Re: [PATCH 2/2] debugfs: only allow root access to debugginginterfaces

From: Kees Cook
Date: Tue Feb 22 2011 - 13:48:06 EST


On Tue, Feb 22, 2011 at 10:32:19AM -0800, David Daney wrote:
> On 02/22/2011 10:16 AM, Kees Cook wrote:
> >Har har, I forgot --compose to "git send-email".
> >
> >Anyway, with the continuing deluge of bugs in the "debug" filesystem, I
> >would like to make that filesystem's root directory mode 0700 by default
> >since it's filled with crazy stuff that regular users do not need to see.
> >
> >Better to try to just close the door completely on all the stuff in there.
> >It is, after all, supposed to only be used for debugging, right?
> >
>
> It depends if you consider use of ftrace and kprobes 'debugging'.
> In any event, you really have to be root to be able to manipulate
> them.
>
> I can currently do 'cat /sys/kernel/debug/tracing/trace' as a normal
> user. With your change I don't think it would be possible. This is
> not something I often (ever) do, but it is a change.

Right, my thinking is that all the manipulations on this tree should be
root-only (non-root stuff shouldn't live in something named "debug"),
so we might as well lock it down a bit more so we can avoid all the CVEs[1]
being assigned for glitches in this tree.

-Kees

[1] http://seclists.org/oss-sec/2011/q1/229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347
etc

--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/