linux/Documentation/sysctl/kernel.txt, branch v2.6.37

Restrict unprivileged access to kernel syslog

2010-11-12T15:55:32Z

The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses. Rather than futilely attempt to sanitize hundreds (or thousands) of printk statements and simultaneously cripple useful debugging functionality, it is far simpler to create an option that prevents unprivileged users from reading the syslog. This patch, loosely based on grsecurity's GRKERNSEC_DMESG, creates the dmesg_restrict sysctl. When set to "0", the default, no restrictions are enforced. When set to "1", only users with CAP_SYS_ADMIN can read the kernel syslog via dmesg(8) or other mechanisms. [akpm@linux-foundation.org: explain the config option in kernel.txt] Signed-off-by: Dan Rosenberg Acked-by: Ingo Molnar Acked-by: Eugene Teo Acked-by: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

doc: Add documentation for bootloader_{type,version}

2009-12-11T22:28:56Z

Add documentation for kernel/bootloader_type and kernel/bootloader_version to sysctl/kernel.txt. This should really have been done a long time ago. Signed-off-by: H. Peter Anvin Cc: Shen Feng

docs: fix core_pipe_limit info

2009-11-09T08:40:55Z

Fix typos in core_pipe_limit info. Signed-off-by: Randy Dunlap Cc: Neil Horman Signed-off-by: Jiri Kosina

exec: let do_coredump() limit the number of concurrent dumps to pipes

2009-09-24T14:21:00Z

Introduce core pipe limiting sysctl. Since we can dump cores to pipe, rather than directly to the filesystem, we create a condition in which a user can create a very high load on the system simply by running bad applications. If the pipe reader specified in core_pattern is poorly written, we can have lots of ourstandig resources and processes in the system. This sysctl introduces an ability to limit that resource consumption. core_pipe_limit defines how many in-flight dumps may be run in parallel, dumps beyond this value are skipped and a note is made in the kernel log. A special value of 0 in core_pipe_limit denotes unlimited core dumps may be handled (this is the default value). [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Neil Horman Reported-by: Earl Chew Cc: Oleg Nesterov Cc: Andi Kleen Cc: Alan Cox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

printk: add printk_delay to make messages readable for some scenarios

2009-09-23T14:39:28Z

When syslog is not possible, at the same time there's no serial/net console available, it will be hard to read the printk messages. For example oops/panic/warning messages in shutdown phase. Add a printk delay feature, we can make each printk message delay some milliseconds. Setting the delay by proc/sysctl interface: /proc/sys/kernel/printk_delay The value range from 0 - 10000, default value is 0 [akpm@linux-foundation.org: fix a few things] Signed-off-by: Dave Young Acked-by: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

trivial: doc: document missing value 2 for randomize-va-space

2009-09-21T13:14:53Z

The documentation for /proc/sys/kernel/* does not mention the possible value 2 for randomize-va-space yet. While being there, doing some reformatting, fixing grammar problems and clarifying the correlations between randomize-va-space, kernel parameter "norandmaps" and the CONFIG_COMPAT_BRK option. Signed-off-by: Horst Schirmeier Signed-off-by: Jiri Kosina

[S390] add call home support

2009-09-11T08:29:49Z

Signed-off-by: Hans-Joachim Picht Signed-off-by: Martin Schwidefsky

Merge branch 'master' into next

2009-05-08T07:56:47Z

documentation: update Documentation/filesystem/proc.txt and Documentation/sysctls

2009-04-03T02:04:53Z

Now /proc/sys is described in many places and much information is redundant. This patch updates the proc.txt and move the /proc/sys desciption out to the files in Documentation/sysctls. Details are: merge - 2.1 /proc/sys/fs - File system data - 2.11 /proc/sys/fs/mqueue - POSIX message queues filesystem - 2.17 /proc/sys/fs/epoll - Configuration options for the epoll interface with Documentation/sysctls/fs.txt. remove - 2.2 /proc/sys/fs/binfmt_misc - Miscellaneous binary formats since it's not better then the Documentation/binfmt_misc.txt. merge - 2.3 /proc/sys/kernel - general kernel parameters with Documentation/sysctls/kernel.txt remove - 2.5 /proc/sys/dev - Device specific parameters since it's obsolete the sysfs is used now. remove - 2.6 /proc/sys/sunrpc - Remote procedure calls since it's not better then the Documentation/sysctls/sunrpc.txt move - 2.7 /proc/sys/net - Networking stuff - 2.9 Appletalk - 2.10 IPX to newly created Documentation/sysctls/net.txt. remove - 2.8 /proc/sys/net/ipv4 - IPV4 settings since it's not better then the Documentation/networking/ip-sysctl.txt. add - Chapter 3 Per-Process Parameters to descibe /proc//xxx parameters. Signed-off-by: Shen Feng Cc: Randy Dunlap Cc: "David S. Miller" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

modules: sysctl to block module loading

2009-04-03T00:47:11Z

Implement a sysctl file that disables module-loading system-wide since there is no longer a viable way to remove CAP_SYS_MODULE after the system bounding capability set was removed in 2.6.25. Value can only be set to "1", and is tested only if standard capability checks allow CAP_SYS_MODULE. Given existing /dev/mem protections, this should allow administrators a one-way method to block module loading after initial boot-time module loading has finished. Signed-off-by: Kees Cook Acked-by: Serge Hallyn Signed-off-by: James Morris