Re: [PATCH] powerpc/powernv: Make opal log only readable by root
Jordan Niethe writes: > Currently the opal log is globally readable. It is kernel policy to limit > the visibility of physical addresses / kernel pointers to root. > Given this and the fact the opal log may contain this information it would > be better to limit the readability to root. Yikes, thanks for fixing that. I'll add a Fixes: tag and Cc stable. I also see symbol_map is 0444, I think that should be fixed too. cheers > diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c > b/arch/powerpc/platforms/powernv/opal-msglog.c > index acd3206dfae3..06628c71cef6 100644 > --- a/arch/powerpc/platforms/powernv/opal-msglog.c > +++ b/arch/powerpc/platforms/powernv/opal-msglog.c > @@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct > kobject *kobj, > } > > static struct bin_attribute opal_msglog_attr = { > - .attr = {.name = "msglog", .mode = 0444}, > + .attr = {.name = "msglog", .mode = 0400}, > .read = opal_msglog_read > }; > > -- > 2.20.1
Re: [PATCH] powerpc/powernv: Make opal log only readable by root
On 27/2/19 2:02 pm, Jordan Niethe wrote: Currently the opal log is globally readable. It is kernel policy to limit the visibility of physical addresses / kernel pointers to root. Given this and the fact the opal log may contain this information it would be better to limit the readability to root. Signed-off-by: Jordan Niethe Guess I'll have to get used to typing sudo more often. :( Makes sense also given that we do the same thing for exports afaict. Reviewed-by: Andrew Donnellan -- Andrew Donnellan OzLabs, ADL Canberra andrew.donnel...@au1.ibm.com IBM Australia Limited
Re: [PATCH] powerpc/powernv: Make opal log only readable by root
Jordan Niethe writes: > Currently the opal log is globally readable. It is kernel policy to limit > the visibility of physical addresses / kernel pointers to root. > Given this and the fact the opal log may contain this information it would > be better to limit the readability to root. > > Signed-off-by: Jordan Niethe Yeah, this is a really good idea. Reviewed-by: Stewart Smith -- Stewart Smith OPAL Architect, IBM.
[PATCH] powerpc/powernv: Make opal log only readable by root
Currently the opal log is globally readable. It is kernel policy to limit the visibility of physical addresses / kernel pointers to root. Given this and the fact the opal log may contain this information it would be better to limit the readability to root. Signed-off-by: Jordan Niethe --- arch/powerpc/platforms/powernv/opal-msglog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c b/arch/powerpc/platforms/powernv/opal-msglog.c index acd3206dfae3..06628c71cef6 100644 --- a/arch/powerpc/platforms/powernv/opal-msglog.c +++ b/arch/powerpc/platforms/powernv/opal-msglog.c @@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct kobject *kobj, } static struct bin_attribute opal_msglog_attr = { - .attr = {.name = "msglog", .mode = 0444}, + .attr = {.name = "msglog", .mode = 0400}, .read = opal_msglog_read }; -- 2.20.1