From: Sergey Vlasov <vsu@altlinux.ru>
To: Chris Wright <chrisw@sous-sol.org>
Cc: Zack Weinberg <zackw@panix.com>,
linux-kernel@vger.kernel.org, Sergey Vlasov <vsu@altlinux.ru>
Subject: [RFC PATCH 1/2] sys_syslog: check open permission for reading and getting unread count
Date: Wed, 8 Nov 2006 15:45:44 +0300 [thread overview]
Message-ID: <11629899452160-git-send-email-vsu@altlinux.ru> (raw)
In-Reply-To: <20061108154229.eb6d4626.vsu@altlinux.ru>
The "read" (2) and "get unread count" (9) operations of sys_syslog() may
also be invoked through /proc/kmsg; however, /proc/kmsg also performs
security checks during open. Perform the same security check when these
operations are invoked through the syslog system call.
Currently this does not change the behavior - for cap_syslog() and
dummy_syslog() the "read" and "get unread count" operations are
identical to "open", and selinux_syslog() maps all of them to
SYSTEM__SYSLOG_MOD. The next patch will enable syslog read for normal
users, so that a process could open /proc/kmsg, then drop privileges and
continue reading kernel messages from the open file descriptor - then
the added check in sys_syslog() will catch attempts to read kernel
messages without having /proc/kmsg open.
Signed-off-by: Sergey Vlasov <vsu@altlinux.ru>
---
kernel/printk.c | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/kernel/printk.c b/kernel/printk.c
index 1149365..91c3f39 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -316,7 +316,21 @@ out:
asmlinkage long sys_syslog(int type, char __user *buf, int len)
{
- return do_syslog(type, buf, len);
+ int retval;
+
+ if ((type == 2) || (type == 9)) {
+ /*
+ * These operation can also be invoked through /proc/kmsg, but
+ * you need to have an open file descriptor for that. Make the
+ * syslog system call also require the syslog open permission.
+ */
+ retval = security_syslog(1);
+ if (retval)
+ goto out;
+ }
+ retval = do_syslog(type, buf, len);
+out:
+ return retval;
}
/*
--
1.4.3.3.gddcc6
next prev parent reply other threads:[~2006-11-08 12:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-08 4:16 RFC PATCH: apply security_syslog() only to the syslog() syscall, not to /proc/kmsg Zack Weinberg
2006-11-08 10:20 ` Chris Wright
2006-11-08 12:42 ` Sergey Vlasov
2006-11-08 12:45 ` Sergey Vlasov [this message]
2006-11-08 12:45 ` [RFC PATCH 2/2] security: allow reads from an open /proc/kmsg fd by unprivileged processes Sergey Vlasov
2006-11-09 4:14 ` RFC PATCH: apply security_syslog() only to the syslog() syscall, not to /proc/kmsg Chris Wright
2006-11-09 14:50 ` Stephen Smalley
2006-11-09 16:08 ` Zack Weinberg
2006-11-09 16:40 ` Stephen Smalley
2006-11-09 17:39 ` Zack Weinberg
2006-11-09 20:53 ` Stephen Smalley
2006-11-10 0:40 ` Zack Weinberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11629899452160-git-send-email-vsu@altlinux.ru \
--to=vsu@altlinux.ru \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zackw@panix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.