The patch titled
Subject: sysctl: enable strict writes
has been added to the -mm tree. Its filename is
sysctl-enable-strict-writes.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/sysctl-enable-strict-writes.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/sysctl-enable-strict-writes.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: sysctl: enable strict writes
SYSCTL_WRITES_WARN was added in f4aacea2f5d1a ("sysctl: allow for strict
write position handling"), and released in v3.16 in August of 2014. Since
then I can find only 1 instance of non-zero offset writing[1], and it was
fixed immediately in CRIU[2]. As such, it appears safe to flip this to
the strict state now.
[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200";
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
Documentation/sysctl/kernel.txt | 15 +++++++--------
kernel/sysctl.c | 2 +-
2 files changed, 8 insertions(+), 9 deletions(-)
diff -puN Documentation/sysctl/kernel.txt~sysctl-enable-strict-writes Documentation/sysctl/kernel.txt
--- a/Documentation/sysctl/kernel.txt~sysctl-enable-strict-writes
+++ a/Documentation/sysctl/kernel.txt
@@ -810,14 +810,13 @@ via the /proc/sys interface:
Each write syscall must fully contain the sysctl value to be
written, and multiple writes on the same sysctl file descriptor
will rewrite the sysctl value, regardless of file position.
- 0 - (default) Same behavior as above, but warn about processes that
- perform writes to a sysctl file descriptor when the file position
- is not 0.
- 1 - Respect file position when writing sysctl strings. Multiple writes
- will append to the sysctl value buffer. Anything past the max length
- of the sysctl value buffer will be ignored. Writes to numeric sysctl
- entries must always be at file position 0 and the value must be
- fully contained in the buffer sent in the write syscall.
+ 0 - Same behavior as above, but warn about processes that perform writes
+ to a sysctl file descriptor when the file position is not 0.
+ 1 - (default) Respect file position when writing sysctl strings. Multiple
+ writes will append to the sysctl value buffer. Anything past the max
+ length of the sysctl value buffer will be ignored. Writes to numeric
+ sysctl entries must always be at file position 0 and the value must
+ be fully contained in the buffer sent in the write syscall.
==============================================================
diff -puN kernel/sysctl.c~sysctl-enable-strict-writes kernel/sysctl.c
--- a/kernel/sysctl.c~sysctl-enable-strict-writes
+++ a/kernel/sysctl.c
@@ -173,7 +173,7 @@ extern int no_unaligned_warning;
#define SYSCTL_WRITES_WARN 0
#define SYSCTL_WRITES_STRICT 1
-static int sysctl_writes_strict = SYSCTL_WRITES_WARN;
+static int sysctl_writes_strict = SYSCTL_WRITES_STRICT;
static int proc_do_cad_pid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
_
Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are
sysctl-enable-strict-writes.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
