From: Andrew Morton <akpm@linux-foundation.org>
To: Ingo Molnar <mingo@elte.hu>
Cc: Dan Rosenberg <drosenberg@vsecurity.com>,
linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
kees.cook@canonical.com
Subject: Re: [PATCH v2] Restrict unprivileged access to kernel syslog
Date: Wed, 10 Nov 2010 07:26:38 -0800 [thread overview]
Message-ID: <20101110072638.b0e5473d.akpm@linux-foundation.org> (raw)
In-Reply-To: <20101110082516.GB3341@elte.hu>
On Wed, 10 Nov 2010 09:25:16 +0100 Ingo Molnar <mingo@elte.hu> wrote:
>
> * Dan Rosenberg <drosenberg@vsecurity.com> wrote:
>
> > The kernel syslog contains debugging information that is often useful
> > during exploitation of other vulnerabilities, such as kernel heap
> > addresses. Rather than futilely attempt to sanitize hundreds (or
> > thousands) of printk statements and simultaneously cripple useful
> > debugging functionality, it is far simpler to create an option that
> > prevents unprivileged users from reading the syslog.
> >
> > This patch, loosely based on grsecurity's GRKERNSEC_DMESG, creates the
> > dmesg_restrict sysctl. When set to "0", the default, no restrictions
> > are enforced. When set to "1", only users with CAP_SYS_ADMIN can read
> > the kernel syslog via dmesg(8) or other mechanisms.
> >
> > v2 adds CONFIG_SECURITY_RESTRICT_DMESG. When enabled, the default
> > sysctl value is set to "1". When disabled, the default sysctl value is
> > set to "0".
> >
> > Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
> > CC: Linus Torvalds <torvalds@linux-foundation.org>
> > CC: Ingo Molnar <mingo@elte.hu>
> > CC: Kees Cook <kees.cook@canonical.com>
> > CC: stable <stable@kernel.org>
>
> Acked-by: Ingo Molnar <mingo@elte.hu>
>
> Linus, Andrew, any objections against pushing this trivial control flag upstream out
> of band, after a bit of testing? It's not like it can break anything, and the flag
> is very useful to distros.
>
OK by me, apart from ...
a) I'd question the need for the config option. Are distros really
so lame that they can't trust themselves to poke a number into
procfs at boot time?
b) we have "dmesg_restrict" and "CONFIG_RESTRICT_DMESG". Less
dyslexia, please.
next prev parent reply other threads:[~2010-11-10 15:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-10 0:18 [PATCH v2] Restrict unprivileged access to kernel syslog Dan Rosenberg
2010-11-10 8:25 ` Ingo Molnar
2010-11-10 15:26 ` Andrew Morton [this message]
2010-11-10 17:50 ` Dave Jones
2010-11-10 18:13 ` Ingo Molnar
2010-11-10 18:10 ` Ingo Molnar
2010-11-10 16:32 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101110072638.b0e5473d.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=drosenberg@vsecurity.com \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.