* [PATCH 00/20] world-writable files in sysfs and debugfs
@ 2011-02-04 12:22 Vasiliy Kulikov
2011-02-04 12:24 ` [PATCH 20/20] fs: ubifs: world-writable debugfs dump_* files Vasiliy Kulikov
2011-02-04 13:11 ` [rtc-linux] [PATCH 00/20] world-writable files in sysfs and debugfs Linus Walleij
0 siblings, 2 replies; 6+ messages in thread
From: Vasiliy Kulikov @ 2011-02-04 12:22 UTC (permalink / raw)
To: linux-kernel
Cc: Mike Christie, Srinidhi Kasagar, Tony Lindgren,
platform-driver-x86, socketcan-core, Corentin Chary,
James E.J. Bottomley, Julia Lawall, Russell King, Samuel Ortiz,
linux-scsi, Karol Kozimor, Kevin Hilman, Luca Risolia, open-iscsi,
Wolfgang Grandegger, Matthew Garrett, acpi4asus-user, rtc-linux,
Carlos Corbacho, Mauro Carvalho Chehab, linux-omap,
linux-arm-kernel, Alessandro Zummo, security, Linus Walleij,
Artem Bityutskiy, netdev, linux-usb, Tejun Heo, linux-mtd,
Andrew Morton, linux-media, Adrian Hunter
The search was made with trivial shell commands:
find | xargs grep S_IWUGO
find | xargs grep S_IWOTH
I didn't precisely investigate how exactly one may damage the
system/hardware because of issues number, maybe the harm is very limited
in case of some of these drivers.
One suspicious file is ./staging/speakup/speakup.h, but it explitly calls
macros as world-writable. I didn't check what speakup's world-writable
files provide because it requires some knowledge about the hardware.
Vasiliy Kulikov (20):
mach-omap2: mux: world-writable debugfs files
mach-omap2: pm: world-writable debugfs timer files
mach-omap2: smartreflex: world-writable debugfs voltage files
mach-ux500: mbox-db5500: world-writable sysfs fifo file
leds: lp5521: world-writable sysfs engine* files
leds: lp5523: world-writable engine* sysfs files
video: sn9c102: world-wirtable sysfs files
mfd: ab3100: world-writable debugfs *_priv files
mfd: ab3500: world-writable debugfs register-* files
mfd: ab8500: world-writable debugfs register-* files
misc: ep93xx_pwm: world-writable sysfs files
net: can: at91_can: world-writable sysfs files
net: can: janz-ican3: world-writable sysfs termination file
platform: x86: acer-wmi: world-writable sysfs threeg file
platform: x86: asus_acpi: world-writable procfs files
platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files
rtc: rtc-ds1511: world-writable sysfs nvram file
scsi: aic94xx: world-writable sysfs update_bios file
scsi: iscsi: world-writable sysfs priv_sess file
fs: ubifs: world-writable debugfs dump_* files
arch/arm/mach-omap2/mux.c | 2 +-
arch/arm/mach-omap2/pm-debug.c | 8 ++++----
arch/arm/mach-omap2/smartreflex.c | 4 ++--
arch/arm/mach-ux500/mbox-db5500.c | 2 +-
drivers/leds/leds-lp5521.c | 14 +++++++-------
drivers/leds/leds-lp5523.c | 20 ++++++++++----------
drivers/media/video/sn9c102/sn9c102_core.c | 6 +++---
drivers/mfd/ab3100-core.c | 4 ++--
drivers/mfd/ab3550-core.c | 6 +++---
drivers/mfd/ab8500-debugfs.c | 6 +++---
drivers/misc/ep93xx_pwm.c | 6 +++---
drivers/net/can/at91_can.c | 2 +-
drivers/net/can/janz-ican3.c | 2 +-
drivers/platform/x86/acer-wmi.c | 2 +-
drivers/platform/x86/asus_acpi.c | 8 +-------
drivers/platform/x86/tc1100-wmi.c | 2 +-
drivers/rtc/rtc-ds1511.c | 2 +-
drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
drivers/scsi/scsi_transport_iscsi.c | 2 +-
fs/ubifs/debug.c | 6 +++---
20 files changed, 50 insertions(+), 56 deletions(-)
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 20/20] fs: ubifs: world-writable debugfs dump_* files
2011-02-04 12:22 [PATCH 00/20] world-writable files in sysfs and debugfs Vasiliy Kulikov
@ 2011-02-04 12:24 ` Vasiliy Kulikov
2011-02-06 15:16 ` Artem Bityutskiy
2011-02-04 13:11 ` [rtc-linux] [PATCH 00/20] world-writable files in sysfs and debugfs Linus Walleij
1 sibling, 1 reply; 6+ messages in thread
From: Vasiliy Kulikov @ 2011-02-04 12:24 UTC (permalink / raw)
To: linux-kernel; +Cc: security, Adrian Hunter, linux-mtd, Artem Bityutskiy
Don't allow everybody to dump sensitive information about filesystems.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
---
Compile tested only.
fs/ubifs/debug.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
index 0bee4db..bcb1acb 100644
--- a/fs/ubifs/debug.c
+++ b/fs/ubifs/debug.c
@@ -2813,19 +2813,19 @@ int dbg_debugfs_init_fs(struct ubifs_info *c)
}
fname = "dump_lprops";
- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
+ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
if (IS_ERR(dent))
goto out_remove;
d->dfs_dump_lprops = dent;
fname = "dump_budg";
- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
+ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
if (IS_ERR(dent))
goto out_remove;
d->dfs_dump_budg = dent;
fname = "dump_tnc";
- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
+ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
if (IS_ERR(dent))
goto out_remove;
d->dfs_dump_tnc = dent;
--
1.7.0.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [rtc-linux] [PATCH 00/20] world-writable files in sysfs and debugfs
2011-02-04 12:22 [PATCH 00/20] world-writable files in sysfs and debugfs Vasiliy Kulikov
2011-02-04 12:24 ` [PATCH 20/20] fs: ubifs: world-writable debugfs dump_* files Vasiliy Kulikov
@ 2011-02-04 13:11 ` Linus Walleij
1 sibling, 0 replies; 6+ messages in thread
From: Linus Walleij @ 2011-02-04 13:11 UTC (permalink / raw)
To: rtc-linux
Cc: Mike Christie, Srinidhi Kasagar, Tony Lindgren,
platform-driver-x86, socketcan-core, Corentin Chary,
James E.J. Bottomley, Julia Lawall, Russell King, Samuel Ortiz,
linux-scsi, Karol Kozimor, Kevin Hilman, Luca Risolia, open-iscsi,
Wolfgang Grandegger, Matthew Garrett, acpi4asus-user,
Carlos Corbacho, Mauro Carvalho Chehab, linux-omap,
linux-arm-kernel, Alessandro Zummo, security, Artem Bityutskiy,
netdev, linux-usb, linux-kernel, Tejun Heo, linux-mtd,
Andrew Morton, linux-media, Adrian Hunter
2011/2/4 Vasiliy Kulikov <segoon@openwall.com>:
> The search was made with trivial shell commands:
>
> find | xargs grep S_IWUGO
> find | xargs grep S_IWOTH
We only use our debugfs entries as root so it shouldn't matter much, this
is way better, thanks for fixing.
> mach-ux500: mbox-db5500: world-writable sysfs fifo file
> mfd: ab3100: world-writable debugfs *_priv files
> mfd: ab3500: world-writable debugfs register-* files
> mfd: ab8500: world-writable debugfs register-* files
Acked-by: Linus Walleij <linus.walleij@stericsson.com>
For these.
Yours,
Linus Walleij
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 00/20] world-writable files in sysfs and debugfs
@ 2011-02-04 14:00 Vasiliy Kulikov
2011-02-07 19:38 ` Matthew Garrett
0 siblings, 1 reply; 6+ messages in thread
From: Vasiliy Kulikov @ 2011-02-04 14:00 UTC (permalink / raw)
To: linux-kernel
Cc: security, acpi4asus-user, linux-scsi, rtc-linux, netdev,
linux-usb, platform-driver-x86, socketcan-core, linux-mtd,
open-iscsi, linux-omap, linux-arm-kernel, linux-media
The search was made with trivial shell commands:
find | xargs grep S_IWUGO
find | xargs grep S_IWOTH
I didn't precisely investigate how exactly one may damage the
system/hardware because of issues number, maybe the harm is very limited
in case of some of these drivers.
One suspicious file is ./staging/speakup/speakup.h, but it explitly calls
macros as world-writable. I didn't check what speakup's world-writable
files provide because it requires some knowledge about the hardware.
Vasiliy Kulikov (20):
mach-omap2: mux: world-writable debugfs files
mach-omap2: pm: world-writable debugfs timer files
mach-omap2: smartreflex: world-writable debugfs voltage files
mach-ux500: mbox-db5500: world-writable sysfs fifo file
leds: lp5521: world-writable sysfs engine* files
leds: lp5523: world-writable engine* sysfs files
video: sn9c102: world-wirtable sysfs files
mfd: ab3100: world-writable debugfs *_priv files
mfd: ab3500: world-writable debugfs register-* files
mfd: ab8500: world-writable debugfs register-* files
misc: ep93xx_pwm: world-writable sysfs files
net: can: at91_can: world-writable sysfs files
net: can: janz-ican3: world-writable sysfs termination file
platform: x86: acer-wmi: world-writable sysfs threeg file
platform: x86: asus_acpi: world-writable procfs files
platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files
rtc: rtc-ds1511: world-writable sysfs nvram file
scsi: aic94xx: world-writable sysfs update_bios file
scsi: iscsi: world-writable sysfs priv_sess file
fs: ubifs: world-writable debugfs dump_* files
arch/arm/mach-omap2/mux.c | 2 +-
arch/arm/mach-omap2/pm-debug.c | 8 ++++----
arch/arm/mach-omap2/smartreflex.c | 4 ++--
arch/arm/mach-ux500/mbox-db5500.c | 2 +-
drivers/leds/leds-lp5521.c | 14 +++++++-------
drivers/leds/leds-lp5523.c | 20 ++++++++++----------
drivers/media/video/sn9c102/sn9c102_core.c | 6 +++---
drivers/mfd/ab3100-core.c | 4 ++--
drivers/mfd/ab3550-core.c | 6 +++---
drivers/mfd/ab8500-debugfs.c | 6 +++---
drivers/misc/ep93xx_pwm.c | 6 +++---
drivers/net/can/at91_can.c | 2 +-
drivers/net/can/janz-ican3.c | 2 +-
drivers/platform/x86/acer-wmi.c | 2 +-
drivers/platform/x86/asus_acpi.c | 8 +-------
drivers/platform/x86/tc1100-wmi.c | 2 +-
drivers/rtc/rtc-ds1511.c | 2 +-
drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
drivers/scsi/scsi_transport_iscsi.c | 2 +-
fs/ubifs/debug.c | 6 +++---
20 files changed, 50 insertions(+), 56 deletions(-)
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 00/20] world-writable files in sysfs and debugfs
2011-02-04 14:00 Vasiliy Kulikov
@ 2011-02-07 19:38 ` Matthew Garrett
0 siblings, 0 replies; 6+ messages in thread
From: Matthew Garrett @ 2011-02-07 19:38 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: security, acpi4asus-user, linux-scsi, rtc-linux, netdev,
linux-usb, linux-kernel, platform-driver-x86, socketcan-core,
linux-mtd, open-iscsi, linux-omap, linux-arm-kernel, linux-media
Thanks, I've applied the x86 platform driver ones.
--
Matthew Garrett | mjg59@srcf.ucam.org
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-02-07 19:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-04 12:22 [PATCH 00/20] world-writable files in sysfs and debugfs Vasiliy Kulikov
2011-02-04 12:24 ` [PATCH 20/20] fs: ubifs: world-writable debugfs dump_* files Vasiliy Kulikov
2011-02-06 15:16 ` Artem Bityutskiy
2011-02-04 13:11 ` [rtc-linux] [PATCH 00/20] world-writable files in sysfs and debugfs Linus Walleij
-- strict thread matches above, loose matches on Subject: below --
2011-02-04 14:00 Vasiliy Kulikov
2011-02-07 19:38 ` Matthew Garrett
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox