[PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down
David Howells
dhowells at redhat.com
Wed Apr 11 20:08:21 UTC 2018
Eric W. Biederman <ebiederm at xmission.com> wrote:
> Why is mounting debugfs allowed at all? Last I checked (it has been a while)
> the code quality of debugfs was fine for debugging but debugfs was not
> safe to mount on a production system.
>
> Maybe the code quality is better now but for a filesystem that is
> not supposed to be needed for developers letting us mount debugfs
> seems odd.
I agree. But debugfs has been abused and it seems that there are some things
that use it as an interface between a kernel driver and the userspace side.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list