debugfs: more tightly restrict default mount mode Since the debugfs is mostly only used by root, make the default mount mode 0700. Most system owners do not need a more permissive value, but they can choose to weaken the restrictions via their fstab. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: 82aceae4f0d42f03d9ad7d1e90389e731153898f [log] [tgz]
author: Kees Cook <keescook@chromium.org> Mon Aug 27 13:32:15 2012 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Mon Aug 27 13:42:02 2012 -0700
tree: 9e39183cb3d2a971ac794da1b94d4dd7f07faa5d
parent: 9db48aaf18d675ac41f550c9384154e0c00de2ef [diff] [blame]
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 2c9fafb..6393fd6 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c

@@ -28,7 +28,7 @@
 #include <linux/magic.h>
 #include <linux/slab.h>
 
-#define DEBUGFS_DEFAULT_MODE	0755
+#define DEBUGFS_DEFAULT_MODE	0700
 
 static struct vfsmount *debugfs_mount;
 static int debugfs_mount_count;
commit	82aceae4f0d42f03d9ad7d1e90389e731153898f	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Mon Aug 27 13:32:15 2012 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Mon Aug 27 13:42:02 2012 -0700
tree	9e39183cb3d2a971ac794da1b94d4dd7f07faa5d
parent	9db48aaf18d675ac41f550c9384154e0c00de2ef [diff] [blame]