Received: by 10.192.165.156 with SMTP id m28csp933396imm; Wed, 11 Apr 2018 09:29:21 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/0xmZDwbjtvFC0ZyWocmUu0CO606lYN4UcmaGHoBm8rnlEarRFu0ED7VauNWsPWsEWkDGi X-Received: by 10.101.93.14 with SMTP id e14mr2353943pgr.353.1523464161943; Wed, 11 Apr 2018 09:29:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523464161; cv=none; d=google.com; s=arc-20160816; b=Gd9J7nXhu97mMUtYHmLeF2MpDMLD/Fl0dBffgcza8xwA0QibNMJ1txHGFVOEcrbh+t fEinQmaIVl7pd4N+ylZMsbk5UNv3ue1BgQUK2A7fWtgs0yWm/cfU1srJZcVcoSMkJ22l jnGZo0msomLO+hTBGXe2pVS+SQsVW8nQ3oXsh05nDbgoNQyQo8jmfZw1DP416cRcdTUc SN1lmYXEqMfM55ZvcA+SFpysnogR3xRO14zkRGyD2uw/e31GlthCJ91FisV9nfI0L0U3 /bTeqB1BlXGfYYlh8VOZ7NeqlcO3vhMqefrJAMM0xS5hfGofeEWMMN4ssullvlaUc4qs 4wDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:arc-authentication-results; bh=56muJMd94mfJ3hGC1y6c5LeNgQX8HKNQFsyJLpXZCFc=; b=ZEYZEW8ecwVnherjWj5ldLnHOvsHdFFPNAmtWnpVt8GRYw+iB07Y6LMQNtSzMjpYPd IqffjgF1XsC6UBZfViIkLHAcuhDYYKYyLYhfeB+GudVmzewnOxds2IBHAxarRLfXhJCP I1gakA+rCbA0DMBc5M5S32wNBdbi9lW4mvOYTEZZckgeTQ1kX8pWk7EBRnPuN4JE6tG0 OLwAVxsL1ZuqgNP0loQo2yWsXs/pFKKJjtVddZjCGEpZFmJnsAaRo1FC1bLwMcTzTNwQ MjGwRMaTDnoHOus9W+IWm4VpRWxyytGcsdhIxzZ1h/YvF6WrG9Yz9G7M8vdjwj5G1/bD zTZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si1070767pfm.198.2018.04.11.09.28.44; Wed, 11 Apr 2018 09:29:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754047AbeDKQZR (ORCPT + 99 others); Wed, 11 Apr 2018 12:25:17 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:59440 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752804AbeDKQZO (ORCPT ); Wed, 11 Apr 2018 12:25:14 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9D8C28DC2E; Wed, 11 Apr 2018 16:25:13 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-8.rdu2.redhat.com [10.10.120.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7E15410B008B; Wed, 11 Apr 2018 16:25:12 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 05/24] Restrict /dev/{mem, kmem, port} when the kernel is locked down From: David Howells To: torvalds@linux-foundation.org Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org Date: Wed, 11 Apr 2018 17:25:12 +0100 Message-ID: <152346391203.4030.2594045084649898168.stgit@warthog.procyon.org.uk> In-Reply-To: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 11 Apr 2018 16:25:13 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 11 Apr 2018 16:25:13 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" --- drivers/char/mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index ffeb60d3434c..b2fca26e5765 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -784,6 +784,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (kernel_is_locked_down("/dev/mem,kmem,port")) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; }