From: Vasiliy Kulikov <segoon@openwall.com>
To: linux-kernel@vger.kernel.org
Cc: security@kernel.org, Corentin Chary <corentincj@iksaif.net>,
Karol Kozimor <sziwan@users.sourceforge.net>,
Matthew Garrett <mjg@redhat.com>,
acpi4asus-user@lists.sourceforge.net,
platform-driver-x86@vger.kernel.org
Subject: [PATCH 15/20] platform: x86: asus_acpi: world-writable procfs files
Date: Fri, 4 Feb 2011 15:23:59 +0300 [thread overview]
Message-ID: <59f50c896fa91e8b7822c71800c76063b0b58d2b.1296818921.git.segoon@openwall.com> (raw)
In-Reply-To: <cover.1296818921.git.segoon@openwall.com>
Don't allow everybody to change ACPI settings. The comment says that it
is done deliberatelly, however, the comment before disp_proc_write()
says that at least one of these setting is experimental.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
---
Compile tested only.
drivers/platform/x86/asus_acpi.c | 8 +-------
1 files changed, 1 insertions(+), 7 deletions(-)
diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c
index 4633fd8..fe49593 100644
--- a/drivers/platform/x86/asus_acpi.c
+++ b/drivers/platform/x86/asus_acpi.c
@@ -1081,14 +1081,8 @@ static int asus_hotk_add_fs(struct acpi_device *device)
struct proc_dir_entry *proc;
mode_t mode;
- /*
- * If parameter uid or gid is not changed, keep the default setting for
- * our proc entries (-rw-rw-rw-) else, it means we care about security,
- * and then set to -rw-rw----
- */
-
if ((asus_uid == 0) && (asus_gid == 0)) {
- mode = S_IFREG | S_IRUGO | S_IWUGO;
+ mode = S_IFREG | S_IRUGO | S_IWUSR | S_IWGRP;
} else {
mode = S_IFREG | S_IRUSR | S_IRGRP | S_IWUSR | S_IWGRP;
printk(KERN_WARNING " asus_uid and asus_gid parameters are "
--
1.7.0.4
WARNING: multiple messages have this Message-ID (diff)
From: Vasiliy Kulikov <segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: security-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
Karol Kozimor
<sziwan-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
acpi4asus-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
platform-driver-x86-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Matthew Garrett <mjg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: [PATCH 15/20] platform: x86: asus_acpi: world-writable procfs files
Date: Fri, 4 Feb 2011 15:23:59 +0300 [thread overview]
Message-ID: <59f50c896fa91e8b7822c71800c76063b0b58d2b.1296818921.git.segoon@openwall.com> (raw)
In-Reply-To: <cover.1296818921.git.segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
Don't allow everybody to change ACPI settings. The comment says that it
is done deliberatelly, however, the comment before disp_proc_write()
says that at least one of these setting is experimental.
Signed-off-by: Vasiliy Kulikov <segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
---
Compile tested only.
drivers/platform/x86/asus_acpi.c | 8 +-------
1 files changed, 1 insertions(+), 7 deletions(-)
diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c
index 4633fd8..fe49593 100644
--- a/drivers/platform/x86/asus_acpi.c
+++ b/drivers/platform/x86/asus_acpi.c
@@ -1081,14 +1081,8 @@ static int asus_hotk_add_fs(struct acpi_device *device)
struct proc_dir_entry *proc;
mode_t mode;
- /*
- * If parameter uid or gid is not changed, keep the default setting for
- * our proc entries (-rw-rw-rw-) else, it means we care about security,
- * and then set to -rw-rw----
- */
-
if ((asus_uid == 0) && (asus_gid == 0)) {
- mode = S_IFREG | S_IRUGO | S_IWUGO;
+ mode = S_IFREG | S_IRUGO | S_IWUSR | S_IWGRP;
} else {
mode = S_IFREG | S_IRUSR | S_IRGRP | S_IWUSR | S_IWGRP;
printk(KERN_WARNING " asus_uid and asus_gid parameters are "
--
1.7.0.4
------------------------------------------------------------------------------
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world?
http://p.sf.net/sfu/oracle-sfdevnlfb
next prev parent reply other threads:[~2011-02-04 12:24 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-04 12:22 [PATCH 00/20] world-writable files in sysfs and debugfs Vasiliy Kulikov
2011-02-04 12:22 ` Vasiliy Kulikov
2011-02-04 12:22 ` Vasiliy Kulikov
2011-02-04 12:22 ` Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 01/20] mach-omap2: mux: world-writable debugfs files Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-04 20:09 ` Tony Lindgren
2011-02-04 20:09 ` Tony Lindgren
2011-02-04 12:23 ` [PATCH 02/20] mach-omap2: pm: world-writable debugfs timer files Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-04 20:10 ` Tony Lindgren
2011-02-04 20:10 ` Tony Lindgren
2011-02-04 22:53 ` Kevin Hilman
2011-02-04 22:53 ` Kevin Hilman
2011-02-04 12:23 ` [PATCH 03/20] mach-omap2: smartreflex: world-writable debugfs voltage files Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-04 20:10 ` Tony Lindgren
2011-02-04 20:10 ` Tony Lindgren
2011-02-04 22:54 ` Kevin Hilman
2011-02-04 22:54 ` Kevin Hilman
2011-02-07 5:33 ` Menon, Nishanth
2011-02-07 5:33 ` Menon, Nishanth
2011-02-04 12:23 ` [PATCH 04/20] mach-ux500: mbox-db5500: world-writable sysfs fifo file Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 05/20] leds: lp5521: world-writable sysfs engine* files Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 06/20] leds: lp5523: world-writable engine* sysfs files Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 07/20] video: sn9c102: world-wirtable " Vasiliy Kulikov
2011-02-04 15:29 ` Mauro Carvalho Chehab
2011-02-04 20:28 ` Luca Risolia
2011-02-04 12:23 ` [PATCH 08/20] mfd: ab3100: world-writable debugfs *_priv files Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-18 17:01 ` Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 09/20] mfd: ab3500: world-writable debugfs register-* files Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 10/20] mfd: ab8500: " Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 11/20] misc: ep93xx_pwm: world-writable sysfs files Vasiliy Kulikov
2011-02-04 12:23 ` [PATCH 12/20] net: can: at91_can: " Vasiliy Kulikov
[not found] ` <a6800dc8b0daed78256f98f52844cbbb48f4a76d.1296818921.git.segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2011-02-04 12:42 ` Kurt Van Dijck
2011-02-04 12:42 ` Kurt Van Dijck
[not found] ` <20110204124233.GB334-MxZ6Iy/zr/UdbCeoMzGj59i2O/JbrIOy@public.gmane.org>
2011-02-04 21:06 ` David Miller
2011-02-04 21:06 ` David Miller
2011-02-07 11:38 ` About bittiming calculation result Tomoya MORINAGA
[not found] ` <5009516791F146C49C73FAC57C437313-c0cKtqp5df7I9507bXv2FdBPR1lH4CV8@public.gmane.org>
2011-02-07 12:00 ` Wolfgang Grandegger
2011-02-07 12:00 ` Wolfgang Grandegger
[not found] ` <4D4FDEF9.2030305-5Yr1BZd7O62+XT7JhA+gdA@public.gmane.org>
2011-02-07 15:52 ` Wolfgang Grandegger
2011-02-07 15:52 ` Wolfgang Grandegger
[not found] ` <4D501555.5000905-5Yr1BZd7O62+XT7JhA+gdA@public.gmane.org>
2011-02-08 1:27 ` Tomoya MORINAGA
2011-02-08 1:27 ` Tomoya MORINAGA
[not found] ` <93C12206407640199DCDD3A89A333F13-c0cKtqp5df7I9507bXv2FdBPR1lH4CV8@public.gmane.org>
2011-02-08 7:57 ` Wolfgang Grandegger
2011-02-08 7:57 ` Wolfgang Grandegger
2011-02-08 1:09 ` Tomoya MORINAGA
2011-02-08 1:09 ` Tomoya MORINAGA
[not found] ` <E2BAACFF191C4175854E6B2EB9135BE5-c0cKtqp5df7I9507bXv2FdBPR1lH4CV8@public.gmane.org>
2011-02-08 3:29 ` Bhupesh SHARMA
2011-02-08 3:29 ` Bhupesh SHARMA
[not found] ` <D5ECB3C7A6F99444980976A8C6D896384DEE2BE1A7-8vAmw3ZAcdzhJTuQ9jeba9BPR1lH4CV8@public.gmane.org>
2011-02-08 4:11 ` Tomoya MORINAGA
2011-02-08 4:11 ` Tomoya MORINAGA
2011-02-04 12:23 ` [PATCH 13/20] net: can: janz-ican3: world-writable sysfs termination file Vasiliy Kulikov
[not found] ` <6b49b9521416fbd50214485d3e14e5f254ada4f7.1296818921.git.segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2011-02-04 21:06 ` David Miller
2011-02-04 21:06 ` David Miller
2011-02-04 12:23 ` [PATCH 14/20] platform: x86: acer-wmi: world-writable sysfs threeg file Vasiliy Kulikov
2011-02-04 12:23 ` Vasiliy Kulikov [this message]
2011-02-04 12:23 ` [PATCH 15/20] platform: x86: asus_acpi: world-writable procfs files Vasiliy Kulikov
2011-02-04 12:53 ` Corentin Chary
2011-02-04 12:24 ` [PATCH 16/20] platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files Vasiliy Kulikov
2011-02-04 12:24 ` [PATCH 17/20] rtc: rtc-ds1511: world-writable sysfs nvram file Vasiliy Kulikov
2011-02-04 12:24 ` [PATCH 18/20] scsi: aic94xx: world-writable sysfs update_bios file Vasiliy Kulikov
2011-02-04 12:24 ` [PATCH 19/20] scsi: iscsi: world-writable sysfs priv_sess file Vasiliy Kulikov
[not found] ` <1ca8a99eaadde79e662573d89e4f17a20457fba0.1296818921.git.segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2011-03-13 8:28 ` Mike Christie
2011-03-13 8:28 ` Mike Christie
2011-02-04 12:24 ` [PATCH 20/20] fs: ubifs: world-writable debugfs dump_* files Vasiliy Kulikov
2011-02-04 12:24 ` Vasiliy Kulikov
2011-02-06 15:16 ` Artem Bityutskiy
2011-02-06 15:16 ` Artem Bityutskiy
2011-02-04 13:11 ` [rtc-linux] [PATCH 00/20] world-writable files in sysfs and debugfs Linus Walleij
2011-02-04 13:11 ` Linus Walleij
2011-02-04 13:11 ` Linus Walleij
2011-02-04 13:11 ` Linus Walleij
2011-02-21 11:42 ` Samuel Ortiz
2011-03-12 20:23 ` Vasiliy Kulikov
2011-03-12 20:23 ` Vasiliy Kulikov
2011-03-12 20:23 ` Vasiliy Kulikov
2011-03-14 22:18 ` [Security] " Andrew Morton
2011-03-14 22:18 ` Andrew Morton
2011-03-15 2:26 ` James Bottomley
2011-03-15 2:26 ` James Bottomley
2011-03-15 3:09 ` [Security] " Greg KH
2011-03-15 3:09 ` Greg KH
2011-03-15 11:50 ` James Bottomley
2011-03-15 11:50 ` James Bottomley
2011-03-15 14:18 ` Greg KH
2011-03-15 14:18 ` Greg KH
2011-03-15 14:25 ` James Bottomley
2011-03-15 14:25 ` James Bottomley
2011-03-15 16:08 ` Vasiliy Kulikov
2011-03-15 16:08 ` Vasiliy Kulikov
2011-03-15 16:32 ` James Bottomley
2011-03-15 16:32 ` James Bottomley
2011-03-15 16:32 ` James Bottomley
2011-03-12 20:23 ` Vasiliy Kulikov
2011-03-12 20:23 ` Vasiliy Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59f50c896fa91e8b7822c71800c76063b0b58d2b.1296818921.git.segoon@openwall.com \
--to=segoon@openwall.com \
--cc=acpi4asus-user@lists.sourceforge.net \
--cc=corentincj@iksaif.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=security@kernel.org \
--cc=sziwan@users.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.