lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAB_aHcxTeq7R6ON+73KLKeec-q9Ad0ddOcmYgObP77Ygtho4bQ@mail.gmail.com>
Date:	Fri, 1 May 2015 17:29:35 +0530
From:	Gobinda Maji <gobinda.cemk07@...il.com>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	linux-next@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 9/9] sysfs: disallow world-writable files.

On 30 April 2015 at 07:32, Rusty Russell <rusty@...tcorp.com.au> wrote:

> You're absolutely right, well spotted!  The checks can be tightened.  We
> don't really care about execute, but logically write is "more
> privileged" than read.
>
> Best to separate the tests; OTHER_WRITABLE <= GROUP_WRITABLE <= OWNER_WRITABLE
> and OTHER_READABLE <= GROUP_READABLE <= OWNER_READABLE.
>
> A patch would be welcome!

Thanks for the suggestion. OTHER_WRITABLE is already not permitted.
So, added the checks for GROUP_WRITABLE <= OWNER_WRITABLE for write
and OTHER_READABLE <= GROUP_READABLE <= OWNER_READABLE for read.

I am just sending a separate patch for this. The subject line will be
"[PATCH] sysfs: tightened sysfs permission checks"

-- 
Thanks,
Gobinda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ