Commit a18b8188 authored by Theodore Y. Ts'o's avatar Theodore Y. Ts'o Committed by Linus Torvalds

[PATCH] /dev/random: Remove RNDGETPOOL ioctl

Recently, someone has kvetched that RNDGETPOOL is a "security
vulnerability".  Never mind that it is superuser only, and with superuser
privs you could load a nasty kernel module, or read the entropy pool out of
/dev/mem directly, but they are nevertheless still spreading FUD.

In any case, no one is using it (it was there for debugging purposes only),
so we can remove it as dead code.
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 62a455b2
...@@ -1742,10 +1742,9 @@ static int ...@@ -1742,10 +1742,9 @@ static int
random_ioctl(struct inode * inode, struct file * file, random_ioctl(struct inode * inode, struct file * file,
unsigned int cmd, unsigned long arg) unsigned int cmd, unsigned long arg)
{ {
int *tmp, size, ent_count; int size, ent_count;
int __user *p = (int __user *)arg; int __user *p = (int __user *)arg;
int retval; int retval;
unsigned long flags;
switch (cmd) { switch (cmd) {
case RNDGETENTCNT: case RNDGETENTCNT:
...@@ -1766,40 +1765,6 @@ random_ioctl(struct inode * inode, struct file * file, ...@@ -1766,40 +1765,6 @@ random_ioctl(struct inode * inode, struct file * file,
if (random_state->entropy_count >= random_read_wakeup_thresh) if (random_state->entropy_count >= random_read_wakeup_thresh)
wake_up_interruptible(&random_read_wait); wake_up_interruptible(&random_read_wait);
return 0; return 0;
case RNDGETPOOL:
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(size, p) ||
put_user(random_state->poolinfo.poolwords, p++))
return -EFAULT;
if (size < 0)
return -EFAULT;
if (size > random_state->poolinfo.poolwords)
size = random_state->poolinfo.poolwords;
/* prepare to atomically snapshot pool */
tmp = kmalloc(size * sizeof(__u32), GFP_KERNEL);
if (!tmp)
return -ENOMEM;
spin_lock_irqsave(&random_state->lock, flags);
ent_count = random_state->entropy_count;
memcpy(tmp, random_state->pool, size * sizeof(__u32));
spin_unlock_irqrestore(&random_state->lock, flags);
if (!copy_to_user(p, tmp, size * sizeof(__u32))) {
kfree(tmp);
return -EFAULT;
}
kfree(tmp);
if(put_user(ent_count, p++))
return -EFAULT;
return 0;
case RNDADDENTROPY: case RNDADDENTROPY:
if (!capable(CAP_SYS_ADMIN)) if (!capable(CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment