[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: We should disable dmesg for unprivileged users by default
|
From: |
Ludovic Courtès |
|
Subject: |
Re: We should disable dmesg for unprivileged users by default |
|
Date: |
Sun, 14 Jul 2019 16:43:19 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Hi,
Alex Vong <address@hidden> skribis:
> I think we should set /proc/sys/kernel/dmesg_restrict to 1 by default to
> prevent unprivileged users from reading the kernel ring buffer (since it
> could expose sensitive information about the system).
We could have a ‘dmesg-restrict’ service that would write to that file
as part of system activation, and we’d add it to ‘%base-packages’.
WDYT?
That way, people could easily remove it from ‘%base-packages’ if they
don’t want it. (I might do that on my laptop for instance. :-))
Thanks,
Ludo’.