Enabling the kernel's DMESG_RESTRICT feature
Kees Cook
kees at ubuntu.com
Wed May 25 19:05:12 UTC 2011
On Wed, May 25, 2011 at 11:49:45AM -0700, Steve Langasek wrote:
> I'd much rather we find a way to fix it so the information *logged* to these
> files isn't privileged to the point that it can't be exposed to admins,
> instead of gutting admins' ability to make use of these crucial logs.
Currently, the upstream kernel folks have rejected filtering printk.
However, there has been some noise recently about making a distinction
between the "actual" address and the "unrandomized" address. (As in, printk
would be forced to use a new %p modifier for all kernel addresses, and that
modifier would report the "unrandomized" address by default, keeping the
actual address secret even from dmesg.
We'll see how this progresses...
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list