Merge tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/lin…

…ux/kernel/git/rostedt/linux-trace Pull perf/ftrace fix from Steven Rostedt: "Dave Jones's trinity program was able to enable the function tracer from a normal user account via the perf syscall "perf_event_open()". When I was able to reproduce it with trinity, I was able to track down exactly how it happened. I discovered that the check for whether the function tracepoint should be activated or not was using the "perf_paranoid_kernel()" check which by default, lets the user continue. The user should not by default be able to enable function tracing. The fix is to use "perf_paranoid_tracepoint_raw()" which will not let the user enable function tracing. This is a security fix as normal users should never be allowed to enable the function tracer" * tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: perf/ftrace: Fix paranoid level for enabling function tracer
FriedrichWilhelmNietzsche · Nov 7, 2013 · 6c86ae2 · 6c86ae2
2 parents 3ae423f + 12ae030
commit 6c86ae2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
 {
 	/* The ftrace function trace is allowed only for root. */
 	if (ftrace_event_is_function(tp_event) &&
-	    perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+	    perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
 	/* No tracing, just counting, so no obvious leak */