From owner-cvs-all Sat Feb 24 10:50:15 2001 Delivered-To: cvs-all@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 97E4F37B401; Sat, 24 Feb 2001 10:49:58 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1OInvh85492; Sat, 24 Feb 2001 13:49:57 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 24 Feb 2001 13:49:57 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Ruslan Ermilov Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/dmesg dmesg.8 dmesg.c In-Reply-To: <200102241016.f1OAGtp79750@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Please back out this change. The syslog hack was fairly bogus *before* this change, but now it's gone from being bogus to being a vulnerability. This is because the heuristic used to differentiate syslog messages and console messages is not always correct, as (a) this prevents dmesg from showing strings the kernel prints that are in the format of syslog messages, and (b) wrap-around in the dmesg buffer in kernel can result in messages being displayed when the syslog string prefix is squished. So you've turned what was an innocent hack into a security problem, since you now make a security guarantee about the availability of the messages. We're also about to commit changes to dmesg to make it no longer require privilege when used on a live system by virtue of the existing sysctl (on i386) currently exporting the message buffer, so this piece of "security" doesn't even prevent users from getting to the data, as they can currently extract it directly using sysctl and don't have to use the dmesg command. We're currently considering adding two new sysctl's that could be used to restrict creation and access to msgbuf data. First, a sysctl that toggles whether or not console output is sent to the message buffer. Second, a sysctl that toggles whether or not dmesg output is available in jail(). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Sat, 24 Feb 2001, Ruslan Ermilov wrote: > ru 2001/02/24 02:16:55 PST > > Modified files: > sbin/dmesg dmesg.8 dmesg.c > Log: > Restrict -a to root only. > > PR: bin/25337 > > Revision Changes Path > 1.10 +2 -1 src/sbin/dmesg/dmesg.8 > 1.13 +7 -2 src/sbin/dmesg/dmesg.c > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message