diff mbox series

[V32,20/27] Lock down /proc/kcore

Message ID	20190404003249.14356-21-matthewgarrett@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> Date: Wed, 3 Apr 2019 17:32:42 -0700 In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com> Message-Id: <20190404003249.14356-21-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190404003249.14356-1-matthewgarrett@google.com> Subject: [PATCH V32 20/27] Lock down /proc/kcore From: Matthew Garrett <matthewgarrett@google.com> To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Matthew Garrett <mjg59@google.com> Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk
Series	Lockdown patches for 5.2 \| expand [V32,0/27] Lockdown patches for 5.2 [V32,01/27] Add the ability to lock down access to the running kernel image [V32,02/27] Enforce module signatures if the kernel is locked down [V32,03/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down [V32,04/27] kexec_load: Disable at runtime if the kernel is locked down [V32,05/27] Copy secure_boot flag in boot params across kexec reboot [V32,06/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE [V32,07/27] kexec_file: Restrict at runtime if the kernel is locked down [V32,08/27] hibernate: Disable when the kernel is locked down [V32,09/27] uswsusp: Disable when the kernel is locked down [V32,10/27] PCI: Lock down BAR access when the kernel is locked down [V32,11/27] x86: Lock down IO port access when the kernel is locked down [V32,12/27] x86/msr: Restrict MSR access when the kernel is locked down [V32,13/27] ACPI: Limit access to custom_method when the kernel is locked down [V32,14/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down [V32,15/27] acpi: Disable ACPI table override if the kernel is locked down [V32,16/27] Prohibit PCMCIA CIS storage when the kernel is locked down [V32,17/27] Lock down TIOCSSERIAL [V32,18/27] Lock down module params that specify hardware parameters (eg. ioport) [V32,19/27] x86/mmiotrace: Lock down the testmmiotrace module [V32,20/27] Lock down /proc/kcore [V32,21/27] Lock down tracing and perf kprobes when in confidentiality mode [V32,22/27] bpf: Restrict bpf when kernel lockdown is in confidentiality mode [V32,23/27] Lock down perf when in confidentiality mode [V32,24/27] kexec: Allow kexec_file() with appropriate IMA policy when locked down [V32,25/27] lockdown: Print current->comm in restriction messages [V32,26/27] debugfs: Restrict debugfs when the kernel is locked down [V32,27/27] tracefs: Restrict tracefs when the kernel is locked down

Commit Message

Matthew Garrett April 4, 2019, 12:32 a.m. UTC

From: David Howells <dhowells@redhat.com>

Disallow access to /proc/kcore when the kernel is locked down to prevent
access to cryptographic data. This is limited to lockdown
confidentiality mode and is still permitted in integrity mode.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 fs/proc/kcore.c | 2 ++
 1 file changed, 2 insertions(+)

diff mbox series

Patch

diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index bbcc185062bb..1c556a453569 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -518,6 +518,8 @@  read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 
 static int open_kcore(struct inode *inode, struct file *filp)
 {
+	if (kernel_is_locked_down("/proc/kcore", LOCKDOWN_CONFIDENTIALITY))
+		return -EPERM;
 	if (!capable(CAP_SYS_RAWIO))
 		return -EPERM;