Mailinglist Archive: opensuse-factory (564 mails)
| < Previous | Next > |
Re: [opensuse-factory] Re: [opensuse-kernel] debugfs mounted by default - necessary?
- From: Greg KH <gregkh@xxxxxxx>
- Date: Tue, 6 Dec 2011 16:03:17 -0800
- Message-id: <20111207000317.GA7647@suse.de>
On 06/12/11 16:10, Brian K. White wrote:
So, what you are really saying is that you don't trust the kernel
developers to get things right?
Seriously, I've yet to see one specific example of a debugfs file that
is "unsafe" in todays kernel. I understand the wish for some people to
"control the exposed area", but if I take that to its logical
conclusion, the same people will want the option to disable system calls
that they feel no one should ever use as well?
I still see this whole thing as basic "fear of the unknown". To solve
that, make it "known". Seriously, audit the code, it's there for all to
see. If you see problems with it, it will be fixed.
greg k-h
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
Having a lot lot of stuff exposed and believing that it's all ok is
fundamentally less secure than not exposing anything in the first place.
So, what you are really saying is that you don't trust the kernel
developers to get things right?
Seriously, I've yet to see one specific example of a debugfs file that
is "unsafe" in todays kernel. I understand the wish for some people to
"control the exposed area", but if I take that to its logical
conclusion, the same people will want the option to disable system calls
that they feel no one should ever use as well?
I still see this whole thing as basic "fear of the unknown". To solve
that, make it "known". Seriously, audit the code, it's there for all to
see. If you see problems with it, it will be fixed.
greg k-h
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |