[PATCH] nvmem: core: make default user binary file root-access only
Srinivas Kandagatla
srinivas.kandagatla at linaro.org
Wed Oct 7 10:26:02 PDT 2015
On 07/10/15 18:12, Greg KH wrote:
> On Wed, Oct 07, 2015 at 06:01:03PM +0100, Srinivas Kandagatla wrote:
>>
>>
>> On 07/10/15 17:50, Greg KH wrote:
>>> On Wed, Oct 07, 2015 at 05:35:14PM +0100, Srinivas Kandagatla wrote:
>>>> As required by many providers like at24/at25/mxs-ocotp/qfprom, which would
>>>> want to allow root-only to read/write the nvmem content.
>>>> So making the defaults to be root-only access which can prevent normal
>>>> users from reading the nvmem data.
>>>>
>>>> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla at linaro.org>
>>>> ---
>>>> drivers/nvmem/core.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>>>> index 6fd4e5a..4d2e476 100644
>>>> --- a/drivers/nvmem/core.c
>>>> +++ b/drivers/nvmem/core.c
>>>> @@ -112,7 +112,7 @@ static ssize_t bin_attr_nvmem_write(struct file *filp, struct kobject *kobj,
>>>> static struct bin_attribute bin_attr_rw_nvmem = {
>>>> .attr = {
>>>> .name = "nvmem",
>>>> - .mode = S_IWUSR | S_IRUGO,
>>>> + .mode = S_IWUSR | S_IRUSR,
>>>> },
>>>> .read = bin_attr_nvmem_read,
>>>> .write = bin_attr_nvmem_write,
>>>> @@ -136,7 +136,7 @@ static const struct attribute_group *nvmem_rw_dev_groups[] = {
>>>> static struct bin_attribute bin_attr_ro_nvmem = {
>>>> .attr = {
>>>> .name = "nvmem",
>>>> - .mode = S_IRUGO,
>>>> + .mode = S_IRUSR,
>>>> },
>>>> .read = bin_attr_nvmem_read,
>>>> };
>>>
>>> How about using BIN_ATTR_RO() and friends instead, that way I _know_ you
>>> got the permissions correct as it's impossible to get them wrong by
>>> using those macros.
>> Yes, that sounds good, but there are no macros for just "S_IRUSR" or
>> "(S_IWUSR | S_IRUSR)" in ./include/linux/sysfs.h
>
> Then that means you are trying to do something "odd" and you shouldn't
> be doing that :)
>
The requirement originally came from a discussion regarding file
permissions set by at24 (drivers/mis/eeprom/at24.c) vs nvmem.
at24 driver sets the permission of root-only read/write, which is
different to what nvmem sets as default.
So this patch was primarily make nvmem framework inline with what
at24/at25 does.
Other argument was regarding the content of the nvmem which could have
things like keys and normal user should not be allowed read it.
--srini
> Use the standard attribute permissions (RO, RW), as those are the
> "safest" and what you really want to be using here, as you already are.
>
> thanks,
>
> greg k-h
>
More information about the linux-arm-kernel
mailing list