lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110222181613.GU4000@outflux.net>
Date:	Tue, 22 Feb 2011 10:16:13 -0800
From:	Kees Cook <kees.cook@...onical.com>
To:	linux-kernel@...r.kernel.org
Cc:	Eugene Teo <eugeneteo@...nel.sg>,
	Ralph Campbell <infinipath@...gic.com>,
	Roland Dreier <roland@...nel.org>,
	Sean Hefty <sean.hefty@...el.com>,
	Hal Rosenstock <hal.rosenstock@...il.com>,
	Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>,
	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Miklos Szeredi <miklos@...redi.hu>,
	"J. Bruce Fields" <bfields@...ldses.org>,
	Neil Brown <neilb@...e.de>, Matthew Wilcox <matthew@....cx>,
	James Morris <jmorris@...ei.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	Eric Paris <eparis@...isplace.org>,
	Nick Piggin <npiggin@...nel.dk>, Arnd Bergmann <arnd@...db.de>,
	Ian Campbell <ian.campbell@...rix.com>,
	Jarkko Sakkinen <ext-jarkko.2.sakkinen@...ia.com>,
	Tejun Heo <tj@...nel.org>,
	Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH 2/2] debugfs: only allow root access to debugging
 interfaces

Har har, I forgot --compose to "git send-email".

Anyway, with the continuing deluge of bugs in the "debug" filesystem, I
would like to make that filesystem's root directory mode 0700 by default
since it's filled with crazy stuff that regular users do not need to see.

Better to try to just close the door completely on all the stuff in there.
It is, after all, supposed to only be used for debugging, right?

-Kees

On Tue, Feb 22, 2011 at 10:09:58AM -0800, Kees Cook wrote:
> Block access to the potentially dangerous debugging interfaces in
> the debugfs filesystem.
> 
> Signed-off-by: Kees Cook <kees.cook@...onical.com>
> ---
>  fs/debugfs/inode.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
> index 3cb33c3..83c61a3 100644
> --- a/fs/debugfs/inode.c
> +++ b/fs/debugfs/inode.c
> @@ -133,7 +133,7 @@ static int debug_fill_super(struct super_block *sb, void *data, int silent)
>  	static struct tree_descr debug_files[] = {{""}};
>  
>  	return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files,
> -				 S_IWUSR | S_IRUGO | S_IXUGO);
> +				 S_IRWXU);
>  }
>  
>  static struct dentry *debug_mount(struct file_system_type *fs_type,
> -- 
> 1.7.2.3
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ