[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1300199151.7744.12.camel@mulgrave.site>
Date: Tue, 15 Mar 2011 10:25:51 -0400
From: James Bottomley <James.Bottomley@...e.de>
To: Greg KH <greg@...ah.com>
Cc: Vasiliy Kulikov <segoon@...nwall.com>, security@...nel.org,
acpi4asus-user@...ts.sourceforge.net, linux-scsi@...r.kernel.org,
rtc-linux@...glegroups.com, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org, platform-driver-x86@...r.kernel.org,
open-iscsi@...glegroups.com, linux-omap@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-media@...r.kernel.org
Subject: Re: [Security] [PATCH 00/20] world-writable files in sysfs and
debugfs
On Tue, 2011-03-15 at 07:18 -0700, Greg KH wrote:
> On Tue, Mar 15, 2011 at 07:50:28AM -0400, James Bottomley wrote:
> > On Mon, 2011-03-14 at 20:09 -0700, Greg KH wrote:
> > > There are no capability checks on sysfs files right now, so these all
> > > need to be fixed.
> >
> > That statement is true but irrelevant, isn't it? There can't be
> > capabilities within sysfs files because the system that does them has no
> > idea what the capabilities would be. If there were capabilities checks,
> > they'd have to be in the implementing routines.
>
> Ah, you are correct, sorry for the misunderstanding.
>
> > I think the questions are twofold:
> >
> > 1. Did anyone actually check for capabilities before assuming world
> > writeable files were wrong?
>
> I do not think so as the majority (i.e. all the ones that I looked at)
> did no such checks.
OK, as long as someone checked, I'm happy.
> > 2. Even if there aren't any capabilities checks in the implementing
> > routines, should there be (are we going the separated
> > capabilities route vs the monolithic root route)?
>
> I think the general consensus is that we go the monolithic root route
> for sysfs files in that we do not allow them to be world writable.
>
> Do you have any exceptions that you know of that do these checks?
Heh, I didn't call our security vacillations a dizzying ride for
nothing. I know the goal once was to try to run a distro without root
daemons (which is what required the capabilities stuff). I'm actually
trying to avoid the issue ... I just want to make sure that people who
care aren't all moving in different directions.
James
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists