lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241105152455.GA1472398@bhelgaas>
Date: Tue, 5 Nov 2024 09:24:55 -0600
From: Bjorn Helgaas <helgaas@...nel.org>
To: Leon Romanovsky <leon@...nel.org>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>,
	Krzysztof WilczyƄski <kw@...ux.com>,
	linux-pci@...r.kernel.org, Ariel Almog <ariela@...dia.com>,
	Aditya Prabhune <aprabhune@...dia.com>,
	Hannes Reinecke <hare@...e.de>,
	Heiner Kallweit <hkallweit1@...il.com>,
	Arun Easi <aeasi@...vell.com>, Jonathan Chocron <jonnyc@...zon.com>,
	Bert Kenward <bkenward@...arflare.com>,
	Matt Carlson <mcarlson@...adcom.com>,
	Kai-Heng Feng <kai.heng.feng@...onical.com>,
	Jean Delvare <jdelvare@...e.de>,
	Alex Williamson <alex.williamson@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] PCI/sysfs: Fix read permissions for VPD attributes

On Tue, Nov 05, 2024 at 09:51:30AM +0200, Leon Romanovsky wrote:
> On Mon, Nov 04, 2024 at 06:10:27PM -0600, Bjorn Helgaas wrote:
> > On Sun, Nov 03, 2024 at 02:33:44PM +0200, Leon Romanovsky wrote:
> > > On Fri, Nov 01, 2024 at 11:47:37AM -0500, Bjorn Helgaas wrote:
> > > > On Fri, Nov 01, 2024 at 04:33:00PM +0200, Leon Romanovsky wrote:
> > > > > On Thu, Oct 31, 2024 at 06:22:52PM -0500, Bjorn Helgaas wrote:
> > > > > > On Tue, Oct 29, 2024 at 07:04:50PM -0500, Bjorn Helgaas wrote:
> > > > > > > On Mon, Oct 28, 2024 at 10:05:33AM +0200, Leon Romanovsky wrote:
> > > > > > > > From: Leon Romanovsky <leonro@...dia.com>
> > > > > > > > 
> > > > > > > > The Virtual Product Data (VPD) attribute is not
> > > > > > > > readable by regular user without root permissions.
> > > > > > > > Such restriction is not really needed, as data
> > > > > > > > presented in that VPD is not sensitive at all.
> > > > > > > > 
> > > > > > > > This change aligns the permissions of the VPD
> > > > > > > > attribute to be accessible for read by all users,
> > > > > > > > while write being restricted to root only.
> ...

> > What's the use case?  How does an unprivileged user use the VPD
> > information?
> 
> We have to add new field keyword=value in VA section of VPD, which
> will indicate very specific sub-model for devices used as a bridge.
> 
> > I can certainly imagine using VPD for bug reporting, but that
> > would typically involve dmesg, dmidecode, lspci -vv, etc, all of
> > which already require privilege, so it's not clear to me how
> > public VPD info would help in that scenario.
> 
> I'm targeting other scenario - monitoring tool, which doesn't need
> root permissions for reading data. It needs to distinguish between
> NIC sub-models.

Maybe the driver could expose something in sysfs?  Maybe the driver
needs to know the sub-model as well, and reading VPD once in the
driver would make subsequent userspace sysfs reads trivial and fast.

Bjorn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ