lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Mar 2015 13:16:37 -0700 From: Joe Perches <joe@...ches.com> To: Nicholas Mc Guire <hofrat@...dl.org> Cc: Andy Whitcroft <apw@...onical.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] checkpatch: catch all world writable debugfs_create_file On Fri, 2015-03-13 at 15:23 -0400, Nicholas Mc Guire wrote: > Currently checkpatch will fuss if one uses world writable settings in debugfs > files by passing S_IWUGO but not when passing S_IWOTH, S_IRWXUGO or S_IALLUGO. > This patch extends the check to catches all cases exporting world writable > files Hi Nicholas > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl [] > @@ -5356,8 +5356,14 @@ sub process { > } > } > > - if ($line =~ /debugfs_create_file.*S_IWUGO/ || > - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { > + if ($line =~ /debugfs_create_file.*S_IWOTH/ || > + $line =~ /debugfs_create_file.*S_IWUGO/ || > + $line =~ /debugfs_create_file.*S_IRWXUGO/ || > + $line =~ /debugfs_create_file.*S_IALLUGO/ || > + $line =~ /DEVICE_ATTR.*S_IWOTH/ || > + $line =~ /DEVICE_ATTR.*S_IWUGO/ || > + $line =~ /DEVICE_ATTR.*S_IRWXUGO/ || > + $line =~ /DEVICE_ATTR.*S_IALLUGO/ ) { That seems sensible, but my preference would be to use a variable and extend it to find octal values like: $world_writable = qr{S_IWUGO|S_IWOTH|S_IWUGO|S_URWXUGO|S_IALLUGO|0[0-7][0-7][2367]}; if ($line =~ /debugfs_create_file.*\b$world_writable\b/ $line =~ /DEVICE_ATTR.*\b$world_writable\b/) > WARN("EXPORTED_WORLD_WRITABLE", > "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); > } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists