Browse Source

Merge tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull perf/ftrace fix from Steven Rostedt:
 "Dave Jones's trinity program was able to enable the function tracer
  from a normal user account via the perf syscall "perf_event_open()".
  When I was able to reproduce it with trinity, I was able to track down
  exactly how it happened.

  I discovered that the check for whether the function tracepoint should
  be activated or not was using the "perf_paranoid_kernel()" check which
  by default, lets the user continue.  The user should not by default be
  able to enable function tracing.

  The fix is to use "perf_paranoid_tracepoint_raw()" which will not let
  the user enable function tracing.  This is a security fix as normal
  users should never be allowed to enable the function tracer"

* tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  perf/ftrace: Fix paranoid level for enabling function tracer
Linus Torvalds 11 years ago
parent
commit
6c86ae2928
1 changed files with 1 additions and 1 deletions
  1. 1 1
      kernel/trace/trace_event_perf.c

+ 1 - 1
kernel/trace/trace_event_perf.c

@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
 {
 	/* The ftrace function trace is allowed only for root. */
 	if (ftrace_event_is_function(tp_event) &&
-	    perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+	    perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
 	/* No tracing, just counting, so no obvious leak */