On Thu, Nov 18, 2010 at 01:05:06PM -0500, Jeremy Foshee wrote:
> On Wed, Nov 17, 2010 at 04:38:13PM -0800, Kees Cook wrote:
> > On Thu, Nov 18, 2010 at 12:26:08AM +0000, Colin Ian King wrote:
> > > So are we going to change permissions on files such
> > > as /var/log/dmesg, /var/log/kern.log et al too?
> > kern.log is already correct, but we should change dmesg, yes.
> I wonder what implication this has on our bug reports that will always
> contain this information now.
> Will this create a need to not get dmesg due to attack concerns? We
> already have procedures in place for removing or scrubbing sensitive
> information as a part of the general triage information. Will removing
> or scrubbing this file need to become part of that?
Not that I'm aware of. The issue comes up when a local attacker is
preparing their exploit and can trigger information to appear in dmesg that
they can then examine and use to land their attack.
Ubuntu Security Team
kernel-team mailing list