diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2008-04-05 01:33:37 +0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2008-04-09 00:44:43 +0400 |
commit | bebb8a5e2cd30adcc5e9a14c3366a231da728aee (patch) | |
tree | d4965ea266e0415ecea063aa7e54fd41aaa311fe /net/mac80211/debugfs_netdev.c | |
parent | a82d992261f79506a0d55b9a179a211f96caf878 (diff) | |
download | linux-bebb8a5e2cd30adcc5e9a14c3366a231da728aee.tar.xz |
mac80211: make debugfs files root-only
Unfortunately, debugfs can be made to access invalid memory by
open()ing a file and then waiting until the corresponding debugfs
file has been removed (and, probably, the underlying object.)
That could be exploited by any user if the user is able to open
debugfs files and can cause networking devices, STA entries or
similar to disappear which is quite easy to do.
Hence, all debugfs files should be root-only.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/debugfs_netdev.c')
-rw-r--r-- | net/mac80211/debugfs_netdev.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index 3e19d42e61cb..55cd6fc3f2e0 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -243,7 +243,7 @@ IEEE80211_IF_WFILE(min_discovery_timeout, #define DEBUGFS_ADD(name, type)\ - sdata->debugfs.type.name = debugfs_create_file(#name, 0444,\ + sdata->debugfs.type.name = debugfs_create_file(#name, 0400,\ sdata->debugfsdir, sdata, &name##_ops); static void add_sta_files(struct ieee80211_sub_if_data *sdata) @@ -298,7 +298,7 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata) #ifdef CONFIG_MAC80211_MESH #define MESHSTATS_ADD(name)\ - sdata->mesh_stats.name = debugfs_create_file(#name, 0444,\ + sdata->mesh_stats.name = debugfs_create_file(#name, 0400,\ sdata->mesh_stats_dir, sdata, &name##_ops); static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) @@ -312,7 +312,7 @@ static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) } #define MESHPARAMS_ADD(name)\ - sdata->mesh_config.name = debugfs_create_file(#name, 0644,\ + sdata->mesh_config.name = debugfs_create_file(#name, 0600,\ sdata->mesh_config_dir, sdata, &name##_ops); static void add_mesh_config(struct ieee80211_sub_if_data *sdata) |