lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed,  8 Nov 2006 15:45:44 +0300
From:	Sergey Vlasov <vsu@...linux.ru>
To:	Chris Wright <chrisw@...s-sol.org>
Cc:	Zack Weinberg <zackw@...ix.com>, linux-kernel@...r.kernel.org,
	Sergey Vlasov <vsu@...linux.ru>
Subject: [RFC PATCH 1/2] sys_syslog: check open permission for reading and getting unread count

The "read" (2) and "get unread count" (9) operations of sys_syslog() may
also be invoked through /proc/kmsg; however, /proc/kmsg also performs
security checks during open.  Perform the same security check when these
operations are invoked through the syslog system call.

Currently this does not change the behavior - for cap_syslog() and
dummy_syslog() the "read" and "get unread count" operations are
identical to "open", and selinux_syslog() maps all of them to
SYSTEM__SYSLOG_MOD.  The next patch will enable syslog read for normal
users, so that a process could open /proc/kmsg, then drop privileges and
continue reading kernel messages from the open file descriptor - then
the added check in sys_syslog() will catch attempts to read kernel
messages without having /proc/kmsg open.

Signed-off-by: Sergey Vlasov <vsu@...linux.ru>
---
 kernel/printk.c |   16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/kernel/printk.c b/kernel/printk.c
index 1149365..91c3f39 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -316,7 +316,21 @@ out:
 
 asmlinkage long sys_syslog(int type, char __user *buf, int len)
 {
-	return do_syslog(type, buf, len);
+	int retval;
+
+	if ((type == 2) || (type == 9)) {
+		/*
+		 * These operation can also be invoked through /proc/kmsg, but
+		 * you need to have an open file descriptor for that.  Make the
+		 * syslog system call also require the syslog open permission.
+		 */
+		retval = security_syslog(1);
+		if (retval)
+			goto out;
+	}
+	retval = do_syslog(type, buf, len);
+out:
+	return retval;
 }
 
 /*
-- 
1.4.3.3.gddcc6

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ