Re: [PATCH] syslog: check cap_syslog when dmesg_restrict

From: James Morris
Date: Wed Dec 08 2010 - 17:57:13 EST

Next message: Rik van Riel: "Re: [RFC PATCH 2/3] sched: add yield_to function"
Previous message: Daniel Drake: "Re: [PATCH v5 resend] OLPC: Add XO-1 suspend/resume support"
In reply to: Kees Cook: "Re: [PATCH] syslog: check cap_syslog when dmesg_restrict"
Next in thread: Daniel J Walsh: "Re: [PATCH] syslog: check cap_syslog when dmesg_restrict"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 Dec 2010, Serge E. Hallyn wrote:

> Eric Paris pointed out that it doesn't make sense to require
> both CAP_SYS_ADMIN and CAP_SYSLOG for certain syslog actions.
> So require CAP_SYSLOG, not CAP_SYS_ADMIN, when dmesg_restrict
> is set.
>
> (I'm also consolidating the now common error path)
>
> Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>

Applied.

(Please cc the lsm list with security patches).

> ---
> Documentation/sysctl/kernel.txt | 2 +-
> kernel/printk.c | 20 ++++++++++----------
> 2 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
> index 209e158..5740671 100644
> --- a/Documentation/sysctl/kernel.txt
> +++ b/Documentation/sysctl/kernel.txt
> @@ -219,7 +219,7 @@ dmesg_restrict:
> This toggle indicates whether unprivileged users are prevented from using
> dmesg(8) to view messages from the kernel's log buffer. When
> dmesg_restrict is set to (0) there are no restrictions. When
> -dmesg_restrict is set set to (1), users must have CAP_SYS_ADMIN to use
> +dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
> dmesg(8).
>
> The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default
> diff --git a/kernel/printk.c b/kernel/printk.c
> index 0712380..0cecba0 100644
> --- a/kernel/printk.c
> +++ b/kernel/printk.c
> @@ -279,18 +279,12 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
> * at open time.
> */
> if (type == SYSLOG_ACTION_OPEN || !from_file) {
> - if (dmesg_restrict && !capable(CAP_SYS_ADMIN))
> - return -EPERM;
> + if (dmesg_restrict && !capable(CAP_SYSLOG))
> + goto warn; /* switch to return -EPERM after 2.6.39 */
> if ((type != SYSLOG_ACTION_READ_ALL &&
> type != SYSLOG_ACTION_SIZE_BUFFER) &&
> - !capable(CAP_SYSLOG)) {
> - /* remove after 2.6.38 */
> - if (capable(CAP_SYS_ADMIN))
> - WARN_ONCE(1, "Attempt to access syslog with "
> - "CAP_SYS_ADMIN but no CAP_SYSLOG "
> - "(deprecated and denied).\n");
> - return -EPERM;
> - }
> + !capable(CAP_SYSLOG))
> + goto warn; /* switch to return -EPERM after 2.6.39 */
> }
>
> error = security_syslog(type);
> @@ -434,6 +428,12 @@ int do_syslog(int type, char __user *buf, int len, bool from_file)
> }
> out:
> return error;
> +warn:
> + /* remove after 2.6.39 */
> + if (capable(CAP_SYS_ADMIN))
> + WARN_ONCE(1, "Attempt to access syslog with CAP_SYS_ADMIN "
> + "but no CAP_SYSLOG (deprecated and denied).\n");
> + return -EPERM;
> }
>
> SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)
> --
> 1.7.0.4
>

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: [RFC PATCH 2/3] sched: add yield_to function"
Previous message: Daniel Drake: "Re: [PATCH v5 resend] OLPC: Add XO-1 suspend/resume support"
In reply to: Kees Cook: "Re: [PATCH] syslog: check cap_syslog when dmesg_restrict"
Next in thread: Daniel J Walsh: "Re: [PATCH] syslog: check cap_syslog when dmesg_restrict"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]