diff options
author | Richard Weinberger <richard@nod.at> | 2011-03-23 16:43:11 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-03-27 11:36:01 -0700 |
commit | bd118a66bddf45265832b8185fa177b3d5fd0200 (patch) | |
tree | 96f884b3493e63856ff28ed91b7171784f0b83bf /kernel | |
parent | 96f8c528c9112a89b03928bd4ab5173ba35a4fd4 (diff) | |
download | linux-stable-bd118a66bddf45265832b8185fa177b3d5fd0200.tar.gz linux-stable-bd118a66bddf45265832b8185fa177b3d5fd0200.tar.bz2 linux-stable-bd118a66bddf45265832b8185fa177b3d5fd0200.zip |
sysctl: restrict write access to dmesg_restrict
commit bfdc0b497faa82a0ba2f9dddcf109231dd519fcc upstream.
When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the kernel
ring buffer. But a root user without CAP_SYS_ADMIN is able to reset
dmesg_restrict to 0.
This is an issue when e.g. LXC (Linux Containers) are used and complete
user space is running without CAP_SYS_ADMIN. A unprivileged and jailed
root user can bypass the dmesg_restrict protection.
With this patch writing to dmesg_restrict is only allowed when root has
CAP_SYS_ADMIN.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Dan Rosenberg <drosenberg@vsecurity.com>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: Kees Cook <kees.cook@canonical.com>
Cc: James Morris <jmorris@namei.org>
Cc: Eugene Teo <eugeneteo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/sysctl.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 4eed0af5d144..443fd2081a74 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -169,6 +169,11 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif +#ifdef CONFIG_PRINTK +static int proc_dmesg_restrict(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); +#endif + #ifdef CONFIG_MAGIC_SYSRQ /* Note: sysrq code uses it's own private copy */ static int __sysrq_enabled = SYSRQ_DEFAULT_ENABLE; @@ -713,7 +718,7 @@ static struct ctl_table kern_table[] = { .data = &kptr_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec_minmax, + .proc_handler = proc_dmesg_restrict, .extra1 = &zero, .extra2 = &two, }, @@ -2397,6 +2402,17 @@ static int proc_taint(struct ctl_table *table, int write, return err; } +#ifdef CONFIG_PRINTK +static int proc_dmesg_restrict(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) +{ + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); +} +#endif + struct do_proc_dointvec_minmax_conv_param { int *min; int *max; |