Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180727220543.GT190909@sspatil-desktop.mtv.corp.google.com>
Date: Fri, 27 Jul 2018 15:05:43 -0700
From: Sandeep Patil <sspatil@...gle.com>
To: "Theodore Y. Ts'o" <tytso@....edu>,
	Steven Rostedt <rostedt@...dmis.org>, Jann Horn <jannh@...gle.com>,
	salyzyn@...gle.com, Nick Desaulniers <ndesaulniers@...gle.com>,
	Golden_Miller83@...tonmail.ch, Greg KH <greg@...ah.com>,
	Kees Cook <keescook@...gle.com>, salyzyn@...roid.com,
	kernel list <linux-kernel@...r.kernel.org>,
	Ingo Molnar <mingo@...hat.com>, kernel-team@...roid.com,
	stable@...r.kernel.org,
	Kernel Hardening <kernel-hardening@...ts.openwall.com>,
	Jeffrey Vander Stoep <jeffv@...gle.com>
Subject: Re: [PATCH] tracing: do not leak kernel addresses

On Fri, Jul 27, 2018 at 04:21:14PM -0400, Theodore Y. Ts'o wrote:
> On Fri, Jul 27, 2018 at 04:11:03PM -0400, Steven Rostedt wrote:
> > That said, I would assume that
> > other Android utilities are using other debugfs files for system
> > status and such.

As of today, I think a lot of information in 'bugreports' is read
out of debugfs (including things like binder stats). We do have a plan
to change that.

> 
> Yeah, I know we probably have lost the "debugfs is only for debugging
> and has no place in a production system" battle, and we should just
> move on and assume we need to completely harden all of debugfs.  But
> it's worth at least *asking* whether or not the use of debugfs for
> Android can be avoided....

Indeed, I think it can. However, the problem is the last time I tried to
remove this a whole bunch of things just broke. So, it wasn't about losing
a functionality here and there. Agree, we need to clean up platform to not use
debugfs first. Then we can expect Apps or other native processes to not rely
on debugfs at all.

The work is in progress..[1]

- ssp

1] https://source.android.com/devices/architecture/kernel/modular-kernels#debugfs

> 
> 					- Ted
> 
> -- 
> You received this message because you are subscribed to the Google Groups "kernel-team" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe@...roid.com.
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.