Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3662169img; Mon, 25 Mar 2019 15:11:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqzjbISB5AezZJd7s56U6RAXZsGQPoAYZDYf8p+Os/Knn6UKzugJP/73z0zWvIceXa/hbnsM X-Received: by 2002:a65:5a81:: with SMTP id c1mr24081536pgt.391.1553551874889; Mon, 25 Mar 2019 15:11:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553551874; cv=none; d=google.com; s=arc-20160816; b=oW7b7PucuUGYItK1KjmaNU9XMbcWhSsIIBvQoN+9FUMLltPGTYTGP2uvETea9cNkNo MCHtfuxtKiPjfR6o1WkLJv2TDU8ipeqfLe+42BGSY50NfS44oLxcU+HXjTRjwh3gwLSX 8lK2tpi0Uk50uItQlXJVgwPHopJMW7njY5YBd2LeRuTiCf8zChr9EeL88o6HuxR4+WoG uR/k8I51GEuULQ0k0eAz4Z7ViMQVLTVTI5vsBKrdg9zxJVLyDe0IBe7tMj5iLo2u6fTP EQOp8adQLW7UnBu8CY8UzmOZc/lJMFM4qHciy+rn1gB1SnLNqdoqCJIC8DGpk0BoaqXz ksFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=ygaOrSdGppBoGAldn3hUkJE8lcWsQcCZCWtpw82yF68=; b=jOb08wTbZyg+ETGmKAD4Y9c0xhc4uevvy+lFAj7Rdre/Pn5JkBW6yJQuCv91kUNQVc pwUgh0DWy9lclbheLEWTpT8ApsBYEIIIN0ZnujGrnLLPBmJuRNE/QL31qWMS/b1W72pH lkFBEnIqXYQeJUIKR5AXy3jzlUE07rMURSdHI6c0qLORinPKmNuQX0oxS7dptCiuLqbD 1vfhm1EbAjnWy0J1Ebka09I78hW3UnclYgAQgIeFqaby5i5pfVJc8JZKMw2DBhou7yFc L7NNsguFHvIusHmfVUuWLk8R2VTUNJR19g/H4jF7f8AhSZZq/b8enlO3x85cMmKqPFll Re8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=i+RZtfwa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t3si14154252pgc.307.2019.03.25.15.10.59; Mon, 25 Mar 2019 15:11:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=i+RZtfwa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730660AbfCYWKI (ORCPT + 99 others); Mon, 25 Mar 2019 18:10:08 -0400 Received: from mail-ot1-f74.google.com ([209.85.210.74]:36011 "EHLO mail-ot1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730599AbfCYWKG (ORCPT ); Mon, 25 Mar 2019 18:10:06 -0400 Received: by mail-ot1-f74.google.com with SMTP id i4so7325411otf.3 for ; Mon, 25 Mar 2019 15:10:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ygaOrSdGppBoGAldn3hUkJE8lcWsQcCZCWtpw82yF68=; b=i+RZtfwaKLR130wCLRb0HRymzdLNQBWhz+srVgbkCp9K8LknbtrDAqydUBeEgC5PYu fnT3mEAivXx9uic+ygjbI3e5pxjK1yV/0DcAuNdWX9OPgA6g6gO9YbexTjTND6xoxCFf zr+Kp0VN5iTtYFaLXddfDrhpjuz5OGaWd+luD86y0OZt0+BmMPy90A72xF102YLr3S9C FWNjkgqE/opaoDSRU6COJmi3j4Bsvaf4Zm7Cv1CU5n2uDHBIL0dnftmouTyuQCLZOnPV HpaEeKMZ3XXG7u7ehSia+ZDkEtj0nyzYCPhlmGR9E2S5yToBdfc6Bfkj749OaiJmWGqX V5jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ygaOrSdGppBoGAldn3hUkJE8lcWsQcCZCWtpw82yF68=; b=C0CuV0uLu/4b0LbZ1bdn95vo07xuTMN2WiFg/w0pxfEvX416jbosFh1I9JvuOPk3sA 9RTz4dE1n8i3l55F0O7avTFfoq9H88Gw/d7aM6UM/FQbq/y1DyZIAtunZEuOQhKnW9vj c4G0IAE03iFAj0RYRWmRmzP5RkH3ifJgMC5j5om6Xly97CjzHbz3g9oNxwvf9BYvdsMy uQXqR2xvP1xDTP9YCbm481lLS7O1MMGHX+VtPHm7iFkvOPZrnk+7r0vkJbZjxBV512K3 +x2Xh7o9wtMy+omxUz+ZwII6YIygYYKUQDRkET/NXk4y1qnXbW7VLzsgTDUfXP0oz3Ae qWaQ== X-Gm-Message-State: APjAAAURYLvNLlQY7V1DRTlqIwMaUVszIubLJ4P+xHxUoemKUiPB2AFd puHYRg/ptt2ykRUSdac8PkZjiUoAY6SMUuEUs/aXIQ== X-Received: by 2002:aca:c3cc:: with SMTP id t195mr12721683oif.151.1553551805976; Mon, 25 Mar 2019 15:10:05 -0700 (PDT) Date: Mon, 25 Mar 2019 15:09:30 -0700 In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com> Message-Id: <20190325220954.29054-4-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH 03/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Matthew Garrett , Matthew Garrett , x86@kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: x86@kernel.org --- drivers/char/mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index b08dc50f9f26..0a2f2e75d5f4 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -786,6 +786,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (kernel_is_locked_down("/dev/mem,kmem,port")) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; } -- 2.21.0.392.gf8f6787159e-goog