Julien Oster wrote:
> Of course one could say "then let's just stop writing out anything in
> the kernel buffer that COULD be sensitive", but I think this would
> actually castrate the meaning of such a buffer.
It's also bad security design to try to plug hundreds of potential
leaks, instead of the one common channel they share.
> And there's stillt he possibility to tweak the permissions for
> dmesg so that only a certain group (staff, operator, adm...) can execute
> it, but then setuid root.
Yes, but you'll get quite a few objections to adding yet another
suid root program :-)
- Werner
-- _________________________________________________________________________ / Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net / /_http://www.almesberger.net/____________________________________________/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:37 EST