FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 02-22-2011, 06:50 PM
Tim Gardner
 
Default fs: set root dir perms

On 02/22/2011 12:17 PM, Kees Cook wrote:

Hi Tim,

On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:

On 02/22/2011 11:28 AM, Kees Cook wrote:

With the continuing deluge of bugs in the "debug" filesystem, I would
like to make that filesystem's root directory mode 0700 by default since
it's filled with crazy stuff that regular users do not need to see.

Better to try to just close the door completely on all the stuff in there.
It is, after all, supposed to only be used for debugging, right?




On the surface this doesn't look too bad. However, I'd kind of like
to let it cook upstream for awhile. Your email on LKML has a fairly
wide distribution, so the responses ought to be interesting.


Oh, er, I thought it was best to get it into Natty ASAP so that we could
shake out any obvious glitches it causes. That was the impression apw gave
me, anyway.

-Kees



Perhaps, while some of this is shaking out upstream, we ought to take a
closer look at not leaving debugfs mounted, e.g., umount it after
ureadahead is done. Anyone using ftrace is likely savvy enough to know
how to mount debugfs when they need it.


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 06:58 PM
Kees Cook
 
Default fs: set root dir perms

On Tue, Feb 22, 2011 at 12:50:43PM -0700, Tim Gardner wrote:
> On 02/22/2011 12:17 PM, Kees Cook wrote:
> >Hi Tim,
> >
> >On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:
> >>On 02/22/2011 11:28 AM, Kees Cook wrote:
> >>>With the continuing deluge of bugs in the "debug" filesystem, I would
> >>>like to make that filesystem's root directory mode 0700 by default since
> >>>it's filled with crazy stuff that regular users do not need to see.
> >>>
> >>>Better to try to just close the door completely on all the stuff in there.
> >>>It is, after all, supposed to only be used for debugging, right?
> >>>
> >>>
> >>
> >>On the surface this doesn't look too bad. However, I'd kind of like
> >>to let it cook upstream for awhile. Your email on LKML has a fairly
> >>wide distribution, so the responses ought to be interesting.
> >
> >Oh, er, I thought it was best to get it into Natty ASAP so that we could
> >shake out any obvious glitches it causes. That was the impression apw gave
> >me, anyway.
> >
> >-Kees
> >
>
> Perhaps, while some of this is shaking out upstream, we ought to
> take a closer look at not leaving debugfs mounted, e.g., umount it
> after ureadahead is done. Anyone using ftrace is likely savvy enough
> to know how to mount debugfs when they need it.

I think ureadahead already uses a private copy of debugfs in
/var/lib/ureadahead/debugfs. I think we should just not mount debugfs at
all (though we still need to keep acpi/custom_method commented out at least
until this[1] is taken).

-Kees

[1] https://lkml.org/lkml/2011/2/22/369

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 07:23 PM
Tim Gardner
 
Default fs: set root dir perms

On 02/22/2011 12:58 PM, Kees Cook wrote:

On Tue, Feb 22, 2011 at 12:50:43PM -0700, Tim Gardner wrote:

On 02/22/2011 12:17 PM, Kees Cook wrote:

Hi Tim,

On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:

On 02/22/2011 11:28 AM, Kees Cook wrote:

With the continuing deluge of bugs in the "debug" filesystem, I would
like to make that filesystem's root directory mode 0700 by default since
it's filled with crazy stuff that regular users do not need to see.

Better to try to just close the door completely on all the stuff in there.
It is, after all, supposed to only be used for debugging, right?




On the surface this doesn't look too bad. However, I'd kind of like
to let it cook upstream for awhile. Your email on LKML has a fairly
wide distribution, so the responses ought to be interesting.


Oh, er, I thought it was best to get it into Natty ASAP so that we could
shake out any obvious glitches it causes. That was the impression apw gave
me, anyway.

-Kees



Perhaps, while some of this is shaking out upstream, we ought to
take a closer look at not leaving debugfs mounted, e.g., umount it
after ureadahead is done. Anyone using ftrace is likely savvy enough
to know how to mount debugfs when they need it.


I think ureadahead already uses a private copy of debugfs in
/var/lib/ureadahead/debugfs. I think we should just not mount debugfs at
all (though we still need to keep acpi/custom_method commented out at least
until this[1] is taken).

-Kees

[1] https://lkml.org/lkml/2011/2/22/369



It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
/sys/kernel/debug is not already mounted, so we need to test that code path.


What package mounts debugfs ?

rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 07:29 PM
Kees Cook
 
Default fs: set root dir perms

On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:
> It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
> /sys/kernel/debug is not already mounted, so we need to test that
> code path.

I've confirmed this path -- ureadahead uses it on my system every time.

> What package mounts debugfs ?

mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.

-Kees

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 08:01 PM
Tim Gardner
 
Default fs: set root dir perms

On 02/22/2011 01:29 PM, Kees Cook wrote:

On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:

It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
/sys/kernel/debug is not already mounted, so we need to test that
code path.


I've confirmed this path -- ureadahead uses it on my system every time.


What package mounts debugfs ?


mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.

-Kees



This is what I've tested on a desktop and server. Everything appears to
work. The only window of vulnerability is while ureadahead is doing its
thing, and that should only happen after the package database changes,
right?


If you concur, then turn off debugfs and see what carnage ensues. You
should probably start a tracking bug to collect any regressions.


rtg
--
Tim Gardner tim.gardner@canonical.com
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 08:09 PM
Kees Cook
 
Default fs: set root dir perms

On Tue, Feb 22, 2011 at 02:01:09PM -0700, Tim Gardner wrote:
> On 02/22/2011 01:29 PM, Kees Cook wrote:
> >On Tue, Feb 22, 2011 at 01:23:57PM -0700, Tim Gardner wrote:
> >>It appears that ureadahead only uses /var/lib/ureadahead/debugfs if
> >>/sys/kernel/debug is not already mounted, so we need to test that
> >>code path.
> >
> >I've confirmed this path -- ureadahead uses it on my system every time.
> >
> >>What package mounts debugfs ?
> >
> >mountall. I'm happy to patch it to not mount /sys/kernel/debug by default.
> >
> >-Kees
> >
>
> This is what I've tested on a desktop and server. Everything appears
> to work. The only window of vulnerability is while ureadahead is
> doing its thing, and that should only happen after the package
> database changes, right?
>
> If you concur, then turn off debugfs and see what carnage ensues.
> You should probably start a tracking bug to collect any regressions.

Yeah, I already had the upload ready, so I'll use my version (it refers to
the lkml email where Alan Cox says it should not be used on production
systems). But yeah, I'll upload and send email to ubuntu-devel with the
list of everything in main that references /sys/kernel/debug.

-Kees

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 08:28 PM
Kees Cook
 
Default fs: set root dir perms

On Tue, Feb 22, 2011 at 02:01:09PM -0700, Tim Gardner wrote:
> This is what I've tested on a desktop and server. Everything appears
> to work. The only window of vulnerability is while ureadahead is
> doing its thing, and that should only happen after the package
> database changes, right?
>
> If you concur, then turn off debugfs and see what carnage ensues.
> You should probably start a tracking bug to collect any regressions.

Actually, I'm going to change this a bit... I'm going to just chmod it
after mounting. Then I don't have to break apport and ftrace, and I don't
have to carry a kernel patch.

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 04:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org