On Mon, Dec 05, 2011 at 08:22:01AM -0800, Greg KH wrote:
On Mon, Dec 05, 2011 at 05:11:58PM +0100, Marcus Meissner wrote:
Hi,
is it necessary that "debugfs" is mounted by default?
perf needs/wants it, as does other things that we need for suportability (usb device list, etc.)
It exposes too much of the kernel readable (and so potentially exploitable) to the non-root user.
What is exploitable in debugfs, and "too readable"?
I do not know if anything is exploitable. This is also more a look into the future. Too readable as in "exposing too much information normal users do not need". Seeing that even interrupt numbers / timings are used to guess passwords nearly any information can be a side channel of sensitive information. So: Does "perf" need to run as user, or can it just be run as "root"? Could we restrict the mount permissions of debugfs to only be root readable? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org