[PATCH 0/2] fs: set root dir perms
Tim Gardner
tim.gardner at canonical.com
Tue Feb 22 20:23:57 UTC 2011
On 02/22/2011 12:58 PM, Kees Cook wrote:
> On Tue, Feb 22, 2011 at 12:50:43PM -0700, Tim Gardner wrote:
>> On 02/22/2011 12:17 PM, Kees Cook wrote:
>>> Hi Tim,
>>>
>>> On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:
>>>> On 02/22/2011 11:28 AM, Kees Cook wrote:
>>>>> With the continuing deluge of bugs in the "debug" filesystem, I would
>>>>> like to make that filesystem's root directory mode 0700 by default since
>>>>> it's filled with crazy stuff that regular users do not need to see.
>>>>>
>>>>> Better to try to just close the door completely on all the stuff in there.
>>>>> It is, after all, supposed to only be used for debugging, right?
>>>>>
>>>>>
>>>>
>>>> On the surface this doesn't look too bad. However, I'd kind of like
>>>> to let it cook upstream for awhile. Your email on LKML has a fairly
>>>> wide distribution, so the responses ought to be interesting.
>>>
>>> Oh, er, I thought it was best to get it into Natty ASAP so that we could
>>> shake out any obvious glitches it causes. That was the impression apw gave
>>> me, anyway.
>>>
>>> -Kees
>>>
>>
>> Perhaps, while some of this is shaking out upstream, we ought to
>> take a closer look at not leaving debugfs mounted, e.g., umount it
>> after ureadahead is done. Anyone using ftrace is likely savvy enough
>> to know how to mount debugfs when they need it.
>
> I think ureadahead already uses a private copy of debugfs in
> /var/lib/ureadahead/debugfs. I think we should just not mount debugfs at
> all (though we still need to keep acpi/custom_method commented out at least
> until this[1] is taken).
>
> -Kees
>
> [1] https://lkml.org/lkml/2011/2/22/369
>
It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
/sys/kernel/debug is not already mounted, so we need to test that code path.
What package mounts debugfs ?
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list