oss-sec mailing list archives

Re: Disabling reading of kernel log buffer reading for user

From: Jann Horn <jann () thejh net>
Date: Fri, 13 Mar 2015 13:44:53 +0100

On Fri, Mar 13, 2015 at 09:56:58AM +0000, halfdog wrote:

* What would be the side effects of making /dev/kmesg only root accessible? Maybe syslog not able to write kmessages 
to log?
* Would it be safe to disable the syslog syscall for action SYSLOG_ACTION_READ_* and all users except root and 
syslog? Does someone have tested selinux config for that?


/proc/sys/kernel/dmesg_restrict can be used to restrict access to the log buffer.
It looks like at least rsyslogd uses /proc/kmsg to read messages from the log
buffer, and that file is only accessible for root anyway.

Attachment: signature.asc
Description: Digital signature

Current thread:

Disabling reading of kernel log buffer reading for user halfdog (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Marek Kroemeke (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Jann Horn (Mar 13)
  - Re: Disabling reading of kernel log buffer reading for user Grandma Eubanks (Mar 13)