[PATCH 0/2] fs: set root dir perms

Tim Gardner tim.gardner at canonical.com
Tue Feb 22 21:01:09 UTC 2011

On 02/22/2011 01:29 PM, Kees Cook wrote:
> On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:
>> It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
>> /sys/kernel/debug is not already mounted, so we need to test that
>> code path.
> I've confirmed this path -- ureadahead uses it on my system every time.
>> What package mounts debugfs ?
> mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.
> -Kees

This is what I've tested on a desktop and server. Everything appears to 
work. The only window of vulnerability is while ureadahead is doing its 
thing, and that should only happen after the package database changes, 

If you concur, then turn off debugfs and see what carnage ensues. You 
should probably start a tracking bug to collect any regressions.

Tim Gardner tim.gardner at canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mountall.diff
Type: text/x-patch
Size: 1512 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20110222/dcefedb8/attachment.bin>

More information about the kernel-team mailing list