[PATCH 0/2] fs: set root dir perms
tim.gardner at canonical.com
Tue Feb 22 21:01:09 UTC 2011
On 02/22/2011 01:29 PM, Kees Cook wrote:
> On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:
>> It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
>> /sys/kernel/debug is not already mounted, so we need to test that
>> code path.
> I've confirmed this path -- ureadahead uses it on my system every time.
>> What package mounts debugfs ?
> mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.
This is what I've tested on a desktop and server. Everything appears to
work. The only window of vulnerability is while ureadahead is doing its
thing, and that should only happen after the package database changes,
If you concur, then turn off debugfs and see what carnage ensues. You
should probably start a tracking bug to collect any regressions.
Tim Gardner tim.gardner at canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1512 bytes
Desc: not available
More information about the kernel-team