Re: We should disable dmesg for unprivileged users by default

[Ricardo Wurmus]

Ludovic Courtès <address@hidden> writes:

> Hi,
>
> Alex Vong <address@hidden> skribis:
>
>> I think we should set /proc/sys/kernel/dmesg_restrict to 1 by default to
>> prevent unprivileged users from reading the kernel ring buffer (since it
>> could expose sensitive information about the system).
>
> We could have a ‘dmesg-restrict’ service that would write to that file
> as part of system activation, and we’d add it to ‘%base-packages’.
> WDYT?

This sounds good!

-- 
Ricardo