| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Apr 2018 07:26:43 -0700
From: Greg KH <gregkh@...uxfoundation.org>
To: Jann Horn <jannh@...gle.com>
Cc: Kees Cook <keescook@...omium.org>,
Thomas Richter <tmricht@...ux.ibm.com>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
brueckner@...ux.vnet.ibm.com,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
kernel list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from
parent
On Mon, Apr 30, 2018 at 04:15:58PM +0200, Jann Horn wrote:
> On Fri, Apr 27, 2018 at 3:49 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> > I'm going to add Kees and the kernel-hardning list here, as I'd like
> > their opinions for the patch below.
> >
> > Kees, do you have any problems with this patch? I know you worked on
> > making debugfs more "secure" from non-root users, this should still keep
> > the intial mount permissions all fine, right? Anything I'm not
> > considering here?
> >
> > thanks,
> >
> > greg k-h
> >
> > On Fri, Apr 27, 2018 at 02:35:47PM +0200, Thomas Richter wrote:
> >> Currently function debugfs_create_dir() creates a new
> >> directory in the debugfs (usually mounted /sys/kernel/debug)
> >> with permission rwxr-xr-x. This is hard coded.
> >>
> >> Change this to use the parent directory permission.
>
> AFAICS no inodes in debugfs have handlers for the ->rename, ->mkdir,
> ->create inode ops. What is write permission on debugfs directories
> useful for?
I doubt anything :)
Powered by blists - more mailing lists