Re: [PATCH] x86/mm/ptdump: Make (debugfs)/kernel_page_tables read-only
From: Kees Cook
Date: Fri Dec 04 2015 - 08:57:12 EST
On Mon, Nov 30, 2015 at 4:12 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
> From: Borislav Petkov <bp@xxxxxxx>
>
> File should be created with S_IRUSR and not with S_IWUSR too because
> writing to it doesn't make any sense. I mean, we don't have a ->write
> method anyway but let's have the permissions correct too.
>
> Signed-off-by: Borislav Petkov <bp@xxxxxxx>
> Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
We need a EHAHANOPE errno and have write return that. ;)
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
> ---
> arch/x86/mm/debug_pagetables.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/mm/debug_pagetables.c b/arch/x86/mm/debug_pagetables.c
> index b35ee86a9316..bfcffdf6c577 100644
> --- a/arch/x86/mm/debug_pagetables.c
> +++ b/arch/x86/mm/debug_pagetables.c
> @@ -26,7 +26,7 @@ static struct dentry *pe;
>
> static int __init pt_dump_debug_init(void)
> {
> - pe = debugfs_create_file("kernel_page_tables", 0600, NULL, NULL,
> + pe = debugfs_create_file("kernel_page_tables", S_IRUSR, NULL, NULL,
> &ptdump_fops);
> if (!pe)
> return -ENOMEM;
> --
> 2.3.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Kees Cook
Chrome OS & Brillo Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/