On Tue, 2012-08-28 at 10:41 -0400, Theodore Ts'o wrote: > On Mon, Aug 27, 2012 at 01:32:15PM -0700, Kees Cook wrote: > > Since the debugfs is mostly only used by root, make the default mount > > mode 0700. Most system owners do not need a more permissive value, > > but they can choose to weaken the restrictions via their fstab. > > > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > > I agree with this patch, but it would also be good if we could try to > harden debugfs in general. Some ideas that might be worth discussing, > for example? [...] The problems are apparently larger than specific modules: http://lists.linux-foundation.org/pipermail/ksummit-2012-discuss/2012-July/000894.html Ben. -- Ben Hutchings It is a miracle that curiosity survives formal education. - Albert Einstein
Attachment:
signature.asc
Description: This is a digitally signed message part