diff options
| -rw-r--r-- | fs/proc/kmsg.c | 10 | ||||
| -rw-r--r-- | include/linux/syslog.h | 4 | ||||
| -rw-r--r-- | kernel/printk.c | 91 |
3 files changed, 57 insertions, 48 deletions
diff --git a/fs/proc/kmsg.c b/fs/proc/kmsg.c index bd4b5a740ff1..bdfabdaefdce 100644 --- a/fs/proc/kmsg.c +++ b/fs/proc/kmsg.c | |||
| @@ -21,12 +21,12 @@ extern wait_queue_head_t log_wait; | |||
| 21 | 21 | ||
| 22 | static int kmsg_open(struct inode * inode, struct file * file) | 22 | static int kmsg_open(struct inode * inode, struct file * file) |
| 23 | { | 23 | { |
| 24 | return do_syslog(SYSLOG_ACTION_OPEN, NULL, 0, SYSLOG_FROM_FILE); | 24 | return do_syslog(SYSLOG_ACTION_OPEN, NULL, 0, SYSLOG_FROM_PROC); |
| 25 | } | 25 | } |
| 26 | 26 | ||
| 27 | static int kmsg_release(struct inode * inode, struct file * file) | 27 | static int kmsg_release(struct inode * inode, struct file * file) |
| 28 | { | 28 | { |
| 29 | (void) do_syslog(SYSLOG_ACTION_CLOSE, NULL, 0, SYSLOG_FROM_FILE); | 29 | (void) do_syslog(SYSLOG_ACTION_CLOSE, NULL, 0, SYSLOG_FROM_PROC); |
| 30 | return 0; | 30 | return 0; |
| 31 | } | 31 | } |
| 32 | 32 | ||
| @@ -34,15 +34,15 @@ static ssize_t kmsg_read(struct file *file, char __user *buf, | |||
| 34 | size_t count, loff_t *ppos) | 34 | size_t count, loff_t *ppos) |
| 35 | { | 35 | { |
| 36 | if ((file->f_flags & O_NONBLOCK) && | 36 | if ((file->f_flags & O_NONBLOCK) && |
| 37 | !do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE)) | 37 | !do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_PROC)) |
| 38 | return -EAGAIN; | 38 | return -EAGAIN; |
| 39 | return do_syslog(SYSLOG_ACTION_READ, buf, count, SYSLOG_FROM_FILE); | 39 | return do_syslog(SYSLOG_ACTION_READ, buf, count, SYSLOG_FROM_PROC); |
| 40 | } | 40 | } |
| 41 | 41 | ||
| 42 | static unsigned int kmsg_poll(struct file *file, poll_table *wait) | 42 | static unsigned int kmsg_poll(struct file *file, poll_table *wait) |
| 43 | { | 43 | { |
| 44 | poll_wait(file, &log_wait, wait); | 44 | poll_wait(file, &log_wait, wait); |
| 45 | if (do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE)) | 45 | if (do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_PROC)) |
| 46 | return POLLIN | POLLRDNORM; | 46 | return POLLIN | POLLRDNORM; |
| 47 | return 0; | 47 | return 0; |
| 48 | } | 48 | } |
diff --git a/include/linux/syslog.h b/include/linux/syslog.h index 38911391a139..98a3153c0f96 100644 --- a/include/linux/syslog.h +++ b/include/linux/syslog.h | |||
| @@ -44,8 +44,8 @@ | |||
| 44 | /* Return size of the log buffer */ | 44 | /* Return size of the log buffer */ |
| 45 | #define SYSLOG_ACTION_SIZE_BUFFER 10 | 45 | #define SYSLOG_ACTION_SIZE_BUFFER 10 |
| 46 | 46 | ||
| 47 | #define SYSLOG_FROM_CALL 0 | 47 | #define SYSLOG_FROM_READER 0 |
| 48 | #define SYSLOG_FROM_FILE 1 | 48 | #define SYSLOG_FROM_PROC 1 |
| 49 | 49 | ||
| 50 | int do_syslog(int type, char __user *buf, int count, bool from_file); | 50 | int do_syslog(int type, char __user *buf, int count, bool from_file); |
| 51 | 51 | ||
diff --git a/kernel/printk.c b/kernel/printk.c index fa36e1494420..8212c1aef125 100644 --- a/kernel/printk.c +++ b/kernel/printk.c | |||
| @@ -363,6 +363,53 @@ static void log_store(int facility, int level, | |||
| 363 | log_next_seq++; | 363 | log_next_seq++; |
| 364 | } | 364 | } |
| 365 | 365 | ||
| 366 | #ifdef CONFIG_SECURITY_DMESG_RESTRICT | ||
| 367 | int dmesg_restrict = 1; | ||
| 368 | #else | ||
| 369 | int dmesg_restrict; | ||
| 370 | #endif | ||
| 371 | |||
| 372 | static int syslog_action_restricted(int type) | ||
| 373 | { | ||
| 374 | if (dmesg_restrict) | ||
| 375 | return 1; | ||
| 376 | /* | ||
| 377 | * Unless restricted, we allow "read all" and "get buffer size" | ||
| 378 | * for everybody. | ||
| 379 | */ | ||
| 380 | return type != SYSLOG_ACTION_READ_ALL && | ||
| 381 | type != SYSLOG_ACTION_SIZE_BUFFER; | ||
| 382 | } | ||
| 383 | |||
| 384 | static int check_syslog_permissions(int type, bool from_file) | ||
| 385 | { | ||
| 386 | /* | ||
| 387 | * If this is from /proc/kmsg and we've already opened it, then we've | ||
| 388 | * already done the capabilities checks at open time. | ||
| 389 | */ | ||
| 390 | if (from_file && type != SYSLOG_ACTION_OPEN) | ||
| 391 | return 0; | ||
| 392 | |||
| 393 | if (syslog_action_restricted(type)) { | ||
| 394 | if (capable(CAP_SYSLOG)) | ||
| 395 | return 0; | ||
| 396 | /* | ||
| 397 | * For historical reasons, accept CAP_SYS_ADMIN too, with | ||
| 398 | * a warning. | ||
| 399 | */ | ||
| 400 | if (capable(CAP_SYS_ADMIN)) { | ||
| 401 | pr_warn_once("%s (%d): Attempt to access syslog with " | ||
| 402 | "CAP_SYS_ADMIN but no CAP_SYSLOG " | ||
| 403 | "(deprecated).\n", | ||
| 404 | current->comm, task_pid_nr(current)); | ||
| 405 | return 0; | ||
| 406 | } | ||
| 407 | return -EPERM; | ||
| 408 | } | ||
| 409 | return security_syslog(type); | ||
| 410 | } | ||
| 411 | |||
| 412 | |||
| 366 | /* /dev/kmsg - userspace message inject/listen interface */ | 413 | /* /dev/kmsg - userspace message inject/listen interface */ |
| 367 | struct devkmsg_user { | 414 | struct devkmsg_user { |
| 368 | u64 seq; | 415 | u64 seq; |
| @@ -620,7 +667,8 @@ static int devkmsg_open(struct inode *inode, struct file *file) | |||
| 620 | if ((file->f_flags & O_ACCMODE) == O_WRONLY) | 667 | if ((file->f_flags & O_ACCMODE) == O_WRONLY) |
| 621 | return 0; | 668 | return 0; |
| 622 | 669 | ||
| 623 | err = security_syslog(SYSLOG_ACTION_READ_ALL); | 670 | err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL, |
| 671 | SYSLOG_FROM_READER); | ||
| 624 | if (err) | 672 | if (err) |
| 625 | return err; | 673 | return err; |
| 626 | 674 | ||
| @@ -813,45 +861,6 @@ static inline void boot_delay_msec(int level) | |||
| 813 | } | 861 | } |
| 814 | #endif | 862 | #endif |
| 815 | 863 | ||
| 816 | #ifdef CONFIG_SECURITY_DMESG_RESTRICT | ||
| 817 | int dmesg_restrict = 1; | ||
| 818 | #else | ||
| 819 | int dmesg_restrict; | ||
| 820 | #endif | ||
| 821 | |||
| 822 | static int syslog_action_restricted(int type) | ||
| 823 | { | ||
| 824 | if (dmesg_restrict) | ||
| 825 | return 1; | ||
| 826 | /* Unless restricted, we allow "read all" and "get buffer size" for everybody */ | ||
| 827 | return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; | ||
| 828 | } | ||
| 829 | |||
| 830 | static int check_syslog_permissions(int type, bool from_file) | ||
| 831 | { | ||
| 832 | /* | ||
| 833 | * If this is from /proc/kmsg and we've already opened it, then we've | ||
| 834 | * already done the capabilities checks at open time. | ||
| 835 | */ | ||
| 836 | if (from_file && type != SYSLOG_ACTION_OPEN) | ||
| 837 | return 0; | ||
| 838 | |||
| 839 | if (syslog_action_restricted(type)) { | ||
| 840 | if (capable(CAP_SYSLOG)) | ||
| 841 | return 0; | ||
| 842 | /* For historical reasons, accept CAP_SYS_ADMIN too, with a warning */ | ||
| 843 | if (capable(CAP_SYS_ADMIN)) { | ||
| 844 | printk_once(KERN_WARNING "%s (%d): " | ||
| 845 | "Attempt to access syslog with CAP_SYS_ADMIN " | ||
| 846 | "but no CAP_SYSLOG (deprecated).\n", | ||
| 847 | current->comm, task_pid_nr(current)); | ||
| 848 | return 0; | ||
| 849 | } | ||
| 850 | return -EPERM; | ||
| 851 | } | ||
| 852 | return 0; | ||
| 853 | } | ||
| 854 | |||
| 855 | #if defined(CONFIG_PRINTK_TIME) | 864 | #if defined(CONFIG_PRINTK_TIME) |
| 856 | static bool printk_time = 1; | 865 | static bool printk_time = 1; |
| 857 | #else | 866 | #else |
| @@ -1249,7 +1258,7 @@ out: | |||
| 1249 | 1258 | ||
| 1250 | SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len) | 1259 | SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len) |
| 1251 | { | 1260 | { |
| 1252 | return do_syslog(type, buf, len, SYSLOG_FROM_CALL); | 1261 | return do_syslog(type, buf, len, SYSLOG_FROM_READER); |
| 1253 | } | 1262 | } |
| 1254 | 1263 | ||
| 1255 | /* | 1264 | /* |