Re: [PATCH 2/2] debugfs: only allow root access to debugginginterfaces
From: Kees Cook
Date: Tue Feb 22 2011 - 14:23:25 EST
Hi Greg,
On Tue, Feb 22, 2011 at 11:13:33AM -0800, Greg KH wrote:
> On Tue, Feb 22, 2011 at 10:16:13AM -0800, Kees Cook wrote:
> > Har har, I forgot --compose to "git send-email".
> >
> > Anyway, with the continuing deluge of bugs in the "debug" filesystem, I
> > would like to make that filesystem's root directory mode 0700 by default
> > since it's filled with crazy stuff that regular users do not need to see.
>
> But that will break existing users of this interface, right?
>
> > Better to try to just close the door completely on all the stuff in there.
> > It is, after all, supposed to only be used for debugging, right?
>
> No, not really, people use it for all sorts of crazy things.
>
> Remember, the only rule in debugfs is:
> There are no rules in debugfs.
Right, which seems extremely dangerous to me. I think debugfs should either
be:
a) used only by the root user (would prefer this was actually CAP_DEBUG or
something)
or
b) used by userspace tools
But not both. Creating interfaces with no rules for userspace consumption
is going to lead to disaster. You can't disallow "break[ing] existing
users of this interface" and say there are no rules at the same time. :)
-Kees
--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/