Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps"
This reverts commit 68c4a4f8ab
, with
various conflict clean-ups.
The capability check required too much privilege compared to simple DAC
controls. A system builder was forced to have crash handler processes
run with CAP_SYSLOG which would give it the ability to read (and wipe)
the _current_ dmesg, which is much more access than being given access
only to the historical log stored in pstorefs.
With the prior commit to make the root directory 0750, the files are
protected by default but a system builder can now opt to give access
to a specific group (via chgrp on the pstorefs root directory) without
being forced to also give away CAP_SYSLOG.
Suggested-by: Nick Kralevich <nnk@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Petr Mladek <pmladek@suse.cz>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
This commit is contained in:
parent
d7caa33687
commit
c71b02e4d2
3 changed files with 1 additions and 33 deletions
|
@ -36,7 +36,6 @@
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
#include <linux/spinlock.h>
|
#include <linux/spinlock.h>
|
||||||
#include <linux/uaccess.h>
|
#include <linux/uaccess.h>
|
||||||
#include <linux/syslog.h>
|
|
||||||
|
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
|
|
||||||
|
@ -132,18 +131,6 @@ static const struct seq_operations pstore_ftrace_seq_ops = {
|
||||||
.show = pstore_ftrace_seq_show,
|
.show = pstore_ftrace_seq_show,
|
||||||
};
|
};
|
||||||
|
|
||||||
static int pstore_check_syslog_permissions(struct pstore_private *ps)
|
|
||||||
{
|
|
||||||
switch (ps->record->type) {
|
|
||||||
case PSTORE_TYPE_DMESG:
|
|
||||||
case PSTORE_TYPE_CONSOLE:
|
|
||||||
return check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
|
|
||||||
SYSLOG_FROM_READER);
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static ssize_t pstore_file_read(struct file *file, char __user *userbuf,
|
static ssize_t pstore_file_read(struct file *file, char __user *userbuf,
|
||||||
size_t count, loff_t *ppos)
|
size_t count, loff_t *ppos)
|
||||||
{
|
{
|
||||||
|
@ -163,10 +150,6 @@ static int pstore_file_open(struct inode *inode, struct file *file)
|
||||||
int err;
|
int err;
|
||||||
const struct seq_operations *sops = NULL;
|
const struct seq_operations *sops = NULL;
|
||||||
|
|
||||||
err = pstore_check_syslog_permissions(ps);
|
|
||||||
if (err)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
if (ps->record->type == PSTORE_TYPE_FTRACE)
|
if (ps->record->type == PSTORE_TYPE_FTRACE)
|
||||||
sops = &pstore_ftrace_seq_ops;
|
sops = &pstore_ftrace_seq_ops;
|
||||||
|
|
||||||
|
@ -204,11 +187,6 @@ static int pstore_unlink(struct inode *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
struct pstore_private *p = d_inode(dentry)->i_private;
|
struct pstore_private *p = d_inode(dentry)->i_private;
|
||||||
struct pstore_record *record = p->record;
|
struct pstore_record *record = p->record;
|
||||||
int err;
|
|
||||||
|
|
||||||
err = pstore_check_syslog_permissions(p);
|
|
||||||
if (err)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
if (!record->psi->erase)
|
if (!record->psi->erase)
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
|
|
|
@ -49,13 +49,4 @@
|
||||||
|
|
||||||
int do_syslog(int type, char __user *buf, int count, int source);
|
int do_syslog(int type, char __user *buf, int count, int source);
|
||||||
|
|
||||||
#ifdef CONFIG_PRINTK
|
|
||||||
int check_syslog_permissions(int type, int source);
|
|
||||||
#else
|
|
||||||
static inline int check_syslog_permissions(int type, int source)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* _LINUX_SYSLOG_H */
|
#endif /* _LINUX_SYSLOG_H */
|
||||||
|
|
|
@ -649,7 +649,7 @@ static int syslog_action_restricted(int type)
|
||||||
type != SYSLOG_ACTION_SIZE_BUFFER;
|
type != SYSLOG_ACTION_SIZE_BUFFER;
|
||||||
}
|
}
|
||||||
|
|
||||||
int check_syslog_permissions(int type, int source)
|
static int check_syslog_permissions(int type, int source)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* If this is from /proc/kmsg and we've already opened it, then we've
|
* If this is from /proc/kmsg and we've already opened it, then we've
|
||||||
|
@ -677,7 +677,6 @@ int check_syslog_permissions(int type, int source)
|
||||||
ok:
|
ok:
|
||||||
return security_syslog(type);
|
return security_syslog(type);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(check_syslog_permissions);
|
|
||||||
|
|
||||||
static void append_char(char **pp, char *e, char c)
|
static void append_char(char **pp, char *e, char c)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue