[PATCH] check_syslog_permissions() cleanup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vasily Averin <vvs@virtuozzo.com>
To: linux-kernel@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
	Josh Boyer <jwboyer@redhat.com>, Eric Paris <eparis@redhat.com>
Subject: [PATCH] check_syslog_permissions() cleanup
Date: Sat, 30 May 2015 16:51:55 +0300	[thread overview]
Message-ID: <5569C07B.4030601@virtuozzo.com> (raw)
In-Reply-To: <20150527164312.a22ad8bb748acaddbea3bf70@linux-foundation.org>

Patch fixes drawbacks in heck_syslog_permissions() noticed by AKPM:
"from_file handling makes me cry.

That's not a boolean - it's an enumerated value with two values
currently defined.

But the code in check_syslog_permissions() treats it as a boolean and
also hardwires the knowledge that SYSLOG_FROM_PROC == 1 (or == `true`).

And the name is wrong: it should be called from_proc to match
SYSLOG_FROM_PROC."

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 include/linux/syslog.h |  6 +++---
 kernel/printk/printk.c | 10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/linux/syslog.h b/include/linux/syslog.h
index 4b7b875..c3a7f0c 100644
--- a/include/linux/syslog.h
+++ b/include/linux/syslog.h
@@ -47,12 +47,12 @@
 #define SYSLOG_FROM_READER           0
 #define SYSLOG_FROM_PROC             1
 
-int do_syslog(int type, char __user *buf, int count, bool from_file);
+int do_syslog(int type, char __user *buf, int count, int source);
 
 #ifdef CONFIG_PRINTK
-int check_syslog_permissions(int type, bool from_file);
+int check_syslog_permissions(int type, int source);
 #else
-static inline int check_syslog_permissions(int type, bool from_file)
+static inline int check_syslog_permissions(int type, int source)
 {
 	return 0;
 }
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index bff0169..5ed9d6d 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -477,13 +477,13 @@ static int syslog_action_restricted(int type)
 	       type != SYSLOG_ACTION_SIZE_BUFFER;
 }
 
-int check_syslog_permissions(int type, bool from_file)
+int check_syslog_permissions(int type, int source)
 {
 	/*
 	 * If this is from /proc/kmsg and we've already opened it, then we've
 	 * already done the capabilities checks at open time.
 	 */
-	if (from_file && type != SYSLOG_ACTION_OPEN)
+	if (source == SYSLOG_FROM_PROC && type != SYSLOG_ACTION_OPEN)
 		goto ok;
 
 	if (syslog_action_restricted(type)) {
@@ -1254,13 +1254,13 @@ static int syslog_print_all(char __user *buf, int size, bool clear)
 	return len;
 }
 
-int do_syslog(int type, char __user *buf, int len, bool from_file)
+int do_syslog(int type, char __user *buf, int len, int source)
 {
 	bool clear = false;
 	static int saved_console_loglevel = LOGLEVEL_DEFAULT;
 	int error;
 
-	error = check_syslog_permissions(type, from_file);
+	error = check_syslog_permissions(type, source);
 	if (error)
 		goto out;
 
@@ -1343,7 +1343,7 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
 			syslog_prev = 0;
 			syslog_partial = 0;
 		}
-		if (from_file) {
+		if (source == SYSLOG_FROM_PROC) {
 			/*
 			 * Short-cut for poll(/"proc/kmsg") which simply checks
 			 * for pending data, not the size; return the count of
-- 
1.9.1

next prev parent reply	other threads:[~2015-05-30 13:53 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-10  6:35 [PATCH] kernel/printk/printk.c: check_syslog_permissions() cleanup Vasily Averin
2015-05-14 22:01 ` Andrew Morton
2015-05-15  7:41   ` Vasily Averin
2015-05-15  9:22     ` Vasily Averin
2015-05-24 16:09   ` Vasily Averin
2015-05-24 16:18   ` [PATCH v2] security_syslog() should be called once only Vasily Averin
2015-05-27 23:43     ` Andrew Morton
2015-05-30 13:51       ` Vasily Averin
2015-06-01 21:23         ` Andrew Morton
2015-06-02  7:57           ` Vasily Averin
2015-05-30 13:51       ` Vasily Averin [this message]
2015-06-04 17:00       ` Kees Cook

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4b7b875 dfblob:c3a7f0c dfblob:bff0169 dfblob:5ed9d6d )
 OR (
bs:"[PATCH] check_syslog_permissions() cleanup" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5569C07B.4030601@virtuozzo.com \
    --to=vvs@virtuozzo.com \
    --cc=akpm@linux-foundation.org \
    --cc=eparis@redhat.com \
    --cc=jwboyer@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.