From: Kees Cook <kees.cook@canonical.com>
To: Greg KH <gregkh@suse.de>
Cc: Vasiliy Kulikov <segoon@openwall.com>,
linux-kernel@vger.kernel.org, Eugene Teo <eugeneteo@gmail.com>
Subject: Re: [RFC] add mount options to sysfs
Date: Fri, 20 May 2011 08:17:31 -0700 [thread overview]
Message-ID: <20110520151731.GT25448@outflux.net> (raw)
In-Reply-To: <20110520135424.GA10878@suse.de>
Hi Greg,
On Fri, May 20, 2011 at 06:54:24AM -0700, Greg KH wrote:
> That's the question for you, we would be changing the kernel/user api
> here, and odds are, something will break.
I feel like this is going in circles. :)
Adding this feature (with no changes to the defaults) will:
- not break anything in the standard case
- allow a system owner to locally choose the DAC perms on the mounts
The question is about providing a temporal buffer between when a flaw is
found in sysfs or debugfs and when the fix for it gets to the system owner.
This, of course, presupposes that flaws are even publicly discovered in the
first place. It gives paranoid system owners the option to lock down sysfs
and debugfs from non-root users while still having them mounted without
needing to make rather non-standard changes to boot time scripts beyond
changing the fstab.
Given that things like tmpfs support these options, it seems only sane to
suppor them here too.
-Kees
--
Kees Cook
Ubuntu Security Team
prev parent reply other threads:[~2011-05-20 15:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-18 16:31 [RFC] add mount options to sysfs Vasiliy Kulikov
2011-05-18 16:39 ` Greg KH
2011-05-18 17:05 ` Vasiliy Kulikov
2011-05-18 19:17 ` Greg KH
2011-05-19 6:26 ` Vasiliy Kulikov
2011-05-19 17:12 ` Greg KH
2011-05-20 9:59 ` Vasiliy Kulikov
2011-05-20 13:30 ` Greg KH
2011-05-20 13:34 ` Vasiliy Kulikov
2011-05-20 13:36 ` Vasiliy Kulikov
2011-05-20 13:54 ` Greg KH
2011-05-20 15:17 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110520151731.GT25448@outflux.net \
--to=kees.cook@canonical.com \
--cc=eugeneteo@gmail.com \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=segoon@openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).