On Tue, 18 Mar 2014 10:17:59 -0700 Kees Cook <keesc...@chromium.org> wrote:
> When writing to a sysctl string, each write, regardless of VFS position,
> began writing the string from the start. This meant the contents of
> the last write to the sysctl controlled the string contents instead of
> the first:
>
> open("/proc/sys/kernel/modprobe", O_WRONLY) = 1
> write(1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 4096) = 4096
> write(1, "/bin/true", 9) = 9
> close(1) = 0
>
> $ cat /proc/sys/kernel/modprobe
> /bin/true
Yes, procfs writes have always been weird.
Why are we fixing this?
Perhaps there's an existing application which holds an fd open
and periodically writes to it expecting some result. This patch
would break such an app?
And what about something like this?
while true
do
echo 1
sleep 60
done > /proc/sys/vm/drop_caches
To be consistent with the proposed alteration to string writes, this
would have to write 1 then change that to 11 then to 111. Or
something, makes my head spin.
> Expected behaviour would be to have the sysctl be "AAAA..." capped at
> maxlen (in this case KMOD_PATH_LEN: 256), instead of truncating to the
> contents of the second write. Similarly, multiple short writes would not
> append to the sysctl.
So if we do
(
echo foo
echo bar
) > /proc/sys/kernel/modprobe
we get foo and later we get foobar?
> This fixes the unexpected behavior for strings, and disallows non-zero
> file position when writing numeric sysctls (similar to what is already
> done when reading from non-zero file positions).
So my script which writes drop_caches will break?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
