From: Robert Jarzmik <robert.jarzmik@free.fr>
To: Dave Jones <davej@redhat.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>,
Joe Perches <joe@perches.com>, "Theodore Ts'o" <tytso@mit.edu>,
Linux Kernel Developers List <linux-kernel@vger.kernel.org>,
fes@google.com, Bjorn Helgaas <bhelgaas@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
Mark Brown <broonie@opensource.wolfsonmicro.com>,
Simon Wood <simon@mungewell.org>
Subject: Re: Stricter module param and sysfs permission checks
Date: Thu, 20 Mar 2014 17:28:50 +0100 [thread overview]
Message-ID: <87ob10vnp9.fsf@free.fr> (raw)
In-Reply-To: 20140320042700.GA11505@redhat.com
Dave Jones <davej@redhat.com> writes:
> On Thu, Mar 20, 2014 at 01:43:44PM +1030, Rusty Russell wrote:
>
> > drivers/mtd/devices/docg3.c:
> > __ATTR(f##id##_dps0_protection_key, S_IWUGO, NULL, dps0_insert_key), \
> > __ATTR(f##id##_dps1_protection_key, S_IWUGO, NULL, dps1_insert_key), \
> >
> > drivers/scsi/pm8001/pm8001_ctl.c:
> > static DEVICE_ATTR(update_fw, S_IRUGO|S_IWUGO,
> > pm8001_show_update_fw, pm8001_store_update_fw);
>
> Why on earth are these world writable ?
For docg3, this attributes are used to input a "password" into the flash chip,
to unlock parts of the flash memory. By unlock I mean that a sector read will
return the actual sector when unlocked, and only 0xff if not read unlocked.
As to the "why writable" by "others", the legacy reason is that when I wrote
that code I had in mind that a casual user count :
- input the code : "echo secret > dps0_protection_key"
- mount /usermount
That's not a good reason, I know, and changing that to remove the "other" write
permission is fine by me.
Cheers.
--
Robert
next prev parent reply other threads:[~2014-03-20 16:36 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-14 17:31 [PATCH] virtio-blk: make the queue depth configurable Theodore Ts'o
2014-03-14 17:38 ` Joe Perches
2014-03-14 17:38 ` Joe Perches
2014-03-14 18:02 ` Theodore Ts'o
2014-03-14 18:02 ` Theodore Ts'o
2014-03-17 3:55 ` Rusty Russell
2014-03-17 3:55 ` Rusty Russell
2014-03-17 5:00 ` Joe Perches
2014-03-17 5:00 ` Joe Perches
2014-03-17 7:26 ` Joe Perches
2014-03-19 6:37 ` Rusty Russell
2014-03-19 6:50 ` Joe Perches
2014-03-19 6:50 ` Joe Perches
2014-03-20 3:13 ` Stricter module param and sysfs permission checks Rusty Russell
2014-03-20 4:27 ` Dave Jones
2014-03-20 9:15 ` Alexey Dobriyan
2014-03-20 16:28 ` Robert Jarzmik [this message]
2014-06-18 15:07 ` Gobinda Charan Maji
2014-06-26 2:54 ` Gobinda Charan Maji
2014-07-03 5:52 ` Gobinda Charan Maji
2015-04-28 14:02 ` Gobinda Charan Maji
2014-03-19 16:07 ` [PATCH] virtio-blk: make the queue depth configurable Greg Kroah-Hartman
2014-03-19 16:07 ` Greg Kroah-Hartman
2014-03-19 16:57 ` Bjorn Helgaas
2014-03-19 16:57 ` Bjorn Helgaas
2014-03-19 17:31 ` Joe Perches
2014-03-19 17:31 ` Joe Perches
2014-03-20 3:35 ` Rusty Russell
2014-03-20 3:35 ` Rusty Russell
2014-03-20 2:50 ` Rusty Russell
2014-03-20 2:50 ` Rusty Russell
2014-03-19 6:37 ` Rusty Russell
2014-03-17 7:26 ` Joe Perches
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ob10vnp9.fsf@free.fr \
--to=robert.jarzmik@free.fr \
--cc=adobriyan@gmail.com \
--cc=bhelgaas@google.com \
--cc=broonie@opensource.wolfsonmicro.com \
--cc=davej@redhat.com \
--cc=fes@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=simon@mungewell.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.