Re: kernel ring buffer accessible by users
Grzegorz Jaskiewicz (gj@pointblue.com.pl)
24 Apr 2003 15:02:24 +0100
On Wed, 2003-04-23 at 16:59, Robert Love wrote:
> On Wed, 2003-04-23 at 11:56, Werner Almesberger wrote:
>
> > How do you know what is sensitive information ? A kernel debug
> > message may just say something like "bad message 47 65 68 65 69 6d",
> > and the kernel has no idea that this is actually a password
>
> Why on earth would the user give the kernel a password?
>
> The point is user input like telephone numbers or passwords should never
> be fed into the kernel anyhow. On the rare case it is (apparently this
> ISDN instance, assuming it is actually from dmesg and not syslog), the
> kernel should not echo it.
Some will probably agree that this kind of information should be
optionaly ( option in kernel configuration ) restricted for non root
users. The same problem apply to /proc restrictions, that are available
with grsec only, but many will also agree that this should be option in
kernel.
One of the security rules says that we should not give away information
that is not required for others. Fe. nobody should know (except
root/administrators) who is loged on or even what programs i am running.
This way i am able sometimes to see sensitive information that is passed
in command line (fe with wget).
--
Grzegorz Jaskiewicz <gj@pointblue.com.pl>
K4 Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/