Hi Debian Security Team,

Could I have your input on this please? An old bug has been reopened asking for
initscripts to mount debugfs by default. It was closed for several years, but
the workaround has now disappeared.

In the original thread, concerns were raised about mounting debugfs in all cases
both for security and unnecessary resource usage[1].  Those have been expressed
again now.

On Sat, Nov 09, 2024 at 12:38:30AM +0100, Thorsten Glaser wrote:
> On Fri, 8 Nov 2024, Mark Hindley wrote:
> 
> >Reading the original thread, I share some of the concerns[1] about
> >enabling this globally.
> 
> I’ve recently worked with debugfs+relayfs in a project,
> and I share the opinion of the kernel documentation that
> it should not be enabled by default (or rather, it should
> not be mounted by default in this case — enabling in the
> kernels is probably good).

Do you have any input into whether these concerns are sufficiently well founded?

Thanks for your help.

Mark

[1]  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539352#18

Reply via email to