On Tue, Apr 9, 2013 at 6:33 PM, Kees Cook <keesc...@chromium.org> wrote: > On Tue, Apr 9, 2013 at 8:48 AM, Josh Boyer <jwbo...@redhat.com> wrote: >> The dmesg_restrict sysctl currently covers the syslog method for access >> dmesg, however /dev/kmsg isn't covered by the same protections. Most >> people haven't noticed because util-linux dmesg(1) defaults to using the >> syslog method for access in older versions. With util-linux dmesg(1) >> defaults to reading directly from /dev/kmsg. >> >> Fix this by reworking all of the access methods to use the >> check_syslog_permissions function and adding checks to devkmsg_open and >> devkmsg_read. >> >> This fixes https://bugzilla.redhat.com/show_bug.cgi?id=903192 >> >> Reported-by: Christian Kujau <li...@nerdbynature.de> >> CC: sta...@vger.kernel.org >> Signed-off-by: Eric Paris <epa...@redhat.com> >> Signed-off-by: Josh Boyer <jwbo...@redhat.com> > > Thanks! > > Acked-by: Kees Cook <keesc...@chromium.org>
If that's the version currently in Fedora, we just cannot do this. https://bugzilla.redhat.com/show_bug.cgi?id=952655 /dev/kmsg is supposed, and was added, to be a sane alternative to syslog(). It is already used in dmesg(1) which is now broken with this patch. The access rules for /dev/kmsg should follow the access rules of syslog(), and not be any stricter. Thanks, Kay -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
