removing debugfs

Tim Gardner tcanonical at
Tue Jan 25 02:31:51 UTC 2011

On 01/24/2011 07:19 PM, Kees Cook wrote:
> Hi,
> On Tue, Jan 25, 2011 at 11:48:13AM +1000, Ben Hutchings wrote:
>> On Mon, 2011-01-24 at 14:13 -0800, Kees Cook wrote:
>>> I have yet another unpopular request: I want to remove debugfs completely
>>> from the built kernels. Upstream continues to put dangerous things in it,
>>> and I want to avoid the problems completely.
>> [...]
>> I agree that it should not be mounted by default, or relied on by any
>> user-space packages.  However, I don't see the need to disable it
>> altogether.
> My specific issue with it is the acpi_method interface, which nullifies the
> /dev/mem and /dev/kmem restrictions (i.e. a root user can once again
> arbitrarily write to memory). The defenses for kernel rootkits require that
> the root user not have any way to write to kernel memory (nor load arbitrary
> modules).
> For example, without debugfs and barring unknown vulnerabilities,
> if a system owner chooses at boot time to echo 1 into
> /proc/sys/kernel/modules_disabled, there isn't a way to modify the
> running kernel. Unfortunately, with acpi_method, this is no longer true.
> I'd like to remove debugfs completely so it cannot just be trivially
> mounted and abused, and to avoid potential future problems.
> As mentioned, though, the minimal compromise will be to just flat remove
> acpi_method, as it is a real and present danger as opposed to some set of
> future unknown dangers. :)
> -Kees

Is this sufficient?

Tim Gardner tim.gardner at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: acpi.patch
Type: text/x-patch
Size: 471 bytes
Desc: not available
URL: <>

More information about the kernel-team mailing list