From: Andrew Morton <akpm@linux-foundation.org>
To: Ingo Molnar <mingo@elte.hu>
Cc: Dan Rosenberg <drosenberg@vsecurity.com>,
linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
kees.cook@canonical.com
Subject: Re: [PATCH v2] Restrict unprivileged access to kernel syslog
Date: Wed, 10 Nov 2010 07:26:38 -0800 [thread overview]
Message-ID: <20101110072638.b0e5473d.akpm@linux-foundation.org> (raw)
In-Reply-To: <20101110082516.GB3341@elte.hu>
On Wed, 10 Nov 2010 09:25:16 +0100 Ingo Molnar <mingo@elte.hu> wrote:
>
> * Dan Rosenberg <drosenberg@vsecurity.com> wrote:
>
> > The kernel syslog contains debugging information that is often useful
> > during exploitation of other vulnerabilities, such as kernel heap
> > addresses. Rather than futilely attempt to sanitize hundreds (or
> > thousands) of printk statements and simultaneously cripple useful
> > debugging functionality, it is far simpler to create an option that
> > prevents unprivileged users from reading the syslog.
> >
> > This patch, loosely based on grsecurity's GRKERNSEC_DMESG, creates the
> > dmesg_restrict sysctl. When set to "0", the default, no restrictions
> > are enforced. When set to "1", only users with CAP_SYS_ADMIN can read
> > the kernel syslog via dmesg(8) or other mechanisms.
> >
> > v2 adds CONFIG_SECURITY_RESTRICT_DMESG. When enabled, the default
> > sysctl value is set to "1". When disabled, the default sysctl value is
> > set to "0".
> >
> > Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
> > CC: Linus Torvalds <torvalds@linux-foundation.org>
> > CC: Ingo Molnar <mingo@elte.hu>
> > CC: Kees Cook <kees.cook@canonical.com>
> > CC: stable <stable@kernel.org>
>
> Acked-by: Ingo Molnar <mingo@elte.hu>
>
> Linus, Andrew, any objections against pushing this trivial control flag upstream out
> of band, after a bit of testing? It's not like it can break anything, and the flag
> is very useful to distros.
>
OK by me, apart from ...
a) I'd question the need for the config option. Are distros really
so lame that they can't trust themselves to poke a number into
procfs at boot time?
b) we have "dmesg_restrict" and "CONFIG_RESTRICT_DMESG". Less
dyslexia, please.
next prev parent reply other threads:[~2010-11-10 15:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-10 0:18 [PATCH v2] Restrict unprivileged access to kernel syslog Dan Rosenberg
2010-11-10 8:25 ` Ingo Molnar
2010-11-10 15:26 ` Andrew Morton [this message]
2010-11-10 17:50 ` Dave Jones
2010-11-10 18:13 ` Ingo Molnar
2010-11-10 18:10 ` Ingo Molnar
2010-11-10 16:32 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101110072638.b0e5473d.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=drosenberg@vsecurity.com \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox