Re: [PATCH] printk: Check real user/group id for %pK

From: George Spelvin
Date: Sun Sep 29 2013 - 19:41:55 EST

Next message: Dave Jones: "Re: [ 062/117] ext4: fix ext4_writepages() in presence of truncate"
Previous message: Chanwoo Choi: "Re: [PATCH] extcon: arizona: Get pdata from arizona structure notdevice"
In reply to: Ryan Mallon: "Re: [PATCH] printk: Check real user/group id for %pK"
Next in thread: Dan Rosenberg: "Re: [PATCH] printk: Check real user/group id for %pK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Right, so the pppd application is actually doing the correct thing.

And a CAP_SYSLOG setuid binary that *doesn't* DTRT seems like a more
immediate security hole than leaking kernel addresses. After all
kptr_restrict is optional precisely because the benefit is marginal.

The interesting question is what credentials make sense for %pK outside
of a seq_printf(). Does it even make sense in a generic printk? In that
case, it's the permission of the syslogd that matters rather than the
process generating the message.

> Will wait and see what others have to say.

Me, too. Dan in particular.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Jones: "Re: [ 062/117] ext4: fix ext4_writepages() in presence of truncate"
Previous message: Chanwoo Choi: "Re: [PATCH] extcon: arizona: Get pdata from arizona structure notdevice"
In reply to: Ryan Mallon: "Re: [PATCH] printk: Check real user/group id for %pK"
Next in thread: Dan Rosenberg: "Re: [PATCH] printk: Check real user/group id for %pK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]