subject:"\[PATCH\] powerpc\/powernv\: Make opal log only readable by root"

Re: [PATCH] powerpc/powernv: Make opal log only readable by root

2019-02-27 Thread Michael Ellerman

Jordan Niethe  writes:

> Currently the opal log is globally readable. It is kernel policy to limit
> the visibility of physical addresses / kernel pointers to root.
> Given this and the fact the opal log may contain this information it would
> be better to limit the readability to root.

Yikes, thanks for fixing that.

I'll add a Fixes: tag and Cc stable.

I also see symbol_map is 0444, I think that should be fixed too.

cheers

> diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c 
> b/arch/powerpc/platforms/powernv/opal-msglog.c
> index acd3206dfae3..06628c71cef6 100644
> --- a/arch/powerpc/platforms/powernv/opal-msglog.c
> +++ b/arch/powerpc/platforms/powernv/opal-msglog.c
> @@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct 
> kobject *kobj,
>  }
>  
>  static struct bin_attribute opal_msglog_attr = {
> - .attr = {.name = "msglog", .mode = 0444},
> + .attr = {.name = "msglog", .mode = 0400},
>   .read = opal_msglog_read
>  };
>  
> -- 
> 2.20.1

Re: [PATCH] powerpc/powernv: Make opal log only readable by root

2019-02-26 Thread Andrew Donnellan


On 27/2/19 2:02 pm, Jordan Niethe wrote:

Currently the opal log is globally readable. It is kernel policy to limit
the visibility of physical addresses / kernel pointers to root.
Given this and the fact the opal log may contain this information it would
be better to limit the readability to root.

Signed-off-by: Jordan Niethe 


Guess I'll have to get used to typing sudo more often. :(

Makes sense also given that we do the same thing for exports afaict.

Reviewed-by: Andrew Donnellan 

--
Andrew Donnellan  OzLabs, ADL Canberra
andrew.donnel...@au1.ibm.com  IBM Australia Limited

Re: [PATCH] powerpc/powernv: Make opal log only readable by root

2019-02-26 Thread Stewart Smith

Jordan Niethe  writes:
> Currently the opal log is globally readable. It is kernel policy to limit
> the visibility of physical addresses / kernel pointers to root.
> Given this and the fact the opal log may contain this information it would
> be better to limit the readability to root.
>
> Signed-off-by: Jordan Niethe 

Yeah, this is a really good idea.

Reviewed-by: Stewart Smith 

-- 
Stewart Smith
OPAL Architect, IBM.

[PATCH] powerpc/powernv: Make opal log only readable by root

2019-02-26 Thread Jordan Niethe

Currently the opal log is globally readable. It is kernel policy to limit
the visibility of physical addresses / kernel pointers to root.
Given this and the fact the opal log may contain this information it would
be better to limit the readability to root.

Signed-off-by: Jordan Niethe 
---
 arch/powerpc/platforms/powernv/opal-msglog.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c 
b/arch/powerpc/platforms/powernv/opal-msglog.c
index acd3206dfae3..06628c71cef6 100644
--- a/arch/powerpc/platforms/powernv/opal-msglog.c
+++ b/arch/powerpc/platforms/powernv/opal-msglog.c
@@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct 
kobject *kobj,
 }
 
 static struct bin_attribute opal_msglog_attr = {
-   .attr = {.name = "msglog", .mode = 0444},
+   .attr = {.name = "msglog", .mode = 0400},
.read = opal_msglog_read
 };
 
-- 
2.20.1

Re: [PATCH] powerpc/powernv: Make opal log only readable by root

Re: [PATCH] powerpc/powernv: Make opal log only readable by root

Re: [PATCH] powerpc/powernv: Make opal log only readable by root

[PATCH] powerpc/powernv: Make opal log only readable by root

4 matches

Site Navigation

Mail list logo

Footer information