From: Bernat, Yehezkel <yehezkel.bernat@intel.com>
Date: Tue, 15 Aug 2017 05:19:12 +0000 (+0300)
Subject: thunderbolt: Make key root-only accessible
X-Git-Tag: v4.13.3~39
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=24ed5fd65f7fdc45caeff7edf5f5a95b8d66dedb;p=users%2Fdwmw2%2Flinux.git

thunderbolt: Make key root-only accessible

commit 0956e41169222822d3557871fcd1d32e4fa7e934 upstream.

Non-root user may read the key back after root wrote it there.
This removes read access to everyone but root.

Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
index 69fde0b30eda8..8510abcee5d22 100644
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -826,7 +826,7 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr,
 	mutex_unlock(&switch_lock);
 	return ret;
 }
-static DEVICE_ATTR_RW(key);
+static DEVICE_ATTR(key, 0600, key_show, key_store);
 
 static ssize_t nvm_authenticate_show(struct device *dev,
 	struct device_attribute *attr, char *buf)