Re: [PATCH] mtd: require write permissions for locking and badblock ioctls

From: Richard Weinberger
Date: Wed Mar 03 2021 - 13:40:53 EST

Next message: Mathieu Poirier: "Re: [PATCH v5 06/16] rpmsg: move the rpmsg control device from rpmsg_char to rpmsg_ctrl"
Previous message: Abhishek Pandit-Subedi: "[PATCH v3 0/1] Bluetooth: Suspend improvements"
In reply to: Michael Walle: "Re: [PATCH] mtd: require write permissions for locking and badblock ioctls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Ursprüngliche Mail -----
>>> Thanks for auditing the rest of these from my original patch. If this
>>> is ok with userspace tools, it's fine with me, but I don't even have
>>> this hardware to test with :)
>>
>> That's my fear. Michael, did you verify?
>
> I don't know any tools except the mtd-utils. So no.

openwrt folks have their own tooling, Anrdoid too.

>> In general you need to be root to open these device files.
>> So, I don't see a security problem here.
>
> Then this begs the question, why is this check there in
> the first place?

I fear historical reasons.
As soon you can open the device node you can do evil things.

> This come up because I was adding a OTPERASE which
> was suggested that is was a "dangerous" command. So I
> was puzzled why the ones above are considered "safe" ;)

:-)

Thanks,
//richard

Next message: Mathieu Poirier: "Re: [PATCH v5 06/16] rpmsg: move the rpmsg control device from rpmsg_char to rpmsg_ctrl"
Previous message: Abhishek Pandit-Subedi: "[PATCH v3 0/1] Bluetooth: Suspend improvements"
In reply to: Michael Walle: "Re: [PATCH] mtd: require write permissions for locking and badblock ioctls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]