CONFIG_SECURITY_DMESG_RESTRICT
Colin Ian King
colin.king at canonical.com
Tue Nov 16 19:47:36 UTC 2010
On Tue, 2010-11-16 at 09:15 -0800, Kees Cook wrote:
> On Tue, Nov 16, 2010 at 07:23:31AM -0800, Kees Cook wrote:
> > On Tue, Nov 16, 2010 at 03:19:11PM +0000, Colin Ian King wrote:
> > > On Tue, 2010-11-16 at 06:49 -0800, Kees Cook wrote:
> > > > On Tue, Nov 16, 2010 at 01:22:19PM +0000, Andy Whitcroft wrote:
> > > > > FYI this new security option just dropped into the kernel, for now I
> > > > > have left it turned off. I suspect you are in the best position to know
> > > > > if this is something we should be working towards turning on:
> > > > >
> > > > > # CONFIG_SECURITY_DMESG_RESTRICT is not set
> > > >
> > > > I'd like to turn this on, but it will take some education since using
> > > > "dmesg" will suddenly turn into "sudo dmesg" in instructions everywhere.
> > > > (Most notably apport, actually.)
> > >
> > > I suppose it will also affect APIs such as klogctl(), e.g. reading the
> > > buffer: klogctl(3, buffer, len);
> >
> > What is using klogctl()? sysklogd uses the /proc interface (and is
> > privileged when it does the open).
> >
> > Note also that this is a sysctl as well, so people can disable the
> > restriction if they need to.
>
> Doing a search in all of main, the following use klogctl(), and already
> run as root, already require root, or don't need special treatment:
>
> busybox (root in initramfs)
> klibc (root in initramfs)
> plymouth (root during init)
> powertop (already requires root)
> util-linux (already required root for "setterm -msg ...")
> valgrind (agnostic: used only as a hook for debugee)
>
> Not running as root:
>
> util-linux (dmesg: what we're trying to deal with)
Thanks for the speedy analysis.
>
> So, I think this should be a safe change, outside of the educational change
> I already mentioned for dmesg itself.
>
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
More information about the kernel-team
mailing list