Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-04 Thread Peter Jones 
On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote:
> All the iSCSI boot entries are read-only anyway; it's unclear why the
> CAP_SYS_ADMIN restriction is in place since this information isn't
> particularly sensitive and cannot be changed.  Userspace applications
> may want to read this without requiring CAP_SYS_ADMIN for their
> entire process just for iBFT info.
> 
> Signed-off-by: Dan Williams 

Uh, because there are login credentials to the target in there.

> ---
>  drivers/scsi/iscsi_boot_sysfs.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/drivers/scsi/iscsi_boot_sysfs.c b/drivers/scsi/iscsi_boot_sysfs.c
> index d453667..4e9c324 100644
> --- a/drivers/scsi/iscsi_boot_sysfs.c
> +++ b/drivers/scsi/iscsi_boot_sysfs.c
> @@ -47,9 +47,6 @@ static ssize_t iscsi_boot_show_attribute(struct kobject 
> *kobj,
>   ssize_t ret = -EIO;
>   char *str = buf;
>  
> - if (!capable(CAP_SYS_ADMIN))
> - return -EACCES;
> -
>   if (boot_kobj->show)
>   ret = boot_kobj->show(boot_kobj->data, boot_attr->type, str);
>   return ret;
> -- 
> 2.7.4

-- 
  Peter

-- 
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to open-iscsi+unsubscr...@googlegroups.com.
To post to this group, send email to open-iscsi@googlegroups.com.
Visit this group at https://groups.google.com/group/open-iscsi.
For more options, visit https://groups.google.com/d/optout.

Re: [PATCH 2/2] RFC: iscsi ibft: convert iscsi_ibft module to iscsi boot lib

2010-04-13 Thread Peter Jones 
On 04/12/2010 10:36 PM, Konrad Rzeszutek Wilk wrote:
 On Monday 12 April 2010 22:32:33 Mike Christie wrote:
 On 04/12/2010 09:21 PM, Konrad Rzeszutek Wilk wrote:
 + * Helper routiners to check to determine if the entry is valid
 + * in the proper iBFT structure.
 + */
 +static mode_t ibft_check_nic_for(void *data, int type)
 +{
 +  struct ibft_kobject *entry = data;
 +  struct ibft_nic *nic = entry-nic;
 +  mode_t rc = 0;
 +
 +  switch (type) {
 +  case ISCSI_BOOT_ETH_INDEX:
 +  case ISCSI_BOOT_ETH_FLAGS:
 +  rc = 1;

 Did you mean for that value?

 +  break;
 +  case ISCSI_BOOT_ETH_IP_ADDR:
 +  if (memcmp(nic-ip_addr, nulls, sizeof(nic-ip_addr)))
 +  rc = S_IRUGO;
 +  break;
 +  case ISCSI_BOOT_ETH_SUBNET_MASK:
 +  if (nic-subnet_mask_prefix)
 +  rc = S_IRUGO;
 +  break;
 +  case ISCSI_BOOT_ETH_ORIGIN:
 +  rc = 1;

 and this one as well?

 I did not. They should be S_IRUGO. Do you want me to resubmit the
 patches or are you just going to edit those two lines if you merge them?
 
 No need to resend them (unless Peter eyes found something I missed).

Nope, that's all I see.

-- 
Peter

Sanity's just a one trick pony anyway.  You only get one trick -- rational
thinking -- but when you're good and crazy, the sky's the limit!
-- The Tick

-- 
You received this message because you are subscribed to the Google Groups 
open-iscsi group.
To post to this group, send email to open-is...@googlegroups.com.
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/open-iscsi?hl=en.