On Fri, 27 Apr 2018 09:04:12 +0200 Ingo Molnar mingo@kernel.org wrote:
- Masami Hiramatsu mhiramat@kernel.org wrote:
Since the blacklist file indicates a sensitive address information to reader, it should be restricted to the root user.
Suggested-by: Thomas Richter tmricht@linux.ibm.com Signed-off-by: Masami Hiramatsu mhiramat@kernel.org
kernel/kprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c index ea619021d901..51096eece801 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -2621,7 +2621,7 @@ static int __init debugfs_kprobe_init(void) if (!file) goto error;
- file = debugfs_create_file("blacklist", 0444, dir, NULL,
- file = debugfs_create_file("blacklist", 0400, dir, NULL, &debugfs_kprobe_blacklist_ops); if (!file) goto error;
Note that in a typical Linux distro debugfs is already root-only:
fomalhaut:~> ls -ld /sys/kernel/debug drwx------ 28 root root 0 Apr 23 08:55 /sys/kernel/debug
but this change might make sense if debugfs is mounted in some other fashion.
But the patch looks incomplete, 'blacklist' is not the only word-readable file in the kprobes hierarchy. The kprobes directory itself, and the 'list' file is readable as well:
[root@fomalhaut ~]# ls -ld /sys/kernel/debug/kprobes drwxr-xr-x 2 root root 0 Apr 23 08:55 /sys/kernel/debug/kprobes
[root@fomalhaut ~]# ls -l /sys/kernel/debug/kprobes/
-r--r--r-- 1 root root 0 Apr 23 08:55 blacklist -rw------- 1 root root 0 Apr 23 08:55 enabled -r--r--r-- 1 root root 0 Apr 23 08:55 list
So not just the blacklist should be 400 but 'list' as well, and the main kprobes directory as well.
OK, I'll mark it 0400 too. For the kprobes directory, as Thomas pointed in the original thread, that is currently debugfs API's limitation.
https://patchwork.kernel.org/patch/10364817/
We only have debugfs_create_dir() but it doesn't have "mode" flag.
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent);
And doesn't care the parent mode bits.
Thanks,