lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1426277797.11459.27.camel@perches.com>
Date:	Fri, 13 Mar 2015 13:16:37 -0700
From:	Joe Perches <joe@...ches.com>
To:	Nicholas Mc Guire <hofrat@...dl.org>
Cc:	Andy Whitcroft <apw@...onical.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: catch all world writable debugfs_create_file

On Fri, 2015-03-13 at 15:23 -0400, Nicholas Mc Guire wrote:
> Currently checkpatch will fuss if one uses world writable settings in debugfs
> files by passing S_IWUGO but not when passing S_IWOTH, S_IRWXUGO or S_IALLUGO.
> This patch extends the check to catches all cases exporting world writable 
> files

Hi Nicholas

> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> @@ -5356,8 +5356,14 @@ sub process {
>  			}
>  		}
>  
> -		if ($line =~ /debugfs_create_file.*S_IWUGO/ ||
> -		    $line =~ /DEVICE_ATTR.*S_IWUGO/ ) {
> +		if ($line =~ /debugfs_create_file.*S_IWOTH/ ||
> +		    $line =~ /debugfs_create_file.*S_IWUGO/ ||
> +		    $line =~ /debugfs_create_file.*S_IRWXUGO/ ||
> +		    $line =~ /debugfs_create_file.*S_IALLUGO/ ||
> +		    $line =~ /DEVICE_ATTR.*S_IWOTH/ ||
> +		    $line =~ /DEVICE_ATTR.*S_IWUGO/ ||
> +		    $line =~ /DEVICE_ATTR.*S_IRWXUGO/ ||
> +		    $line =~ /DEVICE_ATTR.*S_IALLUGO/ ) {

That seems sensible, but my preference would be to use
a variable and extend it to find octal values like:

$world_writable = qr{S_IWUGO|S_IWOTH|S_IWUGO|S_URWXUGO|S_IALLUGO|0[0-7][0-7][2367]};

		if ($line =~ /debugfs_create_file.*\b$world_writable\b/
		    $line =~ /DEVICE_ATTR.*\b$world_writable\b/)

>  			WARN("EXPORTED_WORLD_WRITABLE",
>  			     "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr);
>  		}



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ