Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp101728imb; Thu, 28 Feb 2019 17:25:34 -0800 (PST) X-Google-Smtp-Source: APXvYqzOUrdX1l8pGoD1Sp0c8909UVqz5h1NdbAzHba6kyxgB08B6U/wfplSclCNHNGbacAEMKjL X-Received: by 2002:a63:1060:: with SMTP id 32mr2251879pgq.126.1551403534150; Thu, 28 Feb 2019 17:25:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551403534; cv=none; d=google.com; s=arc-20160816; b=wZ4IfL7cgVOtRE77ez4sP53HxwdyYRfrKnWRChAELxpuYs0O55zaq78Zk9Gibhayuk e0r1de2Kt3Q+wkrLEC0SPcP2ku0lt6XGyn2wbbEz/F+1vZmeM9nnn6d1ve1Z3bCnI+pa wQ2+Rh6PkKSEPM7j2VpLQMtnAArc8Oy00T1Ls1txw0DNFJXGastydoDq5PZoQ4DpfoJW D2bC2gAOULQMuaz8iq3V+8GJeMUmwMvi47SKZMmIJ9ATYeHkN/N04WZkRLCr5YJTwffT +Y7+3asisvEnXCaJFVqBLVWNt7ynIByY3BOK4pVgOjszoCvNOss8JVjfNa2m+emg9Mk0 SSjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=aUJ3gj1BGh2zGHelWKN3pyJi6By6RKX30KpBOEKPul4=; b=NPVaIG2+bB93R38J2mIYrtJIgcNkIWxS42vpkMDqPEHlgwKpdB/+HtlhXH9nD/usGy LA9TAtZh3v/NlPdnX8FNOgks8gwkkGFrOP1PA7GmCzXTNgZ8IGQZLiH3Q+Y/29+sBPcT EHcUt58pr37zNByFu4GN9MfEuEPEjoZX3GsPrgnziHIlVdMug3SLqmKC+AQLVS45OpxX i+I09XKuMGTD+wxLUTlOzYDQXX6x+Q3LhYT+FVlJxTsQ7An/m89MGoOyk5DWc32KiGr1 KnP9rtj5PmE8q2OHLp5u3y8zWFdvi355vt2Y03pwAyDNUJQt81gsa+pZG5gpxMVkyl7j pjqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uFAiskDh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r75si22016749pfc.136.2019.02.28.17.25.19; Thu, 28 Feb 2019 17:25:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uFAiskDh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387625AbfB1XMW (ORCPT + 99 others); Thu, 28 Feb 2019 18:12:22 -0500 Received: from mail-io1-f74.google.com ([209.85.166.74]:48103 "EHLO mail-io1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387527AbfB1XMP (ORCPT ); Thu, 28 Feb 2019 18:12:15 -0500 Received: by mail-io1-f74.google.com with SMTP id p12so16956333iod.14 for ; Thu, 28 Feb 2019 15:12:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=aUJ3gj1BGh2zGHelWKN3pyJi6By6RKX30KpBOEKPul4=; b=uFAiskDh5YOvPl+wLevkVOmLyB0rP5MpnZCwM5Cdq4JbKPDNdETsQoQQhPf44rumnx yNlTriZ8CWScxgbvk4IB7DqScGbaOvpuB9L1cBnyzWQskOvnTuuoraiinQfXTSMTy1xK jixUYPfxULbl+s9sUtiE/4Xb+9e4TYMC1uE+yIxfeGXyY2f8NT/vgORFnrnfLeqOoU9s 91bvSj38oHYjHIb8foGtyfqIIOJ/JiBNjAs/+iMgoo9ibZ/94HCKueJVY6hP9gqd+cR/ 8snLOK7GWDKJDb8dpA+mbKRkvOp3sxs434DJE+P7LAeUT9q3NVcvaOMgXaImVFNhK0ex OAbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=aUJ3gj1BGh2zGHelWKN3pyJi6By6RKX30KpBOEKPul4=; b=a3lUvIb2m7ktdGqQp7Ugz6Onzox57nZtj94mpSBbieY4W0QBcipuNtMCs0yhTYNCO4 NsmhmpnE194O6Tsp+MKsVmvOqAWLI0PtUfMCiyy7U4oy6/9LQtkRnrfpy+lUBShPjJO7 jKhTUQlRluteIHnf1m1z+tn4C8sTA/5KntYmqOEKnMrkdDnHcTuKG6m3QA3WtQUX9pFc skVjcqOdQL284ZT/zlO2E2QKhXFHa1nwr7nTE83nPOvBO+VvtrKJDbZzTNEtM5g92Hfh bGO4PLVYx7u8uqwJfNN+FTe6lJ7Wsk4sORR93PAdxKJg9HxUB7P1u9agc9D8w6woS8nN EvQg== X-Gm-Message-State: AHQUAuYMVTl8aW00SO8+7B1i/+XN35DQrbEOeFN2E+xdhXFw3dpiHlUv fpAV9bYGbvpfaVJyRVHwd0odDY6V4YW2ehJ9iIS5nw== X-Received: by 2002:a24:78cb:: with SMTP id p194mr1458351itc.7.1551395534361; Thu, 28 Feb 2019 15:12:14 -0800 (PST) Date: Thu, 28 Feb 2019 15:11:40 -0800 In-Reply-To: <20190228231203.212359-1-matthewgarrett@google.com> Message-Id: <20190228231203.212359-4-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190228231203.212359-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH 04/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" --- drivers/char/mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index b08dc50f9f26..0a2f2e75d5f4 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -786,6 +786,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (kernel_is_locked_down("/dev/mem,kmem,port")) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; } -- 2.21.0.352.gf09ad66450-goog