On 13.07.2012 05:37, Ben Hutchings wrote: > Package: src:linux > Version: 3.2.21-3 > Severity: important > Tags: security > > As discussed here > <http://lists.linux-foundation.org/pipermail/ksummit-2012-discuss/2012-July/000891.html>. > > I certainly consider mounting of debugfs to be significant security > liability. I'm not at all happy that people use it as the basis for > end-user applications that quietly mount debugfs if they find it isn't > yet mounted. Even if their corner of debugfs is robust, all the other > stuff exposed by random drivers may not be. > > Debian has at least one such application package (blktrace) which > mounts debugfs from its init script. systemd might be affected too, so I'm bringing Tollef into the loop here. When having booted with systemd I get: debugfs on /sys/kernel/debug type debugfs (rw,relatime) Tollef, do you know why systemd mounts debugfs by default? Is there something that should be done in the systemd package? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature