Re: [PATCH 2/2] debugfs: only allow root access to debugginginterfaces
From: Kees Cook
Date: Tue Feb 22 2011 - 14:51:01 EST
On Tue, Feb 22, 2011 at 07:34:18PM +0000, Alan Cox wrote:
> > What system do you proposed to keep these "stupid mistakes" from
> > continuing to happen? If debugfs had already been mode 0700, we could have
> > avoided all of these CVEs, including the full-blown local root escalation.
>
> And all sorts of features would have put themselves in sysfs instead and
> broken no doubt.
>
> > The "no rules" approach to debugfs is not a good idea, IMO.
>
> It's a debugging fs, it needs to be "no rules" other than the obvious
> "don't mount it on production systems"
Okay, so the debugfs is not supposed to be mounted on a production system.
This seems to be news to a lot of developers trying to use the interfaces
exposed there. It would be nice to say this more loudly. Basically,
a normal system should not depend on anything in the debugfs. I can get
behind that.
> Or of course you could just chmod it 0700 in the distro !
I'm trying to, but that involves a race condition since I can't control it
during the mount (nor set the default mode like I was trying to with the
patchset). tmpfs allows "mode=", but debugfs does not...
-Kees
--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/