[PATCH 2/2] debugfs: only allow root access to debugging interfaces [LWN.net]

From:		Kees Cook <kees.cook-AT-canonical.com>
To:		linux-kernel-AT-vger.kernel.org
Subject:		[PATCH 2/2] debugfs: only allow root access to debugging interfaces
Date:		Tue, 22 Feb 2011 10:09:58 -0800
Message-ID:		<1298398198-18482-2-git-send-email-kees.cook@canonical.com>
Cc:		Eugene Teo <eugeneteo-AT-kernel.sg>, Ralph Campbell <infinipath-AT-qlogic.com>, Roland Dreier <roland-AT-kernel.org>, Sean Hefty <sean.hefty-AT-intel.com>, Hal Rosenstock <hal.rosenstock-AT-gmail.com>, Jeremy Fitzhardinge <jeremy.fitzhardinge-AT-citrix.com>, Konrad Rzeszutek Wilk <konrad.wilk-AT-oracle.com>, Alexander Viro <viro-AT-zeniv.linux.org.uk>, Greg Kroah-Hartman <gregkh-AT-suse.de>, Miklos Szeredi <miklos-AT-szeredi.hu>, "J. Bruce Fields" <bfields-AT-fieldses.org>, Neil Brown <neilb-AT-suse.de>, Matthew Wilcox <matthew-AT-wil.cx>, James Morris <jmorris-AT-namei.org>, Stephen Smalley <sds-AT-tycho.nsa.gov>, Eric Paris <eparis-AT-parisplace.org>, Nick Piggin <npiggin-AT-kernel.dk>, Arnd Bergmann <arnd-AT-arndb.de>, Ian Campbell <ian.campbell-AT-citrix.com>, Jarkko Sakkinen <ext-jarkko.2.sakkinen-AT-nokia.com>, Tejun Heo <tj-AT-kernel.org>, Casey Schaufler <casey-AT-schaufler-ca.com>
Archive-link:		Article, Thread

Block access to the potentially dangerous debugging interfaces in
the debugfs filesystem.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
 fs/debugfs/inode.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 3cb33c3..83c61a3 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -133,7 +133,7 @@ static int debug_fill_super(struct super_block *sb, void *data, int silent)
 	static struct tree_descr debug_files[] = {{""}};
 
 	return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files,
-				 S_IWUSR | S_IRUGO | S_IXUGO);
+				 S_IRWXU);
 }
 
 static struct dentry *debug_mount(struct file_system_type *fs_type,
-- 
1.7.2.3

(Log in to post comments)