Re: [PATCH v2] Restrict unprivileged access to kernel syslog

From: Ingo Molnar
Date: Wed Nov 10 2010 - 13:10:15 EST

Next message: Guenter Roeck: "Re: [PATCH 08/11] hwmon: applesmc: Dynamic creation of fan files(rev2)"
Previous message: Steven Rostedt: "Re: [RFC/Requirements/Design] h/w error reporting"
In reply to: Ingo Molnar: "Re: [PATCH v2] Restrict unprivileged access to kernel syslog"
Next in thread: Kees Cook: "Re: [PATCH v2] Restrict unprivileged access to kernel syslog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:

> OK by me, apart from ...
>
> a) I'd question the need for the config option. Are distros really
> so lame that they can't trust themselves to poke a number into
> procfs at boot time?

When it comes to security i personally prefer 'permanent' defaults that is a
property of the booting image. I'd even change the default for the x86 defconfig for
example - and we could make this option default-y in the future. (We cannot ever
make the sysctl default itself default-1, it would break compatibility with old
behavior.)

> b) we have "dmesg_restrict" and "CONFIG_RESTRICT_DMESG". Less
> dyslexia, please.

Good point. CONFIG_DMESG_RESTRICT is the proper hierarchical naming i suspect.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Guenter Roeck: "Re: [PATCH 08/11] hwmon: applesmc: Dynamic creation of fan files(rev2)"
Previous message: Steven Rostedt: "Re: [RFC/Requirements/Design] h/w error reporting"
In reply to: Ingo Molnar: "Re: [PATCH v2] Restrict unprivileged access to kernel syslog"
Next in thread: Kees Cook: "Re: [PATCH v2] Restrict unprivileged access to kernel syslog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]