!1179 fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复挑单到3.2-Release分支

Merge pull request !1179 from yinjiaming/cherry-pick-1697592111
fixed 6daecc8 from https://gitee.com/hgbveiu743/kernel_liteos_a/pulls/1178
2023-10-26 08:37:50 +00:00 · 2023-10-18 01:21:52 +00:00 · 2023-09-26 02:10:00 +00:00 · 2023-09-26 00:58:03 +00:00
3 changed files with 9 additions and 3 deletions
--- a/drivers/char/mem/src/mem.c
+++ b/drivers/char/mem/src/mem.c
@@ -97,5 +97,5 @@ static const struct file_operations_vfs g_memDevOps = {

 int DevMemRegister(void)
 {
-    return register_driver("/dev/mem", &g_memDevOps, 0666, 0); /* 0666: file mode */
+    return register_driver("/dev/mem", &g_memDevOps, 0644, 0); /* 0644: file mode */
 }
--- a/fs/proc/os_adapt/fs_cache_proc.c
+++ b/fs/proc/os_adapt/fs_cache_proc.c
@@ -207,7 +207,7 @@ static const struct ProcFileOperations FS_CACHE_PROC_FOPS = {

 void ProcFsCacheInit(void)
 {
-    struct ProcDirEntry *pde = CreateProcEntry("fs_cache", 0, NULL);
+    struct ProcDirEntry *pde = CreateProcEntry("fs_cache", 0400, NULL);
    if (pde == NULL) {
        PRINT_ERR("create fs_cache error!\n");
        return;
--- a/syscall/ipc_syscall.c
+++ b/syscall/ipc_syscall.c
@@ -94,9 +94,15 @@ int SysMqClose(mqd_t personal)
 int SysMqNotify(mqd_t personal, const struct sigevent *sigev)
 {
    int ret;
+    struct sigevent ksigev;
+
+    ret = LOS_ArchCopyFromUser(&ksigev, sigev, sizeof(struct sigevent));
+    if (ret != 0) {
+        return -EFAULT;
+    }

    MQUEUE_FD_U2K(personal);
-    ret = OsMqNotify(personal, sigev);
+    ret = OsMqNotify(personal, &ksigev);
    if (ret < 0) {
        return -get_errno();
    }
Author	SHA1	Message	Date
openharmony_ci	3936764b25	!1179 fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复挑单到3.2-Release分支 Merge pull request !1179 from yinjiaming/cherry-pick-1697592111	2023-10-26 08:37:50 +00:00
yinjiaming	df25cc00a5	fixed `6daecc8` from https://gitee.com/hgbveiu743/kernel_liteos_a/pulls/1178 fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复 /dev/mem 和 /proc/fs_cache 存在多余的读写权限，有被低权限者利用进行攻击的风险，现予以修复。 Signed-off-by: yinjiaming <yinjiaming@huawei.com> Change-Id: Ie6b537e8cb1de7353dfc357411eba4920a539b4f	2023-10-18 01:21:52 +00:00
openharmony_ci	f4c3ac7c38	!1177 SysMqNotify系统调用安全增强 Merge pull request !1177 from 乔克叔叔/cherry-pick-1695689883	2023-09-26 02:10:00 +00:00
zhangdengyu	ada7e138cc	fixed `27eb4e2` from https://gitee.com/wenxin-liu_admin/kernel_liteos_a/pulls/1174 fix：SysMqNotify系统调用安全增强 Close: #I7YG58 Signed-off-by: zhangdengyu <zhangdengyu2@huawei.com> Change-Id: Iee5a6c24cd2226e9cab0c4fd37e76194ad068862	2023-09-26 00:58:03 +00:00