CONFIG_SECURITY_DMESG_RESTRICT
Jeremy Foshee
jeremy.foshee at canonical.com
Thu Nov 18 18:05:06 UTC 2010
On Wed, Nov 17, 2010 at 04:38:13PM -0800, Kees Cook wrote:
> On Thu, Nov 18, 2010 at 12:26:08AM +0000, Colin Ian King wrote:
> > So are we going to change permissions on files such
> > as /var/log/dmesg, /var/log/kern.log et al too?
>
> kern.log is already correct, but we should change dmesg, yes.
>
I wonder what implication this has on our bug reports that will always
contain this information now.
Will this create a need to not get dmesg due to attack concerns? We
already have procedures in place for removing or scrubbing sensitive
information as a part of the general triage information. Will removing
or scrubbing this file need to become part of that?
~JFo
> --
> Kees Cook
> Ubuntu Security Team
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
More information about the kernel-team
mailing list