Bug 808270 - kernel: sysctl: fix restrict write access to dmesg_restrict
kernel: sysctl: fix restrict write access to dmesg_restrict
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120404,reported=2...
: Security
Depends On: 808271 816233
Blocks: 808268
  Show dependency treegraph
 
Reported: 2012-03-29 21:52 EDT by Eugene Teo (Security Response)
Modified: 2015-08-22 12:05 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-22 12:05:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2012-03-29 21:52:55 EDT
dmesg_restrict sysctl is missing the "if (write && !capable(CAP_SYS_ADMIN))" check due to upstream commit bfdc0b4 (v2.6.39-rc1~118).

Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict.  

The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied.

$ ls -laF /proc/sys/kernel/dmesg_restrict 
-rw-r--r-- 1 root root 0 Mar 29 21:47 /proc/sys/kernel/dmesg_restrict
Comment 3 Eugene Teo (Security Response) 2012-04-04 20:01:38 EDT
Proposed patch:
https://lkml.org/lkml/2012/4/4/252
Comment 4 Eugene Teo (Security Response) 2012-04-09 20:54:04 EDT
Upstream commit:
http://git.kernel.org/linus/620f6e8e855d6d447688a5f67a4e176944a084e8

Commit bfdc0b4 adds code to restrict access to dmesg_restrict, however, it incorrectly alters kptr_restrict rather than dmesg_restrict.

The original patch from Richard Weinberger (https://lkml.org/lkml/2011/3/14/362) alters dmesg_restrict as expected, and so the patch seems to have been misapplied.

This adds the CAP_SYS_ADMIN check to both dmesg_restrict and kptr_restrict, since both are sensitive.

Reported-by: Phillip Lougher <plougher@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Richard Weinberger <richard@nod.at>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Comment 7 Vincent Danen 2015-08-22 12:05:09 EDT
Statement:

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6.  This was fixed in Red Hat Enterprise MRG 2.2.

Note You need to log in before you can comment on or make changes to this bug.