[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#681418: debugfs is a big security hole

On Fri, 2012-07-13 at 04:37 +0100, Ben Hutchings wrote:
> I would like to address this by backporting this feature:
> commit d6e486868cde585842d55ba3b6ec57af090fc343
> Author: Ludwig Nussel <ludwig.nussel@suse.de>
> Date:   Wed Jan 25 11:52:28 2012 +0100
>     debugfs: add mode, uid and gid options
> and then changing the default mode (mask) to be 0700.  This should
> leave debugfs functional (most such applications will require root
> anyway) and allow users to relax permissions if they really don't
> care about the security problems.

This change is pending in linux and should be included in version

> However, currently there is not a single place for the user options.
> I think that either (1) debugfs should be mounted by default in a
> similar way to other pseudo-filesystems, or (2) debugfs should have a
> noauto entry in /etc/fstab where users can set options, and packages
> may use 'mount /sys/kernel/debug' to mount debugfs with those options
> (not 'mount -t debugfs debugfs /sys/kernel/debug', as now).

This is still to be decided.


Ben Hutchings
Humans are not rational beings; they are rationalising beings.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: