Re: kernel ring buffer accessible by users

Jason Cook (jasonc@reinit.org)
Tue, 22 Apr 2003 15:53:04 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jörn Engel: "Re: [PATCH][ANNOUNCE] Linux 2.5.68-ce2"
Previous message: Alexey Mahotkin: "Re: [PATCH] implement __GFP_REPEAT, __GFP_NOFAIL, __GFP_NORETRY"

This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_courier-1997-1051041358-0001-2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Julien Oster (frodo@dereference.de) wrote:
>=20
> Hello,
>=20
> it's been quite a while that I noticed that any ordinary user, not
> just root, can type "dmesg" to see the kernel ring buffer.
>=20
> My question now is: Why? I often saw things in the kernel ring buffer
> which I don't want every user to know (e.g. some telephone numbers with
> ISDN).
>=20
> Are there any problems in just letting root get the contents of the
> kernel ring buffer?
>=20
> Julien
> -

grsec has an option to do this:

http://www.grsecurity.net/

--=20
Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D
GNU/Linux Engineering Lead | F930 FD03 262E 5120 BEDD
evolServ Technology | Home page: http://reinit.org

cthread. cthread_fork(). Fork, thread, fork!

--=_courier-1997-1051041358-0001-2
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6lnaAACgkQ/QMmLlEgvt3W2QCcDEAyMRwcG60u13wMPrEiI7jS
1OQAnixHlXo23bWE8dhjA82uu7cnO0vA
=UGPl
-----END PGP SIGNATURE-----

--=_courier-1997-1051041358-0001-2--

Next message: Jörn Engel: "Re: [PATCH][ANNOUNCE] Linux 2.5.68-ce2"
Previous message: Alexey Mahotkin: "Re: [PATCH] implement __GFP_REPEAT, __GFP_NOFAIL, __GFP_NORETRY"