cool feature of dmesg.boot file

Oliver Fromme olli at lurza.secnetix.de
Fri Feb 22 10:31:39 UTC 2008 

Jeremy Chadwick wrote:
 > Oliver Fromme wrote:
 > > [...]
 > Either way, it's a feature with major security implications.  So, for
 > those of us who are concerned about master.passwd changes via
 > mergemaster being stuffed into msgbuf, how do we disable said feature?
 > (Before answering, see below as well).
 > 
 > > sysctl security.bsd.unprivileged_read_msgbuf=0
 > 
 > No can do -- we have many users who look at dmesg for a reason: logging
 > of coredumped binaries (kern.logsigexit=1), and if there were any signs
 > of disk or network issues during that time.  I've tried using that in
 > the past and got significant flack from our userbase.  If you'd like, I
 > can have them chime in on this thread as validation.
 > 
 > Using security.bsd.unprivileged_read_msgbuf=0 to "solve" said concern
 > is an ineffective workaround in our case.  I'm willing to bet others
 > feel the same way.

Personally I think that normal users shouldn't need to be
able to see the kernel's message buffer.  Of course there
are certainly people who disagree.  :-)

How about allowing people access to /var/log/messages (it's
world-readable by default).  The kernel's messages such as
signal exits will be there, too.  It's much more useful
anyway because it has timestamps, unlike dmesg.

Of course you would have to set kern.log_console_output=0
so the mergemaster session does not get logged.

By the way, it's possible to tell mergemaster to ignore
master.passwd in single user mode on the console so it
won't turn up at all.  You can merge any changes that are
necessary by running mergemaster -p before going to
single-user mode.  That's what I usually do.

 > Maybe I should look into writing a patch that does in fact clear the
 > buffer immediately before reboot, and tie it to a sysctl.

Well, you could simply type "sysctl kern.msgbuf_clear=1"
right before you reboot.  Or make a wrapper script for
reboot (or a shell alias) so you don't have to remember.

If you insist on writing a patch, then please make it
default off.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"Clear perl code is better than unclear awk code; but NOTHING
comes close to unclear perl code"  (taken from comp.lang.awk FAQ)

More information about the freebsd-hackers mailing list