[RFC][PATCH 0/2] tracefs/tracing: Remove "other" permission from tracefs

From: Steven Rostedt
Date: Wed Aug 18 2021 - 11:30:42 EST


Currently tracefs is mounted with just 0700, keeping anyone that is not root
from accessing it. But tracefs is like any other file system, where its
permissions can be modified via chmod, chgrp, chown commands. Admins can
change the permission of the file system for their own needs. Of course,
because tracefs is a pseudo file system, a reboot will remove any updates an
admin makes.

There really is no reason why any of the files in tracefs should allow any
permission for the "other" group. Thus, make it so that, by default, all the
files created in tracefs do not have any permission bits set for other. An
admin can still change it to allow other to have permission to access
tracefs, but then they get to own the fallout that creates.


Steven Rostedt (VMware) (2):
tracefs: Have tracefs directories not set OTH permission bits by default
tracing: Disable "other" permission bits in the tracefs files

----
fs/tracefs/inode.c | 3 +-
kernel/trace/ftrace.c | 23 +++++------
kernel/trace/trace.c | 73 ++++++++++++++++++-----------------
kernel/trace/trace.h | 3 ++
kernel/trace/trace_dynevent.c | 2 +-
kernel/trace/trace_events.c | 42 ++++++++++----------
kernel/trace/trace_events_synth.c | 4 +-
kernel/trace/trace_functions_graph.c | 2 +-
kernel/trace/trace_hwlat.c | 6 +--
kernel/trace/trace_kprobe.c | 8 ++--
kernel/trace/trace_osnoise.c | 14 +++----
kernel/trace/trace_printk.c | 2 +-
kernel/trace/trace_recursion_record.c | 4 +-
kernel/trace/trace_stack.c | 6 +--
kernel/trace/trace_stat.c | 6 +--
kernel/trace/trace_uprobe.c | 4 +-
16 files changed, 105 insertions(+), 97 deletions(-)