[PATCH 13/13] android: ram_console: honor dmesg_restrict

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: John Stultz <john.stultz@linaro.org>
To: lkml <linux-kernel@vger.kernel.org>
Cc: Nick Kralevich <nnk@google.com>,
	Greg KH <gregkh@linuxfoundation.org>,
	Android Kernel Team <kernel-team@android.com>,
	John Stultz <john.stultz@linaro.org>
Subject: [PATCH 13/13] android: ram_console: honor dmesg_restrict
Date: Wed,  7 Mar 2012 13:58:23 -0800	[thread overview]
Message-ID: <1331157503-3413-14-git-send-email-john.stultz@linaro.org> (raw)
In-Reply-To: <1331157503-3413-1-git-send-email-john.stultz@linaro.org>

From: Nick Kralevich <nnk@google.com>

The Linux kernel has a setting called dmesg_restrict. When true,
only processes with CAP_SYSLOG can view the kernel dmesg logs. This
helps prevent leaking of kernel information into user space.

On Android, it's possible to bypass these restrictions by viewing
/proc/last_kmsg.

This change makes /proc/last_kmsg require the same permissions as
dmesg.

Bug: 5555691
CC: Greg KH <gregkh@linuxfoundation.org>
CC: Android Kernel Team <kernel-team@android.com>
Change-Id: I50ecb74012ef2ac0a3cff7325192634341fddae9
Signed-off-by: Nick Kralevich <nnk@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
 drivers/staging/android/ram_console.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c
index d956b84..b242be2 100644
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf,
 	char *str;
 	int ret;
 
+	if (dmesg_restrict && !capable(CAP_SYSLOG))
+		return -EPERM;
+
 	/* Main last_kmsg log */
 	if (pos < old_log_size) {
 		count = min(len, (size_t)(old_log_size - pos));
-- 
1.7.3.2.146.gca209

next prev parent reply	other threads:[~2012-03-07 21:59 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-07 21:58 [PATCH 00/13] staging: Android updates John Stultz
2012-03-07 21:58 ` [PATCH 01/13] android: lowmemorykiller: Fix warning on 64bit John Stultz
2012-03-07 22:04   ` Greg KH
2012-03-07 22:24     ` John Stultz
2012-03-07 21:58 ` [PATCH 02/13] android: ram_console: set CON_ANYTIME console flag John Stultz
2012-03-07 22:07   ` Greg KH
2012-03-07 21:58 ` [PATCH 03/13] android: ram_console: move footer strings John Stultz
2012-03-07 21:58 ` [PATCH 04/13] android: ram_console: drop early buffer support John Stultz
2012-03-07 21:58 ` [PATCH 05/13] android: ram_console: drop verbose ram_console support John Stultz
2012-03-07 21:58 ` [PATCH 06/13] android: ram_console: split out persistent ram John Stultz
2012-03-07 21:58 ` [PATCH 07/13] android: persistent_ram: refactor ecc support John Stultz
2012-03-07 22:21   ` Daniel Walker
2012-03-07 21:58 ` [PATCH 08/13] android: persistent_ram: handle reserving and mapping memory John Stultz
2012-03-07 22:08   ` Greg KH
2012-03-07 22:16     ` John Stultz
2012-03-08  1:46       ` Greg KH
2012-03-07 21:58 ` [PATCH 09/13] android: persistent_ram: make persistent_ram_write atomic John Stultz
2012-03-07 21:58 ` [PATCH 10/13] android: persistent_ram: add notrace to persistent_ram_write John Stultz
2012-03-07 21:58 ` [PATCH 11/13] android: persistent_trace: ftrace into persistent_ram John Stultz
2012-03-07 22:10   ` Greg KH
2012-03-07 22:40     ` John Stultz
2012-03-07 21:58 ` [PATCH 12/13] android: staging: ram_console: fix crash in ram_console_late_init John Stultz
2012-03-07 21:58 ` John Stultz [this message]
2012-03-07 22:10   ` [PATCH 13/13] android: ram_console: honor dmesg_restrict Greg KH
2012-03-07 22:11 ` [PATCH 00/13] staging: Android updates Greg KH

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d956b84 dfblob:b242be2 )
 OR (
bs:"[PATCH 13/13] android: ram_console: honor dmesg_restrict" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1331157503-3413-14-git-send-email-john.stultz@linaro.org \
    --to=john.stultz@linaro.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=kernel-team@android.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nnk@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox