Re: [PATCH] Restrict unprivileged access to kernel syslog

From: Arjan van de Ven
Date: Tue Nov 09 2010 - 07:27:21 EST


On Tue, 09 Nov 2010 07:11:12 -0500
Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:

>
> >
> > The initialization to zero is implicit, no need to write it out.
> >
>
> I'll resend after the first round of comments.
>
> > Also, it would also be useful to have a
> > CONFIG_SECURITY_RESTRICT_DMESG=y option introduced by your patch as
> > well, which flag allows a distro or user to disable unprivileged
> > syslog reading via the kernel config.
>
> Are you suggesting having the existence of the sysctl depend on
> CONFIG_SECURITY_RESTRICT_DMESG, or having a choice between a sysctl
> (when config is disabled) and having restrictions always on (when
> config is enabled)?

and/or have the sysctl default value depend on the config option


--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/