dmesg_restrict sysctl is missing the "if (write && !capable(CAP_SYS_ADMIN))" check due to upstream commit bfdc0b4 (v2.6.39-rc1~118). Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict. The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied. $ ls -laF /proc/sys/kernel/dmesg_restrict -rw-r--r-- 1 root root 0 Mar 29 21:47 /proc/sys/kernel/dmesg_restrict
Proposed patch: https://lkml.org/lkml/2012/4/4/252
Upstream commit: http://git.kernel.org/linus/620f6e8e855d6d447688a5f67a4e176944a084e8 Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict. The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied. This adds the CAP_SYS_ADMIN check to both dmesg_restrict and kptr_restrict, since both are sensitive. Reported-by: Phillip Lougher <plougher> Signed-off-by: Kees Cook <keescook> Acked-by: Serge Hallyn <serge.hallyn> Acked-by: Richard Weinberger <richard> Cc: stable.org Signed-off-by: James Morris <james.l.morris>
Statement: This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6. This was fixed in Red Hat Enterprise MRG 2.2.