Re: [PATCH 2/2] debugfs: only allow root access to debugginginterfaces

[Kees Cook]

Hi Greg,

On Tue, Feb 22, 2011 at 11:13:33AM -0800, Greg KH wrote:
> On Tue, Feb 22, 2011 at 10:16:13AM -0800, Kees Cook wrote:
> > Har har, I forgot --compose to "git send-email".
> > 
> > Anyway, with the continuing deluge of bugs in the "debug" filesystem, I
> > would like to make that filesystem's root directory mode 0700 by default
> > since it's filled with crazy stuff that regular users do not need to see.
> 
> But that will break existing users of this interface, right?
> 
> > Better to try to just close the door completely on all the stuff in there.
> > It is, after all, supposed to only be used for debugging, right?
> 
> No, not really, people use it for all sorts of crazy things.
> 
> Remember, the only rule in debugfs is:
> 	There are no rules in debugfs.

Right, which seems extremely dangerous to me. I think debugfs should either
be:
 a) used only by the root user (would prefer this was actually CAP_DEBUG or
    something)
or
 b) used by userspace tools

But not both. Creating interfaces with no rules for userspace consumption
is going to lead to disaster. You can't disallow "break[ing] existing
users of this interface" and say there are no rules at the same time. :)

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/