lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <354ce060-fc42-4c15-a851-51976aa653ad@app.fastmail.com>
Date: Tue, 25 Feb 2025 20:08:31 +0200
From: "Leon Romanovsky" <leon@...nel.org>
To: "Andrew Lunn" <andrew@...n.ch>
Cc: "Bjorn Helgaas" <helgaas@...nel.org>,
 Krzysztof Wilczyński <kw@...ux.com>,
 linux-pci@...r.kernel.org, "Ariel Almog" <ariela@...dia.com>,
 "Aditya Prabhune" <aprabhune@...dia.com>, "Hannes Reinecke" <hare@...e.de>,
 "Heiner Kallweit" <hkallweit1@...il.com>, "Arun Easi" <aeasi@...vell.com>,
 "Jonathan Chocron" <jonnyc@...zon.com>,
 "Bert Kenward" <bkenward@...arflare.com>,
 "Matt Carlson" <mcarlson@...adcom.com>,
 "Kai-Heng Feng" <kai.heng.feng@...onical.com>,
 "Jean Delvare" <jdelvare@...e.de>,
 "Alex Williamson" <alex.williamson@...hat.com>, linux-kernel@...r.kernel.org,
 netdev@...r.kernel.org, "Jakub Kicinski" <kuba@...nel.org>,
 Thomas Weißschuh <linux@...ssschuh.net>,
 "Stephen Hemminger" <stephen@...workplumber.org>
Subject: Re: [PATCH v4] PCI/sysfs: Change read permissions for VPD attributes



On Tue, Feb 25, 2025, at 19:30, Andrew Lunn wrote:
>> We always read VPD by using "sudo ..." command, until one of our customers
>> requested to provide a way to run monitoring library without any root access.
>> It runs on hypervisor and being non-root there is super important for them.
>
> You can chmod files in sys. So the administrator can change the
> permissions, and then non-root users can access it.
>
> This seems a more scalable solution that adding a special case in the
> kernel.

Special case is an outcome of discussion in previous versions. My initial patch which I believe is the right approach is to allow non-root read access to VPD for everyone.

Chmod solution is something that I thought, but for now I'm looking for the out of the box solution. Chmod still require from administrator to run   scripts with root permissions.

Thanks 

>
> 	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ