On 06/12/11 16:10, Brian K. White wrote:
Having a lot lot of stuff exposed and believing that it's all ok is fundamentally less secure than not exposing anything in the first place.
So, what you are really saying is that you don't trust the kernel developers to get things right? Seriously, I've yet to see one specific example of a debugfs file that is "unsafe" in todays kernel. I understand the wish for some people to "control the exposed area", but if I take that to its logical conclusion, the same people will want the option to disable system calls that they feel no one should ever use as well? I still see this whole thing as basic "fear of the unknown". To solve that, make it "known". Seriously, audit the code, it's there for all to see. If you see problems with it, it will be fixed. greg k-h -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org