restricting dmesg
Kees Cook
kees at ubuntu.com
Tue Nov 16 22:00:12 GMT 2010
Hi Ted,
On Tue, Nov 16, 2010 at 03:38:00PM -0600, Ted Gould wrote:
> Well, I find it annoying, but a reasonable default. Perhaps we could
> have a package "insecure-developer-workstation" that would set all of
> these little debugging nicities back to "1" on startup? That way I
> wouldn't have to keep up on all of them :)
I use a similar package that does stuff like putting my window buttons
back on the correct side. ;) I've got no problem with such a thing, but I
want to work very hard to avoid it become part of any kind of regular
documentation that says "first, install insecure-developer-workstation,
then..." etc. No one should be blindly installing it.
> I'd even have it install the first time you install a "-dev" package,
> but that might be a little extreme.
This was ruled out early on in the PTRACE discussions. It's just not really
that straight-forward, unfortunately.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list