removing debugfs
Kees Cook
kees at ubuntu.com
Tue Jan 25 03:57:57 UTC 2011
Hi Tim,
On Mon, Jan 24, 2011 at 07:31:51PM -0700, Tim Gardner wrote:
> On 01/24/2011 07:19 PM, Kees Cook wrote:
> >I'd like to remove debugfs completely so it cannot just be trivially
> >mounted and abused, and to avoid potential future problems.
>
> Is this sufficient?
Well, I assume CONFIG_DEBUG_FS=n would be easy to discover, but yeah, that
would turn it off. That doesn't solve the need that things like ureadahead,
and the graphics lock-up investigation tool that apport uses. I suspect
there are more existing users of the debugfs, and it seems like their
interfaces should be moved somewhere not called "debug".
> diff --git a/drivers/acpi/Makefile b/drivers/acpi/Makefile
> index d113fa5..123e281 100644
> --- a/drivers/acpi/Makefile
> +++ b/drivers/acpi/Makefile
> @@ -39,7 +39,7 @@ acpi-y += pci_root.o pci_link.o pci_irq.o pci_bind.o
> acpi-y += power.o
> acpi-y += event.o
> acpi-y += sysfs.o
> -acpi-$(CONFIG_DEBUG_FS) += debugfs.o
> +#acpi-$(CONFIG_DEBUG_FS) += debugfs.o
> acpi-$(CONFIG_ACPI_NUMA) += numa.o
> acpi-$(CONFIG_ACPI_PROCFS_POWER) += cm_sbs.o
> ifdef CONFIG_ACPI_VIDEO
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list