linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Pavel Machek <pavel@ucw.cz>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Baole Ni <baolex.ni@intel.com>,
	Russell King - ARM Linux <linux@armlinux.org.uk>,
	"linux-arm-kernel@lists.infradead.org" 
	<linux-arm-kernel@lists.infradead.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	chuansheng.liu@intel.com
Subject: Re: [PATCH] Add file permission mode helpers
Date: Wed, 3 Aug 2016 10:39:03 +0200	[thread overview]
Message-ID: <20160803083902.GA3643@gmail.com> (raw)
In-Reply-To: <20160803082855.GA32280@kroah.com>


* Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:

> On Wed, Aug 03, 2016 at 10:11:40AM +0200, Ingo Molnar wrote:
> > An added advantage would be that during review it would stick out like a sore 
> > thumb if anyone used a 'weird' permission variant.
> > 
> > For example, if you saw these lines in a driver patch:
> > 
> > +	__ATTR(l1, 0444, driver_show_l4, NULL);
> > +		__ATTR(l3, 0446, driver_show_l4, NULL);
> > +			__ATTR(l2, 04444, driver_show_l4, NULL);
> > +		__ATTR(l4, 0444, driver_show_l4, NULL);
> > 
> > ... would you notice it at a glance that it contains two security holes?
> 
> I've tried to deal with that in the past with the __ATTR_RW() and
> __ATTR_RO() and __ATTR_WO() macros that more should be using.  I swept
> the tree a few years ago to try to fix up most of them, but I know I
> didn't catch them all, and more files have been added since then.
> 
> > While the weird permissions in this:
> > 
> > +		__ATTR(l1, PERM_r__r__r__,  driver_show_l4, NULL);
> > +		__ATTR(l3, PERM_r__r__rw_,  driver_show_l4, NULL);
> > +		__ATTR(l2, PERM_sr__r__r__, driver_show_l4, NULL);
> > +		__ATTR(l4, PERM_r__r__r__,  driver_show_l4, NULL);
> > 
> > Wouln't even build, because the dangerous patterns of PERM_r__r__rw_ or 
> > PERM_sr__r__r__ are not defined to begin with.
> 
> Because of that, odds are people will just stick to the octal numbers,
> because they think they want something other than the ones you defined
> for foolish reasons :)

For code I maintain I'd insist on contributors using the human readable versions, 
because in the past I've mixed up octals (and the symbolic helpers we have today) 
myself and I find the 'ls -l' format much easier to read because that's the 
primary file permission format I see every day working on code.

> That being said, I do like them much better than the macros we have today, which 
> I always have to go and look up every time I see them...

Same here!

I'm sure core VFS developers know all of the octals and the helpers by heart, but 
the set of maintainers accepting debugfs and sysfs file permission patches is much 
wider than that, so every little bit of clarity helps.

Thanks,

	Ingo

  reply	other threads:[~2016-08-03  8:59 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-02 20:58 Please don't replace numeric parameter like 0444 with macro Linus Torvalds
2016-08-02 21:53 ` Rob Landley
2016-08-02 23:39 ` [PATCH] checkpatch: Look for symbolic permissions and suggest octal instead Joe Perches
2016-08-03  0:15   ` Al Viro
2016-08-03  0:30     ` Joe Perches
2016-08-15 16:38   ` Joe Perches
2016-08-03  0:42 ` Please don't replace numeric parameter like 0444 with macro Al Viro
2016-08-03  8:07   ` Konstantin Khlebnikov
2016-08-03  8:30     ` Richard Weinberger
2016-08-03  8:11 ` [PATCH] Add file permission mode helpers Ingo Molnar
2016-08-03  8:28   ` Greg Kroah-Hartman
2016-08-03  8:39     ` Ingo Molnar [this message]
2016-08-03  9:21       ` Willy Tarreau
2016-08-03  9:53     ` Marcel Holtmann
2016-08-03 15:49   ` Joe Perches
2016-08-03 16:38   ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160803083902.GA3643@gmail.com \
    --to=mingo@kernel.org \
    --cc=baolex.ni@intel.com \
    --cc=chuansheng.liu@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=heiko.carstens@de.ibm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@armlinux.org.uk \
    --cc=pavel@ucw.cz \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).