| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Apr 2017 18:39:18 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: David Howells <dhowells@...hat.com>
Cc: Andy Shevchenko <andy.shevchenko@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
matthew.garrett@...ula.com, linux-efi@...r.kernel.org,
One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
acpi4asus-user <acpi4asus-user@...ts.sourceforge.net>,
Platform Driver <platform-driver-x86@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
keyrings@...r.kernel.org
Subject: Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the
kernel is locked down
On Tue, 2017-04-18 at 16:30 +0100, David Howells wrote:
> Ben Hutchings <ben@...adent.org.uk> wrote:
>
> > So it's generally not going to be OK to turn off debugfs. There will
> > probably need to be a distinction between believed-safe and unsafe
> > directories/files.
>
> Any suggestion on how to mark this distinction?
I don't know.
> I'd prefer not to modify every read/write op associated with a
> debugfs file.
I think debugfs should be assumed unsafe by default. So only the
believed-safe parts would need to be changed.
> Modify
> DEFINE_DEBUGFS_ATTRIBUTE() maybe? And provide lockable variants of
> debugfs_create_u8() and co.?
That could help.
Ben.
--
Ben Hutchings
The world is coming to an end. Please log off.
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists