linux/Documentation
Kees Cook f4aacea2f5 sysctl: allow for strict write position handling
When writing to a sysctl string, each write, regardless of VFS position,
begins writing the string from the start.  This means the contents of
the last write to the sysctl controls the string contents instead of the
first:

  open("/proc/sys/kernel/modprobe", O_WRONLY)   = 1
  write(1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 4096) = 4096
  write(1, "/bin/true", 9)                = 9
  close(1)                                = 0

  $ cat /proc/sys/kernel/modprobe
  /bin/true

Expected behaviour would be to have the sysctl be "AAAA..." capped at
maxlen (in this case KMOD_PATH_LEN: 256), instead of truncating to the
contents of the second write.  Similarly, multiple short writes would
not append to the sysctl.

The old behavior is unlike regular POSIX files enough that doing audits
of software that interact with sysctls can end up in unexpected or
dangerous situations.  For example, "as long as the input starts with a
trusted path" turns out to be an insufficient filter, as what must also
happen is for the input to be entirely contained in a single write
syscall -- not a common consideration, especially for high level tools.

This provides kernel.sysctl_writes_strict as a way to make this behavior
act in a less surprising manner for strings, and disallows non-zero file
position when writing numeric sysctls (similar to what is already done
when reading from non-zero file positions).  For now, the default (0) is
to warn about non-zero file position use, but retain the legacy
behavior.  Setting this to -1 disables the warning, and setting this to
1 enables the file position respecting behavior.

[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: move misplaced hunk, per Randy]
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-06-06 16:08:13 -07:00
..
ABI ACPI and power management updates for 3.16-rc1 2014-06-04 08:57:16 -07:00
accounting Documentation/accounting/getdelays.c: avoid strncpy in accounting tool 2013-07-03 16:08:06 -07:00
acpi Documentation / ACPI: Fix location of GPIO documentation 2014-05-23 14:39:26 +02:00
aoe aoe: remove do-nothing NAME="%k" term from example udev rules 2013-09-11 15:59:28 -07:00
arm Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm into next 2014-06-05 15:57:04 -07:00
arm64 doc: arm64: add description of EFI stub support 2014-04-30 19:57:05 +01:00
auxdisplay
backlight backlight: lp855x_bl: support new LP8555 device 2013-11-13 12:09:14 +09:00
blackfin Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
block Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
blockdev zram: propagate error to user 2014-04-07 16:36:02 -07:00
bus-devices
cdrom
cgroups Documentation/memcg: warn about incomplete kmemcg state 2014-06-04 16:54:00 -07:00
connector w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
console TTY:console: update document console.txt 2013-05-21 10:21:57 -07:00
cpu-freq PM / OPP: Move cpufreq specific OPP functions out of generic OPP library 2014-05-07 00:39:03 +02:00
cpuidle cpuidle: remove cpuidle_unregister_governor() 2013-10-30 01:21:24 +01:00
cris
crypto drivers/dma: remove unused support for MEMSET operations 2013-07-03 16:07:42 -07:00
development-process Documentation: development-process: Update -mm and -next URLs 2013-07-25 12:37:24 +02:00
device-mapper dm thin: add 'no_space_timeout' dm-thin-pool module param 2014-05-20 14:30:36 -04:00
devicetree drivers/rtc/rtc-hym8563.c: add optional clock-output-names property 2014-06-06 16:08:08 -07:00
DocBook Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media into next 2014-06-04 14:24:30 -07:00
driver-model Staging driver patches for 3.16-rc1 2014-06-03 08:34:00 -07:00
dvb Linux 3.14-rc5 2014-03-11 06:55:49 -03:00
early-userspace Documentation: remove reference to 2.7 kernel in early-userspace 2013-08-20 12:47:28 +02:00
EDID drm: Add 1600x1200 (UXGA) screen resolution to the built-in EDIDs 2013-04-12 14:06:16 +10:00
extcon extcon: fix switch class porting guide (Documentation) 2014-01-07 11:54:28 +09:00
fault-injection
fb doc: spelling error changes 2014-05-05 15:32:05 +02:00
filesystems Documentation/filesystems/seq_file.txt: create_proc_entry deprecated 2014-06-06 16:08:11 -07:00
firmware_class
fmc FMC: make eeprom attribute writable 2014-02-28 15:12:08 -08:00
frv
gpio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
hwmon New driver for NCT6683D 2014-06-03 11:09:43 -07:00
i2c Documentation: i2c: improve section about flags mangling the protocol 2014-04-06 13:53:48 +02:00
i2o
ia64 Fix example error_injection_tool 2013-04-02 09:39:55 -07:00
ide Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
infiniband
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
ioctl s390/hypfs: add interface for diagnose 0x304 2014-01-24 09:40:59 +01:00
isdn
ja_JP Documentation: Update stable address in Chinese and Japanese translations 2014-04-16 14:13:27 -07:00
kbuild kconfig: make allnoconfig disable options behind EMBEDDED and EXPERT 2014-04-07 16:36:09 -07:00
kdump Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
ko_KR Documentation: HOWTO: Updates on subsystem trees, patchwork, -next (vs. -mm) in ko_KR 2014-01-08 15:32:51 -08:00
laptops Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
leds Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
m68k Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
make
memory-devices
metag doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
mic misc: mic: Fix endianness issues. 2013-11-27 11:03:38 -08:00
mips
misc-devices Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2014-01-29 18:56:27 -08:00
mmc mmc: core: Add in support to expose PRV for v4 MMCs 2013-03-22 12:10:42 -04:00
mn10300
mtd doc: spelling error changes 2014-05-05 15:32:05 +02:00
namespaces
netlabel
networking Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
nfc
parisc parisc: document the shadow registers 2013-07-09 22:09:19 +02:00
PCI Merge branch 'pci/dead-code' into next 2014-02-20 14:32:34 -07:00
pcmcia
phy phy: Add new Exynos USB 2.0 PHY driver 2014-03-08 12:39:44 +05:30
power Merge branch 'pm-cpufreq' 2014-06-03 23:13:20 +02:00
powerpc doc: spelling error changes 2014-05-05 15:32:05 +02:00
pps USB: serial: invoke dcd_change ldisc's handler. 2013-09-26 09:45:40 -07:00
prctl
pti
ptp ptp: Fix compiler warnings in the testptp utility 2014-03-27 14:51:47 -04:00
rapidio rapidio: rework device hierarchy and introduce mport class of devices 2014-04-07 16:36:07 -07:00
RCU documentation: Update API documentation 2014-04-29 08:38:53 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
scheduler asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
scsi [SCSI] megaraid_sas: Version and Changelog update 2014-03-15 10:19:21 -07:00
security doc: spelling error changes 2014-05-05 15:32:05 +02:00
serial tty/serial: Add GPIOLIB helpers for controlling modem lines 2014-05-28 12:49:14 -07:00
sh
sound doc: spelling error changes 2014-05-05 15:32:05 +02:00
spi Merge remote-tracking branches 'spi/topic/s3c64xx', 'spi/topic/sc18is602', 'spi/topic/sh-hspi', 'spi/topic/sh-msiof', 'spi/topic/sh-sci', 'spi/topic/sirf' and 'spi/topic/spidev' into spi-next 2014-03-30 00:51:34 +00:00
sysctl sysctl: allow for strict write position handling 2014-06-06 16:08:13 -07:00
target target: Remove TF_CIT_TMPL macro 2013-10-16 13:35:02 -07:00
thermal thermal: thermal_core: allow binding with limits on bind_params 2013-09-03 09:10:24 -04:00
timers timer_stats/doc: Fix /proc/timer_stats documentation 2014-05-04 20:46:32 +02:00
tpm drivers/tpm: add xen tpmfront interface 2013-08-09 10:57:06 -04:00
trace Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
vDSO
video4linux [media] exynos4-is: Remove support for non-dt platforms 2014-05-23 18:52:54 -03:00
virtual Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
vm mm/memory-failure.c: support use of a dedicated thread to handle SIGBUS(BUS_MCEERR_AO) 2014-06-04 16:54:13 -07:00
w1 w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
watchdog watchdog: it87_wdt: Work around non-working CIR interrupts 2014-03-31 13:33:55 +02:00
wimax
x86 Merge branch 'x86/espfix' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into next 2014-06-05 07:46:15 -07:00
xtensa xtensa: remap io area defined in device tree 2014-01-15 00:25:14 +04:00
zh_CN driver core fixes for 3.15-rc2 2014-04-18 16:59:52 -07:00
.gitignore
00-INDEX Merge branch 'x86-nuke-platforms-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 13:15:58 -07:00
applying-patches.txt
assoc_array.txt KEYS: Fix multiple key add into associative array 2013-12-02 11:24:18 +00:00
atomic_ops.txt arch,doc: Convert smp_mb__*() 2014-04-18 14:20:48 +02:00
bad_memory.txt
basic_profiling.txt
bcache.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt Documentation: fix typo and update version in cachetlb.txt 2013-08-20 12:46:52 +02:00
Changes doc: Note need of bc in the kernel build from 3.10 onwards 2014-05-19 16:27:20 +02:00
circular-buffers.txt documentation: Update circular buffer for load-acquire/store-release 2013-12-03 10:08:57 -08:00
clk.txt Documentation: clk: Add locking documentation 2014-03-19 14:56:06 -07:00
coccinelle.txt Coccinelle: Update information about the minimal version required 2013-07-03 22:58:20 +02:00
CodingStyle Documentation: expand/clarify debug documentation 2014-06-04 16:54:17 -07:00
cpu-hotplug.txt Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks 2014-03-20 13:43:40 +01:00
cpu-load.txt
cputopology.txt doc: Documentation/cputopology.txt fix typo 2013-09-04 12:59:47 +02:00
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
dell_rbu.txt
devices.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
digsig.txt
DMA-API-HOWTO.txt DMA-API: Update dma_pool_create ()and dma_pool_alloc() descriptions 2014-05-26 17:28:28 -06:00
DMA-API.txt DMA-API: Capitalize "CPU" consistently 2014-05-26 17:28:27 -06:00
DMA-attributes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
dma-buf-sharing.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
DMA-ISA-LPC.txt DMA-API: Clarify physical/bus address distinction 2014-05-20 16:54:21 -06:00
dmaengine.txt
dmatest.txt dmatest: add a 'wait' parameter 2013-11-14 11:04:40 -08:00
dontdiff Documentation: LLVMLinux: Update Documentation/dontdiff 2014-04-09 13:44:34 -07:00
dynamic-debug-howto.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
edac.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
efi-stub.txt doc: arm64: add description of EFI stub support 2014-04-30 19:57:05 +01:00
eisa.txt
email-clients.txt Documentation: update thunderbird email client settings 2014-05-25 12:39:00 -07:00
flexible-arrays.txt
futex-requeue-pi.txt doc: fix double words 2014-03-21 13:16:58 +01:00
gcov.txt gcov: compile specific gcov implementation based on gcc version 2013-11-13 12:09:34 +09:00
highuid.txt
HOWTO Documentation: HOWTO: Update broken links to tpp 2013-12-10 23:09:08 -08:00
hsi.txt Documentation: HSI: Add some general description for the HSI subsystem 2014-05-04 09:49:46 +02:00
hw_random.txt hwrng: Fix a wrong comment in Documentation/hw_random.txt 2013-03-10 18:16:36 +08:00
hwspinlock.txt doc: documentation/hwspinlock.txt fix typo 2013-08-27 10:46:02 +02:00
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
iostats.txt iostats.txt: add easy-to-find description for field 6 2013-04-29 15:18:50 +02:00
IPMI.txt ipmi: add options to disable openfirmware and PCI scanning 2013-02-27 19:10:21 -08:00
IRQ-affinity.txt doc: fix a typo about irq affinity 2013-08-20 12:59:18 +02:00
IRQ-domain.txt genirq: Improve documentation to match current implementation 2014-05-27 10:16:44 +02:00
IRQ.txt
irqflags-tracing.txt asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
isapnp.txt
java.txt Documentation: update java sample wrapper for java 7 2014-05-25 12:39:00 -07:00
kernel-doc-nano-HOWTO.txt kernel-doc: Update references to SGML to refs to XML instead. 2013-05-28 12:02:11 +02:00
kernel-docs.txt
kernel-parameters.txt kernel/panic.c: add "crash_kexec_post_notifiers" option for kdump after panic_notifers 2014-06-06 16:08:12 -07:00
kernel-per-CPU-kthreads.txt Documentation/kernel-per-CPU-kthreads.txt: Workqueue affinity 2014-02-17 14:56:08 -08:00
kmemcheck.txt doc: fix double words 2014-03-21 13:16:58 +01:00
kmemleak.txt Documentation/kmemleak.txt: updates 2014-04-03 16:21:27 -07:00
kobject.txt kobject: remove kset from sysfs immediately in kset_unregister() 2013-12-07 21:20:11 -08:00
kprobes.txt
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt lockstat: Report avg wait and hold times 2013-10-09 08:19:08 +02:00
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt Documentation/serial: Delete obsolete driver documentation 2014-04-16 14:20:34 -07:00
Makefile
ManagementStyle
md.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
media-framework.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-07-13 12:09:57 -07:00
memory-barriers.txt Documentation/memory-barriers.txt: fix important typo re memory barriers 2014-06-06 16:08:11 -07:00
memory-hotplug.txt memory-hotplug: update documentation to hide information about SECTIONS and remove end_phys_index 2014-06-04 16:53:58 -07:00
module-signing.txt Nothing major: the stricter permissions checking for sysfs broke 2014-04-06 09:38:07 -07:00
mono.txt
mutex-design.txt locking/doc: Update references to kernel/mutex.c 2013-11-11 12:41:33 +01:00
nommu-mmap.txt
numastat.txt
oops-tracing.txt Use 'E' instead of 'X' for unsigned module taint flag. 2014-03-31 14:52:43 +10:30
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt drivers: phy: Add support for optional phys 2014-02-05 05:48:43 +00:00
pi-futex.txt
pinctrl.txt pinctrl: Fix some typos and grammar issues in the documentation 2014-01-15 13:59:50 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt doc: printk-formats: do not mention casts for u64/s64 2014-05-05 15:32:42 +02:00
pwm.txt Documentation/pwm: Fix trivial typos 2013-10-24 10:51:33 +02:00
ramoops.txt
rbtree.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
remoteproc.txt
rfkill.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
robust-futex-ABI.txt Documentation/robust-futex-API: Count properly to 4 2013-11-30 14:08:28 +01:00
robust-futexes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
rpmsg.txt
rt-mutex-design.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
rt-mutex.txt
rtc.txt rtc: add ability to push out an existing wakealarm using sysfs 2013-07-03 16:07:54 -07:00
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
spinlocks.txt sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules: spelling/word usage 2014-04-16 14:13:26 -07:00
static-keys.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
SubmitChecklist Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: describe the Fixes: tag 2014-06-06 16:08:11 -07:00
svga.txt
sysfs-rules.txt doc: Fix typo in doucmentations 2013-07-25 12:34:15 +02:00
sysrq.txt sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
this_cpu_ops.txt percpu: add documentation on this_cpu operations 2013-04-04 10:24:53 -07:00
unaligned-memory-access.txt ether_addr_equal: Optimize implementation, remove unused compare_ether_addr 2013-12-06 16:37:43 -05:00
unicode.txt
unshare.txt
vfio.txt vfio: fix documentation 2013-09-05 16:36:21 -06:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt VME: Rename vme_slot_get to avoid confusion with reference counting 2013-12-03 11:15:58 -08:00
volatile-considered-harmful.txt
workqueue.txt workqueue: Correct/Drop references to gcwq in Documentation 2013-08-21 10:32:09 -04:00
ww-mutex-design.txt mutex: Add support for wound/wait style locks 2013-06-26 12:10:56 +02:00
xz.txt
zorro.txt zorro/UAPI: Disintegrate include/linux/zorro*.h 2013-11-26 11:09:08 +01:00