* [PATCH] checkpatch: catch all world writable debugfs_create_file @ 2015-03-13 19:23 Nicholas Mc Guire 2015-03-13 20:16 ` Joe Perches ` (2 more replies) 0 siblings, 3 replies; 9+ messages in thread From: Nicholas Mc Guire @ 2015-03-13 19:23 UTC (permalink / raw) To: Andy Whitcroft; +Cc: Joe Perches, linux-kernel, Nicholas Mc Guire Currently checkpatch will fuss if one uses world writable settings in debugfs files by passing S_IWUGO but not when passing S_IWOTH, S_IRWXUGO or S_IALLUGO. This patch extends the check to catches all cases exporting world writable files Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org> --- The patch was tested against a set of trivial test-cases: t_file = debugfs_create_file("id", S_IWOTH, t_dir, NULL, &t_fops); t_file = debugfs_create_file("id", S_IWUGO, t_dir, NULL, &t_fops); t_file = debugfs_create_file("id", S_IRWXUGO, t_dir, NULL, &t_fops); t_file = debugfs_create_file("id", S_IALLUGO, t_dir, NULL, &t_fops); and t_file = debugfs_create_file("id", S_IWOTH | S_IXOTH, t_dir, NULL, &t_fops); Patch is against 4.0-rc3 (localversion-next is -next-20150313) scripts/checkpatch.pl | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 6b79beb..5def21c 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -5356,8 +5356,14 @@ sub process { } } - if ($line =~ /debugfs_create_file.*S_IWUGO/ || - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { + if ($line =~ /debugfs_create_file.*S_IWOTH/ || + $line =~ /debugfs_create_file.*S_IWUGO/ || + $line =~ /debugfs_create_file.*S_IRWXUGO/ || + $line =~ /debugfs_create_file.*S_IALLUGO/ || + $line =~ /DEVICE_ATTR.*S_IWOTH/ || + $line =~ /DEVICE_ATTR.*S_IWUGO/ || + $line =~ /DEVICE_ATTR.*S_IRWXUGO/ || + $line =~ /DEVICE_ATTR.*S_IALLUGO/ ) { WARN("EXPORTED_WORLD_WRITABLE", "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); } -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: catch all world writable debugfs_create_file 2015-03-13 19:23 [PATCH] checkpatch: catch all world writable debugfs_create_file Nicholas Mc Guire @ 2015-03-13 20:16 ` Joe Perches 2015-03-13 20:42 ` Joe Perches 2015-03-13 23:43 ` [PATCH] checkpatch: match more world writable permissions Joe Perches 2 siblings, 0 replies; 9+ messages in thread From: Joe Perches @ 2015-03-13 20:16 UTC (permalink / raw) To: Nicholas Mc Guire; +Cc: Andy Whitcroft, linux-kernel On Fri, 2015-03-13 at 15:23 -0400, Nicholas Mc Guire wrote: > Currently checkpatch will fuss if one uses world writable settings in debugfs > files by passing S_IWUGO but not when passing S_IWOTH, S_IRWXUGO or S_IALLUGO. > This patch extends the check to catches all cases exporting world writable > files Hi Nicholas > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl [] > @@ -5356,8 +5356,14 @@ sub process { > } > } > > - if ($line =~ /debugfs_create_file.*S_IWUGO/ || > - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { > + if ($line =~ /debugfs_create_file.*S_IWOTH/ || > + $line =~ /debugfs_create_file.*S_IWUGO/ || > + $line =~ /debugfs_create_file.*S_IRWXUGO/ || > + $line =~ /debugfs_create_file.*S_IALLUGO/ || > + $line =~ /DEVICE_ATTR.*S_IWOTH/ || > + $line =~ /DEVICE_ATTR.*S_IWUGO/ || > + $line =~ /DEVICE_ATTR.*S_IRWXUGO/ || > + $line =~ /DEVICE_ATTR.*S_IALLUGO/ ) { That seems sensible, but my preference would be to use a variable and extend it to find octal values like: $world_writable = qr{S_IWUGO|S_IWOTH|S_IWUGO|S_URWXUGO|S_IALLUGO|0[0-7][0-7][2367]}; if ($line =~ /debugfs_create_file.*\b$world_writable\b/ $line =~ /DEVICE_ATTR.*\b$world_writable\b/) > WARN("EXPORTED_WORLD_WRITABLE", > "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); > } ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: catch all world writable debugfs_create_file 2015-03-13 19:23 [PATCH] checkpatch: catch all world writable debugfs_create_file Nicholas Mc Guire 2015-03-13 20:16 ` Joe Perches @ 2015-03-13 20:42 ` Joe Perches 2015-03-13 23:43 ` [PATCH] checkpatch: match more world writable permissions Joe Perches 2 siblings, 0 replies; 9+ messages in thread From: Joe Perches @ 2015-03-13 20:42 UTC (permalink / raw) To: Nicholas Mc Guire Cc: Andy Whitcroft, linux-kernel, Ralf Baechle, Alexander Graf, Gleb Natapov, Paolo Bonzini, Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman, Kalle Valo, Sebastian Reichel, Dmitry Eremin-Solenikov, David Woodhouse, Steven Rostedt, Ingo Molnar On Fri, 2015-03-13 at 15:23 -0400, Nicholas Mc Guire wrote: > Currently checkpatch will fuss if one uses world writable settings in debugfs > files by passing S_IWUGO but not when passing S_IWOTH, S_IRWXUGO or S_IALLUGO. > This patch extends the check to catches all cases exporting world writable > files Maybe the debugfs_create_file should be debugfs_create_\w+ And there are also these octal matches: $ git grep -E -n "debugfs.*\b0[0-7][0-7][2367]" arch/mips/cavium-octeon/oct_ilm.c:75: show_dentry = debugfs_create_file("statistics", 0222, dir, NULL, arch/mips/cavium-octeon/oct_ilm.c:82: show_dentry = debugfs_create_file("reset", 0222, dir, NULL, arch/powerpc/kvm/timing.c:226: debugfs_file = debugfs_create_file(dbg_fname, 0666, drivers/misc/genwqe/card_debugfs.c:376: file = debugfs_create_x64("err_inject", 0666, root, &cd->err_inject); drivers/misc/genwqe/card_debugfs.c:382: file = debugfs_create_u32("ddcb_software_timeout", 0666, root, drivers/misc/genwqe/card_debugfs.c:389: file = debugfs_create_u32("kill_timeout", 0666, root, drivers/misc/genwqe/card_debugfs.c:461: file = debugfs_create_u32(name, 0666, root, drivers/misc/genwqe/card_debugfs.c:483: file = debugfs_create_u32("skip_recovery", 0666, root, drivers/misc/genwqe/card_debugfs.c:490: file = debugfs_create_u32("use_platform_recovery", 0666, root, drivers/net/wireless/mac80211_hwsim.c:2452: debugfs_create_file("ps", 0666, data->debugfs, data, &hwsim_fops_ps); drivers/net/wireless/mac80211_hwsim.c:2453: debugfs_create_file("group", 0666, data->debugfs, data, drivers/net/wireless/mac80211_hwsim.c:2456: debugfs_create_file("dfs_simulate_radar", 0222, drivers/power/axp288_fuel_gauge.c:333: info->debug_file = debugfs_create_file("fuelgauge", 0666, NULL, drivers/power/da9030_battery.c:191: charger->debug_file = debugfs_create_file("charger", 0666, NULL, kernel/trace/blktrace.c:499: bt->msg_file = debugfs_create_file("msg", 0222, dir, bt, &blk_msg_fops); ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] checkpatch: match more world writable permissions 2015-03-13 19:23 [PATCH] checkpatch: catch all world writable debugfs_create_file Nicholas Mc Guire 2015-03-13 20:16 ` Joe Perches 2015-03-13 20:42 ` Joe Perches @ 2015-03-13 23:43 ` Joe Perches 2015-03-14 7:35 ` Nicholas Mc Guire ` (2 more replies) 2 siblings, 3 replies; 9+ messages in thread From: Joe Perches @ 2015-03-13 23:43 UTC (permalink / raw) To: Nicholas Mc Guire, Andrew Morton; +Cc: Andy Whitcroft, linux-kernel Currently checkpatch will fuss if one uses world writable settings in debugfs files and DEVICE_ATTR uses by testing S_IWUGO but not testing S_IWOTH, S_IRWXUGO or S_IALLUGO. Extend the check to catch all cases exporting world writable permissions including octal values. Original-patch-by: Nicholas Mc Guire <hofrat@osadl.org> Signed-off-by: Joe Perches <joe@perches.com> --- scripts/checkpatch.pl | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 6b79beb..4f07d50 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -443,6 +443,14 @@ foreach my $entry (@mode_permission_funcs) { $mode_perms_search .= $entry->[0]; } +$our $mode_perms_world_writable = qr{ + S_IWUGO | + S_IWOTH | + S_IRWXUGO | + S_IALLUGO | + 0[0-7][0-7][2367] +}x; + our $allowed_asm_includes = qr{(?x: irq| memory| @@ -5356,8 +5364,8 @@ sub process { } } - if ($line =~ /debugfs_create_file.*S_IWUGO/ || - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { + if ($line =~ /debugfs_create_\w+.*\b$mode_perms_world_writable\b/ || + $line =~ /DEVICE_ATTR.*\b$mode_perms_world_writable\b/) { WARN("EXPORTED_WORLD_WRITABLE", "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); } ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: match more world writable permissions 2015-03-13 23:43 ` [PATCH] checkpatch: match more world writable permissions Joe Perches @ 2015-03-14 7:35 ` Nicholas Mc Guire 2015-03-14 14:32 ` Guenter Roeck 2015-03-17 23:17 ` Andrew Morton 2 siblings, 0 replies; 9+ messages in thread From: Nicholas Mc Guire @ 2015-03-14 7:35 UTC (permalink / raw) To: Joe Perches Cc: Nicholas Mc Guire, Andrew Morton, Andy Whitcroft, linux-kernel On Fri, 13 Mar 2015, Joe Perches wrote: > Currently checkpatch will fuss if one uses world writable > settings in debugfs files and DEVICE_ATTR uses by testing > S_IWUGO but not testing S_IWOTH, S_IRWXUGO or S_IALLUGO. > > Extend the check to catch all cases exporting world writable > permissions including octal values. > > Original-patch-by: Nicholas Mc Guire <hofrat@osadl.org> > Signed-off-by: Joe Perches <joe@perches.com> > --- > scripts/checkpatch.pl | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index 6b79beb..4f07d50 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -443,6 +443,14 @@ foreach my $entry (@mode_permission_funcs) { > $mode_perms_search .= $entry->[0]; > } > > +$our $mode_perms_world_writable = qr{ > + S_IWUGO | > + S_IWOTH | > + S_IRWXUGO | > + S_IALLUGO | > + 0[0-7][0-7][2367] > +}x; > + > our $allowed_asm_includes = qr{(?x: > irq| > memory| > @@ -5356,8 +5364,8 @@ sub process { > } > } > > - if ($line =~ /debugfs_create_file.*S_IWUGO/ || > - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { > + if ($line =~ /debugfs_create_\w+.*\b$mode_perms_world_writable\b/ || > + $line =~ /DEVICE_ATTR.*\b$mode_perms_world_writable\b/) { > WARN("EXPORTED_WORLD_WRITABLE", > "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); > } > > yup - thats definitely the clearner solution! thx! hofrat ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: match more world writable permissions 2015-03-13 23:43 ` [PATCH] checkpatch: match more world writable permissions Joe Perches 2015-03-14 7:35 ` Nicholas Mc Guire @ 2015-03-14 14:32 ` Guenter Roeck 2015-03-14 15:42 ` Joe Perches 2015-03-17 23:17 ` Andrew Morton 2 siblings, 1 reply; 9+ messages in thread From: Guenter Roeck @ 2015-03-14 14:32 UTC (permalink / raw) To: Joe Perches Cc: Nicholas Mc Guire, Andrew Morton, Andy Whitcroft, linux-kernel On Fri, Mar 13, 2015 at 04:43:43PM -0700, Joe Perches wrote: > Currently checkpatch will fuss if one uses world writable > settings in debugfs files and DEVICE_ATTR uses by testing > S_IWUGO but not testing S_IWOTH, S_IRWXUGO or S_IALLUGO. > > Extend the check to catch all cases exporting world writable > permissions including octal values. > > Original-patch-by: Nicholas Mc Guire <hofrat@osadl.org> > Signed-off-by: Joe Perches <joe@perches.com> > --- > scripts/checkpatch.pl | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index 6b79beb..4f07d50 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -443,6 +443,14 @@ foreach my $entry (@mode_permission_funcs) { > $mode_perms_search .= $entry->[0]; > } > > +$our $mode_perms_world_writable = qr{ > + S_IWUGO | > + S_IWOTH | > + S_IRWXUGO | > + S_IALLUGO | > + 0[0-7][0-7][2367] > +}x; > + > our $allowed_asm_includes = qr{(?x: > irq| > memory| > @@ -5356,8 +5364,8 @@ sub process { > } > } > > - if ($line =~ /debugfs_create_file.*S_IWUGO/ || > - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { > + if ($line =~ /debugfs_create_\w+.*\b$mode_perms_world_writable\b/ || > + $line =~ /DEVICE_ATTR.*\b$mode_perms_world_writable\b/) { > WARN("EXPORTED_WORLD_WRITABLE", > "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); With https://lkml.org/lkml/2015/3/12/412 in mind, maybe this should be marked as error, at least for sysfs attributes. Thanks, Guenter ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: match more world writable permissions 2015-03-14 14:32 ` Guenter Roeck @ 2015-03-14 15:42 ` Joe Perches 0 siblings, 0 replies; 9+ messages in thread From: Joe Perches @ 2015-03-14 15:42 UTC (permalink / raw) To: Guenter Roeck Cc: Nicholas Mc Guire, Andrew Morton, Andy Whitcroft, linux-kernel On Sat, 2015-03-14 at 07:32 -0700, Guenter Roeck wrote: > On Fri, Mar 13, 2015 at 04:43:43PM -0700, Joe Perches wrote: > > Currently checkpatch will fuss if one uses world writable > > settings in debugfs files and DEVICE_ATTR uses by testing > > S_IWUGO but not testing S_IWOTH, S_IRWXUGO or S_IALLUGO. > > > > Extend the check to catch all cases exporting world writable > > permissions including octal values. > > > > Original-patch-by: Nicholas Mc Guire <hofrat@osadl.org> > > Signed-off-by: Joe Perches <joe@perches.com> > > --- > > scripts/checkpatch.pl | 12 ++++++++++-- > > 1 file changed, 10 insertions(+), 2 deletions(-) > > > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > > index 6b79beb..4f07d50 100755 > > --- a/scripts/checkpatch.pl > > +++ b/scripts/checkpatch.pl > > @@ -443,6 +443,14 @@ foreach my $entry (@mode_permission_funcs) { > > $mode_perms_search .= $entry->[0]; > > } > > > > +$our $mode_perms_world_writable = qr{ > > + S_IWUGO | > > + S_IWOTH | > > + S_IRWXUGO | > > + S_IALLUGO | > > + 0[0-7][0-7][2367] > > +}x; > > + > > our $allowed_asm_includes = qr{(?x: > > irq| > > memory| > > @@ -5356,8 +5364,8 @@ sub process { > > } > > } > > > > - if ($line =~ /debugfs_create_file.*S_IWUGO/ || > > - $line =~ /DEVICE_ATTR.*S_IWUGO/ ) { > > + if ($line =~ /debugfs_create_\w+.*\b$mode_perms_world_writable\b/ || > > + $line =~ /DEVICE_ATTR.*\b$mode_perms_world_writable\b/) { > > WARN("EXPORTED_WORLD_WRITABLE", > > "Exporting world writable files is usually an error. Consider more restrictive permissions.\n" . $herecurr); > > With https://lkml.org/lkml/2015/3/12/412 in mind, maybe this should be > marked as error, at least for sysfs attributes. Maybe it's time for the debate this commit referenced: commit 58f86cc89c3372d3e61d5b71e5513ec5a0b02848 Author: Rusty Russell <rusty@rustcorp.com.au> Date: Mon Mar 24 12:00:34 2014 +1030 VERIFY_OCTAL_PERMISSIONS: stricter checking for sysfs perms. Summary of http://lkml.org/lkml/2014/3/14/363 : Ted: module_param(queue_depth, int, 444) Joe: 0444! Rusty: User perms >= group perms >= other perms? Joe: CLASS_ATTR, DEVICE_ATTR, SENSOR_ATTR and SENSOR_ATTR_2? Side effect of stricter permissions means removing the unnecessary S_IFREG from several callers. Note that the BUILD_BUG_ON_ZERO((perm) & 2) test was removed: a fair number of drivers fail this test, so that will be the debate for a future patch. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: match more world writable permissions 2015-03-13 23:43 ` [PATCH] checkpatch: match more world writable permissions Joe Perches 2015-03-14 7:35 ` Nicholas Mc Guire 2015-03-14 14:32 ` Guenter Roeck @ 2015-03-17 23:17 ` Andrew Morton 2015-03-18 5:56 ` Joe Perches 2 siblings, 1 reply; 9+ messages in thread From: Andrew Morton @ 2015-03-17 23:17 UTC (permalink / raw) To: Joe Perches; +Cc: Nicholas Mc Guire, Andy Whitcroft, linux-kernel On Fri, 13 Mar 2015 16:43:43 -0700 Joe Perches <joe@perches.com> wrote: > Currently checkpatch will fuss if one uses world writable > settings in debugfs files and DEVICE_ATTR uses by testing > S_IWUGO but not testing S_IWOTH, S_IRWXUGO or S_IALLUGO. > > Extend the check to catch all cases exporting world writable > permissions including octal values. > > @@ -443,6 +443,14 @@ foreach my $entry (@mode_permission_funcs) { > $mode_perms_search .= $entry->[0]; > } > > +$our $mode_perms_world_writable = qr{ > + S_IWUGO | > + S_IWOTH | > + S_IRWXUGO | > + S_IALLUGO | > + 0[0-7][0-7][2367] > +}x; > + Scalar found where operator expected at scripts/checkpatch.pl line 446, near "$our $mode_perms_world_writable" (Missing operator before $mode_perms_world_writable?) Global symbol "$our" requires explicit package name at scripts/checkpatch.pl line 446. syntax error at scripts/checkpatch.pl line 446, near "$our $mode_perms_world_writable " Global symbol "$mode_perms_world_writable" requires explicit package name at scripts/checkpatch.pl line 446. BEGIN not safe after errors--compilation aborted at scripts/checkpatch.pl line 663. akpm3:/usr/src/25> perl --version This is perl 5, version 18, subversion 2 (v5.18.2) built for x86_64-linux-gnu-thread-multi This? --- a/scripts/checkpatch.pl~checkpatch-match-more-world-writable-permissions-fix +++ a/scripts/checkpatch.pl @@ -443,7 +443,7 @@ foreach my $entry (@mode_permission_func $mode_perms_search .= $entry->[0]; } -$our $mode_perms_world_writable = qr{ +our $mode_perms_world_writable = qr{ S_IWUGO | S_IWOTH | S_IRWXUGO | _ ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] checkpatch: match more world writable permissions 2015-03-17 23:17 ` Andrew Morton @ 2015-03-18 5:56 ` Joe Perches 0 siblings, 0 replies; 9+ messages in thread From: Joe Perches @ 2015-03-18 5:56 UTC (permalink / raw) To: Andrew Morton; +Cc: Nicholas Mc Guire, Andy Whitcroft, linux-kernel On Tue, 2015-03-17 at 16:17 -0700, Andrew Morton wrote: > --- a/scripts/checkpatch.pl~checkpatch-match-more-world-writable-permissions-fix [] > -$our $mode_perms_world_writable = qr{ > +our $mode_perms_world_writable = qr{ You're a perl monk too? Cool! Thanks. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2015-03-18 5:57 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-03-13 19:23 [PATCH] checkpatch: catch all world writable debugfs_create_file Nicholas Mc Guire 2015-03-13 20:16 ` Joe Perches 2015-03-13 20:42 ` Joe Perches 2015-03-13 23:43 ` [PATCH] checkpatch: match more world writable permissions Joe Perches 2015-03-14 7:35 ` Nicholas Mc Guire 2015-03-14 14:32 ` Guenter Roeck 2015-03-14 15:42 ` Joe Perches 2015-03-17 23:17 ` Andrew Morton 2015-03-18 5:56 ` Joe Perches
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).