Building with the attached random configuration file,
fs/built-in.o: In function `pstore_check_syslog_permissions':
inode.c:(.text+0x13a1bd): undefined reference to `check_syslog_permissions'
make: *** [vmlinux] Error 1
> Building with the attached random configuration file,
>
> fs/built-in.o: In function `pstore_check_syslog_permissions':
> inode.c:(.text+0x13a1bd): undefined reference to `check_syslog_permissions'
> make: *** [vmlinux] Error 1
Sebastian,
This looks to come from your "Honor dmesg_restrict sysctl on dmesg dumps" patch
The randconfig doesn't have CONFIG_PRINTK. I guess we need to provide a stub
in <linux/syslog.h> to cover this.
-Tony
????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m????????????I?
On Thu, Nov 13, 2014 at 11:18 AM, Luck, Tony <[email protected]> wrote:
>> Building with the attached random configuration file,
>>
>> fs/built-in.o: In function `pstore_check_syslog_permissions':
>> inode.c:(.text+0x13a1bd): undefined reference to `check_syslog_permissions'
>> make: *** [vmlinux] Error 1
>
> Sebastian,
>
> This looks to come from your "Honor dmesg_restrict sysctl on dmesg dumps" patch
>
> The randconfig doesn't have CONFIG_PRINTK. I guess we need to provide a stub
> in <linux/syslog.h> to cover this.
Without CONFIG_PRINTK, check_syslog_permissions should probably fail.
-Kees
--
Kees Cook
Chrome OS Security
Hi all,
On Thu, Nov 13, 2014 at 11:21:18AM -0800, Kees Cook wrote:
> > This looks to come from your "Honor dmesg_restrict sysctl on dmesg dumps" patch
Oops, you are right.
> > The randconfig doesn't have CONFIG_PRINTK. I guess we need to provide a stub
> > in <linux/syslog.h> to cover this.
>
> Without CONFIG_PRINTK, check_syslog_permissions should probably fail.
Kees, I disagree. Without CONFIG_PRINTK, there isn't even a
dmesg_restrict sysctl, so there is no way to turn that on (AFAICS) and
we should retain the default behaviour.
I'll send a patch shortly.
Sebastian
When building without CONFIG_PRINTK, we need to provide a stub
check_syslog_permissions. As there is no way to turn on the
dmesg_restrict sysctl without CONFIG_PRINTK, return success.
Reported-by: Jim Davis <[email protected]>
Signed-off-by: Sebastian Schmidt <[email protected]>
---
include/linux/syslog.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/include/linux/syslog.h b/include/linux/syslog.h
index 9def529..13c05d1 100644
--- a/include/linux/syslog.h
+++ b/include/linux/syslog.h
@@ -48,6 +48,14 @@
#define SYSLOG_FROM_PROC 1
int do_syslog(int type, char __user *buf, int count, bool from_file);
+
+#ifdef CONFIG_PRINTK
int check_syslog_permissions(int type, bool from_file);
+#else
+static int check_syslog_permissions(int type, bool from_file)
+{
+ return 0;
+}
+#endif
#endif /* _LINUX_SYSLOG_H */
--
2.1.1
On Thu, Nov 13, 2014 at 9:22 PM, Sebastian Schmidt <[email protected]> wrote:
> When building without CONFIG_PRINTK, we need to provide a stub
> check_syslog_permissions. As there is no way to turn on the
> dmesg_restrict sysctl without CONFIG_PRINTK, return success.
>
> Reported-by: Jim Davis <[email protected]>
> Signed-off-by: Sebastian Schmidt <[email protected]>
I think this is correct. Without CONFIG_PRINTK, dmesg_restrict doesn't
exist. It's a bit mind-bending, but since all the logic for
capabilities, etc, is also missing, I guess "allow" (return 0) is the
right default without printk.
Thanks!
Acked-by: Kees Cook <[email protected]>
-Kees
> ---
> include/linux/syslog.h | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/include/linux/syslog.h b/include/linux/syslog.h
> index 9def529..13c05d1 100644
> --- a/include/linux/syslog.h
> +++ b/include/linux/syslog.h
> @@ -48,6 +48,14 @@
> #define SYSLOG_FROM_PROC 1
>
> int do_syslog(int type, char __user *buf, int count, bool from_file);
> +
> +#ifdef CONFIG_PRINTK
> int check_syslog_permissions(int type, bool from_file);
> +#else
> +static int check_syslog_permissions(int type, bool from_file)
> +{
> + return 0;
> +}
> +#endif
>
> #endif /* _LINUX_SYSLOG_H */
> --
> 2.1.1
--
Kees Cook
Chrome OS Security