linux/Documentation
Ryan Mallon 312b4e2269 vsprintf: check real user/group id for %pK
Some setuid binaries will allow reading of files which have read
permission by the real user id.  This is problematic with files which
use %pK because the file access permission is checked at open() time,
but the kptr_restrict setting is checked at read() time.  If a setuid
binary opens a %pK file as an unprivileged user, and then elevates
permissions before reading the file, then kernel pointer values may be
leaked.

This happens for example with the setuid pppd application on Ubuntu 12.04:

  $ head -1 /proc/kallsyms
  00000000 T startup_32

  $ pppd file /proc/kallsyms
  pppd: In file /proc/kallsyms: unrecognized option 'c1000000'

This will only leak the pointer value from the first line, but other
setuid binaries may leak more information.

Fix this by adding a check that in addition to the current process having
CAP_SYSLOG, that effective user and group ids are equal to the real ids.
If a setuid binary reads the contents of a file which uses %pK then the
pointer values will be printed as NULL if the real user is unprivileged.

Update the sysctl documentation to reflect the changes, and also correct
the documentation to state the kptr_restrict=0 is the default.

This is a only temporary solution to the issue.  The correct solution is
to do the permission check at open() time on files, and to replace %pK
with a function which checks the open() time permission.  %pK uses in
printk should be removed since no sane permission check can be done, and
instead protected by using dmesg_restrict.

Signed-off-by: Ryan Mallon <rmallon@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Joe Perches <joe@perches.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-13 12:09:14 +09:00
..
ABI Staging driver update for 3.13-rc1 2013-11-07 15:07:58 +09:00
accounting Documentation/accounting/getdelays.c: avoid strncpy in accounting tool 2013-07-03 16:08:06 -07:00
acpi gpiolib / ACPI: document the GPIO descriptor based interface 2013-10-19 23:32:50 +02:00
aoe aoe: remove do-nothing NAME="%k" term from example udev rules 2013-09-11 15:59:28 -07:00
arm Allwinner sunXi SoCs machine additions for 3.13 2013-10-28 10:19:38 -07:00
arm64 arm64: Use 42-bit address space with 64K pages 2013-11-05 17:23:52 +00:00
auxdisplay
backlight backlight: lp855x: remove duplicate platform data 2013-04-29 18:28:19 -07:00
blackfin
block block: change config option name for cmdline partition parsing 2013-09-30 14:31:02 -07:00
blockdev nbd: update documentation and link to mailinglist 2013-02-27 19:10:22 -08:00
bus-devices
cdrom
cgroups memcg: support hierarchical memory.numa_stats 2013-11-13 12:09:06 +09:00
connector connector - documentation: simplify netlink message length assignment 2013-10-02 16:03:51 -04:00
console TTY:console: update document console.txt 2013-05-21 10:21:57 -07:00
cpu-freq cpufreq: Drop the owner field from struct cpufreq_driver 2013-08-10 03:24:47 +02:00
cpuidle cpuidle: make a single register function for all 2013-04-23 13:45:22 +02:00
cris
crypto drivers/dma: remove unused support for MEMSET operations 2013-07-03 16:07:42 -07:00
development-process Documentation: development-process: Update -mm and -next URLs 2013-07-25 12:37:24 +02:00
device-mapper dm: add statistics support 2013-09-05 20:46:06 -04:00
devicetree DeviceTree updates for 3.13. This is a bit larger pull request than 2013-11-12 16:52:17 +09:00
DocBook Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 10:04:41 +09:00
driver-model spi: Updates for v3.13 2013-11-12 15:01:39 +09:00
dvb [media] get_dvb_firmware: Fix the location of firmware for Terratec HTC 2013-01-01 11:18:26 -02:00
early-userspace Documentation: remove reference to 2.7 kernel in early-userspace 2013-08-20 12:47:28 +02:00
EDID drm: Add 1600x1200 (UXGA) screen resolution to the built-in EDIDs 2013-04-12 14:06:16 +10:00
extcon extcon: Simplify extcon_dev_register() prototype by removing unnecessary parameter 2013-09-27 09:37:01 +09:00
fault-injection
fb Documentation/fb/viafb.modes fix a typo 2013-08-20 12:41:11 +02:00
filesystems /proc/pid/smaps: show VM_SOFTDIRTY flag in VmFlags line 2013-11-13 12:09:07 +09:00
firmware_class
fmc doc: Fix typo "is is" in Documentations 2013-08-27 10:50:52 +02:00
frv
hid HID: uhid: use generic hidinput_input_event() 2013-07-31 10:33:05 +02:00
hwmon hwmon: (pmbus/ltc2978): Add support for LTC2978A 2013-10-18 09:12:03 -07:00
i2c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
i2o
ia64 Fix example error_injection_tool 2013-04-02 09:39:55 -07:00
ide
infiniband
input Merge branch 'master' into for-3.12/upstream 2013-09-04 10:49:57 +02:00
ioctl ALSA: add DICE driver 2013-10-17 21:18:32 +02:00
isdn
ja_JP HOWTO ja_JP sync 2013-07-24 22:06:34 -07:00
kbuild kconfig: do not allow more than one symbol to have 'option modules' 2013-09-05 11:10:08 +02:00
kdump Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
ko_KR Correct unfaithful translation on HOWTO in ko_KR 2013-08-12 17:43:13 -07:00
laptops thinkpad-acpi: Add mute and mic-mute LED functionality 2013-10-17 14:38:44 +02:00
leds Documentation: leds-lp5521,lp5523: update device attribute information 2013-08-26 17:22:13 -07:00
m68k block: remove refs to XD disks from documentation 2013-05-17 15:17:12 +02:00
make
memory-devices
metag doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
mic misc: mic: Enable OSPM suspend and resume support. 2013-10-05 18:01:42 -07:00
mips
misc-devices doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
mmc mmc: core: Add in support to expose PRV for v4 MMCs 2013-03-22 12:10:42 -04:00
mn10300
mtd doc: Fix typo "is is" in Documentations 2013-08-27 10:50:52 +02:00
namespaces userns: Recommend use of memory control groups. 2013-01-26 22:20:06 -08:00
netlabel
networking doc:net: Fix typo in Documentation/networking 2013-10-30 17:10:20 -04:00
nfc NFC: Update pn544 documentation 2013-01-10 01:27:46 +01:00
parisc parisc: document the shadow registers 2013-07-09 22:09:19 +02:00
PCI PCI/MSI: Enable multiple MSIs with pci_enable_msi_block_auto() 2013-01-24 17:25:13 +01:00
pcmcia
power power: Documentation: Update s2ram link 2013-08-27 10:54:52 +02:00
powerpc powerpc: Update the 00-Index in Documentation/powerpc 2013-08-27 14:44:27 +10:00
pps USB: serial: invoke dcd_change ldisc's handler. 2013-09-26 09:45:40 -07:00
prctl
pti
ptp
rapidio doc: Fix typo in doucmentations 2013-07-25 12:34:15 +02:00
RCU rcu: Fix occurrence of "the the" in checklist.txt 2013-09-25 10:07:02 -07:00
s390 s390/s390dbf: add debug_level_enabled() function 2013-10-24 17:16:53 +02:00
scheduler H8/300 has been dead for several years, the kernel for it has 2013-11-12 14:13:14 +09:00
scsi SCSI misc on 20130915 2013-09-15 17:41:30 -04:00
security Smack: add support for modification of existing rules 2013-03-19 14:16:42 -07:00
serial serial: core: delete .set_wake() callback 2013-10-16 13:16:19 -07:00
sh
sound ALSA: Fix typo in documentation/alsa 2013-10-29 11:38:04 +01:00
spi spi/documentation: Fix usage of __initdata 2013-08-20 12:52:28 +02:00
sysctl vsprintf: check real user/group id for %pK 2013-11-13 12:09:14 +09:00
target Documentation: replace strict_strtoul() with kstrtoul() 2013-08-20 12:56:26 +02:00
thermal thermal: thermal_core: allow binding with limits on bind_params 2013-09-03 09:10:24 -04:00
timers nohz_full: Add testing information to documentation 2013-08-18 18:06:55 -07:00
tpm drivers/tpm: add xen tpmfront interface 2013-08-09 10:57:06 -04:00
trace ftrace, sched: Add TRACE_FLAG_PREEMPT_RESCHED 2013-11-11 12:43:39 +01:00
usb proc_usb_info.txt: Correct documentation about endianness of config descriptors 2013-08-12 12:24:27 -07:00
vDSO
video4linux [media] V4L: Add support for integer menu controls with standard menu items 2013-08-18 07:12:59 -03:00
virtual Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
vm Documentation/vm/zswap.txt: fix typos 2013-11-13 12:09:05 +09:00
w1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
watchdog watchdog: delete mpcore_wdt driver 2013-07-11 21:47:58 +02:00
wimax
x86 Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 10:48:30 +09:00
xtensa xtensa: document MMUv3 setup sequence 2013-05-09 01:07:09 -07:00
zh_CN Documentation/zh_CN/SubmittingPatches fix a typo 2013-08-20 12:41:25 +02:00
.gitignore
00-INDEX doc: fix a typo in Documentation/00-INDEX 2013-08-27 10:53:07 +02:00
applying-patches.txt
atomic_ops.txt Documentation: Memory barrier semantics of atomic_xchg() 2013-01-08 14:14:55 -08:00
bad_memory.txt
basic_profiling.txt
bcache.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt Documentation: fix typo and update version in cachetlb.txt 2013-08-20 12:46:52 +02:00
Changes
circular-buffers.txt
clk.txt clk: add support for clock reparent on set_rate 2013-08-19 12:27:17 -07:00
coccinelle.txt Coccinelle: Update information about the minimal version required 2013-07-03 22:58:20 +02:00
CodingStyle Documentation/CodingStyle: allow multiple return statements per function 2013-07-03 16:08:01 -07:00
cpu-hotplug.txt kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
cpu-load.txt
cputopology.txt doc: Documentation/cputopology.txt fix typo 2013-09-04 12:59:47 +02:00
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt /dev/oldmem: Remove the interface 2013-07-03 16:08:03 -07:00
digsig.txt
DMA-API-HOWTO.txt Documentation/DMA-API-HOWTO.txt: fix typo 2013-02-27 19:10:23 -08:00
DMA-API.txt
DMA-attributes.txt common: DMA-mapping: add DMA_ATTR_FORCE_CONTIGUOUS attribute 2012-11-29 03:30:34 -08:00
dma-buf-sharing.txt dma-buf: Expose buffer size to userspace (v2) 2013-09-10 11:36:45 +05:30
DMA-ISA-LPC.txt
dmaengine.txt
dmatest.txt dmatest: make module parameters writable 2013-08-22 22:57:32 -07:00
dontdiff
dynamic-debug-howto.txt doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
edac.txt
efi-stub.txt EFI stub documentation updates 2013-09-25 12:34:32 +01:00
eisa.txt
email-clients.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gpio.txt Remove GENERIC_GPIO config option 2013-04-16 18:47:19 +09:00
highuid.txt
HOWTO Documentation: Updated broken link in HOWTO 2013-06-03 14:22:57 -07:00
hw_random.txt hwrng: Fix a wrong comment in Documentation/hw_random.txt 2013-03-10 18:16:36 +08:00
hwspinlock.txt doc: documentation/hwspinlock.txt fix typo 2013-08-27 10:46:02 +02:00
init.txt
initrd.txt
intel_txt.txt Documentation: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:38:03 -08:00
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt iostats.txt: add easy-to-find description for field 6 2013-04-29 15:18:50 +02:00
IPMI.txt ipmi: add options to disable openfirmware and PCI scanning 2013-02-27 19:10:21 -08:00
IRQ-affinity.txt doc: fix a typo about irq affinity 2013-08-20 12:59:18 +02:00
IRQ-domain.txt irqdomain: update documentation 2012-12-05 23:52:10 +00:00
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt kernel-doc: Update references to SGML to refs to XML instead. 2013-05-28 12:02:11 +02:00
kernel-docs.txt
kernel-parameters.txt drivers/char/hpet.c: allow user controlled mmap for user processes 2013-11-13 12:09:11 +09:00
kernel-per-CPU-kthreads.txt kthread: Add pointer to vmstat-avoidance patch 2013-09-25 06:49:46 -07:00
kmemcheck.txt Documentation/kmemcheck: update kmemcheck documentation 2013-08-27 10:47:05 +02:00
kmemleak.txt
kobject.txt
kprobes.txt
kref.txt kref: Add kref_get_unless_zero documentation 2012-11-28 18:36:06 +10:00
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt locking/stat: Fix a typo 2013-02-19 08:42:37 +01:00
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt wanrouter: completely decouple obsolete code from kernel. 2013-01-31 19:20:33 -05:00
Makefile
ManagementStyle
md.txt md: remove doubled description for sync_max, merging it within sync_min/sync_max 2013-07-03 09:43:28 +10:00
media-framework.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-07-13 12:09:57 -07:00
memory-barriers.txt doc: Fix memory-barrier control-dependency example 2013-08-19 21:39:42 -07:00
memory-hotplug.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
mono.txt
mutex-design.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt drivers: phy: add generic PHY framework 2013-09-27 17:35:41 -07:00
pi-futex.txt
pinctrl.txt pinctrl: add documentation for pinctrl_get_group_pins() 2013-10-16 15:35:21 +02:00
pnp.txt
preempt-locking.txt
printk-formats.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
pwm.txt pwm: Add sysfs interface 2013-06-21 11:32:51 +02:00
ramoops.txt
rbtree.txt
remoteproc.txt
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rt-mutex-design.txt sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
rt-mutex.txt
rtc.txt rtc: add ability to push out an existing wakealarm using sysfs 2013-07-03 16:07:54 -07:00
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
smsc_ece1099.txt
sparse.txt Documentation/sparse.txt: document context annotations for lock checking 2012-12-17 17:15:23 -08:00
spinlocks.txt sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
stable_api_nonsense.txt
stable_kernel_rules.txt
static-keys.txt
SubmitChecklist Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: Request summaries for commit references 2013-08-20 12:58:15 +02:00
svga.txt
sysfs-rules.txt doc: Fix typo in doucmentations 2013-07-25 12:34:15 +02:00
sysrq.txt sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
this_cpu_ops.txt percpu: add documentation on this_cpu operations 2013-04-04 10:24:53 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt vfio: fix documentation 2013-09-05 16:36:21 -06:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt workqueue: Correct/Drop references to gcwq in Documentation 2013-08-21 10:32:09 -04:00
ww-mutex-design.txt mutex: Add support for wound/wait style locks 2013-06-26 12:10:56 +02:00
xz.txt
zorro.txt