lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241111163430.7fad2a2a@hermes.local>
Date: Mon, 11 Nov 2024 16:34:30 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: Bjorn Helgaas <helgaas@...nel.org>
Cc: Leon Romanovsky <leon@...nel.org>, Leon Romanovsky <leonro@...dia.com>,
 Krzysztof WilczyƄski <kw@...ux.com>,
 linux-pci@...r.kernel.org, Ariel Almog <ariela@...dia.com>, Aditya Prabhune
 <aprabhune@...dia.com>, Hannes Reinecke <hare@...e.de>, Heiner Kallweit
 <hkallweit1@...il.com>, Arun Easi <aeasi@...vell.com>, Jonathan Chocron
 <jonnyc@...zon.com>, Bert Kenward <bkenward@...arflare.com>, Matt Carlson
 <mcarlson@...adcom.com>, Kai-Heng Feng <kai.heng.feng@...onical.com>, Jean
 Delvare <jdelvare@...e.de>, Alex Williamson <alex.williamson@...hat.com>,
 linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v1 1/2] PCI/sysfs: Change read permissions for VPD
 attributes

On Mon, 11 Nov 2024 14:41:04 -0600
Bjorn Helgaas <helgaas@...nel.org> wrote:

> On Thu, Nov 07, 2024 at 08:56:56PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@...dia.com>
> > 
> > The Vital Product Data (VPD) attribute is not readable by regular
> > user without root permissions. Such restriction is not really needed
> > for many devices in the world, as data presented in that VPD is not
> > sensitive and access to the HW is safe and tested.
> > 
> > This change aligns the permissions of the VPD attribute to be accessible
> > for read by all users, while write being restricted to root only.
> > 
> > For the driver, there is a need to opt-in in order to allow this
> > functionality.  
> 
> I don't think the use case is very strong (and not included at all
> here).
> 
> If we do need to do this, I think it's a property of the device, not
> the driver.

I remember some broken PCI devices, which will crash if VPD is read.
Probably not worth opening this can of worms.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ