Re: [PATCH 2/3] sysctl: Warn when a clamped sysctl parameter is set out of range

From: Andrew Morton
Date: Tue Feb 20 2018 - 18:17:13 EST

Next message: Andy Lutomirski: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Previous message: Laurent Pinchart: "[PATCH v4 03/16] of: dynamic: Add __of_node_dupv()"
In reply to: Waiman Long: "[PATCH 2/3] sysctl: Warn when a clamped sysctl parameter is set out of range"
Next in thread: Luis R. Rodriguez: "Re: [PATCH 2/3] sysctl: Warn when a clamped sysctl parameter is set out of range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 19 Feb 2018 11:53:50 -0500 Waiman Long <longman@xxxxxxxxxx> wrote:

> Even with clamped sysctl parameters, it is still not that straight
> forward to figure out the exact range of those parameters. One may
> try to write extreme parameter values to see if they get clamped.
> To make it easier, a warning with the expected range will now be
> printed in the kernel ring buffer when a clamped sysctl parameter
> receives an out of range value.

This assumes that do_proc_dointvec_minmax_conv() and
do_proc_douintvec_minmax_conv() are only ever called by privileged
userspace. Because we mustn't give unprivileged applications a way to
spam the kernel logs.

That's presumably true in the case of the caller you just added, but I
don't see what we can do to guarantee this in the future, so perhaps we
should add some permission check to the pr_warn()?

Next message: Andy Lutomirski: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Previous message: Laurent Pinchart: "[PATCH v4 03/16] of: dynamic: Add __of_node_dupv()"
In reply to: Waiman Long: "[PATCH 2/3] sysctl: Warn when a clamped sysctl parameter is set out of range"
Next in thread: Luis R. Rodriguez: "Re: [PATCH 2/3] sysctl: Warn when a clamped sysctl parameter is set out of range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]