From mboxrd@z Thu Jan 1 00:00:00 1970 From: srinivas.kandagatla@linaro.org (Srinivas Kandagatla) Date: Wed, 07 Oct 2015 14:18:47 +0100 Subject: [PATCH v2 1/3] nvmem: core: make default user binary file root-access only In-Reply-To: <20151007125531.GA7962@kroah.com> References: <1444215536-10783-1-git-send-email-srinivas.kandagatla@linaro.org> <1444215647-10836-1-git-send-email-srinivas.kandagatla@linaro.org> <20151007125531.GA7962@kroah.com> Message-ID: <56151BB7.5090407@linaro.org> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On 07/10/15 13:55, Greg KH wrote: > On Wed, Oct 07, 2015 at 12:00:47PM +0100, Srinivas Kandagatla wrote: >> As required by many providers like at24/at25/mxs-ocotp/qfprom and may be >> other providers would want to allow root-only to read the nvmem content. >> So making the defaults to be root-only access would address the request >> and also provide flexibility to providers to specify there own permissions >> on top of the root-only using the perm flag in nvmem_config. > > Eeek, no, don't mess with different permissions, that's not ok, be > consistent and only allow root write access, that's why we have static > build-time checks to ensure you get this correct and do not accidentally > let a "normal" user access to things they shouldn't have access to. Thanks for your inputs, Code as it is in mainline would provide a write permission to root-only and read to all the group. Fixing/removing the group read permissions should stop normal user accessing the binary file. --srini > >> Making this dynamic did cut down lot of static binary attributes in the >> code. > > Nothing wrong with static binary attributes, please use them instead. > > thanks, > > greg k-h > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753551AbbJGNSv (ORCPT ); Wed, 7 Oct 2015 09:18:51 -0400 Received: from mail-wi0-f173.google.com ([209.85.212.173]:35116 "EHLO mail-wi0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751077AbbJGNSt (ORCPT ); Wed, 7 Oct 2015 09:18:49 -0400 Message-ID: <56151BB7.5090407@linaro.org> Date: Wed, 07 Oct 2015 14:18:47 +0100 From: Srinivas Kandagatla User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Greg KH CC: maxime.ripard@free-electrons.com, linux-kernel@vger.kernel.org, andrew@lunn.ch, wxt@rock-chips.com, stefan.wahren@i2se.com, pantelis.antoniou@konsulko.com, maitysanchayan@gmail.com, p.zabel@pengutronix.de, s.hauer@pengutronix.de, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v2 1/3] nvmem: core: make default user binary file root-access only References: <1444215536-10783-1-git-send-email-srinivas.kandagatla@linaro.org> <1444215647-10836-1-git-send-email-srinivas.kandagatla@linaro.org> <20151007125531.GA7962@kroah.com> In-Reply-To: <20151007125531.GA7962@kroah.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/10/15 13:55, Greg KH wrote: > On Wed, Oct 07, 2015 at 12:00:47PM +0100, Srinivas Kandagatla wrote: >> As required by many providers like at24/at25/mxs-ocotp/qfprom and may be >> other providers would want to allow root-only to read the nvmem content. >> So making the defaults to be root-only access would address the request >> and also provide flexibility to providers to specify there own permissions >> on top of the root-only using the perm flag in nvmem_config. > > Eeek, no, don't mess with different permissions, that's not ok, be > consistent and only allow root write access, that's why we have static > build-time checks to ensure you get this correct and do not accidentally > let a "normal" user access to things they shouldn't have access to. Thanks for your inputs, Code as it is in mainline would provide a write permission to root-only and read to all the group. Fixing/removing the group read permissions should stop normal user accessing the binary file. --srini > >> Making this dynamic did cut down lot of static binary attributes in the >> code. > > Nothing wrong with static binary attributes, please use them instead. > > thanks, > > greg k-h >