Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fc7a4b8b authored by Kees Cook's avatar Kees Cook Committed by Greg Kroah-Hartman
Browse files

sysctl: enable strict writes 

commit 41662f5cc55335807d39404371cfcbb1909304c4 upstream.

SYSCTL_WRITES_WARN was added in commit f4aacea2 ("sysctl: allow for
strict write position handling"), and released in v3.16 in August of
2014.  Since then I can find only 1 instance of non-zero offset
writing[1], and it was fixed immediately in CRIU[2].  As such, it
appears safe to flip this to the strict state now.

[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200"
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html



Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 9b8f56f5

Documentation/sysctl/kernel.txt

+7 −8
Original line number Original line Diff line number Diff line
@@ -775,14 +775,13 @@ via the /proc/sys interface: 
       Each write syscall must fully contain the sysctl value to be

       Each write syscall must fully contain the sysctl value to be

       written, and multiple writes on the same sysctl file descriptor

       written, and multiple writes on the same sysctl file descriptor

       will rewrite the sysctl value, regardless of file position.

       will rewrite the sysctl value, regardless of file position.

   0 - (default) Same behavior as above, but warn about processes that

   0 - Same behavior as above, but warn about processes that perform writes

       perform writes to a sysctl file descriptor when the file position

       to a sysctl file descriptor when the file position is not 0.

       is not 0.

   1 - (default) Respect file position when writing sysctl strings. Multiple

   1 - Respect file position when writing sysctl strings. Multiple writes

       writes will append to the sysctl value buffer. Anything past the max

       will append to the sysctl value buffer. Anything past the max length

       length of the sysctl value buffer will be ignored. Writes to numeric

       of the sysctl value buffer will be ignored. Writes to numeric sysctl

       sysctl entries must always be at file position 0 and the value must

       entries must always be at file position 0 and the value must be

       be fully contained in the buffer sent in the write syscall.

       fully contained in the buffer sent in the write syscall.





==============================================================

==============================================================

kernel/sysctl.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -173,7 +173,7 @@ extern int no_unaligned_warning; 
#define SYSCTL_WRITES_WARN	 0

#define SYSCTL_WRITES_WARN	 0

#define SYSCTL_WRITES_STRICT	 1

#define SYSCTL_WRITES_STRICT	 1





static int sysctl_writes_strict = SYSCTL_WRITES_WARN;

static int sysctl_writes_strict = SYSCTL_WRITES_STRICT;





static int proc_do_cad_pid(struct ctl_table *table, int write,

static int proc_do_cad_pid(struct ctl_table *table, int write,

		  void __user *buffer, size_t *lenp, loff_t *ppos);

		  void __user *buffer, size_t *lenp, loff_t *ppos);