[PATCH] Prevent unpriv user from reading the message buffer
Matthew Dillon
dillon at apollo.backplane.com
Thu Sep 29 13:39:05 PDT 2005
:Moin,
:
:I ported the security.bsd.unprivileged_read_msgbuf from FreeBSD. This
:sysctl prevents unprivileged users from reading the message buffer. A
:nice feature especially for machines with lot of shell users :)
:
:With kern.unprivileged_read_msgbuf=1 (default)
:
:% dmesg
:Copyright (c) 2003, 2004, 2005 The DragonFly Project.
:[...]
:
:With kern.unprivileged_read_msgbuf=0
:
:% dmesg
:dmesg: sysctl kern.msgbuf: Operation not permitted
:
:I added the sysctl now under kern, but I think a sysctl named security
:would be a good idea for such options?!
:
:Greets
:
: Matthias
Pretty good, I will commit it with some changes. I am going to
allow wheel group to access the message log in addition to the
superuser.
-Matt
More information about the Submit
mailing list