Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2448612yba; Mon, 15 Apr 2019 11:51:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqwlJT/SiBjKwgT4Uk4P42dG31iS+9TMO4xKjk3G1/dI8SayN85FQve8gzrLXu+f2DYUAWuT X-Received: by 2002:a65:4589:: with SMTP id o9mr55007624pgq.381.1555354309671; Mon, 15 Apr 2019 11:51:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555354309; cv=none; d=google.com; s=arc-20160816; b=cUMiReYeKl7mXDbo+QPlpLaZPv3v9x5RNyd222Bj5cfdPrQf9qm/c42oBaD22MFhgj qma6MWWW7IJEhhC5s4K1xP0/zu2fV0VHX6tGqtWS6VYGnrMXi9UU6F/MrNH3kRnhVzrK 6B3QGa0P7R16CAiYYvwwWDZID1pJ5P7qP0FOBe2rQZmGJ2JVGmycDsCT2fbum0ArLfVA BIqBFjSUpifxt7/W6MyRvAR6Q0qd70lZnQZz2ivj7QHHWQcGru0U3NO8gwI7OXPw+4EG yxqQ5IkAA8AFpKMpZlRnWRZL5cxaC3ZOVcKZn+8fRMSExmlBBZDT//hxKk7AZ6+buXVU CFfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1zvXd9cltFDVrxgcgKT8mP7Da7HAQucxhJ5wbT/0Prs=; b=faPhyKUYOR9eW3SoYQXFQbBrvnkx2eYG5xDzDnhjwViJWxhxeAAZnQ/mQw2aBxg2z/ 3KcW90m4UyoRK+f1DCadAKIzlVRXRhRiorKtL6zqUgTv06RhHpPEGcfIJ7WXyGF8xljB 5UMwqJoOh/j8wWs/guSJpFiPwBuQGzHXPwiBmKPi4ZjYg7xRc5b/s/9ti9jaCONi3qwm ebNsi1HdSfKrMG7mexGtRMPO3p0P1rq0a9iD4uXGrXG7QBKEGNdZdxZGTtHlu+Nyi9DC GexiYhBBYLGVRX+YnBXFn7la4rltRwbdKLEVV0zD1vBby2mqqqA0j1uSWnT5/HC2Garj injQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HDWuJiiM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q16si46757546pgk.405.2019.04.15.11.51.33; Mon, 15 Apr 2019 11:51:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HDWuJiiM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728960AbfDOStq (ORCPT + 99 others); Mon, 15 Apr 2019 14:49:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:50332 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728847AbfDOSrN (ORCPT ); Mon, 15 Apr 2019 14:47:13 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 16035218D3; Mon, 15 Apr 2019 18:47:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555354032; bh=YHMSPxJ0w58YFHRyi+c1nWPrQDd2eBqX++ggwM8xRvM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HDWuJiiMWRz5h1JBJ1Qw6ITTHluuYN8N9D3156Z/Laj7lKkQrNg1nXRYdTsjAo8vr DsnfwRj2t3bG7N0HSUiNTjgEqghcWuWrxvuIOBpxpeGz+IZiY0HzAp/MvCfG4viN3y CEh3s3IklEgcSh14EGZ4YRM2daGw1o0xLXi7cMwo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Theodore Tso Subject: [PATCH 4.9 47/76] tty: ldisc: add sysctl to prevent autoloading of ldiscs Date: Mon, 15 Apr 2019 20:44:11 +0200 Message-Id: <20190415183720.569675985@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190415183707.712011689@linuxfoundation.org> References: <20190415183707.712011689@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kroah-Hartman commit 7c0cca7c847e6e019d67b7d793efbbe3b947d004 upstream. By default, the kernel will automatically load the module of any line dicipline that is asked for. As this sometimes isn't the safest thing to do, provide a sysctl to disable this feature. By default, we set this to 'y' as that is the historical way that Linux has worked, and we do not want to break working systems. But in the future, perhaps this can default to 'n' to prevent this functionality. Signed-off-by: Greg Kroah-Hartman Reviewed-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- drivers/tty/Kconfig | 23 +++++++++++++++++++++++ drivers/tty/tty_io.c | 3 +++ drivers/tty/tty_ldisc.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+) --- a/drivers/tty/Kconfig +++ b/drivers/tty/Kconfig @@ -455,4 +455,27 @@ config MIPS_EJTAG_FDC_KGDB_CHAN help FDC channel number to use for KGDB. +config LDISC_AUTOLOAD + bool "Automatically load TTY Line Disciplines" + default y + help + Historically the kernel has always automatically loaded any + line discipline that is in a kernel module when a user asks + for it to be loaded with the TIOCSETD ioctl, or through other + means. This is not always the best thing to do on systems + where you know you will not be using some of the more + "ancient" line disciplines, so prevent the kernel from doing + this unless the request is coming from a process with the + CAP_SYS_MODULE permissions. + + Say 'Y' here if you trust your userspace users to do the right + thing, or if you have only provided the line disciplines that + you know you will be using, or if you wish to continue to use + the traditional method of on-demand loading of these modules + by any user. + + This functionality can be changed at runtime with the + dev.tty.ldisc_autoload sysctl, this configuration option will + only set the default value of this functionality. + endif # TTY --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -520,6 +520,8 @@ void proc_clear_tty(struct task_struct * tty_kref_put(tty); } +extern void tty_sysctl_init(void); + /** * proc_set_tty - set the controlling terminal * @@ -3705,6 +3707,7 @@ void console_sysfs_notify(void) */ int __init tty_init(void) { + tty_sysctl_init(); cdev_init(&tty_cdev, &tty_fops); if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -155,6 +155,13 @@ static void put_ldops(struct tty_ldisc_o * takes tty_ldiscs_lock to guard against ldisc races */ +#if defined(CONFIG_LDISC_AUTOLOAD) + #define INITIAL_AUTOLOAD_STATE 1 +#else + #define INITIAL_AUTOLOAD_STATE 0 +#endif +static int tty_ldisc_autoload = INITIAL_AUTOLOAD_STATE; + static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc) { struct tty_ldisc *ld; @@ -169,6 +176,8 @@ static struct tty_ldisc *tty_ldisc_get(s */ ldops = get_ldops(disc); if (IS_ERR(ldops)) { + if (!capable(CAP_SYS_MODULE) && !tty_ldisc_autoload) + return ERR_PTR(-EPERM); request_module("tty-ldisc-%d", disc); ldops = get_ldops(disc); if (IS_ERR(ldops)) @@ -774,3 +783,41 @@ void tty_ldisc_deinit(struct tty_struct tty_ldisc_put(tty->ldisc); tty->ldisc = NULL; } + +static int zero; +static int one = 1; +static struct ctl_table tty_table[] = { + { + .procname = "ldisc_autoload", + .data = &tty_ldisc_autoload, + .maxlen = sizeof(tty_ldisc_autoload), + .mode = 0644, + .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &one, + }, + { } +}; + +static struct ctl_table tty_dir_table[] = { + { + .procname = "tty", + .mode = 0555, + .child = tty_table, + }, + { } +}; + +static struct ctl_table tty_root_table[] = { + { + .procname = "dev", + .mode = 0555, + .child = tty_dir_table, + }, + { } +}; + +void tty_sysctl_init(void) +{ + register_sysctl_table(tty_root_table); +}