Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down

From: Ben Hutchings
Date: Tue Apr 18 2017 - 13:39:35 EST

Next message: Mathieu Poirier: "Re: [PATCH v6 6/8] coresight: add support for CPU debug module"
Previous message: Kees Cook: "Re: [PATCH v6 0/3] dm: boot a mapped device without an initramfs"
In reply to: David Howells: "Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2017-04-18 at 16:30 +0100, David Howells wrote:
> Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote:
>
> > So it's generally not going to be OK to turn off debugfs.ÂÂThere will
> > probably need to be a distinction between believed-safe and unsafe
> > directories/files.
>
> Any suggestion on how to mark this distinction?

I don't know.

> I'd prefer not to modify every read/write op associated with a
> debugfs file.

I think debugfs should be assumed unsafe by default. So only the
believed-safe parts would need to be changed.

> Modify
> DEFINE_DEBUGFS_ATTRIBUTE() maybe?ÂÂAnd provide lockable variants of
> debugfs_create_u8() and co.?

That could help.

Ben.

--
Ben Hutchings
The world is coming to an end. Please log off.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Mathieu Poirier: "Re: [PATCH v6 6/8] coresight: add support for CPU debug module"
Previous message: Kees Cook: "Re: [PATCH v6 0/3] dm: boot a mapped device without an initramfs"
In reply to: David Howells: "Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]