I think this reply has been somewhat overtaken by others, but I'll send it
anyway.

On 08/11/2024 11:04, Mark Hindley wrote:
> Reading the original thread, I share some of the concerns[1] about enabling 
> this
> globally.
> 
> Are these still valid?

I don't know. I was going from the fact that it is now apparently enabled by
default in systemd, so I assumed it can't be all that bad, and while it
might not be a good idea, it does put pressure on other init systems to
follow suit. I agree with what Thorsten Glaser has written in his reply and
if debugfs is problematic then it shouldn't be enabled by default anywhere.

Part of the problem seems to lie with rasdaemon, which relies on a system of
doubtful security being enabled just to read information about errors from
ECC memory, but doesn't provide any instructions on how to enable it
yourself. Doing this is simple enough once you've found out how, and I now
have the following in /etc/fstab:

debugfs /sys/kernel/debug       debugfs defaults        0       0

But I don't know how ill-advised that is from a security standpoint.

Thanks for looking into this,

Roger


> [1]  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539352#18

Reply via email to