Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Feb 2001 13:49:57 -0500 (EST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Ruslan Ermilov <ru@FreeBSD.org>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sbin/dmesg dmesg.8 dmesg.c
Message-ID:  <Pine.NEB.3.96L.1010224134020.85229A-100000@fledge.watson.org>
In-Reply-To: <200102241016.f1OAGtp79750@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Please back out this change.  The syslog hack was fairly bogus *before*
this change, but now it's gone from being bogus to being a vulnerability. 
This is because the heuristic used to differentiate syslog messages and
console messages is not always correct, as (a) this prevents dmesg from
showing strings the kernel prints that are in the format of syslog
messages, and (b) wrap-around in the dmesg buffer in kernel can result in
messages being displayed when the syslog string prefix is squished.  So
you've turned what was an innocent hack into a security problem, since
you now make a security guarantee about the availability of the messages.

We're also about to commit changes to dmesg to make it no longer require
privilege when used on a live system by virtue of the existing sysctl (on
i386) currently exporting the message buffer, so this piece of "security" 
doesn't even prevent users from getting to the data, as they can currently
extract it directly using sysctl and don't have to use the dmesg command.

We're currently considering adding two new sysctl's that could be used to
restrict creation and access to msgbuf data.  First, a sysctl that toggles
whether or not console output is sent to the message buffer.  Second, a
sysctl that toggles whether or not dmesg output is available in jail().

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Sat, 24 Feb 2001, Ruslan Ermilov wrote:

> ru          2001/02/24 02:16:55 PST
> 
>   Modified files:
>     sbin/dmesg           dmesg.8 dmesg.c 
>   Log:
>   Restrict -a to root only.
>   
>   PR:		bin/25337
>   
>   Revision  Changes    Path
>   1.10      +2 -1      src/sbin/dmesg/dmesg.8
>   1.13      +7 -2      src/sbin/dmesg/dmesg.c
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010224134020.85229A-100000>