Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps"

From: Kees Cook
Date: Tue Aug 15 2017 - 20:29:47 EST

Next message: Steven Rostedt: "Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps""
Previous message: Chanwoo Choi: "Re: [PATCH 0/3] extcon: Clean-up the description and indentation of functions"
In reply to: Steven Rostedt: "Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps""
Next in thread: Steven Rostedt: "Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 15, 2017 at 5:21 PM, Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> On Thu, 10 Aug 2017 13:36:35 -0700
> Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
>> This reverts commit 68c4a4f8abc60c9440ede9cd123d48b78325f7a3, with
>> various conflict clean-ups.
>>
>> With the default root directory mode set to 0750 now, the capability
>> check was redundant.
>
> What's wrong with redundancy?

In this case, it actually _blocks_ system builders from being able to
define the access controls on pstore. :(

-Kees

--
Kees Cook
Pixel Security

Next message: Steven Rostedt: "Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps""
Previous message: Chanwoo Choi: "Re: [PATCH 0/3] extcon: Clean-up the description and indentation of functions"
In reply to: Steven Rostedt: "Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps""
Next in thread: Steven Rostedt: "Re: [PATCH 2/2] Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]