lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 16 May 2017 17:54:39 -0700
From:   "D. Stussy" <spam@...m.org>
To:     linux-kernel@...r.kernel.org
Subject: Suggestion:  config: devtmpfs:  Allow mount parameters to be set in kernel configuration

config: devtmpfs:  Allow mount parameters to be set in kernel configuration

Why?  To limit the size of the file system to prevent runaway dynamic device creation.
Even a "udev" rescue kernel takes a small size (e.g. slackware 14.2 uses 52kB and 2,666 inodes).
Setting reasonable size limits (e.g. 64k and 3,072 inodes) will accommodate most setups.
Although a remount during an initialization script can also solve this problem, why not do it 
correctly the first time?

Patch against kernel versions 4.10.*:
diff -bur drivers/base/Kconfig drivers/base/Kconfig
--- drivers/base/Kconfig    2017-02-26 10:09:33.000000000 +0000
+++ drivers/base/Kconfig    2017-03-04 02:48:20.299991304 +0000
@@ -59,6 +59,22 @@
       rescue mode with init=/bin/sh, even when the /dev directory
       on the rootfs is completely empty.

+config DEVTMPFS_OPTIONS
+    string "Automounted devtmpfs mount options"
+    default "mode=0755"
+    depends on DEVTMPFS_MOUNT
+    help
+      The devtmpfs file system mounted at /dev will be mounted with the
+      specified mount options. "Mode", "size" (or "nr_blocks"), "nr_inodes",
+      "uid" and "gid" make sense here. Options "huge" or "mpol" may be
+      available but are dependent on other kernel configuration choices.
+      See the manual page for the mount command for details.
+
+      Warning:  Unrecognized options may cause the kernel not to boot.
+      Note:  Options "mode", "uid", and "gid" are ignored on remounts.
+
+      If uncertain, leave the default setting at "mode=0755".
+
config STANDALONE
     bool "Select only drivers that don't need compile-time external firmware"
     default y
diff -bur drivers/base/devtmpfs.c drivers/base/devtmpfs.c
--- drivers/base/devtmpfs.c    2017-02-26 10:09:33.000000000 +0000
+++ drivers/base/devtmpfs.c    2017-03-03 20:53:45.879928595 +0000
@@ -24,6 +24,7 @@
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/kthread.h>
+#include <linux/kconfig.h>
#include "base.h"

static struct task_struct *thread;
@@ -358,7 +359,7 @@
     if (err)
         printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
     else
-        printk(KERN_INFO "devtmpfs: mounted\n");
+        printk(KERN_INFO "devtmpfs: mounted (%s)\n", CONFIG_DEVTMPFS_OPTIONS);
     return err;
}

@@ -375,7 +376,7 @@

static int devtmpfsd(void *p)
{
-    char options[] = "mode=0755";
+    char options[] = CONFIG_DEVTMPFS_OPTIONS;
     int *err = p;
     *err = sys_unshare(CLONE_NEWNS);
     if (*err)

View attachment "SpamReport.text" of type "text/plain" (1721 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ