From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757529AbcHCJxX (ORCPT <rfc822;w@1wt.eu>);
	Wed, 3 Aug 2016 05:53:23 -0400
Received: from ipv4.connman.net ([82.165.8.211]:33604 "EHLO mail.holtmann.org"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1752679AbcHCJxV convert rfc822-to-8bit (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 3 Aug 2016 05:53:21 -0400
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: [PATCH] Add file permission mode helpers
From: Marcel Holtmann <marcel@holtmann.org>
In-Reply-To: <20160803082855.GA32280@kroah.com>
Date: Wed, 3 Aug 2016 11:53:06 +0200
Cc: Ingo Molnar <mingo@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Pavel Machek <pavel@ucw.cz>,
        Heiko Carstens <heiko.carstens@de.ibm.com>,
        Baole Ni <baolex.ni@intel.com>,
        Russell King - ARM Linux <linux@armlinux.org.uk>,
        "linux-arm-kernel@lists.infradead.org" 
	<linux-arm-kernel@lists.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        chuansheng.liu@intel.com
Content-Transfer-Encoding: 8BIT
Message-Id: <20EC504F-F679-4244-8C04-00165236D028@holtmann.org>
References: <CA+55aFw5v23T-zvDZp-MmD_EYxF8WbafwwB59934FV7g21uMGQ@mail.gmail.com> <20160803081140.GA7833@gmail.com> <20160803082855.GA32280@kroah.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
X-Mailer: Apple Mail (2.3124)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Greg,

>> An added advantage would be that during review it would stick out like a sore 
>> thumb if anyone used a 'weird' permission variant.
>> 
>> For example, if you saw these lines in a driver patch:
>> 
>> +	__ATTR(l1, 0444, driver_show_l4, NULL);
>> +		__ATTR(l3, 0446, driver_show_l4, NULL);
>> +			__ATTR(l2, 04444, driver_show_l4, NULL);
>> +		__ATTR(l4, 0444, driver_show_l4, NULL);
>> 
>> ... would you notice it at a glance that it contains two security holes?
> 
> I've tried to deal with that in the past with the __ATTR_RW() and
> __ATTR_RO() and __ATTR_WO() macros that more should be using.  I swept
> the tree a few years ago to try to fix up most of them, but I know I
> didn't catch them all, and more files have been added since then.

I said in another response that maybe module_param_rw and module_param_ro will make some sense. Not sure if they are easier to read or not. I mean for each usage, we could look at the tree and see what values are actually used. My bet is that for module_param only a few ones are used. I have the feeling it is 0444 or 0644 and nothing else. Maybe some outlaws with 0400 and 0600 that don't even need to be that secretive.

Regards

Marcel