Patchwork [0/2] fs: set root dir perms

login
register
mail settings
Submitter Tim Gardner
Date Feb. 22, 2011, 9:01 p.m.
Message ID <4D642415.2070808@canonical.com>
Download mbox | patch
Permalink /patch/84008/
State Accepted
Headers show

Comments

Tim Gardner - Feb. 22, 2011, 9:01 p.m.
On 02/22/2011 01:29 PM, Kees Cook wrote:
> On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:
>> It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
>> /sys/kernel/debug is not already mounted, so we need to test that
>> code path.
>
> I've confirmed this path -- ureadahead uses it on my system every time.
>
>> What package mounts debugfs ?
>
> mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.
>
> -Kees
>

This is what I've tested on a desktop and server. Everything appears to 
work. The only window of vulnerability is while ureadahead is doing its 
thing, and that should only happen after the package database changes, 
right?

If you concur, then turn off debugfs and see what carnage ensues. You 
should probably start a tracking bug to collect any regressions.

rtg
Kees Cook - Feb. 22, 2011, 9:09 p.m.
On Tue, Feb 22, 2011 at 02:01:09PM -0700, Tim Gardner wrote:
> On 02/22/2011 01:29 PM, Kees Cook wrote:
> >On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:
> >>It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
> >>/sys/kernel/debug is not already mounted, so we need to test that
> >>code path.
> >
> >I've confirmed this path -- ureadahead uses it on my system every time.
> >
> >>What package mounts debugfs ?
> >
> >mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.
> >
> >-Kees
> >
> 
> This is what I've tested on a desktop and server. Everything appears
> to work. The only window of vulnerability is while ureadahead is
> doing its thing, and that should only happen after the package
> database changes, right?
> 
> If you concur, then turn off debugfs and see what carnage ensues.
> You should probably start a tracking bug to collect any regressions.

Yeah, I already had the upload ready, so I'll use my version (it refers to
the lkml email where Alan Cox says it should not be used on production
systems). But yeah, I'll upload and send email to ubuntu-devel with the
list of everything in main that references /sys/kernel/debug.

-Kees
Kees Cook - Feb. 22, 2011, 9:28 p.m.
On Tue, Feb 22, 2011 at 02:01:09PM -0700, Tim Gardner wrote:
> This is what I've tested on a desktop and server. Everything appears
> to work. The only window of vulnerability is while ureadahead is
> doing its thing, and that should only happen after the package
> database changes, right?
> 
> If you concur, then turn off debugfs and see what carnage ensues.
> You should probably start a tracking bug to collect any regressions.

Actually, I'm going to change this a bit... I'm going to just chmod it
after mounting. Then I don't have to break apport and ftrace, and I don't
have to carry a kernel patch.

Patch

diff -Nru mountall-2.21/debian/changelog mountall-2.21ubuntu1/debian/changelog
--- mountall-2.21/debian/changelog	2011-02-09 13:51:43.000000000 -0700
+++ mountall-2.21ubuntu1/debian/changelog	2011-02-22 13:41:47.000000000 -0700
@@ -1,3 +1,9 @@ 
+mountall (2.21ubuntu1) natty; urgency=low
+
+  * Don't mount debugfs by default
+
+ -- Tim Gardner <tim.gardner@canonical.com>  Tue, 22 Feb 2011 13:40:18 -0700
+
 mountall (2.21) natty; urgency=low
 
   * conf/mounted-tmp.conf: find is needed from /usr, so delay this and
diff -Nru mountall-2.21/src/fstab mountall-2.21ubuntu1/src/fstab
--- mountall-2.21/src/fstab	2010-12-16 05:14:32.000000000 -0700
+++ mountall-2.21ubuntu1/src/fstab	2011-02-22 13:37:32.000000000 -0700
@@ -10,7 +10,7 @@ 
 none            /proc/sys/fs/binfmt_misc  binfmt_misc     nodev,noexec,nosuid,optional      0 0
 none            /sys                      sysfs           nodev,noexec,nosuid               0 0
 none            /sys/fs/fuse/connections  fusectl         optional                          0 0
-none            /sys/kernel/debug         debugfs         optional                          0 0
+#none            /sys/kernel/debug         debugfs         optional                          0 0
 none            /sys/kernel/security      securityfs      optional                          0 0
 none            /spu                      spufs           gid=spu,optional                  0 0
 none            /dev                      devtmpfs,tmpfs  mode=0755                         0 0