From: Sumeet Lahorani <Sumeet.Lahorani-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Or Gerlitz <ogerlitz-smomgflXvOZWk0Htik3J/w@public.gmane.org>
Cc: Roland Dreier <rdreier-FYB4Gu1CFyUAvxtiuMwx3w@public.gmane.org>,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: root owned writeable files under /sys
Date: Sun, 06 Jun 2010 09:08:57 -0700 [thread overview]
Message-ID: <4C0BC819.1060201@oracle.com> (raw)
In-Reply-To: <4C0B2B24.6020304-hKgKHo2Ms0FWk0Htik3J/w@public.gmane.org>
Thanks. I realized that my earlier find command didn't capture all the
files I was looking for. After your patch, the following still need to
be addressed (all are mlx4 files)
# find /sys -type f -perm -222
/sys/class/infiniband/mlx4_0/diag_counters/clear_diag
/sys/devices/pci0000:00/0000:00:04.0/0000:13:00.0/port_trigger
/sys/devices/pci0000:00/0000:00:04.0/0000:13:00.0/mlx4_port2
/sys/devices/pci0000:00/0000:00:04.0/0000:13:00.0/mlx4_port1
- Sumeet
Or Gerlitz wrote:
> Sumeet Lahorani wrote:
>
>> I see the following files created under /sys which are world writeable
>> /sys/class/net/ib0/delete_child
>> /sys/class/net/ib0/create_child
>> At least the create_child & delete_child files appear to be dangerous to
>> leave as world writeable because they result in resources allocations.
>>
>
> Yes, this looks bad. The below patch fixes that, I tested it on 2.6.35-rc1
>
> [PATCH] make ipoib child entries non-world writable
>
> Sumeet Lahorani <sumeet.lahorani-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> reported that the ipoib
> child entries are world writable, fix them to be root only writable
>
> Signed-off-by: Or Gerlitz <ogerlitz-smomgflXvOZWk0Htik3J/w@public.gmane.org>
>
> diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
> index df3eb8c..b4b2257 100644
> --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
> +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
> @@ -1163,7 +1163,7 @@ static ssize_t create_child(struct device *dev,
>
> return ret ? ret : count;
> }
> -static DEVICE_ATTR(create_child, S_IWUGO, NULL, create_child);
> +static DEVICE_ATTR(create_child, S_IWUSR, NULL, create_child);
>
> static ssize_t delete_child(struct device *dev,
> struct device_attribute *attr,
> @@ -1183,7 +1183,7 @@ static ssize_t delete_child(struct device *dev,
> return ret ? ret : count;
>
> }
> -static DEVICE_ATTR(delete_child, S_IWUGO, NULL, delete_child);
> +static DEVICE_ATTR(delete_child, S_IWUSR, NULL, delete_child);
>
> int ipoib_add_pkey_attr(struct net_device *dev)
> {
>
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-06-06 16:08 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-03 21:58 root owned writeable files under /sys Sumeet Lahorani
[not found] ` <4C082598.8000809-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2010-06-06 4:59 ` Or Gerlitz
[not found] ` <4C0B2B24.6020304-hKgKHo2Ms0FWk0Htik3J/w@public.gmane.org>
2010-06-06 16:08 ` Sumeet Lahorani [this message]
[not found] ` <4C0BC819.1060201-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2010-06-07 4:56 ` Or Gerlitz
2010-06-08 9:10 ` Eli Cohen
[not found] ` <AANLkTikpFbgHyXoeQQt5wU4WkpbXQnqXUYRoy718qSuW-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-06-09 7:20 ` Sumeet Lahorani
2010-07-07 5:42 ` root owned writable " Or Gerlitz
[not found] ` <4C3413BD.5030008-hKgKHo2Ms0FWk0Htik3J/w@public.gmane.org>
2010-07-07 11:25 ` Tziporet Koren
[not found] ` <E113D394D7C5DB4F8FF691FA7EE9DB443A943033CD-WQlSmcKwN8Te+A/uUDamNg@public.gmane.org>
2010-07-07 11:46 ` Or Gerlitz
2010-07-18 14:03 ` Jack Morgenstein
[not found] ` <E113D394D7C5DB4F8FF691FA7EE9DB443B38B99C02-WQlSmcKwN8Te+A/uUDamNg@public.gmane.org>
2010-07-18 16:49 ` Or Gerlitz
[not found] ` <4C43309E.4020001-hKgKHo2Ms0FWk0Htik3J/w@public.gmane.org>
2010-11-18 9:55 ` Or Gerlitz
[not found] ` <4CE4F811.2010006-hKgKHo2Ms0FWk0Htik3J/w@public.gmane.org>
2010-11-18 12:59 ` Jack Morgenstein
[not found] ` <E113D394D7C5DB4F8FF691FA7EE9DB443D1BDCA193-WQlSmcKwN8Te+A/uUDamNg@public.gmane.org>
2010-11-18 13:03 ` Or Gerlitz
[not found] ` <4CE5241A.20400-hKgKHo2Ms0FWk0Htik3J/w@public.gmane.org>
2010-11-18 13:23 ` Tziporet Koren
2010-06-24 6:15 ` sysfs IPoIB root owned writable files Or Gerlitz
2010-07-06 21:24 ` root owned writeable files under /sys Roland Dreier
[not found] ` <adaaaq4mhhd.fsf-BjVyx320WGW9gfZ95n9DRSW4+XlvGpQz@public.gmane.org>
2010-07-07 14:48 ` Or Gerlitz
[not found] ` <AANLkTimCsfv06uHec5bA-PNJVL2ghdZCycyn1w8HybNe-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-07-07 15:19 ` Roland Dreier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C0BC819.1060201@oracle.com \
--to=sumeet.lahorani-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=ogerlitz-smomgflXvOZWk0Htik3J/w@public.gmane.org \
--cc=rdreier-FYB4Gu1CFyUAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.