CONFIG_SECURITY_DMESG_RESTRICT
Colin Ian King
colin.king at canonical.com
Tue Nov 16 15:19:11 UTC 2010
On Tue, 2010-11-16 at 06:49 -0800, Kees Cook wrote:
> On Tue, Nov 16, 2010 at 01:22:19PM +0000, Andy Whitcroft wrote:
> > FYI this new security option just dropped into the kernel, for now I
> > have left it turned off. I suspect you are in the best position to know
> > if this is something we should be working towards turning on:
> >
> > # CONFIG_SECURITY_DMESG_RESTRICT is not set
>
> I'd like to turn this on, but it will take some education since using
> "dmesg" will suddenly turn into "sudo dmesg" in instructions everywhere.
> (Most notably apport, actually.)
I suppose it will also affect APIs such as klogctl(), e.g. reading the
buffer: klogctl(3, buffer, len);
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
More information about the kernel-team
mailing list