[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jKz_ZT=FWg5MuFh1sz3uXx0mHEc_zNu=OSZi7noHZZ7oA@mail.gmail.com>
Date: Tue, 13 Jan 2015 21:46:25 -0800
From: Kees Cook <keescook@...omium.org>
To: "Wang, Yalin" <Yalin.Wang@...ymobile.com>
Cc: "rusty@...tcorp.com.au" <rusty@...tcorp.com.au>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"jani.nikula@...el.com" <jani.nikula@...el.com>,
"hch@...radead.org" <hch@...radead.org>,
"hare@...e.de" <hare@...e.de>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] export module parameters even the permission is zero
On Tue, Jan 13, 2015 at 6:16 PM, Wang, Yalin <Yalin.Wang@...ymobile.com> wrote:
> This patch make sure to export module parameters even the permission
> is zero, this is useful for some platforms like Android,
> the init process can change the parameter mode/owner by
> chmod/chown during bootup
>
> Signed-off-by: Yalin Wang <yalin.wang@...ymobile.com>
NAK. No sorry, these parameters are explicitly being removed from
sysfs by the various things that use perm==0. This would potentially
expose sensitive values to sysfs. If a value should be exposed, the
perm argument on the specific thing should be changed.
-Kees
> ---
> kernel/params.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/kernel/params.c b/kernel/params.c
> index bd65d136..aa80c04 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
> @@ -607,9 +607,6 @@ static __modinit int add_sysfs_param(struct module_kobject *mk,
> struct attribute **new_attrs;
> unsigned int i;
>
> - /* We don't bother calling this with invisible parameters. */
> - BUG_ON(!kp->perm);
> -
> if (!mk->mp) {
> /* First allocation. */
> mk->mp = kzalloc(sizeof(*mk->mp), GFP_KERNEL);
> @@ -812,9 +809,6 @@ static void __init param_sysfs_builtin(void)
> for (kp = __start___param; kp < __stop___param; kp++) {
> char *dot;
>
> - if (kp->perm == 0)
> - continue;
> -
> dot = strchr(kp->name, '.');
> if (!dot) {
> /* This happens for core_param() */
> --
> 2.1.3
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists