Bug#681418: debugfs is a big security hole

On Fri, 13 Jul 2012, Ben Hutchings wrote: > I certainly consider mounting of debugfs to be significant security > liability. I'm not at all happy that people use it as the basis for Seconded. I know of at least three ways to hardcrash boxes through debugfs (system specific, not a kernel bug), an

Bug#681418: debugfs is a big security hole

Ben Hutchings writes: > I would like to address this by backporting this feature: > > commit d6e486868cde585842d55ba3b6ec57af090fc343 > Author: Ludwig Nussel > Date: Wed Jan 25 11:52:28 2012 +0100 > > debugfs: add mode, uid and gid options > > and then changing the default mode (mask) to b

Bug#681418: debugfs is a big security hole

Bjørn Mork wrote: > 1) mode and owner is not propagated to files below the mount point: That's intentional to keep things simple. If you can control the x bit on the mount point then you can control who can reach files beneath. > 2) ownership and mode seems to be shared amoung all mount points,

Bug#681418: debugfs is a big security hole

]] Michael Biebl > Tollef, do you know why systemd mounts debugfs by default? No, I don't. Just asked upstream. > Is there something that should be done in the systemd package? If it's a bad idea to mount it by default, we shouldn't, I think. -- Tollef Fog Heen UNIX is user friendly, it's j

Bug#681418: debugfs is a big security hole

On 13.07.2012 05:37, Ben Hutchings wrote: > Package: src:linux > Version: 3.2.21-3 > Severity: important > Tags: security > > As discussed here > . > > I certainly consider mounting of debugfs to be significan

Bug#681418: debugfs is a big security hole

Package: src:linux Version: 3.2.21-3 Severity: important Tags: security As discussed here . I certainly consider mounting of debugfs to be significant security liability. I'm not at all happy that people use