| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cb7dc726-f12b-4cd7-a121-aebc9c510771@nvidia.com> Date: Tue, 22 Apr 2025 06:32:00 +0000 From: Chaitanya Kulkarni <chaitanyak@...dia.com> To: Richard Weinberger <richard@....at>, "linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "a.hindborg@...nel.org" <a.hindborg@...nel.org>, "leitao@...ian.org" <leitao@...ian.org>, Chaitanya Kulkarni <chaitanyak@...dia.com>, "sagi@...mberg.me" <sagi@...mberg.me>, "hch@....de" <hch@....de>, "upstream+nvme@...ma-star.at" <upstream+nvme@...ma-star.at> Subject: Re: [PATCH 2/2] nvmet: Restrict in-band config files to root On 4/20/25 03:47, Richard Weinberger wrote: There is no need to have key material world readable. Signed-off-by: Richard Weinberger <richard@....at> --- drivers/nvme/target/configfs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c index e44ef69dffc2..7327543f161d 100644 --- a/drivers/nvme/target/configfs.c +++ b/drivers/nvme/target/configfs.c @@ -2128,7 +2128,7 @@ static ssize_t nvmet_host_dhchap_key_store(struct config_item *item, return ret < 0 ? ret : count; } -CONFIGFS_ATTR(nvmet_host_, dhchap_key); +CONFIGFS_ATTR_PERM(nvmet_host_, dhchap_key, S_IRUSR | S_IWUSR); Patch looks good to me, can we do something like this and use in the rest of the patch ? #define NVMET_CFGFS_ATTR_DEF_PERM (S_IRUSR | S_IWUSR) or Create a helper on the top of CONFIGFS_ATTR_PERM to wrap permission into that for all the CONFIGFS_ATTR_PERM() calls ? -ck
Powered by blists - more mailing lists