oss-sec mailing list archives

Disabling reading of kernel log buffer reading for user

From: halfdog <me () halfdog net>
Date: Fri, 13 Mar 2015 09:56:58 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello List,

After years working on Linux, I just found out, that any user not only root can read the kernel log buffer - I never 
even considered that this could be the case.

As this behavior is documented and expected, this is not a security vulnerability. But to avoid things like in [1], I 
would like to disable that on my machines.

Questions:

* What would be the side effects of making /dev/kmesg only root accessible? Maybe syslog not able to write kmessages to 
log?

* Would it be safe to disable the syslog syscall for action SYSLOG_ACTION_READ_* and all users except root and syslog? 
Does someone have tested selinux config for that?

hd


[1] http://www.halfdog.net/Security/2015/HavingFunWithDmesg/

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlUCtGQACgkQxFmThv7tq+4FFQCeN4Txgu40/tDsWGSVaK2sm7La
VusAnRUCtETL9IGmaeSyQUt2dyCQgCpV
=Krnc
-----END PGP SIGNATURE-----

Current thread:

Disabling reading of kernel log buffer reading for user halfdog (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Marek Kroemeke (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Jann Horn (Mar 13)
  - Re: Disabling reading of kernel log buffer reading for user Grandma Eubanks (Mar 13)