* [PATCH] sysctl: fix restrict write access to dmesg_restrict @ 2012-03-30 23:43 Phillip Lougher 2012-03-30 23:50 ` Richard Weinberger 2012-04-01 2:10 ` Kees Cook 0 siblings, 2 replies; 12+ messages in thread From: Phillip Lougher @ 2012-03-30 23:43 UTC (permalink / raw) To: linux-kernel Cc: Andrew Morton, Richard Weinberger, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris, Kees Cook Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict. The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied. Signed-off-by: Phillip Lougher <plougher@redhat.com> --- kernel/sysctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index f487f25..72a5302 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -713,7 +713,7 @@ static struct ctl_table kern_table[] = { .data = &dmesg_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec_minmax, + .proc_handler = proc_dmesg_restrict, .extra1 = &zero, .extra2 = &one, }, @@ -722,7 +722,7 @@ static struct ctl_table kern_table[] = { .data = &kptr_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dmesg_restrict, + .proc_handler = proc_dointvec_minmax, .extra1 = &zero, .extra2 = &two, }, -- 1.7.9.5 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix restrict write access to dmesg_restrict 2012-03-30 23:43 [PATCH] sysctl: fix restrict write access to dmesg_restrict Phillip Lougher @ 2012-03-30 23:50 ` Richard Weinberger 2012-03-31 0:55 ` Andrew Morton 2012-04-01 2:10 ` Kees Cook 1 sibling, 1 reply; 12+ messages in thread From: Richard Weinberger @ 2012-03-30 23:50 UTC (permalink / raw) To: Phillip Lougher Cc: linux-kernel, Andrew Morton, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris, Kees Cook [-- Attachment #1: Type: text/plain, Size: 454 bytes --] Am 31.03.2012 01:43, schrieb Phillip Lougher: > Commit bfdc0b4 adds code to restrict access to dmesg_restrict, > however, it incorrectly alters kptr_restrict rather than > dmesg_restrict. > > The original patch from Richard Weinberger > (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as > expected, and so the patch seems to have been misapplied. > Hmm, indeed. Any idea how this could happen, Andrew? Thanks, //richard [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 490 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix restrict write access to dmesg_restrict 2012-03-30 23:50 ` Richard Weinberger @ 2012-03-31 0:55 ` Andrew Morton 2012-03-31 1:58 ` Phillip Lougher 0 siblings, 1 reply; 12+ messages in thread From: Andrew Morton @ 2012-03-31 0:55 UTC (permalink / raw) To: Richard Weinberger Cc: Phillip Lougher, linux-kernel, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris, Kees Cook On Sat, 31 Mar 2012 01:50:52 +0200 Richard Weinberger <richard@nod.at> wrote: > Am 31.03.2012 01:43, schrieb Phillip Lougher: > > Commit bfdc0b4 adds code to restrict access to dmesg_restrict, > > however, it incorrectly alters kptr_restrict rather than > > dmesg_restrict. > > > > The original patch from Richard Weinberger > > (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as > > expected, and so the patch seems to have been misapplied. > > > > Hmm, indeed. > Any idea how this could happen, Andrew? Presumably someone else fiddled with the file, patch(1) misapplied the hunk and I didn't notice. Send a fix? ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix restrict write access to dmesg_restrict 2012-03-31 0:55 ` Andrew Morton @ 2012-03-31 1:58 ` Phillip Lougher 2012-03-31 16:13 ` Greg Kroah-Hartman 0 siblings, 1 reply; 12+ messages in thread From: Phillip Lougher @ 2012-03-31 1:58 UTC (permalink / raw) To: Andrew Morton Cc: Richard Weinberger, Phillip Lougher, linux-kernel, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris, Kees Cook, Greg Kroah-Hartman On Sat, Mar 31, 2012 at 1:55 AM, Andrew Morton <akpm@linux-foundation.org> wrote: > > Presumably someone else fiddled with the file, patch(1) misapplied the > hunk and I didn't notice. > That was my guess, the repeated near identical sysfs entries is confusing patch. The stable kernels also suffer from this misapplication, but the misapplication is random, for instance I noticed here http://www.mail-archive.com/stable@linux.kernel.org/msg07097.html that the patch has been misapplied to suid_dumpable. It looks like all of the stable kernels need to be separately checked, and if necessary different patches need to be generated. > Send a fix? My original email has the fix... Phillip ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix restrict write access to dmesg_restrict 2012-03-31 1:58 ` Phillip Lougher @ 2012-03-31 16:13 ` Greg Kroah-Hartman 0 siblings, 0 replies; 12+ messages in thread From: Greg Kroah-Hartman @ 2012-03-31 16:13 UTC (permalink / raw) To: Phillip Lougher Cc: Andrew Morton, Richard Weinberger, Phillip Lougher, linux-kernel, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris, Kees Cook On Sat, Mar 31, 2012 at 02:58:02AM +0100, Phillip Lougher wrote: > On Sat, Mar 31, 2012 at 1:55 AM, Andrew Morton > <akpm@linux-foundation.org> wrote: > > > > Presumably someone else fiddled with the file, patch(1) misapplied the > > hunk and I didn't notice. > > > > That was my guess, the repeated near identical sysfs entries is > confusing patch. The stable kernels also suffer from this > misapplication, but the misapplication is random, for instance I > noticed here > > http://www.mail-archive.com/stable@linux.kernel.org/msg07097.html > > that the patch has been misapplied to suid_dumpable. It looks like > all of the stable kernels need to be separately checked, and if > necessary different patches need to be generated. Ok, can someone please do this and send me the patches? I don't exactly know what you are referring to here to be able to do it myself... greg k-h ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix restrict write access to dmesg_restrict 2012-03-30 23:43 [PATCH] sysctl: fix restrict write access to dmesg_restrict Phillip Lougher 2012-03-30 23:50 ` Richard Weinberger @ 2012-04-01 2:10 ` Kees Cook 2012-04-04 2:30 ` Serge E. Hallyn 1 sibling, 1 reply; 12+ messages in thread From: Kees Cook @ 2012-04-01 2:10 UTC (permalink / raw) To: Phillip Lougher Cc: linux-kernel, Andrew Morton, Richard Weinberger, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris Actually, proc_dmesg_restrict is just a CAP_SYSADMIN-checking wrapper around proc_dointvec_minmax. Probably both dmesg_restrict and kptr_restrict should use it. On Fri, Mar 30, 2012 at 4:43 PM, Phillip Lougher <plougher@redhat.com> wrote: > Commit bfdc0b4 adds code to restrict access to dmesg_restrict, > however, it incorrectly alters kptr_restrict rather than > dmesg_restrict. > > The original patch from Richard Weinberger > (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as > expected, and so the patch seems to have been misapplied. > > Signed-off-by: Phillip Lougher <plougher@redhat.com> > --- > kernel/sysctl.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/kernel/sysctl.c b/kernel/sysctl.c > index f487f25..72a5302 100644 > --- a/kernel/sysctl.c > +++ b/kernel/sysctl.c > @@ -713,7 +713,7 @@ static struct ctl_table kern_table[] = { > .data = &dmesg_restrict, > .maxlen = sizeof(int), > .mode = 0644, > - .proc_handler = proc_dointvec_minmax, > + .proc_handler = proc_dmesg_restrict, > .extra1 = &zero, > .extra2 = &one, > }, > @@ -722,7 +722,7 @@ static struct ctl_table kern_table[] = { > .data = &kptr_restrict, > .maxlen = sizeof(int), > .mode = 0644, > - .proc_handler = proc_dmesg_restrict, > + .proc_handler = proc_dointvec_minmax, > .extra1 = &zero, > .extra2 = &two, > }, > -- > 1.7.9.5 > -- Kees Cook ChromeOS Security ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix restrict write access to dmesg_restrict 2012-04-01 2:10 ` Kees Cook @ 2012-04-04 2:30 ` Serge E. Hallyn 2012-04-04 18:40 ` [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict Kees Cook 0 siblings, 1 reply; 12+ messages in thread From: Serge E. Hallyn @ 2012-04-04 2:30 UTC (permalink / raw) To: Kees Cook Cc: Phillip Lougher, linux-kernel, Andrew Morton, Richard Weinberger, Dan Rosenberg, Serge E. Hallyn, Eugene Teo, Eric Paris, James Morris Quoting Kees Cook (keescook@chromium.org): > Actually, proc_dmesg_restrict is just a CAP_SYSADMIN-checking wrapper > around proc_dointvec_minmax. Probably both dmesg_restrict and > kptr_restrict should use it. I've seen no more emails since this one. Kees, do you want to send a new patch? (or has someone handled it?) thanks, -serge ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict 2012-04-04 2:30 ` Serge E. Hallyn @ 2012-04-04 18:40 ` Kees Cook 2012-04-04 19:07 ` Richard Weinberger ` (2 more replies) 0 siblings, 3 replies; 12+ messages in thread From: Kees Cook @ 2012-04-04 18:40 UTC (permalink / raw) To: Serge E. Hallyn Cc: linux-kernel, PhillipLougherplougher, Andrew Morton, Richard Weinberger, Greg Kroah-Hartman, Dan Rosenberg, Eugene Teo, Eric Paris, James Morris Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict. The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied. This adds the CAP_SYS_ADMIN check to both dmesg_restrict and kptr_restrict, since both are sensitive. Reported-by: Phillip Lougher <plougher@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org --- kernel/sysctl.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 52b3a06..4ab1187 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -170,7 +170,7 @@ static int proc_taint(struct ctl_table *table, int write, #endif #ifdef CONFIG_PRINTK -static int proc_dmesg_restrict(struct ctl_table *table, int write, +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -703,7 +703,7 @@ static struct ctl_table kern_table[] = { .data = &dmesg_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax_sysadmin, .extra1 = &zero, .extra2 = &one, }, @@ -712,7 +712,7 @@ static struct ctl_table kern_table[] = { .data = &kptr_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dmesg_restrict, + .proc_handler = proc_dointvec_minmax_sysadmin, .extra1 = &zero, .extra2 = &two, }, @@ -1943,7 +1943,7 @@ static int proc_taint(struct ctl_table *table, int write, } #ifdef CONFIG_PRINTK -static int proc_dmesg_restrict(struct ctl_table *table, int write, +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { if (write && !capable(CAP_SYS_ADMIN)) -- 1.7.0.4 -- Kees Cook Chrome OS Security ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict 2012-04-04 18:40 ` [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict Kees Cook @ 2012-04-04 19:07 ` Richard Weinberger 2012-04-04 21:27 ` Serge E. Hallyn 2012-04-05 5:11 ` James Morris 2 siblings, 0 replies; 12+ messages in thread From: Richard Weinberger @ 2012-04-04 19:07 UTC (permalink / raw) To: Kees Cook Cc: Serge E. Hallyn, linux-kernel, PhillipLougherplougher, Andrew Morton, Greg Kroah-Hartman, Dan Rosenberg, Eugene Teo, Eric Paris, James Morris On 04.04.2012 20:40, Kees Cook wrote: > Commit bfdc0b4 adds code to restrict access to dmesg_restrict, > however, it incorrectly alters kptr_restrict rather than > dmesg_restrict. > > The original patch from Richard Weinberger > (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as > expected, and so the patch seems to have been misapplied. > > This adds the CAP_SYS_ADMIN check to both dmesg_restrict and > kptr_restrict, since both are sensitive. > > Reported-by: Phillip Lougher<plougher@redhat.com> > Signed-off-by: Kees Cook<keescook@chromium.org> > Cc: stable@vger.kernel.org Acked-by: Richard Weinberger <richard@nod.at> Thanks, //richard ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict 2012-04-04 18:40 ` [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict Kees Cook 2012-04-04 19:07 ` Richard Weinberger @ 2012-04-04 21:27 ` Serge E. Hallyn 2012-04-04 21:43 ` Kees Cook 2012-04-05 5:11 ` James Morris 2 siblings, 1 reply; 12+ messages in thread From: Serge E. Hallyn @ 2012-04-04 21:27 UTC (permalink / raw) To: Kees Cook Cc: Serge E. Hallyn, linux-kernel, PhillipLougherplougher, Andrew Morton, Richard Weinberger, Greg Kroah-Hartman, Dan Rosenberg, Eugene Teo, Eric Paris, James Morris Quoting Kees Cook (keescook@chromium.org): > Commit bfdc0b4 adds code to restrict access to dmesg_restrict, > however, it incorrectly alters kptr_restrict rather than > dmesg_restrict. > > The original patch from Richard Weinberger > (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as > expected, and so the patch seems to have been misapplied. > > This adds the CAP_SYS_ADMIN check to both dmesg_restrict and > kptr_restrict, since both are sensitive. > > Reported-by: Phillip Lougher <plougher@redhat.com> > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> > Cc: stable@vger.kernel.org > --- > kernel/sysctl.c | 8 ++++---- > 1 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/kernel/sysctl.c b/kernel/sysctl.c > index 52b3a06..4ab1187 100644 > --- a/kernel/sysctl.c > +++ b/kernel/sysctl.c > @@ -170,7 +170,7 @@ static int proc_taint(struct ctl_table *table, int write, > #endif > > #ifdef CONFIG_PRINTK > -static int proc_dmesg_restrict(struct ctl_table *table, int write, > +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, > void __user *buffer, size_t *lenp, loff_t *ppos); > #endif > > @@ -703,7 +703,7 @@ static struct ctl_table kern_table[] = { > .data = &dmesg_restrict, > .maxlen = sizeof(int), > .mode = 0644, > - .proc_handler = proc_dointvec_minmax, > + .proc_handler = proc_dointvec_minmax_sysadmin, > .extra1 = &zero, > .extra2 = &one, > }, > @@ -712,7 +712,7 @@ static struct ctl_table kern_table[] = { > .data = &kptr_restrict, > .maxlen = sizeof(int), > .mode = 0644, > - .proc_handler = proc_dmesg_restrict, > + .proc_handler = proc_dointvec_minmax_sysadmin, > .extra1 = &zero, > .extra2 = &two, > }, > @@ -1943,7 +1943,7 @@ static int proc_taint(struct ctl_table *table, int write, > } > > #ifdef CONFIG_PRINTK > -static int proc_dmesg_restrict(struct ctl_table *table, int write, > +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, > void __user *buffer, size_t *lenp, loff_t *ppos) > { > if (write && !capable(CAP_SYS_ADMIN)) > -- > 1.7.0.4 > > -- > Kees Cook > Chrome OS Security ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict 2012-04-04 21:27 ` Serge E. Hallyn @ 2012-04-04 21:43 ` Kees Cook 0 siblings, 0 replies; 12+ messages in thread From: Kees Cook @ 2012-04-04 21:43 UTC (permalink / raw) To: Phillip Lougher Cc: linux-kernel, Serge E. Hallyn, Andrew Morton, Richard Weinberger, Greg Kroah-Hartman, Dan Rosenberg, Eugene Teo, Eric Paris, James Morris [forward, with my botch of plougher's email address corrected] On Wed, Apr 4, 2012 at 2:27 PM, Serge E. Hallyn <serge@hallyn.com> wrote: > Quoting Kees Cook (keescook@chromium.org): >> Commit bfdc0b4 adds code to restrict access to dmesg_restrict, >> however, it incorrectly alters kptr_restrict rather than >> dmesg_restrict. >> >> The original patch from Richard Weinberger >> (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as >> expected, and so the patch seems to have been misapplied. >> >> This adds the CAP_SYS_ADMIN check to both dmesg_restrict and >> kptr_restrict, since both are sensitive. >> >> Reported-by: Phillip Lougher <plougher@redhat.com> >> Signed-off-by: Kees Cook <keescook@chromium.org> > > Acked-by: Serge Hallyn <serge.hallyn@canonical.com> > >> Cc: stable@vger.kernel.org >> --- >> kernel/sysctl.c | 8 ++++---- >> 1 files changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/kernel/sysctl.c b/kernel/sysctl.c >> index 52b3a06..4ab1187 100644 >> --- a/kernel/sysctl.c >> +++ b/kernel/sysctl.c >> @@ -170,7 +170,7 @@ static int proc_taint(struct ctl_table *table, int write, >> #endif >> >> #ifdef CONFIG_PRINTK >> -static int proc_dmesg_restrict(struct ctl_table *table, int write, >> +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, >> void __user *buffer, size_t *lenp, loff_t *ppos); >> #endif >> >> @@ -703,7 +703,7 @@ static struct ctl_table kern_table[] = { >> .data = &dmesg_restrict, >> .maxlen = sizeof(int), >> .mode = 0644, >> - .proc_handler = proc_dointvec_minmax, >> + .proc_handler = proc_dointvec_minmax_sysadmin, >> .extra1 = &zero, >> .extra2 = &one, >> }, >> @@ -712,7 +712,7 @@ static struct ctl_table kern_table[] = { >> .data = &kptr_restrict, >> .maxlen = sizeof(int), >> .mode = 0644, >> - .proc_handler = proc_dmesg_restrict, >> + .proc_handler = proc_dointvec_minmax_sysadmin, >> .extra1 = &zero, >> .extra2 = &two, >> }, >> @@ -1943,7 +1943,7 @@ static int proc_taint(struct ctl_table *table, int write, >> } >> >> #ifdef CONFIG_PRINTK >> -static int proc_dmesg_restrict(struct ctl_table *table, int write, >> +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, >> void __user *buffer, size_t *lenp, loff_t *ppos) >> { >> if (write && !capable(CAP_SYS_ADMIN)) >> -- >> 1.7.0.4 >> >> -- >> Kees Cook >> Chrome OS Security -- Kees Cook ChromeOS Security ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict 2012-04-04 18:40 ` [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict Kees Cook 2012-04-04 19:07 ` Richard Weinberger 2012-04-04 21:27 ` Serge E. Hallyn @ 2012-04-05 5:11 ` James Morris 2 siblings, 0 replies; 12+ messages in thread From: James Morris @ 2012-04-05 5:11 UTC (permalink / raw) To: Kees Cook, Linus Torvalds Cc: Serge E. Hallyn, linux-kernel, Andrew Morton, Richard Weinberger, Greg Kroah-Hartman, Dan Rosenberg, Eugene Teo, Eric Paris Here it is in git pullable form for Linus: The following changes since commit 6c216ec636f75d834461be15f83ec41a6759bd2b: Linus Torvalds (1): Merge tag 'for_linus-3.4-rc2' of git://git.kernel.org/.../jwessel/kgdb are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Kees Cook (1): sysctl: fix write access to dmesg_restrict/kptr_restrict kernel/sysctl.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) commit 620f6e8e855d6d447688a5f67a4e176944a084e8 Author: Kees Cook <keescook@chromium.org> Date: Wed Apr 4 11:40:19 2012 -0700 sysctl: fix write access to dmesg_restrict/kptr_restrict Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict. The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied. This adds the CAP_SYS_ADMIN check to both dmesg_restrict and kptr_restrict, since both are sensitive. Reported-by: Phillip Lougher <plougher@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Richard Weinberger <richard@nod.at> Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com> diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 52b3a06..4ab1187 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -170,7 +170,7 @@ static int proc_taint(struct ctl_table *table, int write, #endif #ifdef CONFIG_PRINTK -static int proc_dmesg_restrict(struct ctl_table *table, int write, +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -703,7 +703,7 @@ static struct ctl_table kern_table[] = { .data = &dmesg_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax_sysadmin, .extra1 = &zero, .extra2 = &one, }, @@ -712,7 +712,7 @@ static struct ctl_table kern_table[] = { .data = &kptr_restrict, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dmesg_restrict, + .proc_handler = proc_dointvec_minmax_sysadmin, .extra1 = &zero, .extra2 = &two, }, @@ -1943,7 +1943,7 @@ static int proc_taint(struct ctl_table *table, int write, } #ifdef CONFIG_PRINTK -static int proc_dmesg_restrict(struct ctl_table *table, int write, +static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { if (write && !capable(CAP_SYS_ADMIN)) ^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2012-04-05 5:11 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-03-30 23:43 [PATCH] sysctl: fix restrict write access to dmesg_restrict Phillip Lougher 2012-03-30 23:50 ` Richard Weinberger 2012-03-31 0:55 ` Andrew Morton 2012-03-31 1:58 ` Phillip Lougher 2012-03-31 16:13 ` Greg Kroah-Hartman 2012-04-01 2:10 ` Kees Cook 2012-04-04 2:30 ` Serge E. Hallyn 2012-04-04 18:40 ` [PATCH] sysctl: fix write access to dmesg_restrict/kptr_restrict Kees Cook 2012-04-04 19:07 ` Richard Weinberger 2012-04-04 21:27 ` Serge E. Hallyn 2012-04-04 21:43 ` Kees Cook 2012-04-05 5:11 ` James Morris
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox