Date: Fri, 13 Mar 2015 09:56:58 +0000 From: halfdog <me@...fdog.net> To: oss-security@...ts.openwall.com Subject: Disabling reading of kernel log buffer reading for user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, After years working on Linux, I just found out, that any user not only root can read the kernel log buffer - I never even considered that this could be the case. As this behavior is documented and expected, this is not a security vulnerability. But to avoid things like in , I would like to disable that on my machines. Questions: * What would be the side effects of making /dev/kmesg only root accessible? Maybe syslog not able to write kmessages to log? * Would it be safe to disable the syslog syscall for action SYSLOG_ACTION_READ_* and all users except root and syslog? Does someone have tested selinux config for that? hd  http://www.halfdog.net/Security/2015/HavingFunWithDmesg/ - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlUCtGQACgkQxFmThv7tq+4FFQCeN4Txgu40/tDsWGSVaK2sm7La VusAnRUCtETL9IGmaeSyQUt2dyCQgCpV =Krnc -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.