", &real_root_dev, sizeof(int),
+ 0644, NULL, &proc_dointvec},
+#endif
+#ifdef CONFIG_ROOT_NFS
+ {FS_NFSRNAME, "nfs_root_name", nfs_root_name, NFS_ROOT_NAME_LEN,
+ 0644, NULL, &proc_dostring, &sysctl_string },
+ {FS_NFSRADDRS, "nfs_root_addrs", nfs_root_addrs, NFS_ROOT_ADDRS_LEN,
+ 0644, NULL, &proc_dostring, &sysctl_string },
+#endif
{0}
};
diff -uNr /usr/src/linux-2.1.55-virgin/net/ipv4/icmp.c /usr/src/linux/net/ipv4/icmp.c
--- /usr/src/linux-2.1.55-virgin/net/ipv4/icmp.c Fri Sep 12 20:05:07 1997
+++ /usr/src/linux/net/ipv4/icmp.c Fri Sep 12 21:39:15 1997
@@ -365,6 +365,7 @@
struct inode icmp_inode;
struct socket *icmp_socket=&icmp_inode.u.socket_i;
+
/*
* Send an ICMP frame.
*/
@@ -856,6 +857,8 @@
#ifndef CONFIG_IP_IGNORE_ECHO_REQUESTS
struct icmp_bxm icmp_param;
+ if (!ipv4_config.icmp_echo_request) return;
+
icmp_param.icmph=*icmph;
icmp_param.icmph.type=ICMP_ECHOREPLY;
icmp_param.data_ptr=(icmph+1);
@@ -882,6 +885,8 @@
* Too short.
*/
+ if (!ipv4_config.icmp_ts_request) return;
+
if(len<12) {
icmp_statistics.IcmpInErrors++;
return;
@@ -1091,6 +1096,11 @@
kfree_skb(skb, FREE_READ);
return(0);
}
+ if ((icmph->type == ICMP_ECHO && ipv4_config.icmp_echo_broadcast == 0) ||
+ (icmph->type == ICMP_TIMESTAMP && ipv4_config.icmp_ts_broadcast == 0)) {
+ kfree_skb(skb, FREE_READ);
+ return(0);
+ }
}
len -= sizeof(struct icmphdr);
diff -uNr /usr/src/linux-2.1.55-virgin/net/ipv4/sysctl_net_ipv4.c /usr/src/linux/net/ipv4/sysctl_net_ipv4.c
--- /usr/src/linux-2.1.55-virgin/net/ipv4/sysctl_net_ipv4.c Fri Sep 12 20:05:08 1997
+++ /usr/src/linux/net/ipv4/sysctl_net_ipv4.c Fri Sep 12 20:54:57 1997
@@ -70,12 +70,12 @@
extern int tcp_sysctl_congavoid(ctl_table *ctl, int write, struct file * filp,
void *buffer, size_t *lenp);
-struct ipv4_config ipv4_config = { 1, 1, 1, 0, };
+struct ipv4_config ipv4_config = { 1, 1, 1, 1, 1, 1, 1, 0, };
#ifdef CONFIG_SYSCTL
-struct ipv4_config ipv4_def_router_config = { 0, 1, 1, 1, 1, 1, 1, };
-struct ipv4_config ipv4_def_host_config = { 1, 1, 1, 0, };
+struct ipv4_config ipv4_def_router_config = { 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, };
+struct ipv4_config ipv4_def_host_config = { 1, 1, 1, 1, 1, 1, 1, 0, };
int ipv4_sysctl_forwarding(ctl_table *ctl, int write, struct file * filp,
void *buffer, size_t *lenp)
@@ -218,6 +218,14 @@
sizeof(int), 0644, NULL, &proc_dointvec},
{NET_TCP_MAX_SYN_BACKLOG, "tcp_max_syn_backlog", &sysctl_max_syn_backlog,
sizeof(int), 0644, NULL, &proc_dointvec},
+ {NET_IPV4_ICMP_ECHO_BROAD, "icmp_echo_broadcast",
+ &ipv4_config.icmp_echo_broadcast, sizeof(int), 0644, NULL, &proc_dointvec},
+ {NET_IPV4_ICMP_ECHO_REQ, "icmp_echo_request",
+ &ipv4_config.icmp_echo_request, sizeof(int), 0644, NULL, &proc_dointvec},
+ {NET_IPV4_ICMP_TIMESTAMP_BROAD, "icmp_timestamp_broadcast",
+ &ipv4_config.icmp_ts_broadcast, sizeof(int), 0644, NULL, &proc_dointvec},
+ {NET_IPV4_ICMP_TIMESTAMP_REQ, "icmp_timestamp_request",
+ &ipv4_config.icmp_ts_request, sizeof(int), 0644, NULL, &proc_dointvec},
{0}
};
--------------67D6496BB73B3B579E8A70E--