| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Aug 2016 09:38:34 -0700
From: Joe Perches <joe@...ches.com>
To: Andrew Morton <akpm@...ux-foundation.org>,
Andy Whitcroft <apw@...onical.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: Look for symbolic permissions and suggest
octal instead
On Tue, 2016-08-02 at 16:39 -0700, Joe Perches wrote:
> S_ uses should be avoided where octal is more intelligible.
ping?
Should CodingStyle and Documentation/filesystems change too?
> Signed-off-by: Joe Perches <joe@...ches.com>
> ---
> scripts/checkpatch.pl | 49 +++++++++++++++++++++++++++++++++++++++++++------
> 1 file changed, 43 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 1d5b09d..1140940 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -541,6 +541,32 @@ our $mode_perms_world_writable = qr{
> 0[0-7][0-7][2367]
> }x;
>
> +our %mode_permission_string_types = (
> + "S_IRWXU" => 0700,
> + "S_IRUSR" => 0400,
> + "S_IWUSR" => 0200,
> + "S_IXUSR" => 0100,
> + "S_IRWXG" => 0070,
> + "S_IRGRP" => 0040,
> + "S_IWGRP" => 0020,
> + "S_IXGRP" => 0010,
> + "S_IRWXO" => 0007,
> + "S_IROTH" => 0004,
> + "S_IWOTH" => 0002,
> + "S_IXOTH" => 0001,
> + "S_IRWXUGO" => 0777,
> + "S_IRUGO" => 0444,
> + "S_IWUGO" => 0222,
> + "S_IXUGO" => 0111,
> +);
> +
> +#Create a search pattern for all these strings to speed up a loop below
> +our $mode_perms_string_search = "";
> +foreach my $entry (keys %mode_permission_string_types) {
> + $mode_perms_string_search .= '|' if ($mode_perms_string_search ne "");
> + $mode_perms_string_search .= $entry;
> +}
> +
> our $allowed_asm_includes = qr{(?x:
> irq|
> memory|
> @@ -5996,20 +6022,31 @@ sub process {
> $arg_pos--;
> $skip_args = "(?:\\s*$FuncArg\\s*,\\s*){$arg_pos,$arg_pos}";
> }
> - my $test = "\\b$func\\s*\\(${skip_args}([\\d]+)\\s*[,\\)]";
> + my $test = "\\b$func\\s*\\(${skip_args}($FuncArg(?:\\|\\s*$FuncArg)*)\\s*[,\\)]";
> if ($line =~ /$test/) {
> my $val = $1;
> $val = $6 if ($skip_args ne "");
> -
> - if ($val !~ /^0$/ &&
> - (($val =~ /^$Int$/ && $val !~ /^$Octal$/) ||
> - length($val) ne 4)) {
> + if (($val =~ /^$Int$/ && $val !~ /^$Octal$/) ||
> + ($val =~ /^$Octal$/ && length($val) ne 4)) {
> ERROR("NON_OCTAL_PERMISSIONS",
> "Use 4 digit octal (0777) not decimal permissions\n" . $herecurr);
> - } elsif ($val =~ /^$Octal$/ && (oct($val) & 02)) {
> + }
> + if ($val =~ /^$Octal$/ && (oct($val) & 02)) {
> ERROR("EXPORTED_WORLD_WRITABLE",
> "Exporting writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr);
> }
> + if ($val =~ /\b$mode_perms_string_search\b/) {
> + my $to = 0;
> + while ($val =~ /\b($mode_perms_string_search)\b(?:\s*\|\s*)?\s*/g) {
> + $to |= $mode_permission_string_types{$1};
> + }
> + my $new = sprintf("%04o", $to);
> + if (WARN("SYMBOLIC_PERMS",
> + "Symbolic permissions are not preferred. Consider using octal permissions $new.\n" . $herecurr) &&
> + $fix) {
> + $fixed[$fixlinenr] =~ s/\Q$val\E/$new/;
> + }
> + }
> }
> }
> }
Powered by blists - more mailing lists