Since the blacklist and list files on debugfs indicates a sensitive address information to reader, it should be restricted to the root user.
Suggested-by: Thomas Richter <[email protected]> Suggested-by: Ingo Molnar <[email protected]> Signed-off-by: Masami Hiramatsu <[email protected]> Cc: [email protected] --- Changes in v4: - Fix "list" file's mode too. --- kernel/kprobes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index ea619021d901..5eb42c82497c 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -2611,7 +2611,7 @@ static int __init debugfs_kprobe_init(void) if (!dir) return -ENOMEM; - file = debugfs_create_file("list", 0444, dir, NULL, + file = debugfs_create_file("list", 0400, dir, NULL, &debugfs_kprobes_operations); if (!file) goto error; @@ -2621,7 +2621,7 @@ static int __init debugfs_kprobe_init(void) if (!file) goto error; - file = debugfs_create_file("blacklist", 0444, dir, NULL, + file = debugfs_create_file("blacklist", 0400, dir, NULL, &debugfs_kprobe_blacklist_ops); if (!file) goto error;
