lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5555A33E.5070403@odin.com>
Date:	Fri, 15 May 2015 10:41:50 +0300
From:	Vasily Averin <vvs@...n.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>,
	Josh Boyer <jwboyer@...hat.com>, Eric Paris <eparis@...hat.com>
Subject: Re: [PATCH] kernel/printk/printk.c: check_syslog_permissions() cleanup

On 15.05.2015 01:01, Andrew Morton wrote:
> On Sun, 10 May 2015 09:35:53 +0300 Vasily Averin <vvs@...n.com> wrote:
> 
>> Fixes: 637241a900cb ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg")
>>
>> Final version of patch 637241a900cb ("kmsg: honor dmesg_restrict sysctl
>> on /dev/kmsg") lost few hooks. As result security_syslog() is not checked
>> inside check_syslog_permissions() if dmesg_restrict is set,
>> or it can be called twice in do_syslog().
> 
> I'm not seeing how security_syslog() is called twice from do_syslog(). 
> Put more details in the changelog, please.

For example, if dmesg_restrict is not set and SYSLOG_ACTION_OPEN is requested.
In this case do_syslog() calls check_syslog_permissions() 
where security_syslog() is called first time and approves the operation,
then do_syslog() itself calls security_syslog() 2nd time.

>> --- a/kernel/printk/printk.c
>> +++ b/kernel/printk/printk.c
>> @@ -484,11 +484,11 @@ int check_syslog_permissions(int type, bool from_file)
>>  	 * already done the capabilities checks at open time.
>>  	 */
>>  	if (from_file && type != SYSLOG_ACTION_OPEN)
>> -		return 0;
>> +		goto ok;
> 
> This seems wrong - we should only call security_syslog() for opens?

Are you sure?
I saw Linus comment in thread related to old patch, 
and I agree that usual kernel checks can be skipped.

However I believe security hooks should be called anyway,
in general case they can have own rules about access, logging
or additional things that should be called before execution of requested operation.

Am I wrong?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ