+ sysctl-enable-strict-writes.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: sysctl: enable strict writes
has been added to the -mm tree.  Its filename is
     sysctl-enable-strict-writes.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/sysctl-enable-strict-writes.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/sysctl-enable-strict-writes.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: sysctl: enable strict writes

SYSCTL_WRITES_WARN was added in f4aacea2f5d1a ("sysctl: allow for strict
write position handling"), and released in v3.16 in August of 2014.  Since
then I can find only 1 instance of non-zero offset writing[1], and it was
fixed immediately in CRIU[2].  As such, it appears safe to flip this to
the strict state now.

[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200";
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 Documentation/sysctl/kernel.txt |   15 +++++++--------
 kernel/sysctl.c                 |    2 +-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff -puN Documentation/sysctl/kernel.txt~sysctl-enable-strict-writes Documentation/sysctl/kernel.txt
--- a/Documentation/sysctl/kernel.txt~sysctl-enable-strict-writes
+++ a/Documentation/sysctl/kernel.txt
@@ -810,14 +810,13 @@ via the /proc/sys interface:
        Each write syscall must fully contain the sysctl value to be
        written, and multiple writes on the same sysctl file descriptor
        will rewrite the sysctl value, regardless of file position.
-   0 - (default) Same behavior as above, but warn about processes that
-       perform writes to a sysctl file descriptor when the file position
-       is not 0.
-   1 - Respect file position when writing sysctl strings. Multiple writes
-       will append to the sysctl value buffer. Anything past the max length
-       of the sysctl value buffer will be ignored. Writes to numeric sysctl
-       entries must always be at file position 0 and the value must be
-       fully contained in the buffer sent in the write syscall.
+   0 - Same behavior as above, but warn about processes that perform writes
+       to a sysctl file descriptor when the file position is not 0.
+   1 - (default) Respect file position when writing sysctl strings. Multiple
+       writes will append to the sysctl value buffer. Anything past the max
+       length of the sysctl value buffer will be ignored. Writes to numeric
+       sysctl entries must always be at file position 0 and the value must
+       be fully contained in the buffer sent in the write syscall.
 
 ==============================================================
 
diff -puN kernel/sysctl.c~sysctl-enable-strict-writes kernel/sysctl.c
--- a/kernel/sysctl.c~sysctl-enable-strict-writes
+++ a/kernel/sysctl.c
@@ -173,7 +173,7 @@ extern int no_unaligned_warning;
 #define SYSCTL_WRITES_WARN	 0
 #define SYSCTL_WRITES_STRICT	 1
 
-static int sysctl_writes_strict = SYSCTL_WRITES_WARN;
+static int sysctl_writes_strict = SYSCTL_WRITES_STRICT;
 
 static int proc_do_cad_pid(struct ctl_table *table, int write,
 		  void __user *buffer, size_t *lenp, loff_t *ppos);
_

Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are

sysctl-enable-strict-writes.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux