Re: [PATCH] Restrict unprivileged access to kernel syslog

From: Dan Rosenberg
Date: Tue Nov 09 2010 - 07:11:18 EST

Next message: Wu Fengguang: "Re: [PATCH 6/6] memcg: make mem_cgroup_page_stat() return valueunsigned"
Previous message: Neil Horman: "Re: [PATCH v2 04/23] netconsole: Call netpoll_cleanup() in processcontext"
In reply to: Ingo Molnar: "Re: [PATCH] Restrict unprivileged access to kernel syslog"
Next in thread: Arjan van de Ven: "Re: [PATCH] Restrict unprivileged access to kernel syslog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> The initialization to zero is implicit, no need to write it out.
>

I'll resend after the first round of comments.

> Also, it would also be useful to have a CONFIG_SECURITY_RESTRICT_DMESG=y option
> introduced by your patch as well, which flag allows a distro or user to disable
> unprivileged syslog reading via the kernel config.

Are you suggesting having the existence of the sysctl depend on
CONFIG_SECURITY_RESTRICT_DMESG, or having a choice between a sysctl
(when config is disabled) and having restrictions always on (when config
is enabled)?

-Dan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Wu Fengguang: "Re: [PATCH 6/6] memcg: make mem_cgroup_page_stat() return valueunsigned"
Previous message: Neil Horman: "Re: [PATCH v2 04/23] netconsole: Call netpoll_cleanup() in processcontext"
In reply to: Ingo Molnar: "Re: [PATCH] Restrict unprivileged access to kernel syslog"
Next in thread: Arjan van de Ven: "Re: [PATCH] Restrict unprivileged access to kernel syslog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]