diff options
| author | Pali Rohár <pali.rohar@gmail.com> | 2016-06-17 18:54:45 -0400 |
|---|---|---|
| committer | Guenter Roeck <linux@roeck-us.net> | 2016-06-18 15:59:58 -0400 |
| commit | 7613663cc186f8f3c50279390ddc60286758001c (patch) | |
| tree | cb610c1174fee08018de8bf840eba3defde50e00 | |
| parent | 053ea640818812313892ec4f370f5cfac42fd355 (diff) | |
hwmon: (dell-smm) Restrict fan control and serial number to CAP_SYS_ADMIN by default
For security reasons ordinary user must not be able to control fan speed
via /proc/i8k by default. Some malicious software running under "nobody"
user could be able to turn fan off and cause HW problems. So this patch
changes default value of "restricted" parameter to 1.
Also restrict reading of DMI_PRODUCT_SERIAL from /proc/i8k via "restricted"
parameter. It is because non root user cannot read DMI_PRODUCT_SERIAL from
sysfs file /sys/class/dmi/id/product_serial.
Old non secure behaviour of file /proc/i8k can be achieved by loading this
module with "restricted" parameter set to 0.
Note that this patch has effects only for kernels compiled with CONFIG_I8K
and only for file /proc/i8k. Hwmon interface provided by this driver was
not changed and root access for setting fan speed was needed also before.
Reported-by: Mario Limonciello <Mario_Limonciello@dell.com>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Cc: stable@vger.kernel.org # will need backport
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
| -rw-r--r-- | drivers/hwmon/dell-smm-hwmon.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c index 480b2fae9541..c8bd3fdd0710 100644 --- a/drivers/hwmon/dell-smm-hwmon.c +++ b/drivers/hwmon/dell-smm-hwmon.c | |||
| @@ -67,6 +67,7 @@ | |||
| 67 | 67 | ||
| 68 | static DEFINE_MUTEX(i8k_mutex); | 68 | static DEFINE_MUTEX(i8k_mutex); |
| 69 | static char bios_version[4]; | 69 | static char bios_version[4]; |
| 70 | static char bios_machineid[16]; | ||
| 70 | static struct device *i8k_hwmon_dev; | 71 | static struct device *i8k_hwmon_dev; |
| 71 | static u32 i8k_hwmon_flags; | 72 | static u32 i8k_hwmon_flags; |
| 72 | static uint i8k_fan_mult = I8K_FAN_MULT; | 73 | static uint i8k_fan_mult = I8K_FAN_MULT; |
| @@ -95,13 +96,13 @@ module_param(ignore_dmi, bool, 0); | |||
| 95 | MODULE_PARM_DESC(ignore_dmi, "Continue probing hardware even if DMI data does not match"); | 96 | MODULE_PARM_DESC(ignore_dmi, "Continue probing hardware even if DMI data does not match"); |
| 96 | 97 | ||
| 97 | #if IS_ENABLED(CONFIG_I8K) | 98 | #if IS_ENABLED(CONFIG_I8K) |
| 98 | static bool restricted; | 99 | static bool restricted = true; |
| 99 | module_param(restricted, bool, 0); | 100 | module_param(restricted, bool, 0); |
| 100 | MODULE_PARM_DESC(restricted, "Allow fan control if SYS_ADMIN capability set"); | 101 | MODULE_PARM_DESC(restricted, "Restrict fan control and serial number to CAP_SYS_ADMIN (default: 1)"); |
| 101 | 102 | ||
| 102 | static bool power_status; | 103 | static bool power_status; |
| 103 | module_param(power_status, bool, 0600); | 104 | module_param(power_status, bool, 0600); |
| 104 | MODULE_PARM_DESC(power_status, "Report power status in /proc/i8k"); | 105 | MODULE_PARM_DESC(power_status, "Report power status in /proc/i8k (default: 0)"); |
| 105 | #endif | 106 | #endif |
| 106 | 107 | ||
| 107 | static uint fan_mult; | 108 | static uint fan_mult; |
| @@ -397,9 +398,11 @@ i8k_ioctl_unlocked(struct file *fp, unsigned int cmd, unsigned long arg) | |||
| 397 | break; | 398 | break; |
| 398 | 399 | ||
| 399 | case I8K_MACHINE_ID: | 400 | case I8K_MACHINE_ID: |
| 400 | memset(buff, 0, 16); | 401 | if (restricted && !capable(CAP_SYS_ADMIN)) |
| 401 | strlcpy(buff, i8k_get_dmi_data(DMI_PRODUCT_SERIAL), | 402 | return -EPERM; |
| 402 | sizeof(buff)); | 403 | |
| 404 | memset(buff, 0, sizeof(buff)); | ||
| 405 | strlcpy(buff, bios_machineid, sizeof(buff)); | ||
| 403 | break; | 406 | break; |
| 404 | 407 | ||
| 405 | case I8K_FN_STATUS: | 408 | case I8K_FN_STATUS: |
| @@ -516,7 +519,7 @@ static int i8k_proc_show(struct seq_file *seq, void *offset) | |||
| 516 | seq_printf(seq, "%s %s %s %d %d %d %d %d %d %d\n", | 519 | seq_printf(seq, "%s %s %s %d %d %d %d %d %d %d\n", |
| 517 | I8K_PROC_FMT, | 520 | I8K_PROC_FMT, |
| 518 | bios_version, | 521 | bios_version, |
| 519 | i8k_get_dmi_data(DMI_PRODUCT_SERIAL), | 522 | (restricted && !capable(CAP_SYS_ADMIN)) ? "-1" : bios_machineid, |
| 520 | cpu_temp, | 523 | cpu_temp, |
| 521 | left_fan, right_fan, left_speed, right_speed, | 524 | left_fan, right_fan, left_speed, right_speed, |
| 522 | ac_power, fn_key); | 525 | ac_power, fn_key); |
| @@ -985,6 +988,8 @@ static int __init i8k_probe(void) | |||
| 985 | 988 | ||
| 986 | strlcpy(bios_version, i8k_get_dmi_data(DMI_BIOS_VERSION), | 989 | strlcpy(bios_version, i8k_get_dmi_data(DMI_BIOS_VERSION), |
| 987 | sizeof(bios_version)); | 990 | sizeof(bios_version)); |
| 991 | strlcpy(bios_machineid, i8k_get_dmi_data(DMI_PRODUCT_SERIAL), | ||
| 992 | sizeof(bios_machineid)); | ||
| 988 | 993 | ||
| 989 | /* | 994 | /* |
| 990 | * Get SMM Dell signature | 995 | * Get SMM Dell signature |