Re: [PATCH v2] Restrict unprivileged access to kernel syslog
From: Ingo Molnar
Date: Wed Nov 10 2010 - 13:10:15 EST
* Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> OK by me, apart from ...
>
> a) I'd question the need for the config option. Are distros really
> so lame that they can't trust themselves to poke a number into
> procfs at boot time?
When it comes to security i personally prefer 'permanent' defaults that is a
property of the booting image. I'd even change the default for the x86 defconfig for
example - and we could make this option default-y in the future. (We cannot ever
make the sysctl default itself default-1, it would break compatibility with old
behavior.)
> b) we have "dmesg_restrict" and "CONFIG_RESTRICT_DMESG". Less
> dyslexia, please.
Good point. CONFIG_DMESG_RESTRICT is the proper hierarchical naming i suspect.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/