FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 11-18-2010, 05:44 PM
Kees Cook
 
Default CONFIG_SECURITY_DMESG_RESTRICT

Hi Jeremy,

On Thu, Nov 18, 2010 at 01:05:06PM -0500, Jeremy Foshee wrote:
> On Wed, Nov 17, 2010 at 04:38:13PM -0800, Kees Cook wrote:
> > On Thu, Nov 18, 2010 at 12:26:08AM +0000, Colin Ian King wrote:
> > > So are we going to change permissions on files such
> > > as /var/log/dmesg, /var/log/kern.log et al too?
> >
> > kern.log is already correct, but we should change dmesg, yes.
> >
> I wonder what implication this has on our bug reports that will always
> contain this information now.
>
> Will this create a need to not get dmesg due to attack concerns? We
> already have procedures in place for removing or scrubbing sensitive
> information as a part of the general triage information. Will removing
> or scrubbing this file need to become part of that?

Not that I'm aware of. The issue comes up when a local attacker is
preparing their exploit and can trigger information to appear in dmesg that
they can then examine and use to land their attack.

-Kees

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 01:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org