Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-05-02 Thread Kees Cook
On Wed, May 2, 2018 at 12:16 AM, Thomas-Mich Richter wrote: > On 04/27/2018 04:58 PM, Kees Cook wrote: >> On Fri, Apr 27, 2018 at 6:49 AM, Greg KH wrote: >>> I'm going to add Kees and the kernel-hardning list here, as I'd like >>> their opinions

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-05-02 Thread Kees Cook
On Wed, May 2, 2018 at 12:16 AM, Thomas-Mich Richter wrote: > On 04/27/2018 04:58 PM, Kees Cook wrote: >> On Fri, Apr 27, 2018 at 6:49 AM, Greg KH wrote: >>> I'm going to add Kees and the kernel-hardning list here, as I'd like >>> their opinions for the patch below. >>> >>> Kees, do you have any

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-05-02 Thread Thomas-Mich Richter
On 04/27/2018 04:58 PM, Kees Cook wrote: > On Fri, Apr 27, 2018 at 6:49 AM, Greg KH wrote: >> I'm going to add Kees and the kernel-hardning list here, as I'd like >> their opinions for the patch below. >> >> Kees, do you have any problems with this patch? I know you

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-05-02 Thread Thomas-Mich Richter
On 04/27/2018 04:58 PM, Kees Cook wrote: > On Fri, Apr 27, 2018 at 6:49 AM, Greg KH wrote: >> I'm going to add Kees and the kernel-hardning list here, as I'd like >> their opinions for the patch below. >> >> Kees, do you have any problems with this patch? I know you worked on >> making debugfs

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-30 Thread Greg KH
On Mon, Apr 30, 2018 at 04:15:58PM +0200, Jann Horn wrote: > On Fri, Apr 27, 2018 at 3:49 PM, Greg KH wrote: > > I'm going to add Kees and the kernel-hardning list here, as I'd like > > their opinions for the patch below. > > > > Kees, do you have any problems with

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-30 Thread Greg KH
On Mon, Apr 30, 2018 at 04:15:58PM +0200, Jann Horn wrote: > On Fri, Apr 27, 2018 at 3:49 PM, Greg KH wrote: > > I'm going to add Kees and the kernel-hardning list here, as I'd like > > their opinions for the patch below. > > > > Kees, do you have any problems with this patch? I know you worked

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-30 Thread Jann Horn
On Fri, Apr 27, 2018 at 3:49 PM, Greg KH wrote: > I'm going to add Kees and the kernel-hardning list here, as I'd like > their opinions for the patch below. > > Kees, do you have any problems with this patch? I know you worked on > making debugfs more "secure" from

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-30 Thread Jann Horn
On Fri, Apr 27, 2018 at 3:49 PM, Greg KH wrote: > I'm going to add Kees and the kernel-hardning list here, as I'd like > their opinions for the patch below. > > Kees, do you have any problems with this patch? I know you worked on > making debugfs more "secure" from non-root users, this should

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-27 Thread Kees Cook
On Fri, Apr 27, 2018 at 6:49 AM, Greg KH wrote: > I'm going to add Kees and the kernel-hardning list here, as I'd like > their opinions for the patch below. > > Kees, do you have any problems with this patch? I know you worked on > making debugfs more "secure" from

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-27 Thread Kees Cook
On Fri, Apr 27, 2018 at 6:49 AM, Greg KH wrote: > I'm going to add Kees and the kernel-hardning list here, as I'd like > their opinions for the patch below. > > Kees, do you have any problems with this patch? I know you worked on > making debugfs more "secure" from non-root users, this should

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-27 Thread Greg KH
I'm going to add Kees and the kernel-hardning list here, as I'd like their opinions for the patch below. Kees, do you have any problems with this patch? I know you worked on making debugfs more "secure" from non-root users, this should still keep the intial mount permissions all fine, right?

Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-27 Thread Greg KH
I'm going to add Kees and the kernel-hardning list here, as I'd like their opinions for the patch below. Kees, do you have any problems with this patch? I know you worked on making debugfs more "secure" from non-root users, this should still keep the intial mount permissions all fine, right?

[PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-27 Thread Thomas Richter
Currently function debugfs_create_dir() creates a new directory in the debugfs (usually mounted /sys/kernel/debug) with permission rwxr-xr-x. This is hard coded. Change this to use the parent directory permission. Output before the patch: root@s8360047 ~]# tree -dp -L 1 /sys/kernel/debug/

[PATCH v2] inode: debugfs_create_dir uses mode permission from parent

2018-04-27 Thread Thomas Richter
Currently function debugfs_create_dir() creates a new directory in the debugfs (usually mounted /sys/kernel/debug) with permission rwxr-xr-x. This is hard coded. Change this to use the parent directory permission. Output before the patch: root@s8360047 ~]# tree -dp -L 1 /sys/kernel/debug/