xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pstore: Honor dmesg_restrict sysctl on dmesg dumps

Browse Source 
When the kernel.dmesg_restrict restriction is in place, only users with
CAP_SYSLOG should be able to access crash dumps (like: attacker is
trying to exploit a bug, watchdog reboots, attacker can happily read
crash dumps and logs).

This puts the restriction on console-* types as well as sensitive
information could have been leaked there.

Other log types are unaffected.

Signed-off-by: Sebastian Schmidt <yath@yath.de>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
This commit is contained in:
Sebastian Schmidt
2014-10-19 20:05:15 +02:00
committed by Tony Luck
parent a28726b4fb
commit 68c4a4f8ab
3 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/printk/printk.c
View File

@@ -480,7 +480,7 @@ static int syslog_action_restricted(int type)
type != SYSLOG_ACTION_SIZE_BUFFER;
}
static int check_syslog_permissions(int type, bool from_file)
int check_syslog_permissions(int type, bool from_file)
{
/*
* If this is from /proc/kmsg and we've already opened it, then we've