[PATCH v15 6/9] ref_tracker: automatically register a file in debugfs for a ref_tracker_dir
Kees Cook
kees at kernel.org
Thu Jul 31 16:54:21 UTC 2025
On Thu, Jul 31, 2025 at 06:29:00AM -0400, Jeff Layton wrote:
> "If you think you can justify it (in comments and commit log) well
> enough to stand up to Linus’s scrutiny, maybe you can use “%px”, along
> with making sure you have sensible permissions."
>
> Is making it only accessible by root not sensible enough? What are
> "sensible permissions" in this instance?
Yes, I should have been more clear (or probably should update the
document), but root (uid==0) isn't a sufficient permission check, as
address exposure is supposed to be bounded by capabilities. Putting a
filename into the tree exposes the address to anything that can get a
file listing, and DAC access control isn't granular enough.
(Thank you again for the fix patch I saw in the other thread!)
--
Kees Cook
More information about the dri-devel
mailing list