mmap_min_addr check CAP_SYS_RAWIO only for write

Redirecting directly to lsm, here's the patch discussed on lkml: http://lkml.org/lkml/2010/4/22/219 The mmap_min_addr value is useful information for an admin to see without being root ("is my system vulnerable to kernel NULL pointer attacks?") and its setting is trivially easy for an attacker to determine by calling mmap() in PAGE_SIZE increments starting at 0, so trying to keep it private has no value. Only require CAP_SYS_RAWIO if changing the value, not reading it. Comment from Serge : Me, I like to write my passwords with light blue pen on dark blue paper, pasted on my window - if you're going to get my password, you're gonna get a headache. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Kees Cook <kees.cook@canonical.com> 2010-04-22 12:19:17 -0700
committer: James Morris <jmorris@namei.org> 2010-04-23 08:56:31 +1000
commit: 822cceec7248013821d655545ea45d1c6a9d15b3 (patch)
tree: adce5f0c8efc18d16eb14002186556e783b93797
parent: eb8dae9607901fd3fc181325ff3f30dce8f574c5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/min_addr.c b/security/min_addr.c
index e86f297522b..f728728f193 100644
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -33,7 +33,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
 {
 	int ret;
 
-	if (!capable(CAP_SYS_RAWIO))
+	if (write && !capable(CAP_SYS_RAWIO))
 		return -EPERM;
 
 	ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
author	Kees Cook <kees.cook@canonical.com>	2010-04-22 12:19:17 -0700
committer	James Morris <jmorris@namei.org>	2010-04-23 08:56:31 +1000
commit	822cceec7248013821d655545ea45d1c6a9d15b3 (patch)
tree	adce5f0c8efc18d16eb14002186556e783b93797
parent	eb8dae9607901fd3fc181325ff3f30dce8f574c5 (diff)