--- ./arch/i386/kernel/ioport.c.secure_io	2004-03-20 14:04:24.000000000 +0100
+++ ./arch/i386/kernel/ioport.c	2004-03-20 14:04:24.000000000 +0100
@@ -63,16 +63,15 @@
 
 	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
 		return -EINVAL;
-#ifdef CONFIG_GRKERNSEC_IO
+	if (grsec_enable_secure_io) {
 	if (turn_on) {
 		gr_handle_ioperm();
-#else
+		return -EPERM;
+	} else
 	if (turn_on && !capable(CAP_SYS_RAWIO))
-#endif
 		return -EPERM;
-#ifdef CONFIG_GRKERNSEC_IO
 	}
-#endif
+
 	/*
 	 * If it's the first ioperm() call in this thread's lifetime, set the
 	 * IO bitmap up. ioperm() is much less timing critical than clone(),
@@ -123,13 +122,12 @@
 		return -EINVAL;
 	/* Trying to gain more privileges? */
 	if (level > old) {
-#ifdef CONFIG_GRKERNSEC_IO
+	    if (grsec_enable_secure_io) {
 		gr_handle_iopl();
 		return -EPERM;
-#else
+	    } else
 		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
-#endif
 	}
 	regs->eflags = (regs->eflags &~ 0x3000UL) | (level << 12);
 	/* Make sure we return the long way (not sysenter) */
--- ./include/linux/grsecurity.h.secure_io	2004-03-20 14:04:24.000000000 +0100
+++ ./include/linux/grsecurity.h	2004-03-20 14:04:24.000000000 +0100
@@ -176,6 +176,7 @@
 extern __u32 ip_randomisn(void);
 extern unsigned long get_random_long(void);
 
+extern int grsec_enable_secure_io;
 extern int grsec_enable_dmesg;
 extern int grsec_enable_randid;
 extern int grsec_enable_randisn;
--- ./grsecurity/grsec_init.c.secure_io	2004-03-20 14:04:24.000000000 +0100
+++ ./grsecurity/grsec_init.c	2004-03-20 14:04:24.000000000 +0100
@@ -48,6 +48,7 @@
 int grsec_socket_client_gid;
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
+int grsec_enable_secure_io;
 int grsec_lock;
 
 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
@@ -217,6 +218,9 @@
 	grsec_enable_socket_server = 1;
 	grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_IO
+	grsec_enable_secure_io = 1;
+#endif
 #endif
 
 	return;
--- ./grsecurity/grsec_sysctl.c.secure_io	2004-03-20 14:04:24.000000000 +0100
+++ ./grsecurity/grsec_sysctl.c	2004-03-20 14:04:24.000000000 +0100
@@ -26,7 +26,7 @@
 GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_FINDTASK, GS_LOCK};
+GS_FINDTASK, GS_IO, GS_LOCK};
 
 
 ctl_table grsecurity_table[] = {
@@ -430,6 +430,16 @@
 		.proc_handler	= &proc_dointvec,
 	},
 #endif
+#ifdef CONFIG_GRKERNSEC_IO
+	{
+		.ctl_name	= GS_IO,
+		.procname	= "secure_io",
+		.data		= &grsec_enable_secure_io,
+		.maxlen		= sizeof(int),
+		.mode		= 0600,
+		.proc_handler	= &proc_dointvec,
+	},
+#endif
 	{
 		.ctl_name	= GS_LOCK,
 		.procname	= "grsec_lock",