[PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Ben Hutchings
ben at decadent.org.uk
Tue Apr 18 17:39:18 UTC 2017
On Tue, 2017-04-18 at 16:30 +0100, David Howells wrote:
> Ben Hutchings <ben at decadent.org.uk> wrote:
>
> > So it's generally not going to be OK to turn off debugfs. There will
> > probably need to be a distinction between believed-safe and unsafe
> > directories/files.
>
> Any suggestion on how to mark this distinction?
I don't know.
> I'd prefer not to modify every read/write op associated with a
> debugfs file.
I think debugfs should be assumed unsafe by default. So only the
believed-safe parts would need to be changed.
> Modify
> DEFINE_DEBUGFS_ATTRIBUTE() maybe? And provide lockable variants of
> debugfs_create_u8() and co.?
That could help.
Ben.
--
Ben Hutchings
The world is coming to an end. Please log off.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://kernsec.org/pipermail/linux-security-module-archive/attachments/20170418/ba79ccb8/attachment.sig>
More information about the Linux-security-module-archive
mailing list