Skip to content

Commit

Permalink
sysctl: enable strict writes
Browse files Browse the repository at this point in the history
SYSCTL_WRITES_WARN was added in commit f4aacea ("sysctl: allow for
strict write position handling"), and released in v3.16 in August of
2014.  Since then I can find only 1 instance of non-zero offset
writing[1], and it was fixed immediately in CRIU[2].  As such, it
appears safe to flip this to the strict state now.

[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200"
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
kees authored and torvalds committed Jan 21, 2016
1 parent a460bec commit 41662f5
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 9 deletions.
15 changes: 7 additions & 8 deletions Documentation/sysctl/kernel.txt
Original file line number Diff line number Diff line change
Expand Up @@ -825,14 +825,13 @@ via the /proc/sys interface:
Each write syscall must fully contain the sysctl value to be
written, and multiple writes on the same sysctl file descriptor
will rewrite the sysctl value, regardless of file position.
0 - (default) Same behavior as above, but warn about processes that
perform writes to a sysctl file descriptor when the file position
is not 0.
1 - Respect file position when writing sysctl strings. Multiple writes
will append to the sysctl value buffer. Anything past the max length
of the sysctl value buffer will be ignored. Writes to numeric sysctl
entries must always be at file position 0 and the value must be
fully contained in the buffer sent in the write syscall.
0 - Same behavior as above, but warn about processes that perform writes
to a sysctl file descriptor when the file position is not 0.
1 - (default) Respect file position when writing sysctl strings. Multiple
writes will append to the sysctl value buffer. Anything past the max
length of the sysctl value buffer will be ignored. Writes to numeric
sysctl entries must always be at file position 0 and the value must
be fully contained in the buffer sent in the write syscall.

==============================================================

Expand Down
2 changes: 1 addition & 1 deletion kernel/sysctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ extern int no_unaligned_warning;
#define SYSCTL_WRITES_WARN 0
#define SYSCTL_WRITES_STRICT 1

static int sysctl_writes_strict = SYSCTL_WRITES_WARN;
static int sysctl_writes_strict = SYSCTL_WRITES_STRICT;

static int proc_do_cad_pid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
Expand Down

0 comments on commit 41662f5

Please sign in to comment.