From patchwork Tue Feb 22 21:01:09 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 84008 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 8FF19B7103 for ; Wed, 23 Feb 2011 08:01:36 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1PrzMP-0004N8-Hs; Tue, 22 Feb 2011 21:01:29 +0000 Received: from mail.tpi.com ([70.99.223.143]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1PrzMO-0004N0-4W for kernel-team@lists.ubuntu.com; Tue, 22 Feb 2011 21:01:28 +0000 Received: from [10.0.2.5] (unknown [10.0.2.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.tpi.com (Postfix) with ESMTP id 193F127AE69; Tue, 22 Feb 2011 13:00:13 -0800 (PST) Message-ID: <4D642415.2070808@canonical.com> Date: Tue, 22 Feb 2011 14:01:09 -0700 From: Tim Gardner User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Kees Cook Subject: Re: [PATCH 0/2] fs: set root dir perms References: <1298399317-19508-1-git-send-email-kees.cook@canonical.com> <4D640838.5090802@canonical.com> <20110222191750.GW4000@outflux.net> <4D641393.1010500@canonical.com> <20110222195854.GC4000@outflux.net> <4D641B5D.90705@canonical.com> <20110222202955.GF4000@outflux.net> In-Reply-To: <20110222202955.GF4000@outflux.net> Cc: kernel-team@lists.ubuntu.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list Reply-To: tim.gardner@canonical.com List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com On 02/22/2011 01:29 PM, Kees Cook wrote: > On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote: >> It appears that ureadahead only uses /var/lib/ureadahead/debugfs if >> /sys/kernel/debug is not already mounted, so we need to test that >> code path. > > I've confirmed this path -- ureadahead uses it on my system every time. > >> What package mounts debugfs ? > > mountall. I'm happy to patch it to not mount /sys/kernel/debug by default. > > -Kees > This is what I've tested on a desktop and server. Everything appears to work. The only window of vulnerability is while ureadahead is doing its thing, and that should only happen after the package database changes, right? If you concur, then turn off debugfs and see what carnage ensues. You should probably start a tracking bug to collect any regressions. rtg diff -Nru mountall-2.21/debian/changelog mountall-2.21ubuntu1/debian/changelog --- mountall-2.21/debian/changelog 2011-02-09 13:51:43.000000000 -0700 +++ mountall-2.21ubuntu1/debian/changelog 2011-02-22 13:41:47.000000000 -0700 @@ -1,3 +1,9 @@ +mountall (2.21ubuntu1) natty; urgency=low + + * Don't mount debugfs by default + + -- Tim Gardner Tue, 22 Feb 2011 13:40:18 -0700 + mountall (2.21) natty; urgency=low * conf/mounted-tmp.conf: find is needed from /usr, so delay this and diff -Nru mountall-2.21/src/fstab mountall-2.21ubuntu1/src/fstab --- mountall-2.21/src/fstab 2010-12-16 05:14:32.000000000 -0700 +++ mountall-2.21ubuntu1/src/fstab 2011-02-22 13:37:32.000000000 -0700 @@ -10,7 +10,7 @@ none /proc/sys/fs/binfmt_misc binfmt_misc nodev,noexec,nosuid,optional 0 0 none /sys sysfs nodev,noexec,nosuid 0 0 none /sys/fs/fuse/connections fusectl optional 0 0 -none /sys/kernel/debug debugfs optional 0 0 +#none /sys/kernel/debug debugfs optional 0 0 none /sys/kernel/security securityfs optional 0 0 none /spu spufs gid=spu,optional 0 0 none /dev devtmpfs,tmpfs mode=0755 0 0