From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932556Ab2DDTHR (ORCPT ); Wed, 4 Apr 2012 15:07:17 -0400 Received: from a.ns.miles-group.at ([95.130.255.143]:47834 "EHLO radon.swed.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932386Ab2DDTHP (ORCPT ); Wed, 4 Apr 2012 15:07:15 -0400 Message-ID: <4F7C9BD7.8000604@nod.at> Date: Wed, 04 Apr 2012 21:07:03 +0200 From: Richard Weinberger User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120312 Thunderbird/11.0 MIME-Version: 1.0 To: Kees Cook CC: "Serge E. Hallyn" , linux-kernel@vger.kernel.org, PhillipLougherplougher@redhat.com, Andrew Morton , Greg Kroah-Hartman , Dan Rosenberg , Eugene Teo , Eric Paris , James Morris Subject: Re: [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict References: <20120404184019.GA32681@www.outflux.net> In-Reply-To: <20120404184019.GA32681@www.outflux.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04.04.2012 20:40, Kees Cook wrote: > Commit bfdc0b4 adds code to restrict access to dmesg_restrict, > however, it incorrectly alters kptr_restrict rather than > dmesg_restrict. > > The original patch from Richard Weinberger > (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as > expected, and so the patch seems to have been misapplied. > > This adds the CAP_SYS_ADMIN check to both dmesg_restrict and > kptr_restrict, since both are sensitive. > > Reported-by: Phillip Lougher > Signed-off-by: Kees Cook > Cc: stable@vger.kernel.org Acked-by: Richard Weinberger Thanks, //richard