linux-stable/Documentation
Ryan Mallon 312b4e2269 vsprintf: check real user/group id for %pK
Some setuid binaries will allow reading of files which have read
permission by the real user id.  This is problematic with files which
use %pK because the file access permission is checked at open() time,
but the kptr_restrict setting is checked at read() time.  If a setuid
binary opens a %pK file as an unprivileged user, and then elevates
permissions before reading the file, then kernel pointer values may be
leaked.

This happens for example with the setuid pppd application on Ubuntu 12.04:

  $ head -1 /proc/kallsyms
  00000000 T startup_32

  $ pppd file /proc/kallsyms
  pppd: In file /proc/kallsyms: unrecognized option 'c1000000'

This will only leak the pointer value from the first line, but other
setuid binaries may leak more information.

Fix this by adding a check that in addition to the current process having
CAP_SYSLOG, that effective user and group ids are equal to the real ids.
If a setuid binary reads the contents of a file which uses %pK then the
pointer values will be printed as NULL if the real user is unprivileged.

Update the sysctl documentation to reflect the changes, and also correct
the documentation to state the kptr_restrict=0 is the default.

This is a only temporary solution to the issue.  The correct solution is
to do the permission check at open() time on files, and to replace %pK
with a function which checks the open() time permission.  %pK uses in
printk should be removed since no sane permission check can be done, and
instead protected by using dmesg_restrict.

Signed-off-by: Ryan Mallon <rmallon@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Joe Perches <joe@perches.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-13 12:09:14 +09:00
..
ABI Staging driver update for 3.13-rc1 2013-11-07 15:07:58 +09:00
accounting Documentation/accounting/getdelays.c: avoid strncpy in accounting tool 2013-07-03 16:08:06 -07:00
acpi gpiolib / ACPI: document the GPIO descriptor based interface 2013-10-19 23:32:50 +02:00
aoe aoe: remove do-nothing NAME="%k" term from example udev rules 2013-09-11 15:59:28 -07:00
arm Allwinner sunXi SoCs machine additions for 3.13 2013-10-28 10:19:38 -07:00
arm64 arm64: Use 42-bit address space with 64K pages 2013-11-05 17:23:52 +00:00
auxdisplay
backlight backlight: lp855x: remove duplicate platform data 2013-04-29 18:28:19 -07:00
blackfin
block block: change config option name for cmdline partition parsing 2013-09-30 14:31:02 -07:00
blockdev nbd: update documentation and link to mailinglist 2013-02-27 19:10:22 -08:00
bus-devices ARM: OMAP2+: gpmc: generic timing calculation 2012-11-09 18:07:11 +05:30
cdrom
cgroups memcg: support hierarchical memory.numa_stats 2013-11-13 12:09:06 +09:00
connector connector - documentation: simplify netlink message length assignment 2013-10-02 16:03:51 -04:00
console TTY:console: update document console.txt 2013-05-21 10:21:57 -07:00
cpu-freq cpufreq: Drop the owner field from struct cpufreq_driver 2013-08-10 03:24:47 +02:00
cpuidle cpuidle: make a single register function for all 2013-04-23 13:45:22 +02:00
cris CRIS: Update documentation 2012-04-03 13:09:18 +02:00
crypto drivers/dma: remove unused support for MEMSET operations 2013-07-03 16:07:42 -07:00
development-process Documentation: development-process: Update -mm and -next URLs 2013-07-25 12:37:24 +02:00
device-mapper dm: add statistics support 2013-09-05 20:46:06 -04:00
devicetree DeviceTree updates for 3.13. This is a bit larger pull request than 2013-11-12 16:52:17 +09:00
DocBook Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 10:04:41 +09:00
driver-model spi: Updates for v3.13 2013-11-12 15:01:39 +09:00
dvb [media] get_dvb_firmware: Fix the location of firmware for Terratec HTC 2013-01-01 11:18:26 -02:00
early-userspace Documentation: remove reference to 2.7 kernel in early-userspace 2013-08-20 12:47:28 +02:00
EDID drm: Add 1600x1200 (UXGA) screen resolution to the built-in EDIDs 2013-04-12 14:06:16 +10:00
extcon extcon: Simplify extcon_dev_register() prototype by removing unnecessary parameter 2013-09-27 09:37:01 +09:00
fault-injection doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
fb Documentation/fb/viafb.modes fix a typo 2013-08-20 12:41:11 +02:00
filesystems /proc/pid/smaps: show VM_SOFTDIRTY flag in VmFlags line 2013-11-13 12:09:07 +09:00
firmware_class firmware loader: document firmware cache mechanism 2012-11-14 15:07:18 -08:00
fmc doc: Fix typo "is is" in Documentations 2013-08-27 10:50:52 +02:00
frv doc: fix broken references 2011-09-27 18:08:04 +02:00
hid HID: uhid: use generic hidinput_input_event() 2013-07-31 10:33:05 +02:00
hwmon hwmon: (pmbus/ltc2978): Add support for LTC2978A 2013-10-18 09:12:03 -07:00
i2c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
i2o
ia64 Fix example error_injection_tool 2013-04-02 09:39:55 -07:00
ide
infiniband
input Merge branch 'master' into for-3.12/upstream 2013-09-04 10:49:57 +02:00
ioctl ALSA: add DICE driver 2013-10-17 21:18:32 +02:00
isdn
ja_JP HOWTO ja_JP sync 2013-07-24 22:06:34 -07:00
kbuild kconfig: do not allow more than one symbol to have 'option modules' 2013-09-05 11:10:08 +02:00
kdump Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
ko_KR Correct unfaithful translation on HOWTO in ko_KR 2013-08-12 17:43:13 -07:00
laptops thinkpad-acpi: Add mute and mic-mute LED functionality 2013-10-17 14:38:44 +02:00
leds Documentation: leds-lp5521,lp5523: update device attribute information 2013-08-26 17:22:13 -07:00
m68k block: remove refs to XD disks from documentation 2013-05-17 15:17:12 +02:00
make kbuild: introduce HDR_ARCH_LIST for headers_install_all 2010-12-14 22:16:19 +01:00
memory-devices
metag doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
mic misc: mic: Enable OSPM suspend and resume support. 2013-10-05 18:01:42 -07:00
mips Fix common misspellings 2011-03-31 11:26:23 -03:00
misc-devices doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
mmc mmc: core: Add in support to expose PRV for v4 MMCs 2013-03-22 12:10:42 -04:00
mn10300 trivial: Miscellaneous documentation typo fixes 2009-06-12 18:01:47 +02:00
mtd doc: Fix typo "is is" in Documentations 2013-08-27 10:50:52 +02:00
namespaces userns: Recommend use of memory control groups. 2013-01-26 22:20:06 -08:00
netlabel Documentation/: it's -> its where appropriate 2010-04-23 02:09:52 +02:00
networking doc:net: Fix typo in Documentation/networking 2013-10-30 17:10:20 -04:00
nfc NFC: Update pn544 documentation 2013-01-10 01:27:46 +01:00
parisc parisc: document the shadow registers 2013-07-09 22:09:19 +02:00
PCI PCI/MSI: Enable multiple MSIs with pci_enable_msi_block_auto() 2013-01-24 17:25:13 +01:00
pcmcia
power power: Documentation: Update s2ram link 2013-08-27 10:54:52 +02:00
powerpc powerpc: Update the 00-Index in Documentation/powerpc 2013-08-27 14:44:27 +10:00
pps USB: serial: invoke dcd_change ldisc's handler. 2013-09-26 09:45:40 -07:00
prctl seccomp: Make syscall skipping and nr changes more consistent 2012-10-02 21:14:29 +10:00
pti Kernel documentation for the PTI feature. 2011-05-13 16:31:00 -07:00
ptp
rapidio doc: Fix typo in doucmentations 2013-07-25 12:34:15 +02:00
RCU rcu: Fix occurrence of "the the" in checklist.txt 2013-09-25 10:07:02 -07:00
s390 s390/s390dbf: add debug_level_enabled() function 2013-10-24 17:16:53 +02:00
scheduler H8/300 has been dead for several years, the kernel for it has 2013-11-12 14:13:14 +09:00
scsi SCSI misc on 20130915 2013-09-15 17:41:30 -04:00
security Smack: add support for modification of existing rules 2013-03-19 14:16:42 -07:00
serial serial: core: delete .set_wake() callback 2013-10-16 13:16:19 -07:00
sh
sound ALSA: Fix typo in documentation/alsa 2013-10-29 11:38:04 +01:00
spi spi/documentation: Fix usage of __initdata 2013-08-20 12:52:28 +02:00
sysctl vsprintf: check real user/group id for %pK 2013-11-13 12:09:14 +09:00
target Documentation: replace strict_strtoul() with kstrtoul() 2013-08-20 12:56:26 +02:00
thermal thermal: thermal_core: allow binding with limits on bind_params 2013-09-03 09:10:24 -04:00
timers nohz_full: Add testing information to documentation 2013-08-18 18:06:55 -07:00
tpm drivers/tpm: add xen tpmfront interface 2013-08-09 10:57:06 -04:00
trace ftrace, sched: Add TRACE_FLAG_PREEMPT_RESCHED 2013-11-11 12:43:39 +01:00
usb proc_usb_info.txt: Correct documentation about endianness of config descriptors 2013-08-12 12:24:27 -07:00
vDSO Document the vDSO and add a reference parser 2011-07-14 17:57:09 -07:00
video4linux [media] V4L: Add support for integer menu controls with standard menu items 2013-08-18 07:12:59 -03:00
virtual Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
vm Documentation/vm/zswap.txt: fix typos 2013-11-13 12:09:05 +09:00
w1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
watchdog watchdog: delete mpcore_wdt driver 2013-07-11 21:47:58 +02:00
wimax
x86 Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 10:48:30 +09:00
xtensa xtensa: document MMUv3 setup sequence 2013-05-09 01:07:09 -07:00
zh_CN Documentation/zh_CN/SubmittingPatches fix a typo 2013-08-20 12:41:25 +02:00
.gitignore add random binaries to .gitignore 2010-04-08 11:34:34 +02:00
00-INDEX doc: fix a typo in Documentation/00-INDEX 2013-08-27 10:53:07 +02:00
applying-patches.txt [PATCH] Docs update: typos, corrections and additions to applying-patches.txt 2006-01-10 08:01:54 -08:00
atomic_ops.txt Documentation: Memory barrier semantics of atomic_xchg() 2013-01-08 14:14:55 -08:00
bad_memory.txt Document handling of bad memory 2008-12-03 16:09:53 -07:00
basic_profiling.txt
bcache.txt bcache: Refresh usage docs 2013-06-26 21:58:06 -07:00
binfmt_misc.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
braille-console.txt
bt8xxgpio.txt gpio: add bt8xxgpio driver 2008-07-25 10:53:30 -07:00
btmrvl.txt Bluetooth: Add documentation for Marvell Bluetooth driver 2009-08-22 14:25:32 -07:00
BUG-HUNTING Documentation: add hint about call traces & module symbols to BUG-HUNTING 2008-02-06 10:41:09 -08:00
bus-virt-phys-mapping.txt
cachetlb.txt Documentation: fix typo and update version in cachetlb.txt 2013-08-20 12:46:52 +02:00
Changes Documentation/Changes: remove some really obsolete text 2011-07-11 16:48:38 -07:00
circular-buffers.txt
clk.txt clk: add support for clock reparent on set_rate 2013-08-19 12:27:17 -07:00
coccinelle.txt Coccinelle: Update information about the minimal version required 2013-07-03 22:58:20 +02:00
CodingStyle Documentation/CodingStyle: allow multiple return statements per function 2013-07-03 16:08:01 -07:00
cpu-hotplug.txt kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
cpu-load.txt
cputopology.txt doc: Documentation/cputopology.txt fix typo 2013-09-04 12:59:47 +02:00
crc32.txt crc32: move long comment about crc32 fundamentals to Documentation/ 2012-03-23 16:58:37 -07:00
dcdbas.txt [PATCH] dcdbas: add Dell Systems Management Base Driver with sysfs support 2005-09-07 16:57:27 -07:00
debugging-modules.txt Documentation: Clarify when module debugging actually works. 2008-02-03 15:27:38 +02:00
debugging-via-ohci1394.txt ieee1394: update URLs in debugging-via-ohci1394.txt 2009-10-03 09:28:11 +02:00
dell_rbu.txt Fix common misspellings 2011-03-31 11:26:23 -03:00
devices.txt /dev/oldmem: Remove the interface 2013-07-03 16:08:03 -07:00
digsig.txt crypto: digital signature verification support 2011-11-09 12:10:37 +02:00
DMA-API-HOWTO.txt Documentation/DMA-API-HOWTO.txt: fix typo 2013-02-27 19:10:23 -08:00
DMA-API.txt dma-debug: New interfaces to debug dma mapping errors 2012-10-24 17:06:43 +02:00
DMA-attributes.txt
dma-buf-sharing.txt dma-buf: Expose buffer size to userspace (v2) 2013-09-10 11:36:45 +05:30
DMA-ISA-LPC.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
dmaengine.txt
dmatest.txt dmatest: make module parameters writable 2013-08-22 22:57:32 -07:00
dontdiff x86: remove offsets.h from .gitignore and dontdiff 2012-11-19 14:10:53 +01:00
dynamic-debug-howto.txt doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
edac.txt
efi-stub.txt EFI stub documentation updates 2013-09-25 12:34:32 +01:00
eisa.txt MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
email-clients.txt Documentation: email-clients: Add better Thunderbird information 2011-08-13 18:34:03 -07:00
flexible-arrays.txt
futex-requeue-pi.txt futex: add requeue-pi documentation 2009-05-09 07:12:50 +02:00
gcov.txt trivial: fix typo in CONFIG_DEBUG_FS in gcov doc 2009-09-21 15:14:56 +02:00
gpio.txt Remove GENERIC_GPIO config option 2013-04-16 18:47:19 +09:00
highuid.txt [SPARC]: Remove SunOS and Solaris binary support. 2008-04-21 15:10:15 -07:00
HOWTO Documentation: Updated broken link in HOWTO 2013-06-03 14:22:57 -07:00
hw_random.txt hwrng: Fix a wrong comment in Documentation/hw_random.txt 2013-03-10 18:16:36 +08:00
hwspinlock.txt doc: documentation/hwspinlock.txt fix typo 2013-08-27 10:46:02 +02:00
init.txt init/main.c: improve usability in case of init binary failure 2010-03-06 11:26:29 -08:00
initrd.txt
Intel-IOMMU.txt
intel_txt.txt Documentation: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:38:03 -08:00
io-mapping.txt
io_ordering.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
iostats.txt iostats.txt: add easy-to-find description for field 6 2013-04-29 15:18:50 +02:00
IPMI.txt ipmi: add options to disable openfirmware and PCI scanning 2013-02-27 19:10:21 -08:00
IRQ-affinity.txt doc: fix a typo about irq affinity 2013-08-20 12:59:18 +02:00
IRQ-domain.txt irqdomain: update documentation 2012-12-05 23:52:10 +00:00
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt Documentation/java.txt: typo and grammar fixes 2007-10-20 02:37:21 +02:00
kernel-doc-nano-HOWTO.txt kernel-doc: Update references to SGML to refs to XML instead. 2013-05-28 12:02:11 +02:00
kernel-docs.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
kernel-parameters.txt drivers/char/hpet.c: allow user controlled mmap for user processes 2013-11-13 12:09:11 +09:00
kernel-per-CPU-kthreads.txt kthread: Add pointer to vmstat-avoidance patch 2013-09-25 06:49:46 -07:00
kmemcheck.txt Documentation/kmemcheck: update kmemcheck documentation 2013-08-27 10:47:05 +02:00
kmemleak.txt
kobject.txt
kprobes.txt tree-wide: fix comment/printk typos 2010-11-01 15:38:34 -04:00
kref.txt kref: Add kref_get_unless_zero documentation 2012-11-28 18:36:06 +10:00
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt locking/stat: Fix a typo 2013-02-19 08:42:37 +01:00
lockup-watchdogs.txt watchdog: Update documentation 2012-02-11 15:11:28 +01:00
logo.gif
logo.txt Revert "linux.conf.au 2009: Tuz" 2009-04-27 12:00:27 -07:00
magic-number.txt wanrouter: completely decouple obsolete code from kernel. 2013-01-31 19:20:33 -05:00
Makefile mei: move doc files Documentation/misc-devices/mei 2012-05-09 13:59:09 -07:00
ManagementStyle Documentation: ManagementStyle: fixed typo 2012-06-28 12:03:15 +02:00
md.txt md: remove doubled description for sync_max, merging it within sync_min/sync_max 2013-07-03 09:43:28 +10:00
media-framework.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-07-13 12:09:57 -07:00
memory-barriers.txt doc: Fix memory-barrier control-dependency example 2013-08-19 21:39:42 -07:00
memory-hotplug.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
mono.txt
mutex-design.txt mutex: Fix annotations to include it in kernel-locking docbook 2010-09-03 08:19:51 +02:00
nommu-mmap.txt nommu: fix malloc performance by adding uninitialized flag 2009-12-15 08:53:24 -08:00
numastat.txt Doc: Update numastat.txt 2012-02-28 16:05:06 +01:00
oops-tracing.txt
padata.txt
parport-lowlevel.txt plip: fix parport_register_device name parameter 2007-11-26 19:39:01 -08:00
parport.txt
percpu-rw-semaphore.txt percpu-rw-semaphore: fix documentation typos 2012-09-26 19:56:15 +02:00
phy.txt drivers: phy: add generic PHY framework 2013-09-27 17:35:41 -07:00
pi-futex.txt
pinctrl.txt pinctrl: add documentation for pinctrl_get_group_pins() 2013-10-16 15:35:21 +02:00
pnp.txt
preempt-locking.txt
printk-formats.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
pwm.txt pwm: Add sysfs interface 2013-06-21 11:32:51 +02:00
ramoops.txt pstore/ftrace: Convert to its own enable/disable debugfs knob 2012-09-06 22:16:58 -07:00
rbtree.txt rbtree: move augmented rbtree functionality to rbtree_augmented.h 2012-10-09 16:22:40 +09:00
remoteproc.txt
rfkill.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
robust-futex-ABI.txt
robust-futexes.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
rpmsg.txt Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rt-mutex-design.txt sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
rt-mutex.txt [PATCH] pi-futex: rt mutex docs 2006-06-27 17:32:47 -07:00
rtc.txt rtc: add ability to push out an existing wakealarm using sysfs 2013-07-03 16:07:54 -07:00
SAK.txt Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
SecurityBugs Fix common misspellings 2011-03-31 11:26:23 -03:00
serial-console.txt [PATCH] doc: more serial-console info 2006-03-25 08:23:00 -08:00
sgi-ioc4.txt
sgi-visws.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
SM501.txt
smsc_ece1099.txt mfd: smsc: Add support for smsc gpio io/keypad driver 2012-10-01 15:27:48 +02:00
sparse.txt Documentation/sparse.txt: document context annotations for lock checking 2012-12-17 17:15:23 -08:00
spinlocks.txt sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
stable_api_nonsense.txt doc: stable_api_nonsense.txt: fix paragraph to make more sense. 2011-03-30 12:02:05 +02:00
stable_kernel_rules.txt stable: Allow merging of backports for serious user-visible performance issues 2012-06-25 11:25:00 -07:00
static-keys.txt
SubmitChecklist Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
SubmittingDrivers Documentation: SubmittingDrivers: fix Linus's git tree URL 2011-08-13 18:34:03 -07:00
SubmittingPatches Documentation/SubmittingPatches: Request summaries for commit references 2013-08-20 12:58:15 +02:00
svga.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sysfs-rules.txt doc: Fix typo in doucmentations 2013-07-25 12:34:15 +02:00
sysrq.txt sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
this_cpu_ops.txt percpu: add documentation on this_cpu operations 2013-04-04 10:24:53 -07:00
unaligned-memory-access.txt
unicode.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
unshare.txt
vfio.txt vfio: fix documentation 2013-09-05 16:36:21 -06:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt VME: Move API documentation to Documentation folder 2012-05-08 16:01:34 -07:00
volatile-considered-harmful.txt Documentation/volatile-considered-harmful.txt: correct cpu_relax() documentation 2010-03-24 16:31:20 -07:00
workqueue.txt workqueue: Correct/Drop references to gcwq in Documentation 2013-08-21 10:32:09 -04:00
ww-mutex-design.txt mutex: Add support for wound/wait style locks 2013-06-26 12:10:56 +02:00
xz.txt decompressors: add XZ decompressor module 2011-01-13 08:03:24 -08:00
zorro.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00