Re: [Security] [PATCH 00/20] world-writable files in sysfs anddebugfs

From: Vasiliy Kulikov
Date: Tue Mar 15 2011 - 12:12:27 EST


On Tue, Mar 15, 2011 at 07:50 -0400, James Bottomley wrote:
> 1. Did anyone actually check for capabilities before assuming world
> writeable files were wrong?

I didn't check all these files as I haven't got these hardware :-) But
as I can "chmod a+w" all sysfs files on my machine and they all become
sensible to nonroot writes, I suppose there is nothing preventing
nonroot users from writing to these buggy sysfs files. As you can see,
there are no capable() checks in these drivers in open() or write().

> 2. Even if there aren't any capabilities checks in the implementing
> routines, should there be (are we going the separated
> capabilities route vs the monolithic root route)?

IMO, In any case old good DAC security model must not be obsoleted just
because someone thinks that MAC or anything else is more convenient for
him. If sysfs is implemented via filesystem then it must support POSIX
permissions semantic. MAC is very good in _some_ cases, but not instead
of DAC.

Thanks,

--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/