[ubuntu-hardened] dmesg restriction, not working?
John Johansen
john.johansen at canonical.com
Fri Aug 23 20:54:46 UTC 2013
On 08/23/2013 12:39 PM, Daniel Curtis wrote:
> Hi,
>
> There is a interesting sysctl option to turn on dmesg
> restriction[1]. Okay, but at the same time when e.g. I've
> turning on this option by - let say - edit /etc/sysctl.conf
> file and adding *kernel.dmesg_restrict = 1* value, normal
> user still can view this file by clicking on it in /var/log/
> directory.
>
> Is it normal or it is
yes its normal. dmesg_restrict is about controlling direct
access to the kernel output buffer. It places no restrictions
on where the logging daemon writes that information.
If the permissions are not set correctly on the files in
/var/log/ or if the information is going into the wrong log
files then yes that would be a bug.
More information about the ubuntu-hardened
mailing list