Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp2102934ybc; Wed, 13 Nov 2019 09:02:33 -0800 (PST) X-Google-Smtp-Source: APXvYqzvUAWz8akfMQWol5lKC92pkJUe7cv7o8WdZsr1iV7Mch00FbvtemVxxRNiJugPPvKoX4vm X-Received: by 2002:a17:906:4c8c:: with SMTP id q12mr3897528eju.256.1573664553321; Wed, 13 Nov 2019 09:02:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573664553; cv=none; d=google.com; s=arc-20160816; b=L8OiUcPrBQ0TnvKDjHxN00KsrVAtwYo375U7QUhRjfPn+AOy9sXLAZTVtryp8QAoae ftcEuVIfr2NGATUtEzGVtTyEjrHyupRVLt0FYkjhHIG2z2ME21/Y9oLU4mmlo6JwYTno jqfYRukimEYpq14Yo9sGC2wKg2L9Oc4h24TYfq0hazfUbld51WSk+m+c20og/4AyoCoK uUpZabXYBM0yQF80Xzjl++MVb4AlBBAzib8MPV+42851CNg54w57mMf0WUaGQZhCtrRY TZqV06dHh/LdERu0BNfJF6G1+msUdpZfVOgSF6uM2dDncDkv6XRFbvZHpql9WRsu0fP/ DAKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=GcxXz/hy0yD4Dv/1aRup6B2d7cDG6vSzxW491ZecOnY=; b=k2kMTna3pw7o+hrsaKnW1PczsLxOAOJVo14GxrWfegtQyAbqa7J9HRgazsUuGxclMr ZOcZHvKX+Mx5KsSyv6IuzcpamTpc43xaEnwjlR5g87t14kmvoAk1/vuS+AhvfMIWmtXq XX0rhEayKzPWZz3wCCUUZDLHanTVyFHSwBeACApmjyZqv/VKeFF2kwqdMmq8N/ZgR635 47Bsf0NJW/EQ7ABf+6dRz7m07+ydniCO9/MRGW1952NP/GD/NTHrw1CIMiRlYX19aNIW 5VR74p3Z0B9785fEt7LI95RUhFCzPvsadIIy2a5w1Rs2VfA2bBnFkJkMRnoB46JY/cB6 gwEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IkbtOt20; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c13si1759634edv.320.2019.11.13.09.02.05; Wed, 13 Nov 2019 09:02:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IkbtOt20; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728228AbfKMQAt (ORCPT + 99 others); Wed, 13 Nov 2019 11:00:49 -0500 Received: from mail-oi1-f193.google.com ([209.85.167.193]:39665 "EHLO mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728199AbfKMQAs (ORCPT ); Wed, 13 Nov 2019 11:00:48 -0500 Received: by mail-oi1-f193.google.com with SMTP id v138so2224567oif.6 for ; Wed, 13 Nov 2019 08:00:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GcxXz/hy0yD4Dv/1aRup6B2d7cDG6vSzxW491ZecOnY=; b=IkbtOt20hldM/bTM0mBSZl/lLqhj4os3wESjTi8qxWbG3L81gb5wKmTMIXPKKUGmJK NNgkdbCScyvuJFDjMLFTdTsvkPUUGcyzZ5LAzlR2NI2iYw2KbA09cuEKLSaSZnMVrGzx T/YO7QC4Q2XXwU+K6ElpD1LWMIflls/i19bT4v7D7mepGI1+BVABmGM/KFIb2HiMtf5V VYGFnpcXMIBPgH3YGcbfVQit3z9aHZRd4455Xrn65g5X4mtB9J+a1ARi8O63tOSrydOc tHE82uxnEeOpFrB7WM55hx/eR9Pz/5VeIDKJUAxwkdw3FHvbSEgMaabxRtI1ejn6g6H6 cNfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GcxXz/hy0yD4Dv/1aRup6B2d7cDG6vSzxW491ZecOnY=; b=Q35ctvdus2FCvBlrqEnBgnCVR7CvmfvgLIHJB5lpE3LBVmv7si9Y4bkE19gph49Cc4 xzgDx2OM7KA+DmvAZOTseS5THvV2KGiEFFWeYtPJsNbRXC2WA1gOnQky1KgBbO1Jo1Up ZW3bzvSy2beOCN4xIQADDky74KkNRjxSu5ybGV7iQg25nkZsnyzdB0u4HOypFycU6Sd3 drWmvNM647sbCZvmM2RU2ga1XZVXktWxqJ8S34bAGsN/SQ8t5ScYqt7Se+G+SbP9fW5w Ldb0b4k0CZzA41ChUH+F08uK1pxRzrZpK845YMk8b7c+yJBj/YDL95vp2I1t3zS4vl6Z eC+Q== X-Gm-Message-State: APjAAAWX/MIkWF8se1XdTyF88F5eyQRA9Afg3O09TtgvRRb0wTbEcDIm 1QjYX5lQEjphDEdSU/9KEWhQsuh22+OOAWXDFxe6JA== X-Received: by 2002:aca:ccd1:: with SMTP id c200mr4406127oig.157.1573660845922; Wed, 13 Nov 2019 08:00:45 -0800 (PST) MIME-Version: 1.0 References: <74a91362-247c-c749-5200-7bdce704ed9e@gmail.com> <20191112232239.yevpeemgxz4wy32b@wittgenstein> In-Reply-To: <20191112232239.yevpeemgxz4wy32b@wittgenstein> From: Jann Horn Date: Wed, 13 Nov 2019 17:00:19 +0100 Message-ID: Subject: Re: [PATCH] Allow restricting permissions in /proc/sys To: Topi Miettinen Cc: Luis Chamberlain , Kees Cook , Alexey Dobriyan , "linux-kernel@vger.kernel.org" , "open list:FILESYSTEMS (VFS and infrastructure)" , Linux API , Christian Brauner Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 13, 2019 at 12:22 AM Christian Brauner wrote: > On Sun, Nov 03, 2019 at 04:55:48PM +0200, Topi Miettinen wrote: > > Several items in /proc/sys need not be accessible to unprivileged > > tasks. Let the system administrator change the permissions, but only > > to more restrictive modes than what the sysctl tables allow. > > > > Signed-off-by: Topi Miettinen > > --- > > fs/proc/proc_sysctl.c | 41 +++++++++++++++++++++++++++++++---------- > > 1 file changed, 31 insertions(+), 10 deletions(-) > > > > diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c > > index d80989b6c344..88c4ca7d2782 100644 > > --- a/fs/proc/proc_sysctl.c > > +++ b/fs/proc/proc_sysctl.c > > @@ -818,6 +818,10 @@ static int proc_sys_permission(struct inode *inode, int > > mask) > > if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) > > return -EACCES; > > > > + error = generic_permission(inode, mask); > > + if (error) > > + return error; In kernel/ucount.c, the ->permissions handler set_permissions() grants access based on whether the caller has CAP_SYS_RESOURCE. And in net/sysctl_net.c, the handler net_ctl_permissions() grants access based on whether the caller has CAP_NET_ADMIN. This added check is going to break those, right?