oss-sec mailing list archives
Re: Disabling reading of kernel log buffer reading for user
From: Grandma Eubanks <tborland1 () gmail com>
Date: Fri, 13 Mar 2015 09:55:18 -0500
Yeah, now comes the fun part. How to abuse services to bypass it? Also, have you checked what happens with KASLR? Where it writes where the new segments are? I have a bug ticket open with redhat for a while now on abusing a particular service that ends up dumping dmesg and chmod's it to any user privilege to navigate around dmesg_restrict. On Fri, Mar 13, 2015 at 7:44 AM, Jann Horn <jann () thejh net> wrote:
On Fri, Mar 13, 2015 at 09:56:58AM +0000, halfdog wrote:* What would be the side effects of making /dev/kmesg only rootaccessible? Maybe syslog not able to write kmessages to log?* Would it be safe to disable the syslog syscall for actionSYSLOG_ACTION_READ_* and all users except root and syslog? Does someone have tested selinux config for that? /proc/sys/kernel/dmesg_restrict can be used to restrict access to the log buffer. It looks like at least rsyslogd uses /proc/kmsg to read messages from the log buffer, and that file is only accessible for root anyway.
Current thread:
- Disabling reading of kernel log buffer reading for user halfdog (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Marek Kroemeke (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Jann Horn (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Grandma Eubanks (Mar 13)