[PATCH 0/2] fs: set root dir perms
Kees Cook
kees.cook at canonical.com
Tue Feb 22 21:28:21 UTC 2011
On Tue, Feb 22, 2011 at 02:01:09PM -0700, Tim Gardner wrote:
> This is what I've tested on a desktop and server. Everything appears
> to work. The only window of vulnerability is while ureadahead is
> doing its thing, and that should only happen after the package
> database changes, right?
>
> If you concur, then turn off debugfs and see what carnage ensues.
> You should probably start a tracking bug to collect any regressions.
Actually, I'm going to change this a bit... I'm going to just chmod it
after mounting. Then I don't have to break apport and ftrace, and I don't
have to carry a kernel patch.
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list