From: Vasiliy Kulikov <segoon@openwall•com>
To: linux-kernel@vger•kernel.org
Cc: Mike Christie <michaelc@cs•wisc.edu>,
Srinidhi Kasagar <srinidhi.kasagar@stericsson•com>,
Tony Lindgren <tony@atomide•com>,
platform-driver-x86@vger•kernel.org,
socketcan-core@lists•berlios.de,
Corentin Chary <corentincj@iksaif•net>,
"James E.J. Bottomley" <James.Bottomley@suse•de>,
Julia Lawall <julia@diku•dk>,
Russell King <linux@arm•linux.org.uk>,
Samuel Ortiz <sameo@linux•intel.com>,
linux-scsi@vger•kernel.org,
Karol Kozimor <sziwan@users•sourceforge.net>,
Kevin Hilman <khilman@deeprootsystems•com>,
Luca Risolia <luca.risolia@studio•unibo.it>,
open-iscsi@googlegroups•com,
Wolfgang Grandegger <wg@grandegger•com>,
Matthew Garrett <mjg@redhat•com>,
acpi4asus-user@lists•sourceforge.net, rtc-linux@googlegroups•com,
Carlos Corbacho <carlos@strangeworlds•co.uk>,
Mauro Carvalho Chehab <mchehab@infradead•org>,
linux-omap@vger•kernel.org, linux-arm-kernel@lists•infradead.org,
Subject: [PATCH 00/20] world-writable files in sysfs and debugfs
Date: Fri, 4 Feb 2011 15:22:29 +0300 [thread overview]
Message-ID: <cover.1296818921.git.segoon@openwall.com> (raw)
The search was made with trivial shell commands:
find | xargs grep S_IWUGO
find | xargs grep S_IWOTH
I didn't precisely investigate how exactly one may damage the
system/hardware because of issues number, maybe the harm is very limited
in case of some of these drivers.
One suspicious file is ./staging/speakup/speakup.h, but it explitly calls
macros as world-writable. I didn't check what speakup's world-writable
files provide because it requires some knowledge about the hardware.
Vasiliy Kulikov (20):
mach-omap2: mux: world-writable debugfs files
mach-omap2: pm: world-writable debugfs timer files
mach-omap2: smartreflex: world-writable debugfs voltage files
mach-ux500: mbox-db5500: world-writable sysfs fifo file
leds: lp5521: world-writable sysfs engine* files
leds: lp5523: world-writable engine* sysfs files
video: sn9c102: world-wirtable sysfs files
mfd: ab3100: world-writable debugfs *_priv files
mfd: ab3500: world-writable debugfs register-* files
mfd: ab8500: world-writable debugfs register-* files
misc: ep93xx_pwm: world-writable sysfs files
net: can: at91_can: world-writable sysfs files
net: can: janz-ican3: world-writable sysfs termination file
platform: x86: acer-wmi: world-writable sysfs threeg file
platform: x86: asus_acpi: world-writable procfs files
platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files
rtc: rtc-ds1511: world-writable sysfs nvram file
scsi: aic94xx: world-writable sysfs update_bios file
scsi: iscsi: world-writable sysfs priv_sess file
fs: ubifs: world-writable debugfs dump_* files
arch/arm/mach-omap2/mux.c | 2 +-
arch/arm/mach-omap2/pm-debug.c | 8 ++++----
arch/arm/mach-omap2/smartreflex.c | 4 ++--
arch/arm/mach-ux500/mbox-db5500.c | 2 +-
drivers/leds/leds-lp5521.c | 14 +++++++-------
drivers/leds/leds-lp5523.c | 20 ++++++++++----------
drivers/media/video/sn9c102/sn9c102_core.c | 6 +++---
drivers/mfd/ab3100-core.c | 4 ++--
drivers/mfd/ab3550-core.c | 6 +++---
drivers/mfd/ab8500-debugfs.c | 6 +++---
drivers/misc/ep93xx_pwm.c | 6 +++---
drivers/net/can/at91_can.c | 2 +-
drivers/net/can/janz-ican3.c | 2 +-
drivers/platform/x86/acer-wmi.c | 2 +-
drivers/platform/x86/asus_acpi.c | 8 +-------
drivers/platform/x86/tc1100-wmi.c | 2 +-
drivers/rtc/rtc-ds1511.c | 2 +-
drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
drivers/scsi/scsi_transport_iscsi.c | 2 +-
fs/ubifs/debug.c | 6 +++---
20 files changed, 50 insertions(+), 56 deletions(-)
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
next reply other threads:[~2011-02-04 12:22 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-04 12:22 Vasiliy Kulikov [this message]
2011-02-04 12:23 ` [PATCH 12/20] net: can: at91_can: world-writable sysfs files Vasiliy Kulikov
[not found] ` <a6800dc8b0daed78256f98f52844cbbb48f4a76d.1296818921.git.segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2011-02-04 12:42 ` Kurt Van Dijck
[not found] ` <20110204124233.GB334-MxZ6Iy/zr/UdbCeoMzGj59i2O/JbrIOy@public.gmane.org>
2011-02-04 21:06 ` David Miller
2011-02-07 11:38 ` About bittiming calculation result Tomoya MORINAGA
[not found] ` <5009516791F146C49C73FAC57C437313-c0cKtqp5df7I9507bXv2FdBPR1lH4CV8@public.gmane.org>
2011-02-07 12:00 ` Wolfgang Grandegger
[not found] ` <4D4FDEF9.2030305-5Yr1BZd7O62+XT7JhA+gdA@public.gmane.org>
2011-02-07 15:52 ` Wolfgang Grandegger
[not found] ` <4D501555.5000905-5Yr1BZd7O62+XT7JhA+gdA@public.gmane.org>
2011-02-08 1:27 ` Tomoya MORINAGA
[not found] ` <93C12206407640199DCDD3A89A333F13-c0cKtqp5df7I9507bXv2FdBPR1lH4CV8@public.gmane.org>
2011-02-08 7:57 ` Wolfgang Grandegger
2011-02-08 1:09 ` Tomoya MORINAGA
[not found] ` <E2BAACFF191C4175854E6B2EB9135BE5-c0cKtqp5df7I9507bXv2FdBPR1lH4CV8@public.gmane.org>
2011-02-08 3:29 ` Bhupesh SHARMA
[not found] ` <D5ECB3C7A6F99444980976A8C6D896384DEE2BE1A7-8vAmw3ZAcdzhJTuQ9jeba9BPR1lH4CV8@public.gmane.org>
2011-02-08 4:11 ` Tomoya MORINAGA
2011-02-04 12:23 ` [PATCH 13/20] net: can: janz-ican3: world-writable sysfs termination file Vasiliy Kulikov
[not found] ` <6b49b9521416fbd50214485d3e14e5f254ada4f7.1296818921.git.segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2011-02-04 21:06 ` David Miller
2011-02-04 13:11 ` [rtc-linux] [PATCH 00/20] world-writable files in sysfs and debugfs Linus Walleij
-- strict thread matches above, loose matches on Subject: below --
2011-02-04 14:00 Vasiliy Kulikov
2011-02-07 19:38 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1296818921.git.segoon@openwall.com \
--to=segoon@openwall$(echo .)com \
--cc=James.Bottomley@suse$(echo .)de \
--cc=acpi4asus-user@lists$(echo .)sourceforge.net \
--cc=carlos@strangeworlds$(echo .)co.uk \
--cc=corentincj@iksaif$(echo .)net \
--cc=julia@diku$(echo .)dk \
--cc=khilman@deeprootsystems$(echo .)com \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-omap@vger$(echo .)kernel.org \
--cc=linux-scsi@vger$(echo .)kernel.org \
--cc=linux@arm$(echo .)linux.org.uk \
--cc=luca.risolia@studio$(echo .)unibo.it \
--cc=mchehab@infradead$(echo .)org \
--cc=michaelc@cs$(echo .)wisc.edu \
--cc=mjg@redhat$(echo .)com \
--cc=open-iscsi@googlegroups$(echo .)com \
--cc=platform-driver-x86@vger$(echo .)kernel.org \
--cc=rtc-linux@googlegroups$(echo .)com \
--cc=sameo@linux$(echo .)intel.com \
--cc=socketcan-core@lists$(echo .)berlios.de \
--cc=srinidhi.kasagar@stericsson$(echo .)com \
--cc=sziwan@users$(echo .)sourceforge.net \
--cc=tony@atomide$(echo .)com \
--cc=wg@grandegger$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox