[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#681418: debugfs is a big security hole

Bjørn Mork wrote:
>  1) mode and owner is not propagated to files below the mount point:

That's intentional to keep things simple. If you can control the x bit
on the mount point then you can control who can reach files beneath.

>  2) ownership and mode seems to be shared amoung all mount points,
>     resulting in the following unexpected behaviour:
>  3) ownership (but not mode?!) seems to be cached between mounts,
>     resulting in the following unexpected behaviour:
> [...]
> These can all be considered minor glitches, but they sure confused me
> the first time I hit them.

Me too :-) debugfs is a special beast. It's a singleton filesystem. The
kernel itself mounts it at boot. When you mount it in userspace you
actually only expose what the kernel already has. Modifying the mount
options actually modifies the options of that single, already mounted
instance.

cu
Ludwig
-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Reply to: