lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2023061334-surplus-eclair-197a@gregkh>
Date:   Tue, 13 Jun 2023 09:59:35 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Avadhut Naik <Avadhut.Naik@....com>
Cc:     rafael@...nel.org, lenb@...nel.org, linux-acpi@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, avadnaik@....com,
        yazen.ghannam@....com, alexey.kardashevskiy@....com,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v3 2/3] fs: debugfs: Add write functionality to
 debugfs blobs

On Mon, Jun 12, 2023 at 09:51:38PM +0000, Avadhut Naik wrote:
>  /**
> - * debugfs_create_blob - create a debugfs file that is used to read a binary blob
> + * debugfs_create_blob - create a debugfs file that is used to read and write
> + * a binary blob
>   * @name: a pointer to a string containing the name of the file to create.
> - * @mode: the read permission that the file should have (other permissions are
> - *	  masked out)
> + * @mode: the permission that the file should have
>   * @parent: a pointer to the parent dentry for this file.  This should be a
>   *          directory dentry if set.  If this parameter is %NULL, then the
>   *          file will be created in the root of the debugfs filesystem.
> @@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
>   *
>   * This function creates a file in debugfs with the given name that exports
>   * @blob->data as a binary blob. If the @mode variable is so set it can be
> - * read from. Writing is not supported.
> + * read from and written to.
>   *
>   * This function will return a pointer to a dentry if it succeeds.  This
>   * pointer must be passed to the debugfs_remove() function when the file is
> @@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
>  				   struct dentry *parent,
>  				   struct debugfs_blob_wrapper *blob)
>  {
> -	return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
> +	return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);

Have you audited all calls to this function to verify that you haven't
just turned on write access to some debugfs files?

Why not rename this to debugfs_create_blob_wo() and then make a new
debugfs_create_blob_rw() call to ensure that it all is ok?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ