Re: [PATCH] powerpc/powernv: Make opal log only readable by root

From: Michael Ellerman <mpe@ellerman.id.au>
Date: 2019-02-27 11:56:53

Jordan Niethe [off-list ref] writes:

Currently the opal log is globally readable. It is kernel policy to limit
the visibility of physical addresses / kernel pointers to root.
Given this and the fact the opal log may contain this information it would
be better to limit the readability to root.

Yikes, thanks for fixing that.

I'll add a Fixes: tag and Cc stable.

I also see symbol_map is 0444, I think that should be fixed too.

cheers

quoted hunk ↗ jump to hunk

diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c b/arch/powerpc/platforms/powernv/opal-msglog.c
index acd3206dfae3..06628c71cef6 100644
--- a/arch/powerpc/platforms/powernv/opal-msglog.c
+++ b/arch/powerpc/platforms/powernv/opal-msglog.c

@@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct kobject *kobj,
 }
 
 static struct bin_attribute opal_msglog_attr = {
-	.attr = {.name = "msglog", .mode = 0444},
+	.attr = {.name = "msglog", .mode = 0400},
 	.read = opal_msglog_read
 };

-- 
2.20.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help