oss-sec mailing list archives

CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict

From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 26 Oct 2011 17:16:12 +0200

When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the
kernel ring buffer. But a root user without CAP_SYS_ADMIN is able
to reset dmesg_restrict to 0.

This is an issue when e.g.  LXC (Linux Containers) are used and complete
user space is running without CAP_SYS_ADMIN.  A unprivileged and jailed
root user can bypass the dmesg_restrict protection.

Introduced by:
eaf06b241b091357e72b76863ba16e89610d31bd

Fixed by:
bfdc0b497faa82a0ba2f9dddcf109231dd519fcc

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
  - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
    - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
    - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
    - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
    - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 27)
    - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Steven M. Christey (Oct 27)
    - Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Nov 04)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 26)

(Thread continues...)