restricting dmesg
Ted Gould
ted at ubuntu.com
Tue Nov 16 21:38:00 GMT 2010
On Tue, 2010-11-16 at 13:16 -0800, Kees Cook wrote:
> On Tue, Nov 16, 2010 at 10:04:55PM +0100, Soren Hansen wrote:
> > On 16-11-2010 18:50, Kees Cook wrote:
> > > I figure we could add a useful error message to "dmesg" to provide
> > > education about the change, which would suggest using "sudo" or
> > > pointing people to the new /proc/sys/kernel/dmesg_restrict sysctl.
> >
> > Have we gotten any kind of feedback on the similar changes that were
> > made to strace?
>
> Not a peep that I'm aware of. I am assuming that the verbose errors out
> of strace, ltrace, and gdb were enough to address it, though maybe there
> won't be noise until the restriction is in an LTS version.
Well, I find it annoying, but a reasonable default. Perhaps we could
have a package "insecure-developer-workstation" that would set all of
these little debugging nicities back to "1" on startup? That way I
wouldn't have to keep up on all of them :)
I'd even have it install the first time you install a "-dev" package,
but that might be a little extreme.
--Ted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20101116/47680592/attachment.pgp
More information about the ubuntu-devel
mailing list