Enabling the kernel's DMESG_RESTRICT feature

Kees Cook kees at ubuntu.com
Thu May 26 23:48:32 UTC 2011


On Thu, May 26, 2011 at 04:41:04PM +0100, Matt Zimmerman wrote:
> On Tue, May 24, 2011 at 11:46:48AM -0700, Kees Cook wrote:
> > As we have continued to close kernel address leaks, the kernel syslog
> > (dmesg) remains one of the last large places where information is being
> > reported. As such, I want to close this off from regular users so that
> > local kernel exploits continue to have an even harder time getting a
> > foot-hold on vulnerabilities. And, as before, this is a tunable that you
> > can change in /etc/sysctl.d/ if you do development work, like getting
> > owned, etc. For the average user, this information is not needed.
> 
> What are the ways in which kernel addresses are leaked through dmesg?  Can
> you provide some examples?  Is it not feasible to avoid leaking addresses,
> while still passing on all of the useful data in dmesg to users?

Many net reports include specific heap allocation structures, Oops reports,
boot-up reports, there are hundreds of places, and they're reported to
dmesg for the specific purpose of being able to examine them later.
Eliminating them from dmesg would be much much worse than making access to
dmesg privileged. It goes from literally being unable to debug a problem to
just needing to be root to do it.

-Kees

-- 
Kees Cook
Ubuntu Security Team



More information about the ubuntu-devel mailing list