diff options
| author | Kees Cook <keescook@chromium.org> | 2016-01-20 18:00:45 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-01-20 20:09:18 -0500 |
| commit | 41662f5cc55335807d39404371cfcbb1909304c4 (patch) | |
| tree | 6416fe63b3eec53d98eda7e84ee1da01f82377b3 /Documentation | |
| parent | a460bece027301e079b9e53c5e0f67c8e3eaebc1 (diff) | |
sysctl: enable strict writes
SYSCTL_WRITES_WARN was added in commit f4aacea2f5d1 ("sysctl: allow for
strict write position handling"), and released in v3.16 in August of
2014. Since then I can find only 1 instance of non-zero offset
writing[1], and it was fixed immediately in CRIU[2]. As such, it
appears safe to flip this to the strict state now.
[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200"
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/sysctl/kernel.txt | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt index 73c6b1ef0e84..a93b414672a7 100644 --- a/Documentation/sysctl/kernel.txt +++ b/Documentation/sysctl/kernel.txt | |||
| @@ -825,14 +825,13 @@ via the /proc/sys interface: | |||
| 825 | Each write syscall must fully contain the sysctl value to be | 825 | Each write syscall must fully contain the sysctl value to be |
| 826 | written, and multiple writes on the same sysctl file descriptor | 826 | written, and multiple writes on the same sysctl file descriptor |
| 827 | will rewrite the sysctl value, regardless of file position. | 827 | will rewrite the sysctl value, regardless of file position. |
| 828 | 0 - (default) Same behavior as above, but warn about processes that | 828 | 0 - Same behavior as above, but warn about processes that perform writes |
| 829 | perform writes to a sysctl file descriptor when the file position | 829 | to a sysctl file descriptor when the file position is not 0. |
| 830 | is not 0. | 830 | 1 - (default) Respect file position when writing sysctl strings. Multiple |
| 831 | 1 - Respect file position when writing sysctl strings. Multiple writes | 831 | writes will append to the sysctl value buffer. Anything past the max |
| 832 | will append to the sysctl value buffer. Anything past the max length | 832 | length of the sysctl value buffer will be ignored. Writes to numeric |
| 833 | of the sysctl value buffer will be ignored. Writes to numeric sysctl | 833 | sysctl entries must always be at file position 0 and the value must |
| 834 | entries must always be at file position 0 and the value must be | 834 | be fully contained in the buffer sent in the write syscall. |
| 835 | fully contained in the buffer sent in the write syscall. | ||
| 836 | 835 | ||
| 837 | ============================================================== | 836 | ============================================================== |
| 838 | 837 | ||