Re: The one and only "permission denied" in find /sys

[Kees Cook]

On October 13, 2021 1:12:16 PM PDT, Rob Landley <rob@xxxxxxxxxxx> wrote:
>There is exactly one directory in the whole of sysfs that a normal user can't
>read (at least on my stock devuan laptop):
>
>  $ find /sys -name potato
>  find: ‘/sys/fs/pstore’: Permission denied
>
>It's the "pstore" filesystem, it was explicitly broken by commit d7caa33687ce,
>and the commit seems to say this was to fix an issue that didn't exist yet but
>might someday.

Right, so, the problem did certainly exist: there was a capability check for opening the files, which made it difficult for pstore collector tools to run with sane least privileges. Adjusting the root directory was the simplest way to keep the files secure by default, and allow a system owner the ability to delegate collector permissions to a user or group via just a chmod on the root directory.

>Did whatever issue it was concerned about ever actually start happening? Why did
>you not change the permissions on the files _in_ the directory so they weren't
>world readable instead? Should /dev/shm stop being world ls-able as well?

Making the per-file permissions configurable at runtime was more complex for little additional gain.

/dev/shm has the benefit of having an existing permission model for each created file.

I wouldn't be opposed to a mount option to specify the default file owner/group, but it makes user space plumbing more difficult (i.e. last I checked, stuff like systemd tends to just mount kernel filesystems without options).

-Kees

-- 
Kees Cook