lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b453a7d9-6620-2a28-205e-1a11bbcb5abd@infradead.org>
Date:   Wed, 15 Jul 2020 20:30:24 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Peter Enderborg <peter.enderborg@...y.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org,
        "Rafael J . Wysocki" <rafael@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH 2/2] debugfs: Add access restriction option

Hi,

On 7/15/20 8:25 AM, Peter Enderborg wrote:
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 9ad9210d70a1..aec81f38bfce 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -476,6 +476,38 @@ config DEBUG_FS
>  
>  	  If unsure, say N.
>  
> +choice
> +	prompt "Debugfs default access"
> +	depends on DEBUG_FS
> +	default DEBUG_FS_ALLOW_ALL
> +	help
> +	  This select the default access restricions for debugfs.

	       selects                   restrictions
                 
> +	  It can be overridden with kernel command line option
> +	  debugfs=[on,no-mount,off] The restrictions apply for API access

	                      ,off]. The

> +	  and filesystem registration. .
> +
> +config DEBUG_FS_ALLOW_ALL
> +       bool "Access normal"
> +       help
> +	  No restrictions applies. Both API and filesystem registration

	                  apply.

> +	  is on. This is the normal default operation.
> +
> +config DEBUG_FS_DISALLOW_MOUNT
> +       bool "Do not register debugfs as filesystem"
> +       help
> +	 The API is open but filesystem not loaded. Client can still do
> +	 their work and readed with debug tools that does not need

	            and read                    that do not need

> +	 debugfs filesystem.
> +
> +config DEBUG_FS_ALLOW_NONE
> +       bool "No access"
> +       help
> +	  Access is off. Clients get EPERM when trying to create nodes in

	                             -EPERM

> +	  debugfs tree and debugfs is not registred as an filesystem.

	                                  registered as a filesystem.


> +	  Client can then back-off or continue without debugfs access.
> +
> +endchoice


Also, in many places in this Kconfig file, the indentation needs to be
fixed.  Some lines use spaces instead of one tab for indentation.
Help text (under "help") should be indented with one tab + 2 spaces.


-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ