On Tue, Dec 06, 2011 at 07:37:10AM -0800, Greg KH wrote: ...
Again, what specifically is wrong with debugfs that is causing problems?
Nothing.
Is it just the fear of the unknown?
The fear of the yet undiscovered problems.
procfs "leaks" more system information today than debugfs does, do you want to not allow that to be mounted as well?
You might be aware that I am one of the guys supporting that it exports _less_ information and that it already exports these days less than previous versions. /proc is so deep entrenched in compatibility concerns it is hard to do sadly.
This "fear of the unknown" for a feature of the kernel that has been there for a very long time is quite strange to me.
And again, if there are problems found with any type of security related information leakage that should not be there in debugfs, let us know, it will get fixed.
But don't outright ban the thing just because you are "afraid" of it, that's wrong.
Please try to think as a security worker for a short moment... "If there are problems, tell us, we fix it" ... this is the way the security world works today (and it works basically). But this is a huge and ever turning treadmill where we (security and developers) can barely keep up running. What we (security and likely our users) want is a smaller or lower running treadmill. This means reducing what we call (and should be self explanatory) "attack surface". And yes, it is fear. Fear of the "yet unknown security holes the blackhats know about" or for our users the fear of "unknown if hackers have broken in already because we have not all updates or unknown issues." Do you not manage server(s) and fear such breakins? Ciao, Marcus PS: You can now stop thinking like me again... :) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org