Linux v3.10-rc6

1 files changed, 0 insertions, 228 deletions

diff --git a/0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch b/0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
deleted file mode 100644
index 7197f7f7a..000000000
--- a/0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
+++ /dev/null
@@ -1,228 +0,0 @@
-To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
-
-- /proc/kmsg allows:
- - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
-   single-reader interface (SYSLOG_ACTION_READ).
- - everything, after an open.
-
-- syslog syscall allows:
- - anything, if CAP_SYSLOG.
- - SYSLOG_ACTION_READ_ALL and SYSLOG_ACTION_SIZE_BUFFER, if dmesg_restrict==0.
- - nothing else (EPERM).
-
-The use-cases were:
-- dmesg(1) needs to do non-destructive SYSLOG_ACTION_READ_ALLs.
-- sysklog(1) needs to open /proc/kmsg, drop privs, and still issue the
-  destructive SYSLOG_ACTION_READs.
-
-AIUI, dmesg(1) is moving to /dev/kmsg, and systemd-journald doesn't
-clear the ring buffer.
-
-Based on the comments in devkmsg_llseek, it sounds like actions besides
-reading aren't going to be supported by /dev/kmsg (i.e. SYSLOG_ACTION_CLEAR),
-so we have a strict subset of the non-destructive syslog syscall actions.
-
-To this end, move the check as Josh had done, but also rename the constants
-to reflect their new uses (SYSLOG_FROM_CALL becomes SYSLOG_FROM_READER, and
-SYSLOG_FROM_FILE becomes SYSLOG_FROM_PROC). SYSLOG_FROM_READER allows
-non-destructive actions, and SYSLOG_FROM_PROC allows destructive actions
-after a capabilities-constrained SYSLOG_ACTION_OPEN check.
-
-- /dev/kmsg allows:
- - open if CAP_SYSLOG or dmesg_restrict==0
- - reading/polling, after open
-
-Signed-off-by: Kees Cook <keescook@chromium.org>
-Reported-by: Christian Kujau <lists@nerdbynature.de>
-Cc: Josh Boyer <jwboyer@redhat.com>
-Cc: Kay Sievers <kay@vrfy.org>
-Cc: stable@vger.kernel.org
----
- fs/proc/kmsg.c         |   10 +++---
- include/linux/syslog.h |    4 +--
- kernel/printk.c        |   91 ++++++++++++++++++++++++++----------------------
- 3 files changed, 57 insertions(+), 48 deletions(-)
-
-diff --git a/fs/proc/kmsg.c b/fs/proc/kmsg.c
-index bd4b5a7..bdfabda 100644
---- a/fs/proc/kmsg.c
-+++ b/fs/proc/kmsg.c
-@@ -21,12 +21,12 @@ extern wait_queue_head_t log_wait;
- 
- static int kmsg_open(struct inode * inode, struct file * file)
- {
--	return do_syslog(SYSLOG_ACTION_OPEN, NULL, 0, SYSLOG_FROM_FILE);
-+	return do_syslog(SYSLOG_ACTION_OPEN, NULL, 0, SYSLOG_FROM_PROC);
- }
- 
- static int kmsg_release(struct inode * inode, struct file * file)
- {
--	(void) do_syslog(SYSLOG_ACTION_CLOSE, NULL, 0, SYSLOG_FROM_FILE);
-+	(void) do_syslog(SYSLOG_ACTION_CLOSE, NULL, 0, SYSLOG_FROM_PROC);
- 	return 0;
- }
- 
-@@ -34,15 +34,15 @@ static ssize_t kmsg_read(struct file *file, char __user *buf,
- 			 size_t count, loff_t *ppos)
- {
- 	if ((file->f_flags & O_NONBLOCK) &&
--	    !do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE))
-+	    !do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_PROC))
- 		return -EAGAIN;
--	return do_syslog(SYSLOG_ACTION_READ, buf, count, SYSLOG_FROM_FILE);
-+	return do_syslog(SYSLOG_ACTION_READ, buf, count, SYSLOG_FROM_PROC);
- }
- 
- static unsigned int kmsg_poll(struct file *file, poll_table *wait)
- {
- 	poll_wait(file, &log_wait, wait);
--	if (do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE))
-+	if (do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_PROC))
- 		return POLLIN | POLLRDNORM;
- 	return 0;
- }
-diff --git a/include/linux/syslog.h b/include/linux/syslog.h
-index 3891139..98a3153 100644
---- a/include/linux/syslog.h
-+++ b/include/linux/syslog.h
-@@ -44,8 +44,8 @@
- /* Return size of the log buffer */
- #define SYSLOG_ACTION_SIZE_BUFFER   10
- 
--#define SYSLOG_FROM_CALL 0
--#define SYSLOG_FROM_FILE 1
-+#define SYSLOG_FROM_READER           0
-+#define SYSLOG_FROM_PROC             1
- 
- int do_syslog(int type, char __user *buf, int count, bool from_file);
- 
-diff --git a/kernel/printk.c b/kernel/printk.c
-index abbdd9e..53b5c5e 100644
---- a/kernel/printk.c
-+++ b/kernel/printk.c
-@@ -368,6 +368,53 @@ static void log_store(int facility, int level,
- 	log_next_seq++;
- }
- 
-+#ifdef CONFIG_SECURITY_DMESG_RESTRICT
-+int dmesg_restrict = 1;
-+#else
-+int dmesg_restrict;
-+#endif
-+
-+static int syslog_action_restricted(int type)
-+{
-+	if (dmesg_restrict)
-+		return 1;
-+	/*
-+	 * Unless restricted, we allow "read all" and "get buffer size"
-+	 * for everybody.
-+	 */
-+	return type != SYSLOG_ACTION_READ_ALL &&
-+	       type != SYSLOG_ACTION_SIZE_BUFFER;
-+}
-+
-+static int check_syslog_permissions(int type, bool from_file)
-+{
-+	/*
-+	 * If this is from /proc/kmsg and we've already opened it, then we've
-+	 * already done the capabilities checks at open time.
-+	 */
-+	if (from_file && type != SYSLOG_ACTION_OPEN)
-+		return 0;
-+
-+	if (syslog_action_restricted(type)) {
-+		if (capable(CAP_SYSLOG))
-+			return 0;
-+		/*
-+		 * For historical reasons, accept CAP_SYS_ADMIN too, with
-+		 * a warning.
-+		 */
-+		if (capable(CAP_SYS_ADMIN)) {
-+			printk_once(KERN_WARNING "%s (%d): "
-+				 "Attempt to access syslog with CAP_SYS_ADMIN "
-+				 "but no CAP_SYSLOG (deprecated).\n",
-+				 current->comm, task_pid_nr(current));
-+			return 0;
-+		}
-+		return -EPERM;
-+	}
-+	return security_syslog(type);
-+}
-+
-+
- /* /dev/kmsg - userspace message inject/listen interface */
- struct devkmsg_user {
- 	u64 seq;
-@@ -624,7 +671,8 @@ static int devkmsg_open(struct inode *inode, struct file *file)
- 	if ((file->f_flags & O_ACCMODE) == O_WRONLY)
- 		return 0;
- 
--	err = security_syslog(SYSLOG_ACTION_READ_ALL);
-+	err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
-+				       SYSLOG_FROM_READER);
- 	if (err)
- 		return err;
- 
-@@ -817,45 +865,6 @@ static inline void boot_delay_msec(int level)
- }
- #endif
- 
--#ifdef CONFIG_SECURITY_DMESG_RESTRICT
--int dmesg_restrict = 1;
--#else
--int dmesg_restrict;
--#endif
--
--static int syslog_action_restricted(int type)
--{
--	if (dmesg_restrict)
--		return 1;
--	/* Unless restricted, we allow "read all" and "get buffer size" for everybody */
--	return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
--}
--
--static int check_syslog_permissions(int type, bool from_file)
--{
--	/*
--	 * If this is from /proc/kmsg and we've already opened it, then we've
--	 * already done the capabilities checks at open time.
--	 */
--	if (from_file && type != SYSLOG_ACTION_OPEN)
--		return 0;
--
--	if (syslog_action_restricted(type)) {
--		if (capable(CAP_SYSLOG))
--			return 0;
--		/* For historical reasons, accept CAP_SYS_ADMIN too, with a warning */
--		if (capable(CAP_SYS_ADMIN)) {
--			printk_once(KERN_WARNING "%s (%d): "
--				 "Attempt to access syslog with CAP_SYS_ADMIN "
--				 "but no CAP_SYSLOG (deprecated).\n",
--				 current->comm, task_pid_nr(current));
--			return 0;
--		}
--		return -EPERM;
--	}
--	return 0;
--}
--
- #if defined(CONFIG_PRINTK_TIME)
- static bool printk_time = 1;
- #else
-@@ -1253,7 +1262,7 @@ out:
- 
- SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)
- {
--	return do_syslog(type, buf, len, SYSLOG_FROM_CALL);
-+	return do_syslog(type, buf, len, SYSLOG_FROM_READER);
- }
- 
- /*
--- 
-1.7.9.5
-
-
--- 
-Kees Cook
-Chrome OS Security