!1178 fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复

Merge pull request !1178 from yinjiaming/fix
fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复
2023-10-16 09:38:00 +00:00 · 2023-10-12 09:52:18 +08:00 · 2023-09-05 13:36:55 +00:00 · 2023-05-26 15:44:47 +08:00
4 changed files with 22 additions and 16 deletions
--- a/drivers/char/mem/src/mem.c
+++ b/drivers/char/mem/src/mem.c
@@ -97,5 +97,5 @@ static const struct file_operations_vfs g_memDevOps = {

 int DevMemRegister(void)
 {
-    return register_driver("/dev/mem", &g_memDevOps, 0666, 0); /* 0666: file mode */
+    return register_driver("/dev/mem", &g_memDevOps, 0644, 0); /* 0644: file mode */
 }
--- a/fs/jffs2/src/vfs_jffs2.c
+++ b/fs/jffs2/src/vfs_jffs2.c
@@ -490,14 +490,14 @@ off_t VfsJffs2Seek(struct file *filep, off_t offset, int whence)
    filePos = filep->f_pos;

    switch (whence) {
-        case SEEK_SET:
-            filePos = offset;
-            break;
-
        case SEEK_CUR:
            filePos += offset;
            break;

+        case SEEK_SET:
+            filePos = offset;
+            break;
+
        case SEEK_END:
            filePos = node->i_size + offset;
            break;
--- a/fs/proc/os_adapt/fs_cache_proc.c
+++ b/fs/proc/os_adapt/fs_cache_proc.c
@@ -207,7 +207,7 @@ static const struct ProcFileOperations FS_CACHE_PROC_FOPS = {

 void ProcFsCacheInit(void)
 {
-    struct ProcDirEntry *pde = CreateProcEntry("fs_cache", 0, NULL);
+    struct ProcDirEntry *pde = CreateProcEntry("fs_cache", 0400, NULL);
    if (pde == NULL) {
        PRINT_ERR("create fs_cache error!\n");
        return;
--- a/kernel/extended/plimit/los_devicelimit.c
+++ b/kernel/extended/plimit/los_devicelimit.c
@@ -485,29 +485,35 @@ UINT32 OsDevLimitWriteDeny(ProcLimitSet *plimit, const CHAR *buf, UINT32 size)
    return DevLimitUpdateAccess(plimit, buf, DEVLIMIT_DENY);
 }

-STATIC VOID DevLimitItemSetAccess(CHAR *acc, INT16 access)
+STATIC VOID DevLimitItemSetAccess(CHAR *accArray, INT16 access)
 {
    INT32 index = 0;
    (VOID)memset_s(acc, ACCLEN, 0, ACCLEN);
    if (access & DEVLIMIT_ACC_READ) {
-        acc[index++] = 'r';
+        accArray[index] = 'r';
+        index++;
    }
    if (access & DEVLIMIT_ACC_WRITE) {
-        acc[index++] = 'w';
+        accArray[index] = 'w';
+        index++;
    }
    if (access & DEVLIMIT_ACC_MKNOD) {
-        acc[index++] = 'm';
+        accArray[index] = 'm';
+        index++;
    }
 }

 STATIC CHAR DevLimitItemTypeToChar(INT16 type)
 {
-    if (type == DEVLIMIT_DEV_ALL) {
-        return 'a';
-    } else if (type == DEVLIMIT_DEV_CHAR) {
-        return 'c';
-    } else if (type == DEVLIMIT_DEV_BLOCK) {
-        return 'b';
+    switch (type) {
+        case DEVLIMIT_DEV_ALL:
+            return 'a';
+        case DEVLIMIT_DEV_CHAR:
+            return 'c';
+        case DEVLIMIT_DEV_BLOCK:
+            return 'b';
+        default:
+            break;
    }
    return 'X';
 }
Author	SHA1	Message	Date
openharmony_ci	04f971084b	!1178 fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复 Merge pull request !1178 from yinjiaming/fix	2023-10-16 09:38:00 +00:00
yinjiaming	6daecc8d26	fix: /dev/mem 及 /proc/fs_cache 权限漏洞修复 /dev/mem 和 /proc/fs_cache 存在多余的读写权限，有被低权限者利用进行攻击的风险，现予以修复。 Signed-off-by: yinjiaming <yinjiaming@huawei.com> Change-Id: Ie6b537e8cb1de7353dfc357411eba4920a539b4f	2023-10-12 09:52:18 +08:00
openharmony_ci	173cdeb077	!1166 fix: 修复告警 Merge pull request !1166 from Zhaotianyu/20230526fix_codecheck	2023-09-05 13:36:55 +00:00
arvinzzz	145ff76ab6	refactor: fix codecheck Signed-off-by: arvinzzz <zhaotianyu9@huawei.com> Change-Id: Ib35ca40dc837d78a4c9dc03e44d117088865a5a6	2023-05-26 15:44:47 +08:00