From: Greg KH <gregkh@linuxfoundation.org>
To: kernel-hardening@lists.openwall.com
Cc: linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Thomas Sailer <t.sailer@alumni.ethz.ch>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Johan Hovold <johan@kernel.org>, Alex Elder <elder@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
David Howells <dhowells@redhat.com>, NeilBrown <neilb@suse.com>
Subject: [kernel-hardening] [PATCH 1/3] kmod: make usermodehelper path a const string
Date: Mon, 16 Jan 2017 17:50:02 +0100 [thread overview]
Message-ID: <20170116165002.GA29693@kroah.com> (raw)
In-Reply-To: <20170116164944.GA28984@kroah.com>
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is in preparation for making it so that usermode helper programs
can't be changed, if desired, by userspace. We will tackle the mess of
cleaning up the write-ability of argv and env later, that's going to
take more work, for much less gain...
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kmod.h | 7 ++++---
kernel/kmod.c | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
index fcfd2bf14d3f..c4e441e00db5 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -56,7 +56,7 @@ struct file;
struct subprocess_info {
struct work_struct work;
struct completion *complete;
- char *path;
+ const char *path;
char **argv;
char **envp;
int wait;
@@ -67,10 +67,11 @@ struct subprocess_info {
};
extern int
-call_usermodehelper(char *path, char **argv, char **envp, int wait);
+call_usermodehelper(const char *path, char **argv, char **envp, int wait);
extern struct subprocess_info *
-call_usermodehelper_setup(char *path, char **argv, char **envp, gfp_t gfp_mask,
+call_usermodehelper_setup(const char *path, char **argv, char **envp,
+ gfp_t gfp_mask,
int (*init)(struct subprocess_info *info, struct cred *new),
void (*cleanup)(struct subprocess_info *), void *data);
diff --git a/kernel/kmod.c b/kernel/kmod.c
index d45c96073afb..426a614e97fe 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -516,7 +516,7 @@ static void helper_unlock(void)
* Function must be runnable in either a process context or the
* context in which call_usermodehelper_exec is called.
*/
-struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
+struct subprocess_info *call_usermodehelper_setup(const char *path, char **argv,
char **envp, gfp_t gfp_mask,
int (*init)(struct subprocess_info *info, struct cred *new),
void (*cleanup)(struct subprocess_info *info),
@@ -613,7 +613,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
* This function is the equivalent to use call_usermodehelper_setup() and
* call_usermodehelper_exec().
*/
-int call_usermodehelper(char *path, char **argv, char **envp, int wait)
+int call_usermodehelper(const char *path, char **argv, char **envp, int wait)
{
struct subprocess_info *info;
gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
--
2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: kernel-hardening@lists.openwall.com
Cc: linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Thomas Sailer <t.sailer@alumni.ethz.ch>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Johan Hovold <johan@kernel.org>, Alex Elder <elder@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
David Howells <dhowells@redhat.com>, NeilBrown <neilb@suse.com>
Subject: [PATCH 1/3] kmod: make usermodehelper path a const string
Date: Mon, 16 Jan 2017 17:50:02 +0100 [thread overview]
Message-ID: <20170116165002.GA29693@kroah.com> (raw)
In-Reply-To: <20170116164944.GA28984@kroah.com>
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is in preparation for making it so that usermode helper programs
can't be changed, if desired, by userspace. We will tackle the mess of
cleaning up the write-ability of argv and env later, that's going to
take more work, for much less gain...
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kmod.h | 7 ++++---
kernel/kmod.c | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
index fcfd2bf14d3f..c4e441e00db5 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -56,7 +56,7 @@ struct file;
struct subprocess_info {
struct work_struct work;
struct completion *complete;
- char *path;
+ const char *path;
char **argv;
char **envp;
int wait;
@@ -67,10 +67,11 @@ struct subprocess_info {
};
extern int
-call_usermodehelper(char *path, char **argv, char **envp, int wait);
+call_usermodehelper(const char *path, char **argv, char **envp, int wait);
extern struct subprocess_info *
-call_usermodehelper_setup(char *path, char **argv, char **envp, gfp_t gfp_mask,
+call_usermodehelper_setup(const char *path, char **argv, char **envp,
+ gfp_t gfp_mask,
int (*init)(struct subprocess_info *info, struct cred *new),
void (*cleanup)(struct subprocess_info *), void *data);
diff --git a/kernel/kmod.c b/kernel/kmod.c
index d45c96073afb..426a614e97fe 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -516,7 +516,7 @@ static void helper_unlock(void)
* Function must be runnable in either a process context or the
* context in which call_usermodehelper_exec is called.
*/
-struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
+struct subprocess_info *call_usermodehelper_setup(const char *path, char **argv,
char **envp, gfp_t gfp_mask,
int (*init)(struct subprocess_info *info, struct cred *new),
void (*cleanup)(struct subprocess_info *info),
@@ -613,7 +613,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
* This function is the equivalent to use call_usermodehelper_setup() and
* call_usermodehelper_exec().
*/
-int call_usermodehelper(char *path, char **argv, char **envp, int wait)
+int call_usermodehelper(const char *path, char **argv, char **envp, int wait)
{
struct subprocess_info *info;
gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
--
2.11.0
next prev parent reply other threads:[~2017-01-16 16:50 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-16 16:49 [kernel-hardening] [PATCH 0/4] make call_usermodehelper a bit more "safe" Greg KH
2017-01-16 16:49 ` Greg KH
2017-01-16 16:50 ` Greg KH [this message]
2017-01-16 16:50 ` [PATCH 1/3] kmod: make usermodehelper path a const string Greg KH
2017-01-16 16:50 ` [kernel-hardening] [PATCH 2/3] Make static usermode helper binaries constant Greg KH
2017-01-16 16:50 ` Greg KH
2017-01-16 21:25 ` [kernel-hardening] " J. Bruce Fields
2017-01-16 21:25 ` J. Bruce Fields
2017-01-17 7:13 ` [kernel-hardening] " Greg KH
2017-01-17 7:13 ` Greg KH
2017-01-17 15:19 ` [kernel-hardening] " J. Bruce Fields
2017-01-17 15:19 ` J. Bruce Fields
2017-01-17 15:29 ` [kernel-hardening] " Greg KH
2017-01-17 15:29 ` Greg KH
2017-01-19 12:03 ` [kernel-hardening] " Greg KH
2017-01-19 16:27 ` J. Bruce Fields
2017-01-17 15:45 ` Jeff Layton
2017-01-17 15:45 ` Jeff Layton
2017-01-17 15:56 ` [kernel-hardening] " Greg KH
2017-01-17 15:56 ` Greg KH
2017-01-17 16:07 ` [kernel-hardening] " Jeff Layton
2017-01-17 16:07 ` Jeff Layton
2017-01-17 16:12 ` [kernel-hardening] " Greg KH
2017-01-17 16:12 ` Greg KH
2017-01-16 16:50 ` [kernel-hardening] [PATCH 3/3] Introduce STATIC_USERMODEHELPER to mediate call_usermodehelper() Greg KH
2017-01-16 16:50 ` Greg KH
2017-01-17 16:20 ` [kernel-hardening] " Jeff Layton
2017-01-17 16:20 ` Jeff Layton
2017-01-17 16:26 ` [kernel-hardening] " Greg KH
2017-01-17 16:26 ` Greg KH
2017-01-17 16:52 ` [kernel-hardening] " Jeff Layton
2017-01-17 16:52 ` Jeff Layton
2017-01-16 16:51 ` [kernel-hardening] Re: [PATCH 0/4] make call_usermodehelper a bit more "safe" Greg KH
2017-01-16 16:51 ` Greg KH
2017-01-17 17:23 ` [kernel-hardening] " Kees Cook
2017-01-17 17:23 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170116165002.GA29693@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=benh@kernel.crashing.org \
--cc=bfields@fieldses.org \
--cc=dhowells@redhat.com \
--cc=elder@kernel.org \
--cc=jlayton@poochiereds.net \
--cc=johan@kernel.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.com \
--cc=rafael.j.wysocki@intel.com \
--cc=t.sailer@alumni.ethz.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.