Date: Tue, 9 Nov 2010 04:27:47 -0800
From: Arjan van de Ven <arjan@infradead.org>
To: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Ingo Molnar <mingo@elte.hu>, linux-kernel@vger.kernel.org,
        security@kernel.org, stable@kernel.org,
        Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] Restrict unprivileged access to kernel syslog
Message-ID: <20101109042747.3f6ab07b@infradead.org>
In-Reply-To: <1289304672.6287.132.camel@dan>
References: <1289273338.6287.128.camel@dan>
	<20101109112350.GA29800@elte.hu>
	<1289304672.6287.132.camel@dan>
Organization: Intel
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1136
Lines: 32

On Tue, 09 Nov 2010 07:11:12 -0500
Dan Rosenberg <drosenberg@vsecurity.com> wrote:

> 
> > 
> > The initialization to zero is implicit, no need to write it out.
> > 
> 
> I'll resend after the first round of comments.
> 
> > Also, it would also be useful to have a
> > CONFIG_SECURITY_RESTRICT_DMESG=y option introduced by your patch as
> > well, which flag allows a distro or user to disable unprivileged
> > syslog reading via the kernel config.
> 
> Are you suggesting having the existence of the sysctl depend on
> CONFIG_SECURITY_RESTRICT_DMESG, or having a choice between a sysctl
> (when config is disabled) and having restrictions always on (when
> config is enabled)?

and/or have the sysctl default value depend on the config option


-- 
Arjan van de Ven 	Intel Open Source Technology Centre
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/