sysctl: enable strict writes

SYSCTL_WRITES_WARN was added in commit f4aacea2 ("sysctl: allow for strict write position handling"), and released in v3.16 in August of 2014. Since then I can find only 1 instance of non-zero offset writing[1], and it was fixed immediately in CRIU[2]. As such, it appears safe to flip this to the strict state now. [1] https://www.google.com/search?q="when%20file%20position%20was%20not%200" [2] http://lists.openvz.org/pipermail/criu/2015-April/019819.htmlSigned-off-by: Kees Cook <keescook@chromium.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

sysctl: enable strict writes
SYSCTL_WRITES_WARN was added in commit f4aacea2 ("sysctl: allow for strict write position handling"), and released in v3.16 in August of 2014. Since then I can find only 1 instance of non-zero offset writing[1], and it was fixed immediately in CRIU[2]. As such, it appears safe to flip this to the strict state now. [1] https://www.google.com/search?q="when%20file%20position%20was%20not%200" [2] http://lists.openvz.org/pipermail/criu/2015-April/019819.htmlSigned-off-by: Kees Cook <keescook@chromium.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
41662f5c · Kees Cook · Linus Torvalds · a460bece · 41662f5c · 41662f5c
Commit 41662f5c authored Jan 20, 2016 by Kees Cook Committed by Linus Torvalds Jan 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 9 deletions

Documentation/sysctl/kernel.txt Documentation/sysctl/kernel.txt +7 -8

kernel/sysctl.c kernel/sysctl.c +1 -1

No files found.
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -825,14 +825,13 @@ via the /proc/sys interface:
       Each write syscall must fully contain the sysctl value to be
       written, and multiple writes on the same sysctl file descriptor
       will rewrite the sysctl value, regardless of file position.
-   0 - (default) Same behavior as above, but warn about processes that
+   0 - Same behavior as above, but warn about processes that perform writes
-       perform writes to a sysctl file descriptor when the file position
+       to a sysctl file descriptor when the file position is not 0.
-       is not 0.
+   1 - (default) Respect file position when writing sysctl strings. Multiple
-   1 - Respect file position when writing sysctl strings. Multiple writes
+       writes will append to the sysctl value buffer. Anything past the max
-       will append to the sysctl value buffer. Anything past the max length
+       length of the sysctl value buffer will be ignored. Writes to numeric
-       of the sysctl value buffer will be ignored. Writes to numeric sysctl
+       sysctl entries must always be at file position 0 and the value must
-       entries must always be at file position 0 and the value must be
+       be fully contained in the buffer sent in the write syscall.
-       fully contained in the buffer sent in the write syscall.
 ==============================================================

--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -173,7 +173,7 @@ extern int no_unaligned_warning;
 #define SYSCTL_WRITES_WARN	 0
 #define SYSCTL_WRITES_STRICT	 1
-static int sysctl_writes_strict = SYSCTL_WRITES_WARN;
+static int sysctl_writes_strict = SYSCTL_WRITES_STRICT;
 static int proc_do_cad_pid(struct ctl_table *table, int write,
 		  void __user *buffer, size_t *lenp, loff_t *ppos);