Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4543955img; Tue, 26 Mar 2019 11:29:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqzoGjJJxs/b8//g4o4jPVuYA0IlkyJfNuRLmTNAacY+wxV9K1IAk/fimoj3Xl8esQNXT/v/ X-Received: by 2002:a17:902:7794:: with SMTP id o20mr33770569pll.28.1553624947817; Tue, 26 Mar 2019 11:29:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553624947; cv=none; d=google.com; s=arc-20160816; b=Sslaxi3mzurupJtpFo8SKzNsSIJxos3q0PPyDEsjwT2xKArE2L3WD1IJs3L5BFvxGx jt+e1Wt7ZFSOx4aiC91gsMakkFIV24m05Dmgcs2Xx95u0+XIAMBLAkOi1FEv9RypTnJ/ WoFe3fw/SEgKAJGpO4M2Gy5LYmNammK3R5s6g6cBcfNGEqaEfnUIod5vTeuXAj432/4n Lz+WndnOX+gnUFxZD1qKU+1Ysz/t6Ue9gEBZ/RU+5Xgc0fBQqHlQn6EHwDfQo8uCj+qE HZLzle01+hfuODa5vqyPrq0gUp0bQeszDZd6eH1zylK+vcnwn6/tqCXHS9LUnLn2RSlI Fc9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=J/O8uCPgOG3C0ZxSZ9IB3rxgWx3qFX62jDUsj+e+998=; b=McRgP+8SmPazJ84vbmgq3AO1Om0JpOe5yrVjF451DHB/5kCWVMnnPzTOp0PT9QxcVv omk1sRz3oyjUD5ez2UEPhZROl/xySCgXdVqX6Ya/umcbxXw4C65eOhpyRAyTYhIgK+VZ c+pxamFfz2JnAx8MT3pK3TKEEz/T4WPZd22Q3XqczCWsCCHuLNVk4pz6oZQOZPHyTcQ1 E4y79LafI6x3RynaAEdRsuUA+3wmo/fJuoRgiIx2cMA1AoGojkBZ9eP2kGVAZIvIq/+F ozbYj8r0zRNsr8D/ermLXs47tldd+aMxTNZmMoxz2dq3YkVNOVcE2Nmivnb8sIYd+nan EAGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=K5sdA5I1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y24si13869902pfm.127.2019.03.26.11.28.52; Tue, 26 Mar 2019 11:29:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=K5sdA5I1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732604AbfCZS2I (ORCPT + 99 others); Tue, 26 Mar 2019 14:28:08 -0400 Received: from mail-vk1-f202.google.com ([209.85.221.202]:34501 "EHLO mail-vk1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732575AbfCZS2D (ORCPT ); Tue, 26 Mar 2019 14:28:03 -0400 Received: by mail-vk1-f202.google.com with SMTP id y82so2016306vkd.1 for ; Tue, 26 Mar 2019 11:28:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=J/O8uCPgOG3C0ZxSZ9IB3rxgWx3qFX62jDUsj+e+998=; b=K5sdA5I1sE//tLsvi5folYzvaOlJGge5wGHbTEfX+aWT54ddING0zVnNuLoD1bBwcg gjLVM6znIYvwcHeqwhtIEdbJyxbTy/EpYVnEckV1FU6h0uQvnInhH4CntIcrPrCNHgeh whtma18ma5ixu+z6D26uRzegoUdRlr6DfiOP6EDSld30DWglteeG7X8fivQOp/ibvREf 4x0xKRoTsrL3BKW37+UZt9+d4vmcP3Ook/9PmuK0x4K1R2Eg5LJ04AJSMZvXgxhZmgVD 7MhxCVABNsu2vAapO5xiGnKBb3C2ysBlByJmzKLoxts1P6Ukapc3hjKsUO70BZZ91uAz ncuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=J/O8uCPgOG3C0ZxSZ9IB3rxgWx3qFX62jDUsj+e+998=; b=eciJgYHwcMVtnGBQ2pVH1nta9dobm/Pn9R3NOS1gn3ZRFMH2OrSM6OHcLHRO35Hjw+ P9pkNlHfWriHhSStAtMLx6Jwn3cv5ACowZ6BxTzzo2mMebCNQCj5V5O6wTPZvjC5hXXB ES9pqDgS/B1TJryLTRwVdrHSTr+nOoGoWyLFO7JdkjIAgLNfkVeox7dlYGbFlW2Bf7iU y6gKvHMMH8aO3WY+AYNperB3PDgllCupcxCNAVapKrvPMGfeKyD9SSmyBWx5ovHGDTcs 1NszRRE1mvzQxmBWxjVPGzWGzAAZl53p3dznOezTk7l/LPMh62UE5qlKA/iFH30Q8P0T MVkA== X-Gm-Message-State: APjAAAV+HU5KTs2SXGOE2MuNCjmyWs2khLo7ysaS+/eSC8Xrk5ThQSPN wI2EM222/Sz2Oyg4VPjJK0Eo+pCOyyuiaBG9a+6I4g== X-Received: by 2002:a67:fa52:: with SMTP id j18mr10694005vsq.118.1553624882922; Tue, 26 Mar 2019 11:28:02 -0700 (PDT) Date: Tue, 26 Mar 2019 11:27:19 -0700 In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com> Message-Id: <20190326182742.16950-4-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V31 03/25] Restrict /dev/{mem,kmem,port} when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Matthew Garrett , Matthew Garrett , x86@kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: x86@kernel.org --- drivers/char/mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index b08dc50f9f26..67b85939b1bd 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -786,6 +786,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (kernel_is_locked_down("/dev/mem,kmem,port", LOCKDOWN_INTEGRITY)) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; } -- 2.21.0.392.gf8f6787159e-goog