Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6373
| From | Mark Hindley <mark@hindley.org.uk> |
|---|---|
| Newsgroups | linux.debian.security, linux.debian.bugs.dist |
| Subject | Re: Bug#539352: /etc/init.d/mountkernfs.sh: Please mount debugfs when available in the kernel |
| Date | 2024-11-11 19:50 +0100 |
| Message-ID | <JHHkK-8f9b-13@gated-at.bofh.it> (permalink) |
| References | <d3MBR-1Zo-17@gated-at.bofh.it> <JFXMZ-77pN-3@gated-at.bofh.it> <d3MBR-1Zo-17@gated-at.bofh.it> <JGv2h-7tHu-1@gated-at.bofh.it> <JGH3r-7AJ6-11@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
Hi Debian Security Team, Could I have your input on this please? An old bug has been reopened asking for initscripts to mount debugfs by default. It was closed for several years, but the workaround has now disappeared. In the original thread, concerns were raised about mounting debugfs in all cases both for security and unnecessary resource usage[1]. Those have been expressed again now. On Sat, Nov 09, 2024 at 12:38:30AM +0100, Thorsten Glaser wrote: > On Fri, 8 Nov 2024, Mark Hindley wrote: > > >Reading the original thread, I share some of the concerns[1] about > >enabling this globally. > > I’ve recently worked with debugfs+relayfs in a project, > and I share the opinion of the kernel documentation that > it should not be enabled by default (or rather, it should > not be mounted by default in this case — enabling in the > kernels is probably good). Do you have any input into whether these concerns are sufficiently well founded? Thanks for your help. Mark [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539352#18
Back to linux.debian.security | Previous | Next | Find similar
Re: Bug#539352: /etc/init.d/mountkernfs.sh: Please mount debugfs when available in the kernel Mark Hindley <mark@hindley.org.uk> - 2024-11-11 19:50 +0100
csiph-web