[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101109042747.3f6ab07b@infradead.org>
Date: Tue, 9 Nov 2010 04:27:47 -0800
From: Arjan van de Ven <arjan@...radead.org>
To: Dan Rosenberg <drosenberg@...curity.com>
Cc: Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org,
security@...nel.org, stable@...nel.org,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] Restrict unprivileged access to kernel syslog
On Tue, 09 Nov 2010 07:11:12 -0500
Dan Rosenberg <drosenberg@...curity.com> wrote:
>
> >
> > The initialization to zero is implicit, no need to write it out.
> >
>
> I'll resend after the first round of comments.
>
> > Also, it would also be useful to have a
> > CONFIG_SECURITY_RESTRICT_DMESG=y option introduced by your patch as
> > well, which flag allows a distro or user to disable unprivileged
> > syslog reading via the kernel config.
>
> Are you suggesting having the existence of the sysctl depend on
> CONFIG_SECURITY_RESTRICT_DMESG, or having a choice between a sysctl
> (when config is disabled) and having restrictions always on (when
> config is enabled)?
and/or have the sysctl default value depend on the config option
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists