CONFIG_SECURITY_DMESG_RESTRICT
Kees Cook
kees.cook at canonical.com
Tue Nov 16 17:15:41 UTC 2010
On Tue, Nov 16, 2010 at 07:23:31AM -0800, Kees Cook wrote:
> On Tue, Nov 16, 2010 at 03:19:11PM +0000, Colin Ian King wrote:
> > On Tue, 2010-11-16 at 06:49 -0800, Kees Cook wrote:
> > > On Tue, Nov 16, 2010 at 01:22:19PM +0000, Andy Whitcroft wrote:
> > > > FYI this new security option just dropped into the kernel, for now I
> > > > have left it turned off. I suspect you are in the best position to know
> > > > if this is something we should be working towards turning on:
> > > >
> > > > # CONFIG_SECURITY_DMESG_RESTRICT is not set
> > >
> > > I'd like to turn this on, but it will take some education since using
> > > "dmesg" will suddenly turn into "sudo dmesg" in instructions everywhere.
> > > (Most notably apport, actually.)
> >
> > I suppose it will also affect APIs such as klogctl(), e.g. reading the
> > buffer: klogctl(3, buffer, len);
>
> What is using klogctl()? sysklogd uses the /proc interface (and is
> privileged when it does the open).
>
> Note also that this is a sysctl as well, so people can disable the
> restriction if they need to.
Doing a search in all of main, the following use klogctl(), and already
run as root, already require root, or don't need special treatment:
busybox (root in initramfs)
klibc (root in initramfs)
plymouth (root during init)
powertop (already requires root)
util-linux (already required root for "setterm -msg ...")
valgrind (agnostic: used only as a hook for debugee)
Not running as root:
util-linux (dmesg: what we're trying to deal with)
So, I think this should be a safe change, outside of the educational change
I already mentioned for dmesg itself.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list