[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-devel
Subject: Enabling the kernel's DMESG_RESTRICT feature
From: kees () ubuntu ! com (Kees Cook)
Date: 2011-05-27 17:17:59
Message-ID: 20110527171759.GY19633 () outflux ! net
[Download RAW message or body]
On Fri, May 27, 2011 at 04:29:33PM +0100, Matt Zimmerman wrote:
> On Thu, May 26, 2011 at 04:55:59PM -0700, Kees Cook wrote:
> > I won't say it doesn't complicate things, but I would like to point out
> > that everyone else's suggestion for this is to completely remove the values
> > from the dmesg report itself, rendering it unavailable to any user, even
> > root.
>
> It seems we are forced into this dichotomy because there is only one log,
> which is mixing different types of information. Has anyone proposed
> separating kernel debugging information from simple status logging, and
> allowing the remainder to remain accessible to users?
I don't think this would end up being sensible either, as the task of
performing debugging may need access to both. I still don't see the problem
of debugging as root. If you're not the system owner, you're not going to
be able to _change_ the system in an effort to fix the problem you are
debugging.
--
Kees Cook
Ubuntu Security Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic