Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753740AbbEAL7k (ORCPT ); Fri, 1 May 2015 07:59:40 -0400 Received: from mail-oi0-f50.google.com ([209.85.218.50]:36332 "EHLO mail-oi0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751270AbbEAL7g (ORCPT ); Fri, 1 May 2015 07:59:36 -0400 MIME-Version: 1.0 Date: Fri, 1 May 2015 17:29:35 +0530 Message-ID: Subject: Re: [PATCH 9/9] sysfs: disallow world-writable files. From: Gobinda Maji To: Rusty Russell Cc: linux-next@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 998 Lines: 26 On 30 April 2015 at 07:32, Rusty Russell wrote: > You're absolutely right, well spotted! The checks can be tightened. We > don't really care about execute, but logically write is "more > privileged" than read. > > Best to separate the tests; OTHER_WRITABLE <= GROUP_WRITABLE <= OWNER_WRITABLE > and OTHER_READABLE <= GROUP_READABLE <= OWNER_READABLE. > > A patch would be welcome! Thanks for the suggestion. OTHER_WRITABLE is already not permitted. So, added the checks for GROUP_WRITABLE <= OWNER_WRITABLE for write and OTHER_READABLE <= GROUP_READABLE <= OWNER_READABLE for read. I am just sending a separate patch for this. The subject line will be "[PATCH] sysfs: tightened sysfs permission checks" -- Thanks, Gobinda -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/