From: Dan Rosenberg <drosenberg@vsecurity.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
mingo@elte.hu, kees.cook@canonical.com,
akpm@linux-foundation.org, security@kernel.org
Subject: Re: [PATCH v3] Restrict unprivileged access to kernel syslog
Date: Sun, 02 Jan 2011 11:08:55 -0500 [thread overview]
Message-ID: <1293984535.9764.65.camel@Dan> (raw)
In-Reply-To: <20110102090541.GL32469@atrey.karlin.mff.cuni.cz>
On Sun, 2011-01-02 at 10:05 +0100, Pavel Machek wrote:
> Hi!
>
> > The kernel syslog contains debugging information that is often useful
> > during exploitation of other vulnerabilities, such as kernel heap
> > addresses. Rather than futilely attempt to sanitize hundreds (or
> > thousands) of printk statements and simultaneously cripple useful
> > debugging functionality, it is far simpler to create an option that
> > prevents unprivileged users from reading the syslog.
> >
> > This patch, loosely based on grsecurity's GRKERNSEC_DMESG, creates the
> > dmesg_restrict sysctl. When set to "0", the default, no restrictions
> > are enforced. When set to "1", only users with CAP_SYS_ADMIN can read
> > the kernel syslog via dmesg(8) or other mechanisms.
>
> Ok, this is very very ugly.
>
> You essentially create a bit to control what other bit does. Clean
> solution would be CAP_SYS_DMESG, and make sure that is given to
> processes by default...
>
> ...and that would be actually very good thing -- on cellphones, you
> want some users without ability to connect to network, so you could
> introduce CAP_NETWORK etc...
>
> Pavel
The CONFIG was added on suggestion that it would make it easier for
distributions to enable this behavior by default. The patch was
modified to use CAP_SYSLOG, which seems in line with what you want.
Thanks,
Dan
prev parent reply other threads:[~2011-01-02 16:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-10 23:28 [PATCH v3] Restrict unprivileged access to kernel syslog Dan Rosenberg
2010-11-10 23:49 ` Andrew Morton
2010-11-11 4:19 ` James Morris
2010-11-11 8:55 ` Ingo Molnar
2010-11-11 20:14 ` James Morris
2010-11-11 0:48 ` [Security] " Greg KH
2010-11-11 4:22 ` James Morris
2011-01-02 9:05 ` Pavel Machek
2011-01-02 16:08 ` Dan Rosenberg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1293984535.9764.65.camel@Dan \
--to=drosenberg@vsecurity.com \
--cc=akpm@linux-foundation.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pavel@ucw.cz \
--cc=security@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.