lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAD=FV=VZ7BPw0=_3mfLYmO+kUDLbOfxy=wzH5Vnff=MiGP5oVQ@mail.gmail.com>
Date:   Tue, 5 Jan 2021 15:06:35 -0800
From:   Doug Anderson <dianders@...omium.org>
To:     Stephen Boyd <swboyd@...omium.org>
Cc:     Andy Gross <agross@...nel.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-arm-msm <linux-arm-msm@...r.kernel.org>,
        Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>,
        Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
Subject: Re: [PATCH] soc: qcom: socinfo: Open read access to all for debugfs

Hi,

On Tue, Dec 15, 2020 at 11:19 PM Stephen Boyd <swboyd@...omium.org> wrote:
>
> There doesn't seem to be any reason to limit this to only root user
> readable. Let's make it readable by all so that random programs can
> read the debugfs files in here instead of just root. The information is
> just that, informational, so this is fine.
>
> Cc: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
> Cc: Douglas Anderson <dianders@...omium.org>
> Cc: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
> Signed-off-by: Stephen Boyd <swboyd@...omium.org>
> ---
>  drivers/soc/qcom/socinfo.c | 40 +++++++++++++++++++-------------------
>  1 file changed, 20 insertions(+), 20 deletions(-)

One worry I'd have is whether there would ever be any PII (personally
identifiable information) here, like maybe a chip serial number.  If
so, is that something that is OK to provide to any random process?
...maybe I'm just being paranoid though, since presumably there are
enough random HW characteristics that could be strung together and
hashed to make roughly a unique ID anyway and hiding every HW
characteristic would be a bit extreme...

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ