diff options
author | Vasily Averin <vvs@virtuozzo.com> | 2015-06-25 15:01:44 -0700 |
---|---|---|
committer | Luis Henriques <luis.henriques@canonical.com> | 2015-07-15 10:01:30 +0100 |
commit | cef1fd33facc6f2d5f28232af139c87e5a9ab8fa (patch) | |
tree | a1d5cb8e54329f1d183b7a1a754e96a5636f304b | |
parent | 0f2aa404bb403c157e681769575dc3805dfd742a (diff) | |
download | linux-stable-cef1fd33facc6f2d5f28232af139c87e5a9ab8fa.tar.gz linux-stable-cef1fd33facc6f2d5f28232af139c87e5a9ab8fa.tar.bz2 linux-stable-cef1fd33facc6f2d5f28232af139c87e5a9ab8fa.zip |
security_syslog() should be called once only
commit d194e5d666225b04c7754471df0948f645b6ab3a upstream.
The final version of commit 637241a900cb ("kmsg: honor dmesg_restrict
sysctl on /dev/kmsg") lost few hooks, as result security_syslog() are
processed incorrectly:
- open of /dev/kmsg checks syslog access permissions by using
check_syslog_permissions() where security_syslog() is not called if
dmesg_restrict is set.
- syslog syscall and /proc/kmsg calls do_syslog() where security_syslog
can be executed twice (inside check_syslog_permissions() and then
directly in do_syslog())
With this patch security_syslog() is called once only in all
syslog-related operations regardless of dmesg_restrict value.
Fixes: 637241a900cb ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
-rw-r--r-- | kernel/printk/printk.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index cce20d2f38d5..f7f6f7e5ff8a 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -478,11 +478,11 @@ static int check_syslog_permissions(int type, bool from_file) * already done the capabilities checks at open time. */ if (from_file && type != SYSLOG_ACTION_OPEN) - return 0; + goto ok; if (syslog_action_restricted(type)) { if (capable(CAP_SYSLOG)) - return 0; + goto ok; /* * For historical reasons, accept CAP_SYS_ADMIN too, with * a warning. @@ -492,10 +492,11 @@ static int check_syslog_permissions(int type, bool from_file) "CAP_SYS_ADMIN but no CAP_SYSLOG " "(deprecated).\n", current->comm, task_pid_nr(current)); - return 0; + goto ok; } return -EPERM; } +ok: return security_syslog(type); } @@ -1221,10 +1222,6 @@ int do_syslog(int type, char __user *buf, int len, bool from_file) if (error) goto out; - error = security_syslog(type); - if (error) - return error; - switch (type) { case SYSLOG_ACTION_CLOSE: /* Close log */ break; |