restricting dmesg

[Kees Cook]

Hi,

So, now that it is possible[1] to restrict access to dmesg, I would like
to make this restriction the default in Ubuntu. The information in dmesg
can potentially leak kernel memory targets for local attackers. While
there are certainly plenty of targets, this restriction will close a
door on at least some of them.

This will obviously mean changing documentation and a number of
applications that use "dmesg" output. Luckily, they should all
fall into the "debugging" category instead of the "regular use"
category. (Specifically I'm thinking of Apport at the very least.)

I figure we could add a useful error message to "dmesg" to provide
education about the change, which would suggest using "sudo" or pointing
people to the new /proc/sys/kernel/dmesg_restrict sysctl.

Thoughts?

-Kees

[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eaf06b241b091357e72b76863ba16e89610d31bd

-- 
Kees Cook
Ubuntu Security Team