lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110222194337.GA11396@suse.de>
Date:	Tue, 22 Feb 2011 11:43:37 -0800
From:	Greg KH <gregkh@...e.de>
To:	Kees Cook <kees.cook@...onical.com>
Cc:	David Daney <ddaney@...iumnetworks.com>,
	linux-kernel@...r.kernel.org, Eugene Teo <eugeneteo@...nel.sg>,
	Ralph Campbell <infinipath@...gic.com>,
	Roland Dreier <roland@...nel.org>,
	Sean Hefty <sean.hefty@...el.com>,
	Hal Rosenstock <hal.rosenstock@...il.com>,
	Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>,
	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Miklos Szeredi <miklos@...redi.hu>,
	"J. Bruce Fields" <bfields@...ldses.org>,
	Neil Brown <neilb@...e.de>, Matthew Wilcox <matthew@....cx>,
	James Morris <jmorris@...ei.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	Eric Paris <eparis@...isplace.org>,
	Nick Piggin <npiggin@...nel.dk>, Arnd Bergmann <arnd@...db.de>,
	Ian Campbell <ian.campbell@...rix.com>,
	Jarkko Sakkinen <ext-jarkko.2.sakkinen@...ia.com>,
	Tejun Heo <tj@...nel.org>,
	Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH 2/2] debugfs: only allow root access to debugging
 interfaces

On Tue, Feb 22, 2011 at 11:25:33AM -0800, Kees Cook wrote:
> Hi Greg,
> 
> On Tue, Feb 22, 2011 at 11:14:54AM -0800, Greg KH wrote:
> > On Tue, Feb 22, 2011 at 10:47:26AM -0800, Kees Cook wrote:
> > > On Tue, Feb 22, 2011 at 10:32:19AM -0800, David Daney wrote:
> > > > On 02/22/2011 10:16 AM, Kees Cook wrote:
> > > > >Har har, I forgot --compose to "git send-email".
> > > > >
> > > > >Anyway, with the continuing deluge of bugs in the "debug" filesystem, I
> > > > >would like to make that filesystem's root directory mode 0700 by default
> > > > >since it's filled with crazy stuff that regular users do not need to see.
> > > > >
> > > > >Better to try to just close the door completely on all the stuff in there.
> > > > >It is, after all, supposed to only be used for debugging, right?
> > > > >
> > > > 
> > > > It depends if you consider use of ftrace and kprobes 'debugging'.
> > > > In any event, you really have to be root to be able to manipulate
> > > > them.
> > > > 
> > > > I can currently do 'cat /sys/kernel/debug/tracing/trace' as a normal
> > > > user.  With your change I don't think it would be possible.  This is
> > > > not something I often (ever) do, but it is a change.
> > > 
> > > Right, my thinking is that all the manipulations on this tree should be
> > > root-only (non-root stuff shouldn't live in something named "debug"),
> > > so we might as well lock it down a bit more so we can avoid all the CVEs[1]
> > > being assigned for glitches in this tree.
> > 
> > The CVEs are for non-root writes to debugfs, same thing for sysfs.  It's
> > just stupid mistakes being made here, don't try to lock down the whole
> > filesystem for just a handfull of bugs.
> > 
> > So I really can't accept these patches, sorry.
> 
> What system do you proposed to keep these "stupid mistakes" from
> continuing to happen?

The newly added rule to checkpatch.pl for sysfs files could be extended
to also check for debugfs files with these incorrect permissions.
That's the best thing for all new patches as lots of people run that
tool to find problems.

> If debugfs had already been mode 0700, we could have
> avoided all of these CVEs, including the full-blown local root escalation.

Same could be said for sysfs :)

> The "no rules" approach to debugfs is not a good idea, IMO.

Sorry you don't like it, but that's the way it is.

And as Alan said, you can convince your distro to just not enable it if
you really don't like it, or mount it with this permission.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ