Bug#539352: /etc/init.d/mountkernfs.sh: Please mount debugfs when available in the kernel
Roger Lynn
Roger at rilynn.me.uk
Mon Nov 11 23:13:17 GMT 2024
I think this reply has been somewhat overtaken by others, but I'll send it
anyway.
On 08/11/2024 11:04, Mark Hindley wrote:
> Reading the original thread, I share some of the concerns[1] about enabling this
> globally.
>
> Are these still valid?
I don't know. I was going from the fact that it is now apparently enabled by
default in systemd, so I assumed it can't be all that bad, and while it
might not be a good idea, it does put pressure on other init systems to
follow suit. I agree with what Thorsten Glaser has written in his reply and
if debugfs is problematic then it shouldn't be enabled by default anywhere.
Part of the problem seems to lie with rasdaemon, which relies on a system of
doubtful security being enabled just to read information about errors from
ECC memory, but doesn't provide any instructions on how to enable it
yourself. Doing this is simple enough once you've found out how, and I now
have the following in /etc/fstab:
debugfs /sys/kernel/debug debugfs defaults 0 0
But I don't know how ill-advised that is from a security standpoint.
Thanks for looking into this,
Roger
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539352#18
More information about the Debian-init-diversity
mailing list