Commit 620f6e8e authored by Kees Cook's avatar Kees Cook Committed by James Morris

sysctl: fix write access to dmesg_restrict/kptr_restrict

Commit bfdc0b49 adds code to restrict access to dmesg_restrict,
however, it incorrectly alters kptr_restrict rather than
dmesg_restrict.

The original patch from Richard Weinberger
(https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as
expected, and so the patch seems to have been misapplied.

This adds the CAP_SYS_ADMIN check to both dmesg_restrict and
kptr_restrict, since both are sensitive.
Reported-by: default avatarPhillip Lougher <plougher@redhat.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
Acked-by: default avatarRichard Weinberger <richard@nod.at>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
parent 6c216ec6
......@@ -170,7 +170,7 @@ static int proc_taint(struct ctl_table *table, int write,
#endif
#ifdef CONFIG_PRINTK
static int proc_dmesg_restrict(struct ctl_table *table, int write,
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
......@@ -703,7 +703,7 @@ static struct ctl_table kern_table[] = {
.data = &dmesg_restrict,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
.proc_handler = proc_dointvec_minmax_sysadmin,
.extra1 = &zero,
.extra2 = &one,
},
......@@ -712,7 +712,7 @@ static struct ctl_table kern_table[] = {
.data = &kptr_restrict,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dmesg_restrict,
.proc_handler = proc_dointvec_minmax_sysadmin,
.extra1 = &zero,
.extra2 = &two,
},
......@@ -1943,7 +1943,7 @@ static int proc_taint(struct ctl_table *table, int write,
}
#ifdef CONFIG_PRINTK
static int proc_dmesg_restrict(struct ctl_table *table, int write,
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
if (write && !capable(CAP_SYS_ADMIN))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment