Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp683713yba; Wed, 3 Apr 2019 17:34:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqwNnnjyFMALCfwcgZ8kk7EhyS/NRtbRceQ1DPzGKAKxv/O0Dp5bwOl+EKvxp6uWQmtOuUNp X-Received: by 2002:a62:e112:: with SMTP id q18mr2658143pfh.116.1554338048075; Wed, 03 Apr 2019 17:34:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554338048; cv=none; d=google.com; s=arc-20160816; b=ynwPCIqpHnO5jIe6g0q6HCkF53UAxu2Pa2gqbkkNdSoilqmjQfvxdQhcAxcnhJ0kag tHi1+i/OPuEb0CHKrPmTtUx6fNlXhYDemZ9r9gxbnKinsoMtNi8V/IUwTuQRPbPBcS8n 5e8Q4hNRlK7cEE0RgJQnI+mF+A2XwDGeaH9gIV6S8IyvOT601zsQq84rJFMUNEEtFumB QoBcoAsjGwfxgo+Vv2OvqldXzZ1ULXZA5ZJrVn0mx0e41JtaTXKNHYbPirLp6JRpoTa2 8LpXzIalinbjIHDGYAkNQXtz0pV1lW8/SaJ4t6sXGX0qwht827VIztVIx56UpoH7/6eM 1oTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=J/O8uCPgOG3C0ZxSZ9IB3rxgWx3qFX62jDUsj+e+998=; b=Omzsawrn/v3a5szIlKtDuihCV5+tdmfNkpukzT/1lyZhRLiWBWsT4aHGIkDgio0WKp 3hltKAgIL6CTY5bhoT44nkol4pDcXunICq5OPqbkGPpMsm3zFJIWPsJWLituunDD8ngX dnzZqHJDwpzntAjc2QHoNzdoSVpt2ohiL1CRMavf4VaZxaDwHBQar0HkoJuokxaHuaua /Ju6/h3epJNOyceelL8sLPM/VpiJJaiLVRSixWNPb/Jvzcgi3eVsexEr/OW+gdfPj+rh K5fdPPsIKiZves3y1xX14tzhLAMWzqfGSy1t9dVXGLl40+LYhp/DTUs5WsN4rz88EeBN Egtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vgoJjG5q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m1si14448766pgh.8.2019.04.03.17.33.53; Wed, 03 Apr 2019 17:34:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vgoJjG5q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726637AbfDDAdG (ORCPT + 99 others); Wed, 3 Apr 2019 20:33:06 -0400 Received: from mail-ot1-f74.google.com ([209.85.210.74]:33563 "EHLO mail-ot1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726602AbfDDAdC (ORCPT ); Wed, 3 Apr 2019 20:33:02 -0400 Received: by mail-ot1-f74.google.com with SMTP id j20so310994otr.0 for ; Wed, 03 Apr 2019 17:33:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=J/O8uCPgOG3C0ZxSZ9IB3rxgWx3qFX62jDUsj+e+998=; b=vgoJjG5q4rtz+YnW7QFxLtkKiNTEeMeN2Jjo6dB4tHhzh6J5rd4VqgVpPMdWxBOhIR xyxgHLpoCQRKK9bD+fTPnwzNly08uJah2vgFVECpeRaNEybKY3nkN+XdxeHQVV50rw2N O4m1zdBrrDmBC+oemCKnUk8eacn9Cr5CQJyd91MzGsXy+U9bXfWBhWMB9LecvN8p7tZU uAhUZWA0D2ckedngDJl5Z3fPF+16NsGiIxhMZTwvIsUtrlXCH4hz9dLACPqX4sWzyrPz YkaoDhWXZ0STqfBy9o7EmDFqhNTSR1PavNe2qPxre0g3gQq+nyXfZx081omUpnKA+3qx Ecrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=J/O8uCPgOG3C0ZxSZ9IB3rxgWx3qFX62jDUsj+e+998=; b=XM5OHpGMps67gU3GpnYDZY6y/Xy//9xQmCivBZJIVQx+gAvxurDImjTA2MqDvOE+j1 /Fh1x/DILykeC3qtQOX4001m/XSQBjYvG9vmV04P14jK8ZIpfYlESjcT7v+weUngoBSJ OKfAUbR06jc365EC9azLZi5tjnOSVGIuW34P7NY9ttbfqMKElqHzhYBUJJWT/yiyS/Xj J5M4UhfCVaUYR+D657pWIajNjP1sYoo1WD2klRGIVIQnHhulmFR47DUnp0ksW40vTia1 DdsfqdjGMV1mEtd1lLom+6dqX2HmxgerC3G1dEu1JdehZLzj4MSyKM3ZC+YBMVvqlTeD 6wZw== X-Gm-Message-State: APjAAAXx5ac3YrjFvPebKqA9Dkp6tSwY1BAyDgW7pfnzibqm0BTj/j8P uEPk+PQC2tHjuph7Iok/CBsS3ApGSnM8gNVR1+HvmQ== X-Received: by 2002:aca:6c53:: with SMTP id h80mr331384oic.11.1554337982282; Wed, 03 Apr 2019 17:33:02 -0700 (PDT) Date: Wed, 3 Apr 2019 17:32:25 -0700 In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com> Message-Id: <20190404003249.14356-4-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190404003249.14356-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V32 03/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Matthew Garrett , Matthew Garrett , x86@kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: x86@kernel.org --- drivers/char/mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index b08dc50f9f26..67b85939b1bd 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -786,6 +786,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { + if (kernel_is_locked_down("/dev/mem,kmem,port", LOCKDOWN_INTEGRITY)) + return -EPERM; return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; } -- 2.21.0.392.gf8f6787159e-goog