lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1126697358.202300.1426167812093.JavaMail.zimbra@savoirfairelinux.com>
Date:	Thu, 12 Mar 2015 09:43:32 -0400 (EDT)
From:	Vivien Didelot <vivien.didelot@...oirfairelinux.com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Guenter Roeck <linux@...ck-us.net>, linux-kernel@...r.kernel.org,
	kernel@...oirfairelinux.com
Subject: Re: [PATCH v2 2/3] sysfs: Only accept read/write permissions for
 file attributes

Hi Greg, Guenter,

> On 03/12/2015 03:01 AM, Greg Kroah-Hartman wrote:
> > On Wed, Mar 11, 2015 at 02:22:10PM -0400, Vivien Didelot wrote:
> >> For sysfs file attributes, only read and write permissions make sense.
> >> Mask provided attribute permissions accordingly and send a warning
> >> to the console if invalid permission bits are set.
> >>
> >> This patch is originally from Guenter [1] and includes the fixup
> >> explained in the thread, that is printing permissions in octal format
> >> and limiting the scope of attributes to SYSFS_PREALLOC | 0664.
> >>
> >> [1] https://lkml.org/lkml/2015/1/19/599
> >>
> >> Cc: Guenter Roeck <linux@...ck-us.net>
> >> Signed-off-by: Vivien Didelot <vivien.didelot@...oirfairelinux.com>
> >> ---
> >>   fs/sysfs/group.c | 6 ++++++
> >>   1 file changed, 6 insertions(+)
> >>
> >> diff --git a/fs/sysfs/group.c b/fs/sysfs/group.c
> >> index 3fdccd9..b400c04 100644
> >> --- a/fs/sysfs/group.c
> >> +++ b/fs/sysfs/group.c
> >> @@ -55,6 +55,12 @@ static int create_files(struct kernfs_node *parent,
> >> struct kobject *kobj,
> >>   				if (!mode)
> >>   					continue;
> >>   			}
> >> +
> >> +			WARN(mode & ~(SYSFS_PREALLOC | 0664),
> >> +			     "Attribute %s: Invalid permissions 0%o\n",
> >> +			     (*attr)->name, mode);
> >> +
> >> +			mode &= SYSFS_PREALLOC | 0664;
> >
> > How does a "normal" boot look with this warning in place?  There still
> > seem to be a number of files in sysfs that might trigger this.
> >
> I was under the impression that they all were addressed, but I may have
> missed some pattern(s). Can you point me to an example, by any chance ?

Same here, given https://lkml.org/lkml/2015/1/20/584, it looked like only
hid-lg4ff had executable attributes (which has been fixed) and a few attributes
in pci-sysfs have write access to group, but this doesn't trigger the warning.

> > Also, we have a build-time warning if a sysfs file is this type of
> > attribute, shouldn't we just rely on that instead of this run-time
> > warning?
> >
> 
> The mode value can be returned from an is_visible function, and even if not
> there is no guarantee that the build-time warning triggers (attribute lists
> can be generated manually, for example).

Indeed, as mentioned in the previous thread https://lkml.org/lkml/2015/1/20/877
the build-time macro VERIFY_OCTAL_PERMISSIONS() is not enough since an
attribute mode can be changed at run-time (a run-time equivalent of this macro
can be added in a future patch, if necessary).

Thanks Greg for the Signed-off reminders for 1/3 and 3/3. A v3 with them
is ready to be sent, if you are ok with the patchset.

Thanks,
-v
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ