lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Mar 2019 16:26:05 +0000
From:   Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:     Gaurav Kohli <gkohli@...eaurora.org>, linux-kernel@...r.kernel.org
Cc:     linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH v2] nvmem: core: Set no-read-write provider to avoid
 userspace read/write



On 20/03/2019 15:50, Gaurav Kohli wrote:
> 
> On 3/20/2019 8:04 PM, Srinivas Kandagatla wrote:
>>
>>
>> On 17/03/2019 14:12, Gaurav Kohli wrote:
>>> Current nvmem framework allows user space to read all register space
>>> populated by nvmem binary file, In case we don't want to expose value
>>> of registers to userspace and only want kernel space to read cell
>>> value from nvmem_cell_read_u32.
>>>
>>> To protect the same, Add no-read-write property to prevent read
>>> from userspace.
>>>
>>
>> Can you explain the real need of this?
>> Is there any issue you are noticing while reading nvmem content from 
>> userspace?
>>
> Hi Srinivas,
> 
> 
> No, We are not observing any issue, nvmem is dumping the data properly.
> 
> But there are certain register, which we don't want to expose to user 
> space and want kernel space can only read via nvmem_cell_read.
Am guessing these are some kind of keys or something that you do not 
want user to see.

Is root only option not helping you in this case?

We could go down the route of adding new config option something like 
CONFIG_NVMEM_NO_SYSFS_ENTRY to prevent adding nvmem entry in userspace.

Let me know if you are happy to create a patch for this change?

Thanks,
srini

> 
> In existing design, even if we read cell from kernel space, nvmem binary 
> files is still populated to user space unconditionally.
> 
> Regards
> 
> Gaurav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ