Commit bebb8a5e authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

mac80211: make debugfs files root-only

Unfortunately, debugfs can be made to access invalid memory by
open()ing a file and then waiting until the corresponding debugfs
file has been removed (and, probably, the underlying object.)

That could be exploited by any user if the user is able to open
debugfs files and can cause networking devices, STA entries or
similar to disappear which is quite easy to do.

Hence, all debugfs files should be root-only.
Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent a82d9922
...@@ -37,7 +37,7 @@ static const struct file_operations name## _ops = { \ ...@@ -37,7 +37,7 @@ static const struct file_operations name## _ops = { \
}; };
#define DEBUGFS_ADD(name) \ #define DEBUGFS_ADD(name) \
local->debugfs.name = debugfs_create_file(#name, 0444, phyd, \ local->debugfs.name = debugfs_create_file(#name, 0400, phyd, \
local, &name## _ops); local, &name## _ops);
#define DEBUGFS_DEL(name) \ #define DEBUGFS_DEL(name) \
...@@ -130,7 +130,7 @@ static const struct file_operations stats_ ##name## _ops = { \ ...@@ -130,7 +130,7 @@ static const struct file_operations stats_ ##name## _ops = { \
}; };
#define DEBUGFS_STATS_ADD(name) \ #define DEBUGFS_STATS_ADD(name) \
local->debugfs.stats.name = debugfs_create_file(#name, 0444, statsd,\ local->debugfs.stats.name = debugfs_create_file(#name, 0400, statsd,\
local, &stats_ ##name## _ops); local, &stats_ ##name## _ops);
#define DEBUGFS_STATS_DEL(name) \ #define DEBUGFS_STATS_DEL(name) \
......
...@@ -243,7 +243,7 @@ IEEE80211_IF_WFILE(min_discovery_timeout, ...@@ -243,7 +243,7 @@ IEEE80211_IF_WFILE(min_discovery_timeout,
#define DEBUGFS_ADD(name, type)\ #define DEBUGFS_ADD(name, type)\
sdata->debugfs.type.name = debugfs_create_file(#name, 0444,\ sdata->debugfs.type.name = debugfs_create_file(#name, 0400,\
sdata->debugfsdir, sdata, &name##_ops); sdata->debugfsdir, sdata, &name##_ops);
static void add_sta_files(struct ieee80211_sub_if_data *sdata) static void add_sta_files(struct ieee80211_sub_if_data *sdata)
...@@ -298,7 +298,7 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata) ...@@ -298,7 +298,7 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
#ifdef CONFIG_MAC80211_MESH #ifdef CONFIG_MAC80211_MESH
#define MESHSTATS_ADD(name)\ #define MESHSTATS_ADD(name)\
sdata->mesh_stats.name = debugfs_create_file(#name, 0444,\ sdata->mesh_stats.name = debugfs_create_file(#name, 0400,\
sdata->mesh_stats_dir, sdata, &name##_ops); sdata->mesh_stats_dir, sdata, &name##_ops);
static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
...@@ -312,7 +312,7 @@ static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) ...@@ -312,7 +312,7 @@ static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
} }
#define MESHPARAMS_ADD(name)\ #define MESHPARAMS_ADD(name)\
sdata->mesh_config.name = debugfs_create_file(#name, 0644,\ sdata->mesh_config.name = debugfs_create_file(#name, 0600,\
sdata->mesh_config_dir, sdata, &name##_ops); sdata->mesh_config_dir, sdata, &name##_ops);
static void add_mesh_config(struct ieee80211_sub_if_data *sdata) static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
......
...@@ -266,7 +266,7 @@ static ssize_t sta_agg_status_write(struct file *file, ...@@ -266,7 +266,7 @@ static ssize_t sta_agg_status_write(struct file *file,
STA_OPS_WR(agg_status); STA_OPS_WR(agg_status);
#define DEBUGFS_ADD(name) \ #define DEBUGFS_ADD(name) \
sta->debugfs.name = debugfs_create_file(#name, 0444, \ sta->debugfs.name = debugfs_create_file(#name, 0400, \
sta->debugfs.dir, sta, &sta_ ##name## _ops); sta->debugfs.dir, sta, &sta_ ##name## _ops);
#define DEBUGFS_DEL(name) \ #define DEBUGFS_DEL(name) \
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment