Am 2021-03-03 17:17, schrieb Richard Weinberger:
Michael,
----- Ursprüngliche Mail -----
Von: "Greg Kroah-Hartman" <gre...@linuxfoundation.org>
An: "Michael Walle" <mich...@walle.cc>
CC: "linux-mtd" <linux-...@lists.infradead.org>, "linux-kernel"
<linux-kernel@vger.kernel.org>, "Miquel Raynal"
<miquel.ray...@bootlin.com>, "richard" <rich...@nod.at>, "Vignesh
Raghavendra" <vigne...@ti.com>
Gesendet: Mittwoch, 3. März 2021 17:08:56
Betreff: Re: [PATCH] mtd: require write permissions for locking and
badblock ioctls
On Wed, Mar 03, 2021 at 04:57:35PM +0100, Michael Walle wrote:
MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
write permission. Depending on the hardware MEMLOCK might even be
write-once, e.g. for SPI-NOR flashes with their WP# tied to GND.
OTPLOCK
is always write-once.
MEMSETBADBLOCK modifies the bad block table.
Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for
permissions")
Signed-off-by: Michael Walle <mich...@walle.cc>
---
drivers/mtd/mtdchar.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Thanks for auditing the rest of these from my original patch. If this
is ok with userspace tools, it's fine with me, but I don't even have
this hardware to test with :)
That's my fear. Michael, did you verify?
I don't know any tools except the mtd-utils. So no.
In general you need to be root to open these device files.
So, I don't see a security problem here.
Then this begs the question, why is this check there in
the first place?
This come up because I was adding a OTPERASE which
was suggested that is was a "dangerous" command. So I
was puzzled why the ones above are considered "safe" ;)
-michael