Enabling the kernel's DMESG_RESTRICT feature
Brad Figg
brad.figg at canonical.com
Wed May 25 00:53:22 UTC 2011
On 05/24/2011 04:49 PM, Kees Cook wrote:
> On Tue, May 24, 2011 at 03:59:53PM -0700, Bryce Harrington wrote:
>> On Tue, May 24, 2011 at 11:46:48AM -0700, Kees Cook wrote:
>>> Hello!
>>>
>>> In Oneiric, I'd like to change the default availability of yet another
>>> long-standing system debugging feature: dmesg.
>>>
>>> Thoughts, flames, etc?
>>
>> See https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/716595 for some
>> sudo caching problems apport has had to work around which might pose
>> some complications here as well.
>
> Yeah, that bug is pretty ugly. :)
>
>> Can you outline your plans for updating apport in conjunction with this
>> change?
>
> Well, it needs to be larger than just apport. A lot of things call dmesg,
> and I can't fix them all, but getting people educated about what has
> changed is the first step.
>
> As for apport itself, I do not have an immediate solution. hookutils.py's
> attachmesg() will need privs, and that's used all over the place
> (attach_alsa(), attach_hardware()):
>
> $ find -P /usr/share/apport -type f | xargs egrep -H 'attach_(hardware|alsa|dmesg)' | cut -d: -f1 | sort -u | wc -l
> 33
>
> I'm open to suggestions.
>
> -Kees
>
Just FYI, the kernel hooks already ask for permissions to get the
ACPI tables.
Brad
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the ubuntu-devel
mailing list