[ubuntu-hardened] dmesg restriction, not working?
John Johansen
john.johansen at canonical.com
Sun Aug 25 04:30:50 UTC 2013
On 08/24/2013 06:44 AM, Daniel Curtis wrote:
>
> Hi Mr Johansen
>
> Thank You for the answer. Now I understand why I can - as a normal
> user - check */var/log/dmesg* file. Most importantly, this is not a bug.
> If it is about access rights to this file, it looks like:
>
> $ ls -al /var/log/dmesg
> -rw-r--r-- 1 root adm (...)
>
> I didn't change these permission after Xubuntu 12.04 installation. So
> already mentioned permission are the defaults settings.
>
> What do You think, Mr Johansen, is there something to do with it?
> (I mean e.g. change permission etc.) or leave it as is?
>
If the contents of dmesg concern you then yes I would make sure the
permissions of the log files receiving those contents can not be
read by a user. It doesn't make a lot of sense to restrict direct
access to dmesg but allow access to the same information via a
file.
More information about the ubuntu-hardened
mailing list