aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2008-04-04 17:33:37 -0400
committerJohn W. Linville <linville@tuxdriver.com>2008-04-08 16:44:43 -0400
commitbebb8a5e2cd30adcc5e9a14c3366a231da728aee (patch)
treed4965ea266e0415ecea063aa7e54fd41aaa311fe
parenta82d992261f79506a0d55b9a179a211f96caf878 (diff)
mac80211: make debugfs files root-only
Unfortunately, debugfs can be made to access invalid memory by open()ing a file and then waiting until the corresponding debugfs file has been removed (and, probably, the underlying object.) That could be exploited by any user if the user is able to open debugfs files and can cause networking devices, STA entries or similar to disappear which is quite easy to do. Hence, all debugfs files should be root-only. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/mac80211/debugfs.c4
-rw-r--r--net/mac80211/debugfs_netdev.c6
-rw-r--r--net/mac80211/debugfs_sta.c2
3 files changed, 6 insertions, 6 deletions
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 4736c64937b4..f4bb08b62d1a 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -37,7 +37,7 @@ static const struct file_operations name## _ops = { \
37}; 37};
38 38
39#define DEBUGFS_ADD(name) \ 39#define DEBUGFS_ADD(name) \
40 local->debugfs.name = debugfs_create_file(#name, 0444, phyd, \ 40 local->debugfs.name = debugfs_create_file(#name, 0400, phyd, \
41 local, &name## _ops); 41 local, &name## _ops);
42 42
43#define DEBUGFS_DEL(name) \ 43#define DEBUGFS_DEL(name) \
@@ -130,7 +130,7 @@ static const struct file_operations stats_ ##name## _ops = { \
130}; 130};
131 131
132#define DEBUGFS_STATS_ADD(name) \ 132#define DEBUGFS_STATS_ADD(name) \
133 local->debugfs.stats.name = debugfs_create_file(#name, 0444, statsd,\ 133 local->debugfs.stats.name = debugfs_create_file(#name, 0400, statsd,\
134 local, &stats_ ##name## _ops); 134 local, &stats_ ##name## _ops);
135 135
136#define DEBUGFS_STATS_DEL(name) \ 136#define DEBUGFS_STATS_DEL(name) \
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 3e19d42e61cb..55cd6fc3f2e0 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -243,7 +243,7 @@ IEEE80211_IF_WFILE(min_discovery_timeout,
243 243
244 244
245#define DEBUGFS_ADD(name, type)\ 245#define DEBUGFS_ADD(name, type)\
246 sdata->debugfs.type.name = debugfs_create_file(#name, 0444,\ 246 sdata->debugfs.type.name = debugfs_create_file(#name, 0400,\
247 sdata->debugfsdir, sdata, &name##_ops); 247 sdata->debugfsdir, sdata, &name##_ops);
248 248
249static void add_sta_files(struct ieee80211_sub_if_data *sdata) 249static void add_sta_files(struct ieee80211_sub_if_data *sdata)
@@ -298,7 +298,7 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
298 298
299#ifdef CONFIG_MAC80211_MESH 299#ifdef CONFIG_MAC80211_MESH
300#define MESHSTATS_ADD(name)\ 300#define MESHSTATS_ADD(name)\
301 sdata->mesh_stats.name = debugfs_create_file(#name, 0444,\ 301 sdata->mesh_stats.name = debugfs_create_file(#name, 0400,\
302 sdata->mesh_stats_dir, sdata, &name##_ops); 302 sdata->mesh_stats_dir, sdata, &name##_ops);
303 303
304static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) 304static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
@@ -312,7 +312,7 @@ static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
312} 312}
313 313
314#define MESHPARAMS_ADD(name)\ 314#define MESHPARAMS_ADD(name)\
315 sdata->mesh_config.name = debugfs_create_file(#name, 0644,\ 315 sdata->mesh_config.name = debugfs_create_file(#name, 0600,\
316 sdata->mesh_config_dir, sdata, &name##_ops); 316 sdata->mesh_config_dir, sdata, &name##_ops);
317 317
318static void add_mesh_config(struct ieee80211_sub_if_data *sdata) 318static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 256ea880d28b..6d47a1d31b37 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -266,7 +266,7 @@ static ssize_t sta_agg_status_write(struct file *file,
266STA_OPS_WR(agg_status); 266STA_OPS_WR(agg_status);
267 267
268#define DEBUGFS_ADD(name) \ 268#define DEBUGFS_ADD(name) \
269 sta->debugfs.name = debugfs_create_file(#name, 0444, \ 269 sta->debugfs.name = debugfs_create_file(#name, 0400, \
270 sta->debugfs.dir, sta, &sta_ ##name## _ops); 270 sta->debugfs.dir, sta, &sta_ ##name## _ops);
271 271
272#define DEBUGFS_DEL(name) \ 272#define DEBUGFS_DEL(name) \