GNU bug report logs - #36701
[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

Previous Next

Package: guix-patches;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Wed, 17 Jul 2019 07:27:02 UTC

Severity: normal

Tags: patch

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: guix-devel <at> gnu.org, 36701 <at> debbugs.gnu.org
Subject: [bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
Date: Wed, 17 Jul 2019 09:26:08 +0200

* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---

Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html

Patchy patch.

 gnu/packages/linux.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)
-- 
2.22.0

This bug report was last modified 5 years and 320 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #36701 [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

GNU bug report logs - #36701
[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.