From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934062AbbEOHmx (ORCPT ); Fri, 15 May 2015 03:42:53 -0400 Received: from mailhub.sw.ru ([195.214.232.25]:46051 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932089AbbEOHmw (ORCPT ); Fri, 15 May 2015 03:42:52 -0400 Message-ID: <5555A33E.5070403@odin.com> Date: Fri, 15 May 2015 10:41:50 +0300 From: Vasily Averin Organization: Odin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Andrew Morton CC: linux-kernel@vger.kernel.org, Kees Cook , Josh Boyer , Eric Paris Subject: Re: [PATCH] kernel/printk/printk.c: check_syslog_permissions() cleanup References: <554EFC49.2020800@odin.com> <20150514150154.dbfb8ab275aa30d0fe93172b@linux-foundation.org> In-Reply-To: <20150514150154.dbfb8ab275aa30d0fe93172b@linux-foundation.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15.05.2015 01:01, Andrew Morton wrote: > On Sun, 10 May 2015 09:35:53 +0300 Vasily Averin wrote: > >> Fixes: 637241a900cb ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg") >> >> Final version of patch 637241a900cb ("kmsg: honor dmesg_restrict sysctl >> on /dev/kmsg") lost few hooks. As result security_syslog() is not checked >> inside check_syslog_permissions() if dmesg_restrict is set, >> or it can be called twice in do_syslog(). > > I'm not seeing how security_syslog() is called twice from do_syslog(). > Put more details in the changelog, please. For example, if dmesg_restrict is not set and SYSLOG_ACTION_OPEN is requested. In this case do_syslog() calls check_syslog_permissions() where security_syslog() is called first time and approves the operation, then do_syslog() itself calls security_syslog() 2nd time. >> --- a/kernel/printk/printk.c >> +++ b/kernel/printk/printk.c >> @@ -484,11 +484,11 @@ int check_syslog_permissions(int type, bool from_file) >> * already done the capabilities checks at open time. >> */ >> if (from_file && type != SYSLOG_ACTION_OPEN) >> - return 0; >> + goto ok; > > This seems wrong - we should only call security_syslog() for opens? Are you sure? I saw Linus comment in thread related to old patch, and I agree that usual kernel checks can be skipped. However I believe security hooks should be called anyway, in general case they can have own rules about access, logging or additional things that should be called before execution of requested operation. Am I wrong?