tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'pstore-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull pstore update from Kees Cook:
"Make pstore permissions more versatile by removing CAP_SYSLOG
requirement and defining more restrictive root directory DAC
permissions default (0750, which can be adjust after boot unlike the
CAP_SYSLOG check).

Suggested by Nick Kralevich"

* tag 'pstore-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps"
pstore: Make default pstorefs root dir perms 0750

Linus Torvalds 21d236bf 8dc5b3a6

+2 -34
unified split
+1 -23
fs/pstore/inode.c
··· 36 36 #include <linux/slab.h> 37 37 #include <linux/spinlock.h> 38 38 #include <linux/uaccess.h> 39 - #include <linux/syslog.h> 40 39 41 40 #include "internal.h" 42 41 ··· 131 132 .show = pstore_ftrace_seq_show, 132 133 }; 133 134 134 - static int pstore_check_syslog_permissions(struct pstore_private *ps) 135 - { 136 - switch (ps->record->type) { 137 - case PSTORE_TYPE_DMESG: 138 - case PSTORE_TYPE_CONSOLE: 139 - return check_syslog_permissions(SYSLOG_ACTION_READ_ALL, 140 - SYSLOG_FROM_READER); 141 - default: 142 - return 0; 143 - } 144 - } 145 - 146 135 static ssize_t pstore_file_read(struct file *file, char __user *userbuf, 147 136 size_t count, loff_t *ppos) 148 137 { ··· 149 162 struct seq_file *sf; 150 163 int err; 151 164 const struct seq_operations *sops = NULL; 152 - 153 - err = pstore_check_syslog_permissions(ps); 154 - if (err) 155 - return err; 156 165 157 166 if (ps->record->type == PSTORE_TYPE_FTRACE) 158 167 sops = &pstore_ftrace_seq_ops; ··· 187 204 { 188 205 struct pstore_private *p = d_inode(dentry)->i_private; 189 206 struct pstore_record *record = p->record; 190 - int err; 191 - 192 - err = pstore_check_syslog_permissions(p); 193 - if (err) 194 - return err; 195 207 196 208 if (!record->psi->erase) 197 209 return -EPERM; ··· 449 471 450 472 inode = pstore_get_inode(sb); 451 473 if (inode) { 452 - inode->i_mode = S_IFDIR | 0755; 474 + inode->i_mode = S_IFDIR | 0750; 453 475 inode->i_op = &pstore_dir_inode_operations; 454 476 inode->i_fop = &simple_dir_operations; 455 477 inc_nlink(inode);
-9
include/linux/syslog.h
··· 49 49 50 50 int do_syslog(int type, char __user *buf, int count, int source); 51 51 52 - #ifdef CONFIG_PRINTK 53 - int check_syslog_permissions(int type, int source); 54 - #else 55 - static inline int check_syslog_permissions(int type, int source) 56 - { 57 - return 0; 58 - } 59 - #endif 60 - 61 52 #endif /* _LINUX_SYSLOG_H */
+1 -2
kernel/printk/printk.c
··· 649 649 type != SYSLOG_ACTION_SIZE_BUFFER; 650 650 } 651 651 652 - int check_syslog_permissions(int type, int source) 652 + static int check_syslog_permissions(int type, int source) 653 653 { 654 654 /* 655 655 * If this is from /proc/kmsg and we've already opened it, then we've ··· 677 677 ok: 678 678 return security_syslog(type); 679 679 } 680 - EXPORT_SYMBOL_GPL(check_syslog_permissions); 681 680 682 681 static void append_char(char **pp, char *e, char c) 683 682 {