[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Nov 2013 10:47:01 +0800
From: Dave Young <dyoung@...hat.com>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: Matt Fleming <matt@...sole-pimps.org>,
linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
x86@...nel.org, mjg59@...f.ucam.org,
James.Bottomley@...senPartnership.com, vgoyal@...hat.com,
ebiederm@...ssion.com, horms@...ge.net.au,
kexec@...ts.infradead.org, bp@...en8.de, Greg KH <greg@...ah.com>
Subject: Re: [patch 0/7 v2] kexec kernel efi runtime support
On 11/10/13 at 06:21pm, H. Peter Anvin wrote:
> On 11/10/2013 06:13 PM, Dave Young wrote:
> >
> > Huang Ying <ying.huang@...el.com> created the debugfs file for boot_params.
> > His first version patch tried sysfs, but sysfs is not designed for such
> > binary blobs so finally it go to debugfs.
> >
>
> That is a misunderstanding. Binary blobs can exist in sysfs as long as
> the blob is something that is inherently a blob. This is admittedly a
> corner case, but it is without any doubt a protocol-defined binary
> structure.
You are right. Greg objected that the whole structure being exported directly.
>
> The reason it was put in debugfs is that there was no non-debug user for
> it at the time.
Ok, I did not know this background.
>
> > Any idea for this is welcome, till now I have no better idea for such kind
> > of data. We should have another *fs instead of using debugfs.
>
> The problem with debugfs is that things go into debugfs with largely no
> auditing. As a result, mounting debugfs is very likely to mean that
> your system is exploitable one way or another.
Hmm, agree. Thanks for explaining about it.
Thanks
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists