Re: [PATCH 2/2] debugfs: only allow root access to debugginginterfaces

[Kees Cook]

On Tue, Feb 22, 2011 at 07:34:18PM +0000, Alan Cox wrote:
> > What system do you proposed to keep these "stupid mistakes" from
> > continuing to happen? If debugfs had already been mode 0700, we could have
> > avoided all of these CVEs, including the full-blown local root escalation.
> 
> And all sorts of features would have put themselves in sysfs instead and
> broken no doubt.
> 
> > The "no rules" approach to debugfs is not a good idea, IMO.
> 
> It's a debugging fs, it needs to be "no rules" other than the obvious
> "don't mount it on production systems"

Okay, so the debugfs is not supposed to be mounted on a production system.
This seems to be news to a lot of developers trying to use the interfaces
exposed there. It would be nice to say this more loudly.  Basically,
a normal system should not depend on anything in the debugfs. I can get
behind that.

> Or of course you could just chmod it 0700 in the distro !

I'm trying to, but that involves a race condition since I can't control it
during the mount (nor set the default mode like I was trying to with the
patchset). tmpfs allows "mode=", but debugfs does not...

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/