| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170127154230.GB3799@axis.com>
Date: Fri, 27 Jan 2017 16:42:30 +0100
From: Rabin Vincent <rabin.vincent@...s.com>
To: Borislav Petkov <bp@...e.de>
Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] printk: fix printk.devkmsg sysctl
On Fri, Jan 27, 2017 at 04:01:41PM +0100, Borislav Petkov wrote:
> On Fri, Jan 27, 2017 at 02:11:46PM +0100, Rabin Vincent wrote:
> > @@ -177,7 +177,7 @@ int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write,
> > * Do not accept an unknown string OR a known string with
> > * trailing crap...
> > */
> > - if (err < 0 || (err + 1 != *lenp)) {
>
> Grr, that's that damn '\n'
>
> echo off > /proc/sys/kernel/printk_devkmsg
>
> works, of course.
>
> Ok, I don't want to relax the strncmp() above and would still like to
> return the exact length compared.
>
> So please change the check above to allow the following inputs:
>
> <str>
>
> or
>
> <str>\n
>
> I.e., a trailing, *optional*, '\n' is allowed.
proc_dostring() eats the '\n' and stops after that so we never see it or
what comes after, so we need an strlen():
8<----
>From ec7e02cdf5b6c9fb1492670928bb7ea4386ca87d Mon Sep 17 00:00:00 2001
From: Rabin Vincent <rabinv@...s.com>
Date: Fri, 27 Jan 2017 14:03:07 +0100
Subject: [PATCHv2] printk: fix printk.devkmsg sysctl
The comment says that it doesn't want to accept trailing crap but the
code does allow it:
# echo -n offX > /proc/sys/kernel/printk_devkmsg
#
while at the same time it rejects legitimate uses:
# echo -n off > /proc/sys/kernel/printk_devkmsg
-sh: echo: write error: Invalid argument
Fix it.
Before this patch:
# cat /proc/sys/kernel/printk_devkmsg
ratelimit
# echo off > /proc/sys/kernel/printk_devkmsg
# sysctl -w kernel.printk_devkmsg=off
sysctl: short write
# echo -n off > /proc/sys/kernel/printk_devkmsg
-sh: echo: write error: Invalid argument
# echo -n offX > /proc/sys/kernel/printk_devkmsg
#
# printf "off\nX" >/proc/sys/kernel/printk_devkmsg
-sh: printf: write error: Invalid argument
After this patch:
# cat /proc/sys/kernel/printk_devkmsg
ratelimit
# echo off > /proc/sys/kernel/printk_devkmsg
# sysctl -w kernel.printk_devkmsg=off
kernel.printk_devkmsg = off
# echo -n off > /proc/sys/kernel/printk_devkmsg
# echo -n offX > /proc/sys/kernel/printk_devkmsg
-sh: echo: write error: Invalid argument
# printf "off\nX" >/proc/sys/kernel/printk_devkmsg
-sh: printf: write error: Invalid argument
Fixes: 750afe7babd117d ("printk: add kernel parameter to control writes to /dev/kmsg")
Signed-off-by: Rabin Vincent <rabinv@...s.com>
---
kernel/printk/printk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 8b26964..935ed71 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -177,7 +177,8 @@ int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write,
* Do not accept an unknown string OR a known string with
* trailing crap...
*/
- if (err < 0 || (err + 1 != *lenp)) {
+ if (err < 0 || (err != *lenp && err + 1 != *lenp) ||
+ err != strlen(devkmsg_log_str)) {
/* ... and restore old setting. */
devkmsg_log = old;
--
2.1.4
Powered by blists - more mailing lists