[PATCH] ntp, security: fix non privileged system time shifting

From: Richard Cochran
Date: Fri Apr 01 2011 - 12:17:46 EST

Next message: Robert ÅwiÄcki: "Re: [PATCH] mm: fix possible cause of a page_mapped BUG"
Previous message: Linus Torvalds: "Re: [PATCH 02/17] mm: mmu_gather rework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The ADJ_SETOFFSET bit added in commit 094aa188 also introduced a way for
any user to change the system time. Sneaky or buggy calls to adjtimex()
could set

ADJ_OFFSET_SS_READ | ADJ_SETOFFSET

which would result in a successful call to timekeeping_inject_offset().
This patch fixes the issue by adding the capability check.

Signed-off-by: Richard Cochran <richard.cochran@xxxxxxxxxx>
---
kernel/time/ntp.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 35e68e3..5e65fd5 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -652,6 +652,8 @@ int do_adjtimex(struct timex *txc)
struct timespec delta;
delta.tv_sec = txc->time.tv_sec;
delta.tv_nsec = txc->time.tv_usec;
+ if (!capable(CAP_SYS_TIME))
+ return -EPERM;
if (!(txc->modes & ADJ_NANO))
delta.tv_nsec *= 1000;
result = timekeeping_inject_offset(&delta);
--
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert ÅwiÄcki: "Re: [PATCH] mm: fix possible cause of a page_mapped BUG"
Previous message: Linus Torvalds: "Re: [PATCH 02/17] mm: mmu_gather rework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]