On Wed, 6 Jul 2016 15:29:24 +0200
Borislav Petkov <[email protected]> wrote:
> @@ -800,19 +863,24 @@ static int devkmsg_open(struct inode *inode, struct
> file *file)
> struct devkmsg_user *user;
> int err;
>
> - /* write-only does not need any file context */
> - if ((file->f_flags & O_ACCMODE) == O_WRONLY)
> - return 0;
> + if (devkmsg_log & DEVKMSG_LOG_MASK_OFF)
> + return -EPERM;
>
> - err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
> - SYSLOG_FROM_READER);
> - if (err)
> - return err;
> + /* write-only does not need any file context */
> + if ((file->f_flags & O_ACCMODE) != O_WRONLY) {
> + err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
> + SYSLOG_FROM_READER);
> + if (err)
> + return err;
> + }
>
> user = kmalloc(sizeof(struct devkmsg_user), GFP_KERNEL);
> if (!user)
> return -ENOMEM;
>
> + ratelimit_default_init(&user->rs);
> + ratelimit_set_flags(&user->rs, RATELIMIT_MSG_ON_RELEASE);
> +
> mutex_init(&user->lock);
>
> raw_spin_lock_irq(&logbuf_lock);
> @@ -831,6 +899,8 @@ static int devkmsg_release(struct inode *inode, struct
> file *file)
> if (!user)
> return 0;
>
> + ratelimit_state_exit(&user->rs);
> +
> mutex_destroy(&user->lock);
> kfree(user);
> return 0;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
Hmm, this does nothing to stop user space from doing the following:
while :; do echo '5,0,0,-;hello' > /dev/kmsg; done
But at least it's a start.
-- Steve
