diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2008-04-04 23:33:37 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2008-04-08 16:44:43 -0400 |
commit | bebb8a5e2cd30adcc5e9a14c3366a231da728aee (patch) | |
tree | d4965ea266e0415ecea063aa7e54fd41aaa311fe /net/mac80211/debugfs_sta.c | |
parent | a82d992261f79506a0d55b9a179a211f96caf878 (diff) | |
download | linux-bebb8a5e2cd30adcc5e9a14c3366a231da728aee.tar.gz linux-bebb8a5e2cd30adcc5e9a14c3366a231da728aee.tar.bz2 linux-bebb8a5e2cd30adcc5e9a14c3366a231da728aee.zip |
mac80211: make debugfs files root-only
Unfortunately, debugfs can be made to access invalid memory by
open()ing a file and then waiting until the corresponding debugfs
file has been removed (and, probably, the underlying object.)
That could be exploited by any user if the user is able to open
debugfs files and can cause networking devices, STA entries or
similar to disappear which is quite easy to do.
Hence, all debugfs files should be root-only.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/debugfs_sta.c')
-rw-r--r-- | net/mac80211/debugfs_sta.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c index 256ea880d28b..6d47a1d31b37 100644 --- a/net/mac80211/debugfs_sta.c +++ b/net/mac80211/debugfs_sta.c @@ -266,7 +266,7 @@ static ssize_t sta_agg_status_write(struct file *file, STA_OPS_WR(agg_status); #define DEBUGFS_ADD(name) \ - sta->debugfs.name = debugfs_create_file(#name, 0444, \ + sta->debugfs.name = debugfs_create_file(#name, 0400, \ sta->debugfs.dir, sta, &sta_ ##name## _ops); #define DEBUGFS_DEL(name) \ |