Am 2021-03-03 17:17, schrieb Richard Weinberger:
Michael,
----- Ursprüngliche Mail -----
Von: "Greg Kroah-Hartman" <[email protected]>
An: "Michael Walle" <[email protected]>
CC: "linux-mtd" <[email protected]>, "linux-kernel"
<[email protected]>, "Miquel Raynal"
<[email protected]>, "richard" <[email protected]>, "Vignesh
Raghavendra" <[email protected]>
Gesendet: Mittwoch, 3. März 2021 17:08:56
Betreff: Re: [PATCH] mtd: require write permissions for locking and
badblock ioctls
On Wed, Mar 03, 2021 at 04:57:35PM +0100, Michael Walle wrote:
MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
write permission. Depending on the hardware MEMLOCK might even be
write-once, e.g. for SPI-NOR flashes with their WP# tied to GND.
OTPLOCK
is always write-once.
MEMSETBADBLOCK modifies the bad block table.
Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for
permissions")
Signed-off-by: Michael Walle <[email protected]>
---
drivers/mtd/mtdchar.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Thanks for auditing the rest of these from my original patch. If this
is ok with userspace tools, it's fine with me, but I don't even have
this hardware to test with :)
That's my fear. Michael, did you verify?
I don't know any tools except the mtd-utils. So no.
In general you need to be root to open these device files.
So, I don't see a security problem here.
Then this begs the question, why is this check there in
the first place?
This come up because I was adding a OTPERASE which
was suggested that is was a "dangerous" command. So I
was puzzled why the ones above are considered "safe" ;)
-michael
