From: Michael Walle <michael@walle.cc>
To: Richard Weinberger <richard@nod.at>
Cc: linux-mtd <linux-mtd@lists.infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Vignesh Raghavendra <vigneshr@ti.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] mtd: require write permissions for locking and badblock ioctls
Date: Wed, 03 Mar 2021 17:25:48 +0100 [thread overview]
Message-ID: <040cf2058fe4cf5e63dbff534582881a@walle.cc> (raw)
In-Reply-To: <689194005.42755.1614788236355.JavaMail.zimbra@nod.at>
Am 2021-03-03 17:17, schrieb Richard Weinberger:
> Michael,
>
> ----- Ursprüngliche Mail -----
>> Von: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
>> An: "Michael Walle" <michael@walle.cc>
>> CC: "linux-mtd" <linux-mtd@lists.infradead.org>, "linux-kernel"
>> <linux-kernel@vger.kernel.org>, "Miquel Raynal"
>> <miquel.raynal@bootlin.com>, "richard" <richard@nod.at>, "Vignesh
>> Raghavendra" <vigneshr@ti.com>
>> Gesendet: Mittwoch, 3. März 2021 17:08:56
>> Betreff: Re: [PATCH] mtd: require write permissions for locking and
>> badblock ioctls
>
>> On Wed, Mar 03, 2021 at 04:57:35PM +0100, Michael Walle wrote:
>>> MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
>>> write permission. Depending on the hardware MEMLOCK might even be
>>> write-once, e.g. for SPI-NOR flashes with their WP# tied to GND.
>>> OTPLOCK
>>> is always write-once.
>>>
>>> MEMSETBADBLOCK modifies the bad block table.
>>>
>>> Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for
>>> permissions")
>>> Signed-off-by: Michael Walle <michael@walle.cc>
>>> ---
>>> drivers/mtd/mtdchar.c | 8 ++++----
>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> Thanks for auditing the rest of these from my original patch. If this
>> is ok with userspace tools, it's fine with me, but I don't even have
>> this hardware to test with :)
>
> That's my fear. Michael, did you verify?
I don't know any tools except the mtd-utils. So no.
> In general you need to be root to open these device files.
> So, I don't see a security problem here.
Then this begs the question, why is this check there in
the first place?
This come up because I was adding a OTPERASE which
was suggested that is was a "dangerous" command. So I
was puzzled why the ones above are considered "safe" ;)
-michael
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2021-03-03 23:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-03 15:57 [PATCH] mtd: require write permissions for locking and badblock ioctls Michael Walle
2021-03-03 16:08 ` Greg Kroah-Hartman
2021-03-03 16:17 ` Richard Weinberger
2021-03-03 16:25 ` Michael Walle [this message]
2021-03-03 16:34 ` Richard Weinberger
2021-03-22 16:39 ` Rafał Miłecki
2021-03-22 17:54 ` Richard Weinberger
2021-03-28 17:28 ` Miquel Raynal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=040cf2058fe4cf5e63dbff534582881a@walle.cc \
--to=michael@walle.cc \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=miquel.raynal@bootlin.com \
--cc=richard@nod.at \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox