[PATCH] fbdev/udlfb: Remove world-writability from EDID attribute
Helge Deller
deller at gmx.de
Sun Dec 15 16:04:35 UTC 2024
On 12/15/24 16:15, Thomas Weißschuh wrote:
> It should not be possible for every user to override the EDID.
> Limit it to the system administrator.
>
> Fixes: 8ef8cc4fca4a ("staging: udlfb: support for writing backup EDID to sysfs file")
> Cc: stable at vger.kernel.org
> Signed-off-by: Thomas Weißschuh <linux at weissschuh.net>
> ---
> The EDID passed through sysfs is only used as a fallback if the hardware
> does not provide one. To me it still feels incorrect to have this
> world-writable.
I'm wondering if there is any real danger to the system integrity if
a user writes an own EDID (or a broken one)?
I mean, the only reason to use an own EDID is if you are a desktop user,
and then you usually are not a root user.
So, user-writeable *seems* safe to me, especially since the provided EDID is only
used if a real one isn't provided by the monitor.
Maybe Bernie has an opinion here?
Helge
> ---
> drivers/video/fbdev/udlfb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c
> index 71ac9e36f67c68aa7a54dce32323047a2a9a48bf..391bdb71197549caa839d862f0ce7456dc7bf9ec 100644
> --- a/drivers/video/fbdev/udlfb.c
> +++ b/drivers/video/fbdev/udlfb.c
> @@ -1480,7 +1480,7 @@ static ssize_t metrics_reset_store(struct device *fbdev,
>
> static const struct bin_attribute edid_attr = {
> .attr.name = "edid",
> - .attr.mode = 0666,
> + .attr.mode = 0644,
> .size = EDID_LENGTH,
> .read = edid_show,
> .write = edid_store
>
> ---
> base-commit: 2d8308bf5b67dff50262d8a9260a50113b3628c6
> change-id: 20241215-udlfb-perms-bb6ed270facf
>
> Best regards,
More information about the dri-devel
mailing list