On 15.05.2015 10:41, Vasily Averin wrote: > On 15.05.2015 01:01, Andrew Morton wrote: >> On Sun, 10 May 2015 09:35:53 +0300 Vasily Averin <[email protected]> wrote: >> >>> Fixes: 637241a900cb ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg") >>> >>> Final version of patch 637241a900cb ("kmsg: honor dmesg_restrict sysctl >>> on /dev/kmsg") lost few hooks. As result security_syslog() is not checked >>> inside check_syslog_permissions() if dmesg_restrict is set, >>> or it can be called twice in do_syslog(). >> >> I'm not seeing how security_syslog() is called twice from do_syslog(). >> Put more details in the changelog, please. > > For example, if dmesg_restrict is not set and SYSLOG_ACTION_OPEN is requested.
no, SYSLOG_ACTION_OPEN does not fit. syslog_action_restricted() should return 0, so it should be SYSLOG_ACTION_READ_ALL or SYSLOG_ACTION_SIZE_BUFFER commands and from_file should be set to SYSLOG_FROM_READER. > In this case do_syslog() calls check_syslog_permissions() > where security_syslog() is called first time and approves the operation, > then do_syslog() itself calls security_syslog() 2nd time. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
