[PATCH 0/2] fs: set root dir perms
Tim Gardner
tim.gardner at canonical.com
Tue Feb 22 19:50:43 UTC 2011
On 02/22/2011 12:17 PM, Kees Cook wrote:
> Hi Tim,
>
> On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:
>> On 02/22/2011 11:28 AM, Kees Cook wrote:
>>> With the continuing deluge of bugs in the "debug" filesystem, I would
>>> like to make that filesystem's root directory mode 0700 by default since
>>> it's filled with crazy stuff that regular users do not need to see.
>>>
>>> Better to try to just close the door completely on all the stuff in there.
>>> It is, after all, supposed to only be used for debugging, right?
>>>
>>>
>>
>> On the surface this doesn't look too bad. However, I'd kind of like
>> to let it cook upstream for awhile. Your email on LKML has a fairly
>> wide distribution, so the responses ought to be interesting.
>
> Oh, er, I thought it was best to get it into Natty ASAP so that we could
> shake out any obvious glitches it causes. That was the impression apw gave
> me, anyway.
>
> -Kees
>
Perhaps, while some of this is shaking out upstream, we ought to take a
closer look at not leaving debugfs mounted, e.g., umount it after
ureadahead is done. Anyone using ftrace is likely savvy enough to know
how to mount debugfs when they need it.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list