| Age | Commit message (Collapse) | Author |
|---|
|
I don't see any security implications, to be actually useful,
/dev/cpu/<n>/cpuid should be world readable. The cpuid instruction
can be called from userspace anyway, so there is nothing to hide.
The device does not support any write operation, so 0444 should
suffice.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
|
|
|
|
Patch from Gerardo Exequiel Pozzi.
|
|
Some broken tools get confused following links to /sys, switch
to link targets carrying the devpath instead of the syspath, like
the queue links.
|
|
https://bugs.launchpad.net/bugs/317430
|
|
Thanks to Scott, who found that.
|
|
|
|
|
|
|
|
|
|
|
|
On Fri, Dec 26, 2008 at 01:26, Karel Zak <kzak@redhat.com> wrote:
> On Fri, Dec 26, 2008 at 12:39:16AM +0100, Kay Sievers wrote:
>> On Fri, Dec 26, 2008 at 00:26, Karel Zak <kzak@redhat.com> wrote:
>> > The upstream raw(8) command supports /dev/rawctl and also
>> > /dev/raw/rawctl. I think it makes more sense to use raw/rawctl when
>> > you have all your raw devices in raw/ subdirectory (e.g. /dev/raw/raw<N>).
>>
>> The raw tool looks for /dev/rawctl first and the fallback to
>> /dev/raw/rawctl is named DEVFS_*. Should we turn that order around and
>> remove the devfs notion from the raw tool and let udev create a
>> dev/raw/rawctl node?
>
> Yeah. Fixed, committed and pushed.
>
> $ strace -e open ./raw
> open("/dev/raw/rawctl", O_RDWR) = -1 ENOENT (No such file or directory)
> open("/dev/rawctl", O_RDWR) = -1 ENOENT (No such file or directory)
>
> I have also removed the #ifdef OLD_RAW_DEVS (/dev/raw<N>) junk.
|
|
|
|
A note on /dev/raw1394's security implications:
1. You cannot access local memory through raw1394, except
for ROMs and CSRs that are exposed to other nodes any way.
2. It is extremely hard to manipulate data on attached
SBP-2 devices (FireWire storage devices).
3. You can disturb operation of the FireWire bus, e.g.
creating a DoS situation for audio/video applications, for
SBP-2 devices, or eth1394 network interfaces.
4. If another PC is attached to the FireWire bus, it may be
possible to read or overwrite the entire RAM of that remote PC.
This depends on the PC's configuration. Most FireWire controllers
support this feature (yes, it's not a bug, or at least wasn't
intended to be one...) but not all OSs enable the feature.
Actually, a cheap setup to achieve #1 by #4 is to have two
FireWire controllers in the PC and connect them.
https://bugs.launchpad.net/ubuntu/+source/kino/+bug/6290/comments/21
|
|
|
|
|
|
|
|
dv1394*: no kernel name symlink
lp*: no par* symlink
hwrng: no kernel name symlink
|
|
specialix_rioctl: no kernel name symlink
specialix_sxctl: no kernel name symlink
bus/usb: 0644 -> 0664
ppdev: lp
dri: 0666 -> 0660
js: no kernel name symlink
|
|
|
|
|
|
|
|
/dev/X0R null symbolic Required by iBCS-2
Note: /dev/X0R is <letter X>-<digit 0>-<letter R>
|
|
|
|
|
|
On Thu, Oct 30, 2008 at 03:55, Tejun Heo <tj@kernel.org> wrote:
The appropriate default timeout differs depending on the transport and
the type of the attached device, so the above two rules harm more than
help. The affect of the above two rules weren't visible for some
reason but with recent block layer timeout update, they actually work
and cause problems.
|
|
/dev/{block,char}/<maj>:<min>
|
|
|
|
|
|
None of these rules is supposed to be changed by users, so move
them out of /etc. Custom rules, and automatically generated rules
stay in /etc. All rules are still processed in lexical order,
regardless which directory they live in.
|
