Sony Provides Patch To Linux 5.9 For Allowing Further Access Restrictions On DebugFS
Written by Michael Larabel in Linux Security on 25 July 2020 at 12:00 AM EDT. 4 Comments
LINUX SECURITY --
A patch queued up into the driver core tree ahead of the upcoming Linux 5.9 kernel will allow further restricting access to DebugFS.

Sony engineer Peter Enderborg wrote the patch to allow a new access restriction option on DebugFS, the pseudo file-system used for exposing debug-related information from the kernel and other details without having to stick to the ABI compatibility mandated by sysfs. The basis for this access restriction is that DebugFS can carry sensitive information and so should be treated more carefully, even though most Linux distributions already restrict DebugFS access to root/administrative privileges.

Enderborg noted, "This gives a extra protection for exposure on systems where user-space services with system access are attacked." From the Sony perspective, it appears motivated from the smartphone angle of Linux/Android devices.

The new option allows for DebugFS to be toggled on/off or also initialized internally but not accessible via user-space (i.e. not mounted).

These new controls around DebugFS can be set by default on new kernel builds using the DEBUG_FS_ALLOW_ALL / DEBUG_FS_DISALLOW_MOUNT / DEBUG_S_ALLOW_NONE Kconfig options or controlled at boot time as well via debugfs= with on/off/no-mount values.

The code is in driver-core until the Linux 5.9 merge window kicks off in August following the 5.8 kernel release.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week