** Changed in: util-linux (Ubuntu)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1886112
Title:
Enabling DMESG_RESTRICT in Groovy Onward
To manage notificati
This bug was fixed in the package procps - 2:3.3.16-5ubuntu2
---
procps (2:3.3.16-5ubuntu2) groovy; urgency=medium
* debian/sysctl.d/10-kernel-hardening.conf:
- Add documentation for DMESG_RESTRICT feature, and allow users to
disable by uncommenting kernel.dmesg_restrict=0
I sponsored the procps changes to Groovy.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1886112
Title:
Enabling DMESG_RESTRICT in Groovy Onward
To manage notifications about this bug go to:
https:/
As 5.8.0-16-generic has now been released to the -release pocket,
CONFIG_SECURITY_DMESG_RESTRICT is now enabled in Groovy. Marking the
changes to the kernel as Fix Released.
** Changed in: linux (Ubuntu Groovy)
Status: Fix Committed => Fix Released
--
You received this bug notification be
As per my most recent email to ubuntu-devel, I am marking the changes to
util-linux as Won't Fix.
Relevant mailing list discussion (for future reference):
Ansgar responded on debian-devel mentioning that adding cap_syslog to
dmesg enables the user to clear the kernel log buffer:
https://lists.de
Wrote to debian-devel to see if upstream is interested in carrying the
debian postinstall changes for util-linux: https://lists.debian.org
/debian-devel/2020/08/msg00107.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
Attached is a rebased debdiff for util-linux, which implements the
permission changes to the dmesg binary.
** Patch removed: "util-linux debdiff for Groovy"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886112/+attachment/5395389/+files/lp1886112_util-linux_groovy.debdiff
** Patch add
** Changed in: linux (Ubuntu Groovy)
Importance: Undecided => Wishlist
** Changed in: procps (Ubuntu Groovy)
Importance: Undecided => Wishlist
** Changed in: util-linux (Ubuntu Groovy)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of U
Attached is a debdiff for util-linux which implements the permission and
capability changes to the dmesg binary.
** Patch added: "util-linux debdiff for Groovy"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886112/+attachment/5395389/+files/lp1886112_util-linux_groovy.debdiff
--
You
Attached is a procps debdiff for groovy, which adds documentation to
/etc/sysctl.d/10-kernel-hardening.conf and a commented out way to
disable DMESG_RESTRICT.
** Patch added: "procps debdiff for Groovy"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886112/+attachment/5395388/+files/lp1
I emailed Seth Forshee asking about what happens when Groovy's kernel
becomes Focal's HWE kernel, and he mentioned that the kernel team has
processes in place to handle config changes, and that it isn't a
problem.
So we will go with the more secure by default way, and enable
CONFIG_SECURITY_DMESG_
I have created patches for both the procps package and the util-linux
package which implements the proposed changes.
You can find test packages in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/lp1886112-test
Debdiff for procps: https://paste.ubuntu.com/p/qvmHgMhXSj/
Debdiff
I was thinking about this over the weekend, and I think we overlooked
the impact of setting CONFIG_SECURITY_DMESG_RESTRICT in the kernel
config has on downstream users of Groovy's kernel, namely when it
becomes Focal's HWE kernel.
Focal won't be receiving any patches for /usr/bin/dmesg, so I think
** Description changed:
[Impact]
This bug implements the enablement of CONFIG_SECURITY_DMESG_RESTRICT
feature by default for Groovy onward, proposed to ubuntu-devel:
https://lists.ubuntu.com/archives/ubuntu-devel/2020-June/041063.html
The kernel log buffer contains a wealth of s
** Patch removed: "procps debdiff for Groovy"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1886112/+attachment/5389194/+files/lp1886112_procps_groovy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
The attachment "procps debdiff for Groovy" seems to be a debdiff. The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag,
Attached is a debdiff for procps on Groovy. It adds a commented out
entry to 10-kernel-hardening.conf which users can use to disable the
setting if they wish.
** Patch added: "procps debdiff for Groovy"
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1886112/+attachment/5389194/+file
Kernel is fix-committed as per:
Mailing list:
https://lists.ubuntu.com/archives/ubuntu-devel/2020-July/041079.html
Commit:
https://kernel.ubuntu.com/git/ubuntu/unstable.git/commit/?id=25e6c851704a47c81e78e1a82530ac4b328098a6
--
You received this bug notification because you are a member of Ubun
18 matches
Mail list logo
