Re: [PATCH 2/2] debugfs: only allow root access to debugginginterfaces

From: Greg KH
Date: Tue Feb 22 2011 - 14:15:06 EST


On Tue, Feb 22, 2011 at 10:47:26AM -0800, Kees Cook wrote:
> On Tue, Feb 22, 2011 at 10:32:19AM -0800, David Daney wrote:
> > On 02/22/2011 10:16 AM, Kees Cook wrote:
> > >Har har, I forgot --compose to "git send-email".
> > >
> > >Anyway, with the continuing deluge of bugs in the "debug" filesystem, I
> > >would like to make that filesystem's root directory mode 0700 by default
> > >since it's filled with crazy stuff that regular users do not need to see.
> > >
> > >Better to try to just close the door completely on all the stuff in there.
> > >It is, after all, supposed to only be used for debugging, right?
> > >
> >
> > It depends if you consider use of ftrace and kprobes 'debugging'.
> > In any event, you really have to be root to be able to manipulate
> > them.
> >
> > I can currently do 'cat /sys/kernel/debug/tracing/trace' as a normal
> > user. With your change I don't think it would be possible. This is
> > not something I often (ever) do, but it is a change.
>
> Right, my thinking is that all the manipulations on this tree should be
> root-only (non-root stuff shouldn't live in something named "debug"),
> so we might as well lock it down a bit more so we can avoid all the CVEs[1]
> being assigned for glitches in this tree.

The CVEs are for non-root writes to debugfs, same thing for sysfs. It's
just stupid mistakes being made here, don't try to lock down the whole
filesystem for just a handfull of bugs.

So I really can't accept these patches, sorry.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/