Sony Provides Patch To Linux 5.9 For Allowing Further Access Restrictions On DebugFS

Written by Michael Larabel in Linux Security on 25 July 2020 at 12:00 AM EDT. 4 Comments
LINUX SECURITY
A patch queued up into the driver core tree ahead of the upcoming Linux 5.9 kernel will allow further restricting access to DebugFS.

Sony engineer Peter Enderborg wrote the patch to allow a new access restriction option on DebugFS, the pseudo file-system used for exposing debug-related information from the kernel and other details without having to stick to the ABI compatibility mandated by sysfs. The basis for this access restriction is that DebugFS can carry sensitive information and so should be treated more carefully, even though most Linux distributions already restrict DebugFS access to root/administrative privileges.

Enderborg noted, "This gives a extra protection for exposure on systems where user-space services with system access are attacked." From the Sony perspective, it appears motivated from the smartphone angle of Linux/Android devices.

The new option allows for DebugFS to be toggled on/off or also initialized internally but not accessible via user-space (i.e. not mounted).

These new controls around DebugFS can be set by default on new kernel builds using the DEBUG_FS_ALLOW_ALL / DEBUG_FS_DISALLOW_MOUNT / DEBUG_S_ALLOW_NONE Kconfig options or controlled at boot time as well via debugfs= with on/off/no-mount values.

The code is in driver-core until the Linux 5.9 merge window kicks off in August following the 5.8 kernel release.
4 Comments
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features
Linux 6.12 Officially Promoted To Being An LTS Kernel