This bug is not seen on most machines. Reads on tpm/tpm0/ppi/*operations
can become very long on misconfigured systems. Reading the TPM is a
blocking operation, thus a user could effectively trigger a DOS.
Resolve this by restricting unprivileged user from reading the
above-mentioned device files.
Reported-by: Jan Stancek <jstan...@redhat.com>
Signed-off-by: Denis Aleksandrov <dalek...@redhat.com>
---
Running scripts/checkpatch.pl suggested that the permissions be
changed to octal format. What do the maintainers think of this?
The rest of the permissions in the file are macros.
Lastly, this bug was reproduced and the fix was tested accordingly.
drivers/char/tpm/tpm_ppi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index bc7b1b4501b3..ac6e0aee566e 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -347,8 +347,8 @@ static DEVICE_ATTR(request, S_IRUGO | S_IWUSR | S_IWGRP,
static DEVICE_ATTR(transition_action, S_IRUGO,
tpm_show_ppi_transition_action, NULL);
static DEVICE_ATTR(response, S_IRUGO, tpm_show_ppi_response, NULL);
-static DEVICE_ATTR(tcg_operations, S_IRUGO, tpm_show_ppi_tcg_operations, NULL);
-static DEVICE_ATTR(vs_operations, S_IRUGO, tpm_show_ppi_vs_operations, NULL);
+static DEVICE_ATTR(tcg_operations, S_IRUSR | S_IRGRP,
tpm_show_ppi_tcg_operations, NULL);
+static DEVICE_ATTR(vs_operations, S_IRUSR | S_IRGRP,
tpm_show_ppi_vs_operations, NULL);
static struct attribute *ppi_attrs[] = {
&dev_attr_version.attr,
--
2.48.1
