Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 41662f5c authored by Kees Cook's avatar Kees Cook Committed by Linus Torvalds
Browse files

sysctl: enable strict writes 

SYSCTL_WRITES_WARN was added in commit f4aacea2 ("sysctl: allow for
strict write position handling"), and released in v3.16 in August of
2014.  Since then I can find only 1 instance of non-zero offset
writing[1], and it was fixed immediately in CRIU[2].  As such, it
appears safe to flip this to the strict state now.

[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200"
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html



Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent a460bece

Documentation/sysctl/kernel.txt

+7 −8
Original line number Diff line number Diff line
@@ -825,14 +825,13 @@ via the /proc/sys interface: 
       Each write syscall must fully contain the sysctl value to be

       written, and multiple writes on the same sysctl file descriptor

       will rewrite the sysctl value, regardless of file position.

   0 - (default) Same behavior as above, but warn about processes that

       perform writes to a sysctl file descriptor when the file position

       is not 0.

   1 - Respect file position when writing sysctl strings. Multiple writes

       will append to the sysctl value buffer. Anything past the max length

       of the sysctl value buffer will be ignored. Writes to numeric sysctl

       entries must always be at file position 0 and the value must be

       fully contained in the buffer sent in the write syscall.

   0 - Same behavior as above, but warn about processes that perform writes

       to a sysctl file descriptor when the file position is not 0.

   1 - (default) Respect file position when writing sysctl strings. Multiple

       writes will append to the sysctl value buffer. Anything past the max

       length of the sysctl value buffer will be ignored. Writes to numeric

       sysctl entries must always be at file position 0 and the value must

       be fully contained in the buffer sent in the write syscall.



==============================================================

kernel/sysctl.c

+1 −1
Original line number Diff line number Diff line
@@ -173,7 +173,7 @@ extern int no_unaligned_warning; 
#define SYSCTL_WRITES_WARN	 0

#define SYSCTL_WRITES_STRICT	 1



static int sysctl_writes_strict = SYSCTL_WRITES_WARN;

static int sysctl_writes_strict = SYSCTL_WRITES_STRICT;



static int proc_do_cad_pid(struct ctl_table *table, int write,

		  void __user *buffer, size_t *lenp, loff_t *ppos);