Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4526296imb; Wed, 6 Mar 2019 16:00:17 -0800 (PST) X-Google-Smtp-Source: APXvYqzvjX54KIyV9ltzcjkIDl8v2q/RXsOjrSkbl4rtwfboFhGDTO6Hnr2ePLg8C41CjNpa9es0 X-Received: by 2002:a17:902:e409:: with SMTP id ci9mr9490386plb.221.1551916817239; Wed, 06 Mar 2019 16:00:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551916817; cv=none; d=google.com; s=arc-20160816; b=VgAYKyiaW47eCCAAY36r1n1OFFviJuf1yP7RQOpWRENPt6RWOPZ0aU2NyuQxpYoFlG swJNtkzc2WjqCodNLv8Ev/mjHB1SVQ+8aNVrJ7p+fd9T31sROzpXB6+GmNr7Hviz4y3m 3zu3hYzZ+yCld7FwBHT0okQg4Wg9J2PGEiaqI2IkmIyI/YBWHVgnSI3J5IriemuP9WHc 9N0LfCjAwtZV3KZMEf/gCIWQ1Ckf8SXldJ2vRM3KocBWjyly2eWd5j4XiVj8rZcpvY5k kBsgG5KhcY4viuAqbQyzq45c8ytymGTRZGCSth+pL4UMd4m6E/fmR646KvG+WTyW36Kq XuhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=kn7ZudvBI/03PKgGXw1nMgRojbgZaoMdjyO+S6moRI0=; b=BS78IzlNJxpLY9+Yki6Pa4WEBdnLN/nFEcYiWvsXv59twb9h6s36X5SmnS+N53kFiB ESA9IEprzR/OPujuhKhbB9c08kBGJq++EbjFEurTY9PmjknsfuJeOc1vpthbs974zZa9 4VZYGA9dOQomAn29fOFNdEzWpXHXhgIRbiv3IKTx+u1M7QkiA5gMr0dHhQNeFPYNjHSv FzYFqk9Pp4u0Xqda2sfFRj5o0COzLQOJyOwk/br0TOg6THiwgdOEF09rO59qAar2EKQf h/qV/Gj+/izDZ4wNsk1Fqye1O7sMJI+NI9eWfqzOK9H8KmMxaS4KYaqQ2iq+o/CkHH8Z c0fQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=f2Vz+bmb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t11si2705270plq.264.2019.03.06.16.00.02; Wed, 06 Mar 2019 16:00:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=f2Vz+bmb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726307AbfCFX7e (ORCPT + 99 others); Wed, 6 Mar 2019 18:59:34 -0500 Received: from mail-ua1-f73.google.com ([209.85.222.73]:46083 "EHLO mail-ua1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726318AbfCFX7b (ORCPT ); Wed, 6 Mar 2019 18:59:31 -0500 Received: by mail-ua1-f73.google.com with SMTP id r16so2004956uam.13 for ; Wed, 06 Mar 2019 15:59:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=kn7ZudvBI/03PKgGXw1nMgRojbgZaoMdjyO+S6moRI0=; b=f2Vz+bmb72rU8TXAbQUVHV/BS0XxQR8BaDpblMSQJPvqTAWAo8FH6rjvvkmty1lXVN SzbdDgeM7GDCN25rpO5I6dfPl172rEj48Xad3Rn1rWnePrIISwkcDNMZIJmSIebAXse+ XsVqdOdk6J8igYLtIHxW3P/+wEq3nZluCfBLzTbUCUGfEXzDRA1DVrey/hGgFxWjydo3 Br/WOcIb/h3fwOLZ2puu0+j4YYS73MJj2SVkJvV2a2cVei0ql1giXtp6b0EqMo9Pcxzl jYU7HM0VYldodlzN4As8zcXSrmqAaZohjTwKA7+CtISN8JHqDUXoLL6uQwYuEijyqLYM 4KPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=kn7ZudvBI/03PKgGXw1nMgRojbgZaoMdjyO+S6moRI0=; b=gNi7Np0YFK1JISrP3EEVZgpzYWAHIADjTXcwqPkagio9HnjrjoVlIpvev0E2UEqcu0 T7VzjQ1vgAG+ZdqWVcINxBWYFG9rCDrhFz38ALe3V7A09HTjKN5L+fYu8GdWkD+Sx+KW bRj+MDAOkkktYyhC/0U9Tw17nYV+gc/81S0VVtN+y1kMt7yE0CBhL7R+5j3LLCAe4k39 VcTaZquq8nq3slSQtiQC1CWr1vmgDiYp+nXwxGESrXLWFGm544xELRHGAsMgn8tlQ6he plTXQYYt3vxo9toldlWhXc/aEhvWvh2N/BHOuv33r3fD2a9ktaPQ80ETtIj3PK4ZOPPg GNpw== X-Gm-Message-State: APjAAAXufHmnPm9tZX7bN7MMtkQ7oP3k79LUd0V6ALpDFbgjCojPpgTy PzFC0cRRjl2FaOvqfA02LqqTNw2umGtSwCFc0fG+rg== X-Received: by 2002:ab0:641a:: with SMTP id x26mr6875819uao.12.1551916770265; Wed, 06 Mar 2019 15:59:30 -0800 (PST) Date: Wed, 6 Mar 2019 15:58:50 -0800 In-Reply-To: <20190306235913.6631-1-matthewgarrett@google.com> Message-Id: <20190306235913.6631-5-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190306235913.6631-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH 04/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" Signed-off-by: Matthew Garrett --- drivers/char/mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index b08dc50f9f26..0a2f2e75d5f4 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -786,6 +786,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (kernel_is_locked_down("/dev/mem,kmem,port")) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; } -- 2.21.0.352.gf09ad66450-goog