FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

LinkBack Thread Tools
Old 11-18-2010, 05:44 PM
Kees Cook

Hi Jeremy,

On Thu, Nov 18, 2010 at 01:05:06PM -0500, Jeremy Foshee wrote:
> On Wed, Nov 17, 2010 at 04:38:13PM -0800, Kees Cook wrote:
> > On Thu, Nov 18, 2010 at 12:26:08AM +0000, Colin Ian King wrote:
> > > So are we going to change permissions on files such
> > > as /var/log/dmesg, /var/log/kern.log et al too?
> >
> > kern.log is already correct, but we should change dmesg, yes.
> >
> I wonder what implication this has on our bug reports that will always
> contain this information now.
> Will this create a need to not get dmesg due to attack concerns? We
> already have procedures in place for removing or scrubbing sensitive
> information as a part of the general triage information. Will removing
> or scrubbing this file need to become part of that?

Not that I'm aware of. The issue comes up when a local attacker is
preparing their exploit and can trigger information to appear in dmesg that
they can then examine and use to land their attack.


Kees Cook
Ubuntu Security Team

kernel-team mailing list

Thread Tools

All times are GMT. The time now is 01:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org