git.baikalelectronics.ru Git - kernel.git/commit

author	Vasily Averin <vvs@virtuozzo.com>
	Thu, 25 Jun 2015 22:01:44 +0000 (15:01 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Fri, 26 Jun 2015 00:00:39 +0000 (17:00 -0700)
commit	3d02dec1b1c03681c330bf9d73b8adb446dd743f
tree	07b78850800078b3b4f147939309d29642773266	tree \| snapshot
parent	b54634c4751487802a8d3f416f3e25efdc0e2f62	commit \| diff

security_syslog() should be called once only

The final version of commit 5cd6f358de05 ("kmsg: honor dmesg_restrict
sysctl on /dev/kmsg") lost few hooks, as result security_syslog() are
processed incorrectly:

- open of /dev/kmsg checks syslog access permissions by using
  check_syslog_permissions() where security_syslog() is not called if
  dmesg_restrict is set.

- syslog syscall and /proc/kmsg calls do_syslog() where security_syslog
  can be executed twice (inside check_syslog_permissions() and then
  directly in do_syslog())

With this patch security_syslog() is called once only in all
syslog-related operations regardless of dmesg_restrict value.

Fixes: 5cd6f358de05 ("kmsg: honor dmesg_restrict sysctl on /dev/kmsg")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>