Re: [RFC] add mount options to sysfs

[Vasiliy Kulikov]

On Wed, May 18, 2011 at 12:17 -0700, Greg KH wrote:
> > 1) *IF* another sensitive file with weird permissions is found, mount
> > option is IMO the best temporary workaround.
> 
> Maybe, but fixing the file would be the obvious solution.

I mean for a sysadmin, not for a developer.


What do you mean by "breaking system"?  Root is able to chmod
and chown sysfs files already, he may do "chmod -R" or similar.
I suggest sane, race free way to globally restrict permissions *IF* root
wants it.

Here https://lkml.org/lkml/2011/2/25/300 you, not aware of usefull
applications of world-writable debugfs file, agreeded to statically
restrict permissions of all files.  I suggest more flexible and
configurable in runtime solution.  It doesn't break anything - default
behaviour doesn't differ from current one.  What has changed in your
mind since 2/25?


Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/