Power & Source of Big Ideas

Kernel 5.10.110 SECURITY: Remove "Writeable clk DebugFS"

Moderators: chensy, FATechsupport

Hallo @FriendlyElec,

there is another big issue with your current kernel version as included in multiple/all official images for the different OS builds:

Code: Select all

Linux NanoPi-R6S 5.10.110 #176 SMP Fri Feb 17 20:39:34 CST 2023 aarch64 GNU/Linux

Looking into "dmesg" output, it unveils:

Code: Select all

[    3.147813] ********************************************************************
[    3.147817] **     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE           **
[    3.147821] **                                                                **
[    3.147824] **  WRITEABLE clk DebugFS SUPPORT HAS BEEN ENABLED IN THIS KERNEL **
[    3.147827] **                                                                **
[    3.147831] ** This means that this kernel is built to expose clk operations  **
[    3.147834] ** such as parent or rate setting, enabling, disabling, etc.      **
[    3.147838] ** to userspace, which may compromise security on your system.    **
[    3.147841] **                                                                **
[    3.147845] ** If you see this message and you are not debugging the          **
[    3.147849] ** kernel, report this immediately to your vendor!                **
[    3.147852] **                                                                **
[    3.147856] **     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE           **
[    3.147859] ********************************************************************


I am doing as requested in the debug message and notifying you of a major security issue in this kernel.

Please address/fix/remove this & provide a safe rebuild of the kernel and every affected OS image (and/or a way to safely update/replace the kernel in an already installed system).

Many thanks in advance!

Best regards
awl29
awl29 wrote:
all official imagesawl29


Try better but un-official images?
https://www.armbian.com/nanopi-r6s
... which don't have this problem.

Who is online

In total there are 4 users online :: 0 registered, 0 hidden and 4 guests (based on users active over the past 5 minutes)
Most users ever online was 5185 on Wed Jan 22, 2020 1:44 pm

Users browsing this forum: No registered users and 4 guests