Josh Boyer c040d8c
From feaf4959c30d0640093a607c577940d3e9351076 Mon Sep 17 00:00:00 2001
Josh Boyer c040d8c
From: Josh Boyer <jwboyer@redhat.com>
Josh Boyer c040d8c
Date: Fri, 22 Feb 2013 11:47:37 -0500
Josh Boyer c040d8c
Subject: [PATCH] kmsg: Honor dmesg_restrict sysctl on /dev/kmsg
Josh Boyer c040d8c
Josh Boyer c040d8c
Originally, the addition of the dmesg_restrict covered both the syslog
Josh Boyer c040d8c
method of accessing dmesg, as well as /dev/kmsg itself.  This was done
Josh Boyer c040d8c
indirectly by security_syslog calling cap_syslog before doing any LSM
Josh Boyer c040d8c
checks.
Josh Boyer c040d8c
Josh Boyer c040d8c
However, commit 12b3052c3ee (capabilities/syslog: open code cap_syslog
Josh Boyer c040d8c
logic to fix build failure) moved the code around and pushed the checks
Josh Boyer c040d8c
into the caller itself.  That seems to have inadvertently dropped the
Josh Boyer c040d8c
checks for dmesg_restrict on /dev/kmsg.  Most people haven't noticed
Josh Boyer c040d8c
because util-linux dmesg(1) defaults to using the syslog method for
Josh Boyer c040d8c
access in older versions.  With util-linux 2.22 and a kernel newer than
Josh Boyer c040d8c
3.5, dmesg(1) defaults to reading directly from /dev/kmsg.
Josh Boyer c040d8c
Josh Boyer c040d8c
Fix this by making an explicit check in the devkmsg_open function.
Josh Boyer c040d8c
Josh Boyer c040d8c
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=903192
Josh Boyer c040d8c
Josh Boyer c040d8c
Reported-by: Christian Kujau <lists@nerdbynature.de>
Josh Boyer c040d8c
CC: stable@vger.kernel.org
Josh Boyer c040d8c
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Josh Boyer c040d8c
---
Josh Boyer c040d8c
 kernel/printk.c | 3 +++
Josh Boyer c040d8c
 1 file changed, 3 insertions(+)
Josh Boyer c040d8c
Josh Boyer c040d8c
diff --git a/kernel/printk.c b/kernel/printk.c
Josh Boyer c040d8c
index f24633a..398ef9a 100644
Josh Boyer c040d8c
--- a/kernel/printk.c
Josh Boyer c040d8c
+++ b/kernel/printk.c
Josh Boyer c040d8c
@@ -615,6 +615,9 @@ static int devkmsg_open(struct inode *inode, struct file *file)
Josh Boyer c040d8c
 	struct devkmsg_user *user;
Josh Boyer c040d8c
 	int err;
Josh Boyer c040d8c
 
Josh Boyer c040d8c
+	if (dmesg_restrict && !capable(CAP_SYSLOG))
Josh Boyer c040d8c
+		return -EACCES;
Josh Boyer c040d8c
+
Josh Boyer c040d8c
 	/* write-only does not need any file context */
Josh Boyer c040d8c
 	if ((file->f_flags & O_ACCMODE) == O_WRONLY)
Josh Boyer c040d8c
 		return 0;
Josh Boyer c040d8c
-- 
Josh Boyer c040d8c
1.8.1.2
Josh Boyer c040d8c