Commit 9aa06b85e000ef2fcba2b8dfa3e57eb809e99026
Committed by
Greg Kroah-Hartman
1 parent
9fb1fd7880
sysctl: fix write access to dmesg_restrict/kptr_restrict
commit 620f6e8e855d6d447688a5f67a4e176944a084e8 upstream. Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict. The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied. This adds the CAP_SYS_ADMIN check to both dmesg_restrict and kptr_restrict, since both are sensitive. Reported-by: Phillip Lougher <plougher@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing 1 changed file with 4 additions and 4 deletions Side-by-side Diff
kernel/sysctl.c
... | ... | @@ -166,7 +166,7 @@ |
166 | 166 | #endif |
167 | 167 | |
168 | 168 | #ifdef CONFIG_PRINTK |
169 | -static int proc_dmesg_restrict(struct ctl_table *table, int write, | |
169 | +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, | |
170 | 170 | void __user *buffer, size_t *lenp, loff_t *ppos); |
171 | 171 | #endif |
172 | 172 | |
... | ... | @@ -713,7 +713,7 @@ |
713 | 713 | .data = &dmesg_restrict, |
714 | 714 | .maxlen = sizeof(int), |
715 | 715 | .mode = 0644, |
716 | - .proc_handler = proc_dointvec_minmax, | |
716 | + .proc_handler = proc_dointvec_minmax_sysadmin, | |
717 | 717 | .extra1 = &zero, |
718 | 718 | .extra2 = &one, |
719 | 719 | }, |
... | ... | @@ -722,7 +722,7 @@ |
722 | 722 | .data = &kptr_restrict, |
723 | 723 | .maxlen = sizeof(int), |
724 | 724 | .mode = 0644, |
725 | - .proc_handler = proc_dmesg_restrict, | |
725 | + .proc_handler = proc_dointvec_minmax_sysadmin, | |
726 | 726 | .extra1 = &zero, |
727 | 727 | .extra2 = &two, |
728 | 728 | }, |
... | ... | @@ -2431,7 +2431,7 @@ |
2431 | 2431 | } |
2432 | 2432 | |
2433 | 2433 | #ifdef CONFIG_PRINTK |
2434 | -static int proc_dmesg_restrict(struct ctl_table *table, int write, | |
2434 | +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, | |
2435 | 2435 | void __user *buffer, size_t *lenp, loff_t *ppos) |
2436 | 2436 | { |
2437 | 2437 | if (write && !capable(CAP_SYS_ADMIN)) |