Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
From: Ben Hutchings
Date: Tue Apr 18 2017 - 13:39:35 EST
On Tue, 2017-04-18 at 16:30 +0100, David Howells wrote:
> Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote:
>
> > So it's generally not going to be OK to turn off debugfs.ÂÂThere will
> > probably need to be a distinction between believed-safe and unsafe
> > directories/files.
>
> Any suggestion on how to mark this distinction?
I don't know.
> I'd prefer not to modify every read/write op associated with a
> debugfs file.
I think debugfs should be assumed unsafe by default. So only the
believed-safe parts would need to be changed.
> Modify
> DEFINE_DEBUGFS_ATTRIBUTE() maybe?ÂÂAnd provide lockable variants of
> debugfs_create_u8() and co.?
That could help.
Ben.
--
Ben Hutchings
The world is coming to an end. Please log off.
Attachment:
signature.asc
Description: This is a digitally signed message part