lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 Feb 2013 17:33:16 +0200
From:	Felipe Balbi <balbi@...com>
To:	Greg KH <gregkh@...uxfoundation.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: SYSFS "errors"

Hi folks,

there are today a number of SYSFS files with read permission set but
can't really be read (tried with normal user and root). To make things
simpler, I wrote a simple ruby script (see below) to check if the file
is world writeable or if it has Read permission but throws an exception
when read (note that I ignore files which return empty buffers since
ruby cries about it).

Here are some results from my desktop PC:

$ ruby sysfs_errors.rb |wc -l
968

# ruby sysfs_errors.rb | wc -l
1602

8<---------------------------- cut here --------------------------------

Dir.glob("/sys/**/*").each do |file|
	next if File.directory?(file)

	if File.world_writable?(file)
		puts "#{file} is world-writable"
	end

	if File.readable?(file)
		begin
			File.open(file) { |f|
				result = f.readline
			}
		rescue EOFError
			nil
		rescue => e
			puts e.message
		end
	end
end

I wonder if that should be sorted out or should we leave it as is ? If
it helps in any way, I have printed below only the filenames (without
path) so I could pipe it through uniq:

act_mask
audit
autosuspend_delay_ms
bind
bl_curve
clear
compact
delete
delete_device
drivers_probe
drvctl
duplex
em_buffer
enable
end_lba
event_char
hard_offline_page
host_reset
mode
new_device
new_id
pid
probe
reconfig
release
reload
remove
remove_id
rescan
reset
reset_counters
resource0
resource1
resource1_wc
resource2
resource3
resource4
resource5
rom
rotate_all
scan
sdram_scrub_rate
smi_request
soft_offline_page
speed
start_lba
sw_activity
trigger_fs_error
uevent
unbind
unload_heads

-- 
balbi

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ