• Kees Cook's avatar
    sysctl: clean up char buffer arguments · f8808300
    Kees Cook authored
    When writing to a sysctl string, each write, regardless of VFS position,
    began writing the string from the start.  This meant the contents of the
    last write to the sysctl controlled the string contents instead of the
    first.
    
    This misbehavior was featured in an exploit against Chrome OS.  While
    it's not in itself a vulnerability, it's a weirdness that isn't on the
    mind of most auditors: "This filter looks correct, the first line
    written would not be meaningful to sysctl" doesn't apply here, since the
    size of the write and the contents of the final write are what matter
    when writing to sysctls.
    
    This adds the sysctl kernel.sysctl_writes_strict to control the write
    behavior.  The default (0) reports when VFS position is non-0 on a
    write, but retains legacy behavior, -1 disables the warning, and 1
    enables the position-respecting behavior.
    
    The long-term plan here is to wait for userspace to be fixed in response
    to the new warning and to then switch the default kernel behavior to the
    new position-respecting behavior.
    
    This patch (of 4):
    
    The char buffer arguments are needlessly cast in weird places.  Clean it
    up so things are easier to read.
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Randy Dunlap <rdunlap@infradead.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    f8808300
sysctl.c 61.3 KB