Enabling the kernel's DMESG_RESTRICT feature

Bryce Harrington bryce at canonical.com
Wed May 25 19:18:57 UTC 2011


On Wed, May 25, 2011 at 12:01:42PM -0700, Kees Cook wrote:
> On Wed, May 25, 2011 at 08:27:01PM +0200, Martin Pitt wrote:
> > Hello Kees, all,
> > 
> > Kees Cook [2011-05-25 10:03 -0700]:
> > > Yeah, the problem is that it's not a one-time question (see the bug above),
> > > so that each time we need privileges to gather data, apport will prompt for
> > > the sudo password _again_. :(
> > 
> > One word: attach_root_command_outputs() :)
> > 
> > Hooks can and should  use this apport.hookutils function if they have
> > several log files to attach.
> 
> But the existing code for attach_dmesg() doesn't really fold into that very
> well since it's reading the old /var/log/dmesg file, then running "dmesg"
> itself, etc.

I guess the implication here is that if a script is already using
attach_root_command_outputs() then if it wants dmesg it should include
that file in that call, and forswear use of attach_dmesg().

Bryce



More information about the ubuntu-devel mailing list