removing debugfs
David Henningsson
david.henningsson at canonical.com
Tue Jan 25 00:52:25 UTC 2011
On 2011-01-24 23:13, Kees Cook wrote:
> Hi,
>
> I have yet another unpopular request: I want to remove debugfs completely
> from the built kernels. Upstream continues to put dangerous things in it,
> and I want to avoid the problems completely.
>
> I think any userspace tools that need debugfs should be adjusted to use
> other non-debug interfaces. If debugfs is really intended only for
> debugging, it should stay unavailable. And I don't mean unmounted; I want
> to make sure it's not compiled in at all.
>
> Of the most concern is the /sys/kernel/debug/acpi/custom_method interface.
> While recently fixed for non-root users, it still basically allows
> arbitrary memory writing[1]. This is a total bypass for the /dev/mem
> and /dev/kmem restrictions that are used to help protected against
> kernel rootkits.
If that is the only concern, perhaps a compromise would be to just
disable that part of debugfs instead of the entire debugfs.
> I think we should identify everything that is using debugfs, open bugs
> for that stuff so it can be fixed before release, and then remove debugfs
> from the kernel.
>
> Thoughts?
Assuming we do this, and I desperately need the debugfs for debugging,
either some stuff on my own machine or tell the user (who wants his
launchpad bug fixed) to do the same things,
what would be the step-by-step instruction to do so?
--
David Henningsson, Canonical Ltd.
http://launchpad.net/~diwic
More information about the kernel-team
mailing list