fs: set root dir perms
On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:
> On 02/22/2011 11:28 AM, Kees Cook wrote:
> >With the continuing deluge of bugs in the "debug" filesystem, I would
> >like to make that filesystem's root directory mode 0700 by default since
> >it's filled with crazy stuff that regular users do not need to see.
> >Better to try to just close the door completely on all the stuff in there.
> >It is, after all, supposed to only be used for debugging, right?
> On the surface this doesn't look too bad. However, I'd kind of like
> to let it cook upstream for awhile. Your email on LKML has a fairly
> wide distribution, so the responses ought to be interesting.
Oh, er, I thought it was best to get it into Natty ASAP so that we could
shake out any obvious glitches it causes. That was the impression apw gave
Ubuntu Security Team
kernel-team mailing list