Re: kernel ring buffer accessible by users

Robert Love (rml@tech9.net)
23 Apr 2003 11:59:49 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Valdis.Kletnieks@vt.edu: "Re: 2.5.68 kernel no initrd"
Previous message: Stephane Ouellette: "Re: [PATCH] Undefined symbol sync_dquots_dev() in quota.c"
In reply to: Robert Love: "Re: kernel ring buffer accessible by users"
Next in thread: Werner Almesberger: "Re: kernel ring buffer accessible by users"
Reply: Werner Almesberger: "Re: kernel ring buffer accessible by users"

On Wed, 2003-04-23 at 11:56, Werner Almesberger wrote:

> How do you know what is sensitive information ? A kernel debug
> message may just say something like "bad message 47 65 68 65 69 6d",
> and the kernel has no idea that this is actually a password

Why on earth would the user give the kernel a password?

The point is user input like telephone numbers or passwords should never
be fed into the kernel anyhow. On the rare case it is (apparently this
ISDN instance, assuming it is actually from dmesg and not syslog), the
kernel should not echo it.

Robert Love

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis.Kletnieks@vt.edu: "Re: 2.5.68 kernel no initrd"
Previous message: Stephane Ouellette: "Re: [PATCH] Undefined symbol sync_dquots_dev() in quota.c"
In reply to: Robert Love: "Re: kernel ring buffer accessible by users"
Next in thread: Werner Almesberger: "Re: kernel ring buffer accessible by users"
Reply: Werner Almesberger: "Re: kernel ring buffer accessible by users"