Ludovic Courtès <l...@gnu.org> writes:
> Hi, > > Alex Vong <alexvong1...@gmail.com> skribis: > >> I think we should set /proc/sys/kernel/dmesg_restrict to 1 by default to >> prevent unprivileged users from reading the kernel ring buffer (since it >> could expose sensitive information about the system). > > We could have a ‘dmesg-restrict’ service that would write to that file > as part of system activation, and we’d add it to ‘%base-packages’. > WDYT? This sounds good! -- Ricardo
