Message ID | 20241215-udlfb-perms-v1-1-2d1f8c96b1ab@weissschuh.net (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | fbdev/udlfb: Remove world-writability from EDID attribute | expand |
On 12/15/24 16:15, Thomas Weißschuh wrote: > It should not be possible for every user to override the EDID. > Limit it to the system administrator. > > Fixes: 8ef8cc4fca4a ("staging: udlfb: support for writing backup EDID to sysfs file") > Cc: stable@vger.kernel.org > Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> > --- > The EDID passed through sysfs is only used as a fallback if the hardware > does not provide one. To me it still feels incorrect to have this > world-writable. I'm wondering if there is any real danger to the system integrity if a user writes an own EDID (or a broken one)? I mean, the only reason to use an own EDID is if you are a desktop user, and then you usually are not a root user. So, user-writeable *seems* safe to me, especially since the provided EDID is only used if a real one isn't provided by the monitor. Maybe Bernie has an opinion here? Helge > --- > drivers/video/fbdev/udlfb.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c > index 71ac9e36f67c68aa7a54dce32323047a2a9a48bf..391bdb71197549caa839d862f0ce7456dc7bf9ec 100644 > --- a/drivers/video/fbdev/udlfb.c > +++ b/drivers/video/fbdev/udlfb.c > @@ -1480,7 +1480,7 @@ static ssize_t metrics_reset_store(struct device *fbdev, > > static const struct bin_attribute edid_attr = { > .attr.name = "edid", > - .attr.mode = 0666, > + .attr.mode = 0644, > .size = EDID_LENGTH, > .read = edid_show, > .write = edid_store > > --- > base-commit: 2d8308bf5b67dff50262d8a9260a50113b3628c6 > change-id: 20241215-udlfb-perms-bb6ed270facf > > Best regards,
diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c index 71ac9e36f67c68aa7a54dce32323047a2a9a48bf..391bdb71197549caa839d862f0ce7456dc7bf9ec 100644 --- a/drivers/video/fbdev/udlfb.c +++ b/drivers/video/fbdev/udlfb.c @@ -1480,7 +1480,7 @@ static ssize_t metrics_reset_store(struct device *fbdev, static const struct bin_attribute edid_attr = { .attr.name = "edid", - .attr.mode = 0666, + .attr.mode = 0644, .size = EDID_LENGTH, .read = edid_show, .write = edid_store
It should not be possible for every user to override the EDID. Limit it to the system administrator. Fixes: 8ef8cc4fca4a ("staging: udlfb: support for writing backup EDID to sysfs file") Cc: stable@vger.kernel.org Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> --- The EDID passed through sysfs is only used as a fallback if the hardware does not provide one. To me it still feels incorrect to have this world-writable. --- drivers/video/fbdev/udlfb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: 2d8308bf5b67dff50262d8a9260a50113b3628c6 change-id: 20241215-udlfb-perms-bb6ed270facf Best regards,