Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 82aceae4 authored Aug 27, 2012 by Kees Cook Committed by Greg Kroah-Hartman Aug 27, 2012

debugfs: more tightly restrict default mount mode

Since the debugfs is mostly only used by root, make the default mount
mode 0700. Most system owners do not need a more permissive value,
but they can choose to weaken the restrictions via their fstab.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 9db48aaf

Documentation/filesystems/debugfs.txt

+2 −2

Original line number	Diff line number	Diff line
		@@ -15,8 +15,8 @@ Debugfs is typically mounted with a command like:
		mount -t debugfs none /sys/kernel/debug

		(Or an equivalent /etc/fstab line).
		The debugfs root directory is accessible by anyone by default. To
		restrict access to the tree the "uid", "gid" and "mode" mount
		The debugfs root directory is accessible only to the root user by
		default. To change access to the tree the "uid", "gid" and "mode" mount
		options can be used.

		Note that the debugfs API is exported GPL-only to modules.

fs/debugfs/inode.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@
		#include <linux/magic.h>
		#include <linux/slab.h>

		#define DEBUGFS_DEFAULT_MODE 0755
		#define DEBUGFS_DEFAULT_MODE 0700

		static struct vfsmount *debugfs_mount;
		static int debugfs_mount_count;