Re: kernel ring buffer accessible by users

Werner Almesberger (wa@almesberger.net)
Wed, 23 Apr 2003 13:45:30 -0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matthias Schniedermeyer: "Re: [Bug 623] New: Volume not remembered."
Previous message: Art Haas: "[PATCH] C99 initializers for fs/proc/proc_misc.c"

Julien Oster wrote:
> Of course one could say "then let's just stop writing out anything in
> the kernel buffer that COULD be sensitive", but I think this would
> actually castrate the meaning of such a buffer.

It's also bad security design to try to plug hundreds of potential
leaks, instead of the one common channel they share.

> And there's stillt he possibility to tweak the permissions for
> dmesg so that only a certain group (staff, operator, adm...) can execute
> it, but then setuid root.

Yes, but you'll get quite a few objections to adding yet another
suid root program :-)

- Werner

-- 
  _________________________________________________________________________
 / Werner Almesberger, Buenos Aires, Argentina         wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Matthias Schniedermeyer: "Re: [Bug 623] New: Volume not remembered."
Previous message: Art Haas: "[PATCH] C99 initializers for fs/proc/proc_misc.c"