[PATCH] mtd: require write permissions for locking and badblock ioctls
Richard Weinberger
richard at nod.at
Wed Mar 3 16:34:01 GMT 2021
----- Ursprüngliche Mail -----
>>> Thanks for auditing the rest of these from my original patch. If this
>>> is ok with userspace tools, it's fine with me, but I don't even have
>>> this hardware to test with :)
>>
>> That's my fear. Michael, did you verify?
>
> I don't know any tools except the mtd-utils. So no.
openwrt folks have their own tooling, Anrdoid too.
>> In general you need to be root to open these device files.
>> So, I don't see a security problem here.
>
> Then this begs the question, why is this check there in
> the first place?
I fear historical reasons.
As soon you can open the device node you can do evil things.
> This come up because I was adding a OTPERASE which
> was suggested that is was a "dangerous" command. So I
> was puzzled why the ones above are considered "safe" ;)
:-)
Thanks,
//richard
More information about the linux-mtd
mailing list