lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 31 Oct 2019 16:40:57 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, shuah@...nel.org,
        ast@...nel.org, daniel@...earbox.net, rong.a.chen@...el.com,
        mlxsw@...lanox.com
Subject: Re: [patch net-next] selftests: bpf: don't try to read files
 without read permission

On Thu, 31 Oct 2019 16:35:35 -0700, Jakub Kicinski wrote:
> On Tue, 15 Oct 2019 12:00:56 +0200, Jiri Pirko wrote:
> > From: Jiri Pirko <jiri@...lanox.com>
> > 
> > Recently couple of files that are write only were added to netdevsim
> > debugfs. Don't read these files and avoid error.
> > 
> > Reported-by: kernel test robot <rong.a.chen@...el.com>
> > Signed-off-by: Jiri Pirko <jiri@...lanox.com>
> > ---
> >  tools/testing/selftests/bpf/test_offload.py | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/tools/testing/selftests/bpf/test_offload.py b/tools/testing/selftests/bpf/test_offload.py
> > index 15a666329a34..c44c650bde3a 100755
> > --- a/tools/testing/selftests/bpf/test_offload.py
> > +++ b/tools/testing/selftests/bpf/test_offload.py
> > @@ -312,7 +312,7 @@ class DebugfsDir:
> >              if f == "ports":
> >                  continue
> >              p = os.path.join(path, f)
> > -            if os.path.isfile(p):
> > +            if os.path.isfile(p) and os.access(p, os.R_OK):  
> 
> Have you tested this? Looks like python always returns True here when
> run as root, and this script requires root (and checks for it).

Yeah, you definitely haven't tested this. Even if it worked we'd fall
into the else condition and say:

Exception: /sys/kernel/debug/netdevsim/netdevsim0//ports/0/dev/take_snapshot is neither file nor directory

> Also the fix is needed in net, not sure why you sent it to net-next.
> 
> >                  _, out = cmd('cat %s/%s' % (path, f))
> >                  dfs[f] = out.strip()
> >              elif os.path.isdir(p):

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ