lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200711292207.46967.bzolnier@gmail.com>
Date:	Thu, 29 Nov 2007 22:07:46 +0100
From:	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
To:	"Kay Sievers" <kay.sievers@...y.org>
Cc:	"Dan Kegel" <dank@...el.com>,
	"Xavier Bestel" <xavier.bestel@...e.fr>,
	Andrey Borzenkov <arvidjaar@...l.ru>,
	linux-kernel@...r.kernel.org
Subject: Re: Relax permissions for reading hard drive serial number?

On Thursday 29 November 2007, Kay Sievers wrote:
> On Nov 29, 2007 4:46 PM, Dan Kegel <dank@...el.com> wrote:
> > On Nov 29, 2007 7:37 AM, Xavier Bestel <xavier.bestel@...e.fr> wrote:
> > > > One sticking point is that apps like Photoshop and probably
> > > > Punkbuster want to retrieve the hard drive's serial number
> > >
> > > So they can't be installed on a network drive ?
> >
> > I think Adobe supports that, though perhaps not with the
> > retail version.  Big companies with network drives are
> > probably an important revenue source for them.
> >
> > I haven't looked closely at what happens when you try installing
> > onto network drives.  If you are really interested, it's pretty easy to
> > try yourself; just run the app under wine with
> > WINEDEBUG=+cdrom,+disk and look in the log for calls like
> > CreateFile("\\\\.\\PhysicalDrive0", ...).
> > There's some chance the code always checks drive 0 instead
> > of the drive you're installing onto.
> 
> There are people who, for privacy reasons, really don't like that "unique"
> unchangeable serial numbers can be retrieved by untrusted users.
> 
> You should probably chmod the file on the users system, if he is fine with
> that, but not change the kernel default.

Seconded.

While on it, how's about exporting model/firmware/serial through
sysfs so /proc/ide/hd*/identify don't have to be used?

[PATCH] ide: add /sys/bus/ide/devices/*/{model,firmware,serial} sysfs entries

Cc: Dan Kegel <dank@...el.com>
Cc: Kay Sievers <kay.sievers@...y.org>
Cc: Xavier Bestel <xavier.bestel@...e.fr>
Cc: Andrey Borzenkov <arvidjaar@...l.ru>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
---
 drivers/ide/ide.c |   24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

Index: b/drivers/ide/ide.c
===================================================================
--- a/drivers/ide/ide.c
+++ b/drivers/ide/ide.c
@@ -1670,10 +1670,34 @@ static ssize_t modalias_show(struct devi
 	return sprintf(buf, "ide:m-%s\n", media_string(drive));
 }
 
+static ssize_t model_show(struct device *dev, struct device_attribute *attr,
+			  char *buf)
+{
+	ide_drive_t *drive = to_ide_device(dev);
+	return sprintf(buf, "%s\n", drive->id->model);
+}
+
+static ssize_t firmware_show(struct device *dev, struct device_attribute *attr,
+			     char *buf)
+{
+	ide_drive_t *drive = to_ide_device(dev);
+	return sprintf(buf, "%s\n", drive->id->fw_rev);
+}
+
+static ssize_t serial_show(struct device *dev, struct device_attribute *attr,
+			   char *buf)
+{
+	ide_drive_t *drive = to_ide_device(dev);
+	return sprintf(buf, "%s\n", drive->id->serial_no);
+}
+
 static struct device_attribute ide_dev_attrs[] = {
 	__ATTR_RO(media),
 	__ATTR_RO(drivename),
 	__ATTR_RO(modalias),
+	__ATTR_RO(model),
+	__ATTR_RO(firmware),
+	__ATTR(serial, 0400, serial_show, NULL),
 	__ATTR_NULL
 };
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ