Re: [PATCH 9/9] sysfs: disallow world-writable files.

[Rusty Russell]

Gobinda Maji <gobinda.cemk07@xxxxxxxxx> writes:
> Hi Rusty,

Hi Gobinda,

> I have a small doubt about the permission restriction (User perms >=
> group perms >= other perms) in VERIFY_OCTAL_PERMISSIONS(). Please Note
> that permission field of User, Group or Other consists of three bits.
> LSB is EXECUTE permission, MSB is READ permission and the middle bit
> is WRITE permission. Say for example, permission value is "0431". Here
> User has only READ permission whereas Group has both WRITE and EXECUTE
> permission and Other has EXECUTE permission. I guess, it is not good
> to give Group the WRITE permission whereas User itself has no WRITE
> permission.

You're absolutely right, well spotted!  The checks can be tightened.  We
don't really care about execute, but logically write is "more
privileged" than read.

Best to separate the tests; OTHER_WRITABLE <= GROUP_WRITABLE <= OWNER_WRITABLE
and OTHER_READABLE <= GROUP_READABLE <= OWNER_READABLE.

A patch would be welcome!

Thanks,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/