[PATCH v2 1/3] nvmem: core: make default user binary file root-access only

All of lore.kernel.org
 help / color / mirror / Atom feed

From: gregkh@linuxfoundation.org (Greg KH)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 1/3] nvmem: core: make default user binary file root-access only
Date: Wed, 7 Oct 2015 17:12:28 +0100	[thread overview]
Message-ID: <20151007161228.GD9669@kroah.com> (raw)
In-Reply-To: <56151BB7.5090407@linaro.org>

On Wed, Oct 07, 2015 at 02:18:47PM +0100, Srinivas Kandagatla wrote:
> 
> 
> On 07/10/15 13:55, Greg KH wrote:
> >On Wed, Oct 07, 2015 at 12:00:47PM +0100, Srinivas Kandagatla wrote:
> >>As required by many providers like at24/at25/mxs-ocotp/qfprom and may be
> >>other providers would want to allow root-only to read the nvmem content.
> >>So making the defaults to be root-only access would address the request
> >>and also provide flexibility to providers to specify there own permissions
> >>on top of the root-only using the perm flag in nvmem_config.
> >
> >Eeek, no, don't mess with different permissions, that's not ok, be
> >consistent and only allow root write access, that's why we have static
> >build-time checks to ensure you get this correct and do not accidentally
> >let a "normal" user access to things they shouldn't have access to.
> Thanks for your inputs,
> 
> Code as it is in mainline would provide a write permission to root-only and
> read to all the group.
> 
> Fixing/removing the group read permissions should stop normal user accessing
> the binary file.

Great, send a simple patch that does this and I'll be glad to queue it
up.

thanks,

greg k-h

WARNING: multiple messages have this Message-ID (diff)

From: Greg KH <gregkh@linuxfoundation.org>
To: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Cc: maxime.ripard@free-electrons.com, linux-kernel@vger.kernel.org,
	andrew@lunn.ch, wxt@rock-chips.com, stefan.wahren@i2se.com,
	pantelis.antoniou@konsulko.com, maitysanchayan@gmail.com,
	p.zabel@pengutronix.de, s.hauer@pengutronix.de,
	linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/3] nvmem: core: make default user binary file root-access only
Date: Wed, 7 Oct 2015 17:12:28 +0100	[thread overview]
Message-ID: <20151007161228.GD9669@kroah.com> (raw)
In-Reply-To: <56151BB7.5090407@linaro.org>

On Wed, Oct 07, 2015 at 02:18:47PM +0100, Srinivas Kandagatla wrote:
> 
> 
> On 07/10/15 13:55, Greg KH wrote:
> >On Wed, Oct 07, 2015 at 12:00:47PM +0100, Srinivas Kandagatla wrote:
> >>As required by many providers like at24/at25/mxs-ocotp/qfprom and may be
> >>other providers would want to allow root-only to read the nvmem content.
> >>So making the defaults to be root-only access would address the request
> >>and also provide flexibility to providers to specify there own permissions
> >>on top of the root-only using the perm flag in nvmem_config.
> >
> >Eeek, no, don't mess with different permissions, that's not ok, be
> >consistent and only allow root write access, that's why we have static
> >build-time checks to ensure you get this correct and do not accidentally
> >let a "normal" user access to things they shouldn't have access to.
> Thanks for your inputs,
> 
> Code as it is in mainline would provide a write permission to root-only and
> read to all the group.
> 
> Fixing/removing the group read permissions should stop normal user accessing
> the binary file.

Great, send a simple patch that does this and I'll be glad to queue it
up.

thanks,

greg k-h

next prev parent reply	other threads:[~2015-10-07 16:12 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-07 10:58 [PATCH v2 0/3] nvmem: make sysfs binary file permissions more flexible Srinivas Kandagatla
2015-10-07 10:58 ` Srinivas Kandagatla
2015-10-07 11:00 ` [PATCH v2 1/3] nvmem: core: make default user binary file root-access only Srinivas Kandagatla
2015-10-07 11:00   ` Srinivas Kandagatla
2015-10-07 11:33   ` Russell King - ARM Linux
2015-10-07 11:33     ` Russell King - ARM Linux
2015-10-07 13:46     ` Srinivas Kandagatla
2015-10-07 13:46       ` Srinivas Kandagatla
2015-10-07 16:23       ` Russell King - ARM Linux
2015-10-07 16:23         ` Russell King - ARM Linux
2015-10-07 12:55   ` Greg KH
2015-10-07 12:55     ` Greg KH
2015-10-07 13:18     ` Srinivas Kandagatla
2015-10-07 13:18       ` Srinivas Kandagatla
2015-10-07 16:12       ` Greg KH [this message]
2015-10-07 16:12         ` Greg KH
2015-10-07 11:00 ` [PATCH v2 2/3] nvmem: core: set the size for the nvmem binary file Srinivas Kandagatla
2015-10-07 11:00   ` Srinivas Kandagatla
2015-10-07 12:56   ` Greg KH
2015-10-07 12:56     ` Greg KH
2015-10-07 13:21     ` Srinivas Kandagatla
2015-10-07 13:21       ` Srinivas Kandagatla
2015-10-07 11:01 ` [PATCH v2 3/3] nvmem: core: add sysfs file mode flag in nvmem_config Srinivas Kandagatla
2015-10-07 11:01   ` Srinivas Kandagatla
2015-10-07 12:56   ` Greg KH
2015-10-07 12:56     ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151007161228.GD9669@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.