On Wed, 2003-04-23 at 16:59, Robert Love wrote:
> On Wed, 2003-04-23 at 11:56, Werner Almesberger wrote:
>
> > How do you know what is sensitive information ? A kernel debug
> > message may just say something like "bad message 47 65 68 65 69 6d",
> > and the kernel has no idea that this is actually a password
>
> Why on earth would the user give the kernel a password?
>
> The point is user input like telephone numbers or passwords should never
> be fed into the kernel anyhow. On the rare case it is (apparently this
> ISDN instance, assuming it is actually from dmesg and not syslog), the
> kernel should not echo it.
Some will probably agree that this kind of information should be
optionaly ( option in kernel configuration ) restricted for non root
users. The same problem apply to /proc restrictions, that are available
with grsec only, but many will also agree that this should be option in
kernel.
One of the security rules says that we should not give away information
that is not required for others. Fe. nobody should know (except
root/administrators) who is loged on or even what programs i am running.
This way i am able sometimes to see sensitive information that is passed
in command line (fe with wget).
-- Grzegorz Jaskiewicz <gj@pointblue.com.pl> K4 Labs- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:14 EST