Received: by 10.192.165.156 with SMTP id m28csp1684804imm; Thu, 12 Apr 2018 01:29:32 -0700 (PDT) X-Google-Smtp-Source: AIpwx49ynRWVL5by3vPLmDY8IXKTBPy4ekd6hsR52Ue9JPtzLK/nR3Zt3RQsL/ekBwvacsoToKJ7 X-Received: by 10.99.37.196 with SMTP id l187mr6008327pgl.221.1523521772428; Thu, 12 Apr 2018 01:29:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523521772; cv=none; d=google.com; s=arc-20160816; b=fPHQHPhKzWwmVNZ9CfqiOCFENEXB4XylSC4Oojn++IHKEzWbQ0sTffQyVqMY2TMREt Cn0U36aOrXYxB2zG4ES2vUqm7VhA5kYDx3Ogpor5/1nCmJm6zWcm4EH6Nzp15IcSYhSc M7pq5vegAhvrSJn0MvDdb/0fl2Gq6P9sm4kVMlG+GtPMfrFhpco4EdSn2E4fzqoZfOod vlUFAfl/G+bRjmo5F5N/y+KQ3z5SMnuVPa4bpmjMzwURu0Zcn0/tQVuqQvuG1gN3PZ1i uLWjcPh+0ctF7EDhiJozpWgzDQ3mI23aBf+4FqZUwC5K6HEMwFcU5xH0skEcMGzQu4nE MRWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=J2Xn0a6uhvrio1Aetl/yxc6qg10EJmrQw4bs6eWowuc=; b=mr387BKeGSWgJaSt1C2K0DEIRCOecbpRhomNm+QxJLA+QxGnt8FmxLhFubePphnhJF J/yzQ6ybqoZcc3KuVrvh4jv7NYwss0tjrmsAJmcqAF8Ho9rAddaZJt8swAy7VXlLQT3Z VoVpre4KPg3QrcCLYTjDz1/snSjfUj+EvXlsSuAVSEsVw7RGNS5wh0hb5WoJVdW94Y0v 9sTWUlUPYfcXUXmDc8IFw7fL9YvLMi+whIbIGERJTj7479KJolZ3XivatRPAVkeYLGhx /wO9Adhs+pB9aEHuNHSRIkNeJtzq3WZ60/K8JNRO3ymGkv7t6aN0Uu/NXa8Hki2jsH9M SwNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=gDN3C51l; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i10si2211978pfa.164.2018.04.12.01.28.55; Thu, 12 Apr 2018 01:29:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=gDN3C51l; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752852AbeDLIXX (ORCPT + 99 others); Thu, 12 Apr 2018 04:23:23 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:37559 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750743AbeDLIXV (ORCPT ); Thu, 12 Apr 2018 04:23:21 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id D79E320DEC; Thu, 12 Apr 2018 04:23:20 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Thu, 12 Apr 2018 04:23:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=J2Xn0a6uhvrio1Aetl/yxc6qg10EJ mrQw4bs6eWowuc=; b=gDN3C51lwb6YZWzfnpcrsFMTSbMwu/oQKdN1Eqg6aDCXH BAV7hj2gyFyTIJWDABgkXKR8+bYwS5ntifMi+ifCmk2ZXQ7KJIEtL2AnJ0LJaYaF KIej6OxuXm58DxTPh/cfMK/U7eUyZ9p+zWUeTMd9bqEbuDSYN6CW0daMMHHgOuTv XswOVyj3La/BcGtCZ80WeynYwxWA0kBRHi6VjyPkuWofxCpfKfPlNwjjiGLjV53q XrajDmsi8dZQY46oE/mJLkm3RySmgu3UhYmFqBB3q8BetgDUQK6D74G/SSPwO22u kXDrYu9QdAjDh+0GxKW2HAdzaFaxCafwVYyoyVs+A== X-ME-Sender: Received: from localhost (lfbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.messagingengine.com (Postfix) with ESMTPA id 41836E442C; Thu, 12 Apr 2018 04:23:20 -0400 (EDT) Date: Thu, 12 Apr 2018 10:23:13 +0200 From: Greg KH To: Andy Lutomirski Cc: David Howells , Linus Torvalds , linux-man , Linux API , James Morris , LKML , LSM List Subject: Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down Message-ID: <20180412082313.GA6054@kroah.com> References: <20180411195436.GA7126@kroah.com> <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> <152346403637.4030.15247096217928429102.stgit@warthog.procyon.org.uk> <12769.1523477356@warthog.procyon.org.uk> <20180411203308.GA10167@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 11, 2018 at 07:54:12PM -0700, Andy Lutomirski wrote: > On Wed, Apr 11, 2018 at 1:33 PM, Greg KH wrote: > > On Wed, Apr 11, 2018 at 09:09:16PM +0100, David Howells wrote: > >> Greg KH wrote: > >> > >> > Why not just disable debugfs entirely? This half-hearted way to sorta > >> > lock it down is odd, it is meant to not be there at all, nothing in your > >> > normal system should ever depend on it. > >> > > >> > So again just don't allow it to be mounted at all, much simpler and more > >> > obvious as to what is going on. > >> > >> Yeah, I agree - and then I got complaints because it seems that it's been > >> abused to allow drivers and userspace components to communicate. > > > > With in-kernel code? Please let me know and I'll go fix it up to not > > allow that, as that is not ok. > > > > I do know of some bad examples of out-of-tree code abusing debugfs to do > > crazy things (battery level monitoring?), but that's their own fault... > > > > debugfs is for DEBUGGING! For anything you all feel should be "secure", > > then just disable it entirely. > > > > Debugfs is very, very useful for, ahem, debugging. I really think > this is an example of why we should split lockdown into the read and > write varieties and allow mounting and reading debugfs when only write > is locked down. Ok, but be sure that there are no "secrets" in those debugging files if you really buy into the whole "lock down" mess... Really, it's easier to just disable the whole thing. greg k-h