| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2023061252-tapering-shrubs-4dd7@gregkh>
Date: Mon, 12 Jun 2023 12:25:26 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Jonathan McDowell <noodles@...a.com>
Cc: Jean Delvare <jdelvare@...e.com>,
Lennart Poettering <mzxreary@...inter.de>,
Kay Sievers <kay.sievers@...y.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] firmware: dmi: Don't restrict access to serial number /
UUID
On Mon, Jun 12, 2023 at 09:59:50AM +0000, Jonathan McDowell wrote:
> The /sys/devices/virtual/dmi/id/*_serial + product_uuid files are
> currently only readable by root. There's no clear rationale for this;
> Windows + OS X both allow regular users to access the information, so
> there appears to be no expectation on the manufacturer side that it
> should be kept secret.
>
> Having the information easily available helps with automated tools that
> collect system information for the purposes of fault diagnosis/tracking
> without requiring the tools have root access.
>
> (I've tried to look for context on the initial patch submission about
> why these were root-only but didn't find any; hopefully Lennart or Kay
> can provide details if I'm missing something.)
I think it was just generic "let's not expose anything that might be a
secret", but if Windows exposes all of this to any user, then vendors
are used to it, so it's not a big deal.
thanks,
greg k-h
Powered by blists - more mailing lists