Incorrect permissions on parport sysctls.

Incorrect permissions on parport sysctls.

[Dave Jones]

We have a bunch of 'probe' sysctl's in parport, which are
readable. (world readable even). Make them write-only.
Without this, sysctl -a will try to read these files.

Signed-off-by: Dave Jones <davej@redhat.com>

--- linux-2.6.11/drivers/parport/procfs.c~	2005-04-25 12:17:30.000000000 -0400
+++ linux-2.6.11/drivers/parport/procfs.c	2005-04-25 12:20:35.000000000 -0400
@@ -286,19 +286,19 @@ static const struct parport_sysctl_table
 		PARPORT_DEVICES_ROOT_DIR,
 #ifdef CONFIG_PARPORT_1284
 		{ DEV_PARPORT_AUTOPROBE, "autoprobe",
-		  NULL, 0, 0444, NULL,
+		  NULL, 0, 0200, NULL,
 		  &do_autoprobe },
 		{ DEV_PARPORT_AUTOPROBE + 1, "autoprobe0",
-		 NULL, 0, 0444, NULL,
+		 NULL, 0, 0200, NULL,
 		 &do_autoprobe },
 		{ DEV_PARPORT_AUTOPROBE + 2, "autoprobe1",
-		  NULL, 0, 0444, NULL,
+		  NULL, 0, 0200, NULL,
 		  &do_autoprobe },
 		{ DEV_PARPORT_AUTOPROBE + 3, "autoprobe2",
-		  NULL, 0, 0444, NULL,
+		  NULL, 0, 0200, NULL,
 		  &do_autoprobe },
 		{ DEV_PARPORT_AUTOPROBE + 4, "autoprobe3",
-		  NULL, 0, 0444, NULL,
+		  NULL, 0, 0200, NULL,
 		  &do_autoprobe },
 #endif /* IEEE 1284 support */
 		{0}

Re: Incorrect permissions on parport sysctls.

[Jan Engelhardt]

>We have a bunch of 'probe' sysctl's in parport, which are
>readable. (world readable even). Make them write-only.
>Without this, sysctl -a will try to read these files.

Why write-only? Donot you want to read back what you've written there 
sometime? IMO 0600.



Jan Engelhardt
-- 

Re: [Linux-parport] Incorrect permissions on parport sysctls.

[Tim Waugh]

[-- Attachment #1: Type: text/plain, Size: 618 bytes --]

On Tue, Aug 09, 2005 at 12:44:41AM -0400, Dave Jones wrote:

> We have a bunch of 'probe' sysctl's in parport, which are
> readable. (world readable even). Make them write-only.
> Without this, sysctl -a will try to read these files.

??

This change is wrong.  The probing happens at module load time, and
the IEEE 1284 device IDs are stored for later retrieval to user space
via these sysctls.

They are backed by read-only variables.  Reading does not trigger any
device interaction.

Make them 0400 if you think it's a security issue: but then,
/proc/ide/hda/model etc should also get the same treatment.

Tim.
*/

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [Linux-parport] Incorrect permissions on parport sysctls.

[Dave Jones]

On Tue, Aug 09, 2005 at 11:11:10AM +0100, Tim Waugh wrote:
 > On Tue, Aug 09, 2005 at 12:44:41AM -0400, Dave Jones wrote:
 > 
 > > We have a bunch of 'probe' sysctl's in parport, which are
 > > readable. (world readable even). Make them write-only.
 > > Without this, sysctl -a will try to read these files.
 > 
 > ??
 > 
 > This change is wrong.  The probing happens at module load time, and
 > the IEEE 1284 device IDs are stored for later retrieval to user space
 > via these sysctls.
 > 
 > They are backed by read-only variables.  Reading does not trigger any
 > device interaction.
 > 
 > Make them 0400 if you think it's a security issue: but then,
 > /proc/ide/hda/model etc should also get the same treatment.

It wasn't a security related change.  As I mentioned above,
sysctl -a would fail to read them anyway when I last tried
(circa 2.6.9/10)

I'll try and reproduce without that patch later today.

		Dave