The patch titled Subject: security_syslog() should be called once only has been added to the -mm tree. Its filename is security_syslog-should-be-called-once-only.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/security_syslog-should-be-called-once-only.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/security_syslog-should-be-called-once-only.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vasily Averin <vvs@xxxxxxxxxxxxx> Subject: security_syslog() should be called once only The final version of 637241a900cb ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg") lost few hooks, as result security_syslog() are processed incorrectly: - open of /dev/kmsg checks syslog access permissions by using check_syslog_permissions() where security_syslog() is not called if dmesg_restrict is set. - syslog syscall and /proc/kmsg calls do_syslog() where security_syslog can be executed twice (inside check_syslog_permissions() and then directly in do_syslog()) With this patch security_syslog() is called once only in all syslog-related operations regardless of dmesg_restrict value. Fixes: 637241a900cb ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg") Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Josh Boyer <jwboyer@xxxxxxxxxx> Cc: Eric Paris <eparis@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- kernel/printk/printk.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff -puN kernel/printk/printk.c~security_syslog-should-be-called-once-only kernel/printk/printk.c --- a/kernel/printk/printk.c~security_syslog-should-be-called-once-only +++ a/kernel/printk/printk.c @@ -496,11 +496,11 @@ int check_syslog_permissions(int type, b * already done the capabilities checks at open time. */ if (from_file && type != SYSLOG_ACTION_OPEN) - return 0; + goto ok; if (syslog_action_restricted(type)) { if (capable(CAP_SYSLOG)) - return 0; + goto ok; /* * For historical reasons, accept CAP_SYS_ADMIN too, with * a warning. @@ -510,10 +510,11 @@ int check_syslog_permissions(int type, b "CAP_SYS_ADMIN but no CAP_SYSLOG " "(deprecated).\n", current->comm, task_pid_nr(current)); - return 0; + goto ok; } return -EPERM; } +ok: return security_syslog(type); } @@ -1299,10 +1300,6 @@ int do_syslog(int type, char __user *buf if (error) goto out; - error = security_syslog(type); - if (error) - return error; - switch (type) { case SYSLOG_ACTION_CLOSE: /* Close log */ break; _ Patches currently in -mm which might be from vvs@xxxxxxxxxxxxx are security_syslog-should-be-called-once-only.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html