Received: by 10.192.165.156 with SMTP id m28csp1441332imm; Wed, 11 Apr 2018 19:57:52 -0700 (PDT) X-Google-Smtp-Source: AIpwx49tQAq+xx7NMTaDZ1uCU37V7XUjFoEFFMzzlO/FmDv7QlSHzjV7+J7XNbz8z94xGsVK0Rjo X-Received: by 2002:a17:902:7881:: with SMTP id q1-v6mr3651016pll.206.1523501872639; Wed, 11 Apr 2018 19:57:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523501872; cv=none; d=google.com; s=arc-20160816; b=YNmwm1HQ8gIM7LQ+B19QLWPYGNPERpctt5KT+lZW68SIgAPSprX/yMyH+gtgcFVAlm lI0848ff1FA92GQZGVi9kEPTVGp5vTlQEKn9bo7l32nU9zfJH7xwh5cVnKzGHcOQamOI pJ8sTxKWZTqs1FQR+XqvNYldMuA9cflK8CoBDPNrqVSty99Nj5Wm7NZSinmB81x5lu2O sJduxldK8MH7RobYMssUXaugrxYvnhD5nnUlKTFhQTlQn5RLVIXzbyn5WHuHtcgEhcn0 AAe3sIddaht20Bd5qtrGsj96Q8fhIeZWVs75dKDlo0CyociPRhJobcXK6dUH5DyKjc+d /FFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=keILaNApjCnc9gxDGimcE2fk9TP/mTp8ZzCol2vsYIs=; b=uSqJ7h/VyBFaMeMl+yvhc2fAbxdLVDag4XuamnFLruS4lBg1gQVfpYaxmYqGlJAAf0 FYH/NjmsCwEp+scluTQO/0VcDMljJxndCbhiTfedk1/0xKZUOVxp3W+6C2UDoPtVf6IZ ej0cBb316thfZxpQgvRjSYwfNKUzoD6QpleeVLQevaeoAM7acVkZwaOOLvaH1CRv9CG6 W/5eLitwIZJ1z5gZF2aJY5SZlyTkYomxX62ThaIRBzSv5G5XG5FKXQVzeA40pk/FafdT YlguBnUsAcspQ4uBpMnhVYiOiJk9QriykBf12NjLqzr6lzg8cW0EWALlddDqbSrLLl5k WSiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z63si1597057pgb.28.2018.04.11.19.57.15; Wed, 11 Apr 2018 19:57:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752586AbeDLCyf (ORCPT + 99 others); Wed, 11 Apr 2018 22:54:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:34998 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752253AbeDLCyd (ORCPT ); Wed, 11 Apr 2018 22:54:33 -0400 Received: from mail-io0-f181.google.com (mail-io0-f181.google.com [209.85.223.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 50E9521836 for ; Thu, 12 Apr 2018 02:54:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 50E9521836 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f181.google.com with SMTP id h10so1552973iob.2 for ; Wed, 11 Apr 2018 19:54:33 -0700 (PDT) X-Gm-Message-State: ALQs6tBAfggPmdcTJCDJBU2qEKZGQpuKMQqIcIVrF8Br0tK2EpIMJRvT O68NkV372DaJoy8uRMSvdsAK5ACe7XB7HkkpSM07bA== X-Received: by 10.107.89.10 with SMTP id n10mr7256383iob.67.1523501672715; Wed, 11 Apr 2018 19:54:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.137.70 with HTTP; Wed, 11 Apr 2018 19:54:12 -0700 (PDT) In-Reply-To: <20180411203308.GA10167@kroah.com> References: <20180411195436.GA7126@kroah.com> <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> <152346403637.4030.15247096217928429102.stgit@warthog.procyon.org.uk> <12769.1523477356@warthog.procyon.org.uk> <20180411203308.GA10167@kroah.com> From: Andy Lutomirski Date: Wed, 11 Apr 2018 19:54:12 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down To: Greg KH Cc: David Howells , Linus Torvalds , linux-man , Linux API , James Morris , LKML , LSM List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 11, 2018 at 1:33 PM, Greg KH wrote: > On Wed, Apr 11, 2018 at 09:09:16PM +0100, David Howells wrote: >> Greg KH wrote: >> >> > Why not just disable debugfs entirely? This half-hearted way to sorta >> > lock it down is odd, it is meant to not be there at all, nothing in your >> > normal system should ever depend on it. >> > >> > So again just don't allow it to be mounted at all, much simpler and more >> > obvious as to what is going on. >> >> Yeah, I agree - and then I got complaints because it seems that it's been >> abused to allow drivers and userspace components to communicate. > > With in-kernel code? Please let me know and I'll go fix it up to not > allow that, as that is not ok. > > I do know of some bad examples of out-of-tree code abusing debugfs to do > crazy things (battery level monitoring?), but that's their own fault... > > debugfs is for DEBUGGING! For anything you all feel should be "secure", > then just disable it entirely. > Debugfs is very, very useful for, ahem, debugging. I really think this is an example of why we should split lockdown into the read and write varieties and allow mounting and reading debugfs when only write is locked down.