Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752840Ab1CODJJ (ORCPT ); Mon, 14 Mar 2011 23:09:09 -0400 Received: from kroah.org ([198.145.64.141]:50475 "EHLO coco.kroah.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750807Ab1CODJE (ORCPT ); Mon, 14 Mar 2011 23:09:04 -0400 Date: Mon, 14 Mar 2011 20:09:56 -0700 From: Greg KH To: James Bottomley Cc: Vasiliy Kulikov , security@kernel.org, acpi4asus-user@lists.sourceforge.net, linux-scsi@vger.kernel.org, rtc-linux@googlegroups.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org, open-iscsi@googlegroups.com, linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-media@vger.kernel.org Subject: Re: [Security] [PATCH 00/20] world-writable files in sysfs and debugfs Message-ID: <20110315030956.GA2234@kroah.com> References: <1300155965.5665.15.camel@mulgrave.site> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1300155965.5665.15.camel@mulgrave.site> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1261 Lines: 30 On Mon, Mar 14, 2011 at 10:26:05PM -0400, James Bottomley wrote: > On Sat, 2011-03-12 at 23:23 +0300, Vasiliy Kulikov wrote: > > > Vasiliy Kulikov (20): > > > mach-ux500: mbox-db5500: world-writable sysfs fifo file > > > leds: lp5521: world-writable sysfs engine* files > > > leds: lp5523: world-writable engine* sysfs files > > > misc: ep93xx_pwm: world-writable sysfs files > > > rtc: rtc-ds1511: world-writable sysfs nvram file > > > scsi: aic94xx: world-writable sysfs update_bios file > > > scsi: iscsi: world-writable sysfs priv_sess file > > > > These are still not merged :( > > OK, so I've not been tracking where we are in the dizzying ride on > security systems. However, I thought we landed up in the privilege > separation arena using capabilities. That means that world writeable > files aren't necessarily a problem as long as the correct capabilities > checks are in place, right? There are no capability checks on sysfs files right now, so these all need to be fixed. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/