linux/Documentation
Kees Cook f4aacea2f5 sysctl: allow for strict write position handling
When writing to a sysctl string, each write, regardless of VFS position,
begins writing the string from the start.  This means the contents of
the last write to the sysctl controls the string contents instead of the
first:

  open("/proc/sys/kernel/modprobe", O_WRONLY)   = 1
  write(1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 4096) = 4096
  write(1, "/bin/true", 9)                = 9
  close(1)                                = 0

  $ cat /proc/sys/kernel/modprobe
  /bin/true

Expected behaviour would be to have the sysctl be "AAAA..." capped at
maxlen (in this case KMOD_PATH_LEN: 256), instead of truncating to the
contents of the second write.  Similarly, multiple short writes would
not append to the sysctl.

The old behavior is unlike regular POSIX files enough that doing audits
of software that interact with sysctls can end up in unexpected or
dangerous situations.  For example, "as long as the input starts with a
trusted path" turns out to be an insufficient filter, as what must also
happen is for the input to be entirely contained in a single write
syscall -- not a common consideration, especially for high level tools.

This provides kernel.sysctl_writes_strict as a way to make this behavior
act in a less surprising manner for strings, and disallows non-zero file
position when writing numeric sysctls (similar to what is already done
when reading from non-zero file positions).  For now, the default (0) is
to warn about non-zero file position use, but retain the legacy
behavior.  Setting this to -1 disables the warning, and setting this to
1 enables the file position respecting behavior.

[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: move misplaced hunk, per Randy]
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-06-06 16:08:13 -07:00
..
ABI ACPI and power management updates for 3.16-rc1 2014-06-04 08:57:16 -07:00
accounting
acpi Documentation / ACPI: Fix location of GPIO documentation 2014-05-23 14:39:26 +02:00
aoe
arm Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm into next 2014-06-05 15:57:04 -07:00
arm64 doc: arm64: add description of EFI stub support 2014-04-30 19:57:05 +01:00
auxdisplay
backlight
blackfin Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
block Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
blockdev zram: propagate error to user 2014-04-07 16:36:02 -07:00
bus-devices
cdrom
cgroups Documentation/memcg: warn about incomplete kmemcg state 2014-06-04 16:54:00 -07:00
connector w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
console
cpu-freq PM / OPP: Move cpufreq specific OPP functions out of generic OPP library 2014-05-07 00:39:03 +02:00
cpuidle
cris
crypto
development-process
device-mapper dm thin: add 'no_space_timeout' dm-thin-pool module param 2014-05-20 14:30:36 -04:00
devicetree drivers/rtc/rtc-hym8563.c: add optional clock-output-names property 2014-06-06 16:08:08 -07:00
DocBook Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media into next 2014-06-04 14:24:30 -07:00
driver-model Staging driver patches for 3.16-rc1 2014-06-03 08:34:00 -07:00
dvb Linux 3.14-rc5 2014-03-11 06:55:49 -03:00
early-userspace
EDID
extcon extcon: fix switch class porting guide (Documentation) 2014-01-07 11:54:28 +09:00
fault-injection
fb doc: spelling error changes 2014-05-05 15:32:05 +02:00
filesystems Documentation/filesystems/seq_file.txt: create_proc_entry deprecated 2014-06-06 16:08:11 -07:00
firmware_class
fmc FMC: make eeprom attribute writable 2014-02-28 15:12:08 -08:00
frv
gpio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
hwmon New driver for NCT6683D 2014-06-03 11:09:43 -07:00
i2c Documentation: i2c: improve section about flags mangling the protocol 2014-04-06 13:53:48 +02:00
i2o
ia64
ide Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
infiniband
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
ioctl s390/hypfs: add interface for diagnose 0x304 2014-01-24 09:40:59 +01:00
isdn
ja_JP Documentation: Update stable address in Chinese and Japanese translations 2014-04-16 14:13:27 -07:00
kbuild kconfig: make allnoconfig disable options behind EMBEDDED and EXPERT 2014-04-07 16:36:09 -07:00
kdump
ko_KR Documentation: HOWTO: Updates on subsystem trees, patchwork, -next (vs. -mm) in ko_KR 2014-01-08 15:32:51 -08:00
laptops Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
leds Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
m68k Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
make
memory-devices
metag
mic misc: mic: Fix endianness issues. 2013-11-27 11:03:38 -08:00
mips
misc-devices Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2014-01-29 18:56:27 -08:00
mmc
mn10300
mtd doc: spelling error changes 2014-05-05 15:32:05 +02:00
namespaces
netlabel
networking Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
nfc
parisc
PCI Merge branch 'pci/dead-code' into next 2014-02-20 14:32:34 -07:00
pcmcia
phy phy: Add new Exynos USB 2.0 PHY driver 2014-03-08 12:39:44 +05:30
power Merge branch 'pm-cpufreq' 2014-06-03 23:13:20 +02:00
powerpc doc: spelling error changes 2014-05-05 15:32:05 +02:00
pps
prctl
pti
ptp ptp: Fix compiler warnings in the testptp utility 2014-03-27 14:51:47 -04:00
rapidio rapidio: rework device hierarchy and introduce mport class of devices 2014-04-07 16:36:07 -07:00
RCU documentation: Update API documentation 2014-04-29 08:38:53 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
scheduler asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
scsi [SCSI] megaraid_sas: Version and Changelog update 2014-03-15 10:19:21 -07:00
security doc: spelling error changes 2014-05-05 15:32:05 +02:00
serial tty/serial: Add GPIOLIB helpers for controlling modem lines 2014-05-28 12:49:14 -07:00
sh
sound doc: spelling error changes 2014-05-05 15:32:05 +02:00
spi Merge remote-tracking branches 'spi/topic/s3c64xx', 'spi/topic/sc18is602', 'spi/topic/sh-hspi', 'spi/topic/sh-msiof', 'spi/topic/sh-sci', 'spi/topic/sirf' and 'spi/topic/spidev' into spi-next 2014-03-30 00:51:34 +00:00
sysctl sysctl: allow for strict write position handling 2014-06-06 16:08:13 -07:00
target
thermal
timers timer_stats/doc: Fix /proc/timer_stats documentation 2014-05-04 20:46:32 +02:00
tpm
trace Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
vDSO
video4linux [media] exynos4-is: Remove support for non-dt platforms 2014-05-23 18:52:54 -03:00
virtual Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
vm mm/memory-failure.c: support use of a dedicated thread to handle SIGBUS(BUS_MCEERR_AO) 2014-06-04 16:54:13 -07:00
w1 w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
watchdog watchdog: it87_wdt: Work around non-working CIR interrupts 2014-03-31 13:33:55 +02:00
wimax
x86 Merge branch 'x86/espfix' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into next 2014-06-05 07:46:15 -07:00
xtensa xtensa: remap io area defined in device tree 2014-01-15 00:25:14 +04:00
zh_CN driver core fixes for 3.15-rc2 2014-04-18 16:59:52 -07:00
.gitignore
00-INDEX Merge branch 'x86-nuke-platforms-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 13:15:58 -07:00
applying-patches.txt
assoc_array.txt KEYS: Fix multiple key add into associative array 2013-12-02 11:24:18 +00:00
atomic_ops.txt arch,doc: Convert smp_mb__*() 2014-04-18 14:20:48 +02:00
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes doc: Note need of bc in the kernel build from 3.10 onwards 2014-05-19 16:27:20 +02:00
circular-buffers.txt documentation: Update circular buffer for load-acquire/store-release 2013-12-03 10:08:57 -08:00
clk.txt Documentation: clk: Add locking documentation 2014-03-19 14:56:06 -07:00
coccinelle.txt
CodingStyle Documentation: expand/clarify debug documentation 2014-06-04 16:54:17 -07:00
cpu-hotplug.txt Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks 2014-03-20 13:43:40 +01:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
dell_rbu.txt
devices.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
digsig.txt
DMA-API-HOWTO.txt DMA-API: Update dma_pool_create ()and dma_pool_alloc() descriptions 2014-05-26 17:28:28 -06:00
DMA-API.txt DMA-API: Capitalize "CPU" consistently 2014-05-26 17:28:27 -06:00
DMA-attributes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
dma-buf-sharing.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
DMA-ISA-LPC.txt DMA-API: Clarify physical/bus address distinction 2014-05-20 16:54:21 -06:00
dmaengine.txt
dmatest.txt dmatest: add a 'wait' parameter 2013-11-14 11:04:40 -08:00
dontdiff Documentation: LLVMLinux: Update Documentation/dontdiff 2014-04-09 13:44:34 -07:00
dynamic-debug-howto.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
edac.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
efi-stub.txt doc: arm64: add description of EFI stub support 2014-04-30 19:57:05 +01:00
eisa.txt
email-clients.txt Documentation: update thunderbird email client settings 2014-05-25 12:39:00 -07:00
flexible-arrays.txt
futex-requeue-pi.txt doc: fix double words 2014-03-21 13:16:58 +01:00
gcov.txt
highuid.txt
HOWTO Documentation: HOWTO: Update broken links to tpp 2013-12-10 23:09:08 -08:00
hsi.txt Documentation: HSI: Add some general description for the HSI subsystem 2014-05-04 09:49:46 +02:00
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt genirq: Improve documentation to match current implementation 2014-05-27 10:16:44 +02:00
IRQ.txt
irqflags-tracing.txt asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
isapnp.txt
java.txt Documentation: update java sample wrapper for java 7 2014-05-25 12:39:00 -07:00
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt kernel/panic.c: add "crash_kexec_post_notifiers" option for kdump after panic_notifers 2014-06-06 16:08:12 -07:00
kernel-per-CPU-kthreads.txt Documentation/kernel-per-CPU-kthreads.txt: Workqueue affinity 2014-02-17 14:56:08 -08:00
kmemcheck.txt doc: fix double words 2014-03-21 13:16:58 +01:00
kmemleak.txt Documentation/kmemleak.txt: updates 2014-04-03 16:21:27 -07:00
kobject.txt kobject: remove kset from sysfs immediately in kset_unregister() 2013-12-07 21:20:11 -08:00
kprobes.txt
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt Documentation/serial: Delete obsolete driver documentation 2014-04-16 14:20:34 -07:00
Makefile
ManagementStyle
md.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
media-framework.txt
memory-barriers.txt Documentation/memory-barriers.txt: fix important typo re memory barriers 2014-06-06 16:08:11 -07:00
memory-hotplug.txt memory-hotplug: update documentation to hide information about SECTIONS and remove end_phys_index 2014-06-04 16:53:58 -07:00
module-signing.txt Nothing major: the stricter permissions checking for sysfs broke 2014-04-06 09:38:07 -07:00
mono.txt
mutex-design.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt Use 'E' instead of 'X' for unsigned module taint flag. 2014-03-31 14:52:43 +10:30
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt drivers: phy: Add support for optional phys 2014-02-05 05:48:43 +00:00
pi-futex.txt
pinctrl.txt pinctrl: Fix some typos and grammar issues in the documentation 2014-01-15 13:59:50 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt doc: printk-formats: do not mention casts for u64/s64 2014-05-05 15:32:42 +02:00
pwm.txt
ramoops.txt
rbtree.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
remoteproc.txt
rfkill.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
robust-futex-ABI.txt Documentation/robust-futex-API: Count properly to 4 2013-11-30 14:08:28 +01:00
robust-futexes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
rpmsg.txt
rt-mutex-design.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
rt-mutex.txt
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules: spelling/word usage 2014-04-16 14:13:26 -07:00
static-keys.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
SubmitChecklist
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: describe the Fixes: tag 2014-06-06 16:08:11 -07:00
svga.txt
sysfs-rules.txt
sysrq.txt
this_cpu_ops.txt
unaligned-memory-access.txt ether_addr_equal: Optimize implementation, remove unused compare_ether_addr 2013-12-06 16:37:43 -05:00
unicode.txt
unshare.txt
vfio.txt
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt VME: Rename vme_slot_get to avoid confusion with reference counting 2013-12-03 11:15:58 -08:00
volatile-considered-harmful.txt
workqueue.txt
ww-mutex-design.txt
xz.txt
zorro.txt zorro/UAPI: Disintegrate include/linux/zorro*.h 2013-11-26 11:09:08 +01:00