linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Matthew Garrett <matthewgarrett@google.com>
To: jmorris@namei.org
Cc: linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Matthew Garrett <mjg59@google.com>,
	Kees Cook <keescook@chromium.org>, Jiri Slaby <jslaby@suse.com>,
	linux-serial@vger.kernel.org
Subject: [PATCH V36 18/29] Lock down TIOCSSERIAL
Date: Thu, 18 Jul 2019 12:44:04 -0700	[thread overview]
Message-ID: <20190718194415.108476-19-matthewgarrett@google.com> (raw)
In-Reply-To: <20190718194415.108476-1-matthewgarrett@google.com>

From: David Howells <dhowells@redhat.com>

Lock down TIOCSSERIAL as that can be used to change the ioport and irq
settings on a serial port.  This only appears to be an issue for the serial
drivers that use the core serial code.  All other drivers seem to either
ignore attempts to change port/irq or give an error.

Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: Jiri Slaby <jslaby@suse.com>
Cc: linux-serial@vger.kernel.org
---
 drivers/tty/serial/serial_core.c | 5 +++++
 include/linux/security.h         | 1 +
 security/lockdown/lockdown.c     | 1 +
 3 files changed, 7 insertions(+)

diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 4223cb496764..6e713be1d4e9 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -22,6 +22,7 @@
 #include <linux/serial_core.h>
 #include <linux/delay.h>
 #include <linux/mutex.h>
+#include <linux/security.h>
 
 #include <linux/irq.h>
 #include <linux/uaccess.h>
@@ -862,6 +863,10 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
 		goto check_and_exit;
 	}
 
+	retval = security_locked_down(LOCKDOWN_TIOCSSERIAL);
+	if (retval && (change_irq || change_port))
+		goto exit;
+
 	/*
 	 * Ask the low level driver to verify the settings.
 	 */
diff --git a/include/linux/security.h b/include/linux/security.h
index 3773ad09b831..8f7048395114 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -112,6 +112,7 @@ enum lockdown_reason {
 	LOCKDOWN_MSR,
 	LOCKDOWN_ACPI_TABLES,
 	LOCKDOWN_PCMCIA_CIS,
+	LOCKDOWN_TIOCSSERIAL,
 	LOCKDOWN_INTEGRITY_MAX,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 22482e1b9a77..00a3a6438dd2 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -27,6 +27,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_MSR] = "raw MSR access",
 	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
 	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
+	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
 	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
 	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
 };
-- 
2.22.0.510.g264f2c817a-goog

next prev parent reply	other threads:[~2019-07-18 19:45 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-18 19:43 [PATCH V36 00/29] security: Add kernel lockdown functionality Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 01/29] security: Support early LSMs Matthew Garrett
2019-07-18 20:02   ` Casey Schaufler
2019-07-18 19:43 ` [PATCH V36 02/29] security: Add a "locked down" LSM hook Matthew Garrett
2019-07-18 20:03   ` Casey Schaufler
2019-07-18 19:43 ` [PATCH V36 03/29] security: Add a static lockdown policy LSM Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 04/29] Enforce module signatures if the kernel is locked down Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 05/29] Restrict /dev/{mem,kmem,port} when " Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 06/29] kexec_load: Disable at runtime if " Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 07/29] Copy secure_boot flag in boot params across kexec reboot Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 09/29] kexec_file: Restrict at runtime if the kernel is locked down Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 10/29] hibernate: Disable when " Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 11/29] PCI: Lock down BAR access " Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 12/29] x86: Lock down IO port " Matthew Garrett
2019-07-18 19:43 ` [PATCH V36 13/29] x86/msr: Restrict MSR " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 14/29] ACPI: Limit access to custom_method " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 16/29] acpi: Disable ACPI table override if the kernel is " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 17/29] Prohibit PCMCIA CIS storage when " Matthew Garrett
2019-07-18 19:44 ` Matthew Garrett [this message]
2019-07-18 19:44 ` [PATCH V36 19/29] Lock down module params that specify hardware parameters (eg. ioport) Matthew Garrett
2019-07-29 21:47   ` Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 20/29] x86/mmiotrace: Lock down the testmmiotrace module Matthew Garrett
2019-07-18 21:06   ` Kees Cook
2019-07-18 19:44 ` [PATCH V36 21/29] Lock down /proc/kcore Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 22/29] Lock down tracing and perf kprobes when in confidentiality mode Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 23/29] bpf: Restrict bpf when kernel lockdown is " Matthew Garrett
2019-07-18 21:06   ` Kees Cook
2019-07-29 21:47   ` Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 24/29] Lock down perf when " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 26/29] debugfs: Restrict debugfs when the kernel is " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 27/29] tracefs: Restrict tracefs " Matthew Garrett
2019-07-25  2:23   ` Steven Rostedt
2019-07-30 18:47     ` [PATCH] " Matthew Garrett
2019-07-31  1:48       ` Steven Rostedt
2019-07-18 19:44 ` [PATCH V36 28/29] efi: Restrict efivar_ssdt_load " Matthew Garrett
2019-07-18 19:44 ` [PATCH V36 29/29] lockdown: Print current->comm in restriction messages Matthew Garrett

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:4223cb49676 dfblob:3773ad09b83 dfblob:22482e1b9a7
dfblob:6e713be1d4e dfblob:8f704839511 dfblob:00a3a6438dd
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190718194415.108476-19-matthewgarrett@google.com \
    --to=matthewgarrett@google.com \
    --cc=dhowells@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jmorris@namei.org \
    --cc=jslaby@suse.com \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-serial@vger.kernel.org \
    --cc=mjg59@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).