From owner-freebsd-hackers@FreeBSD.ORG Thu Nov 20 06:39:41 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6EC621065677; Thu, 20 Nov 2008 06:39:41 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail36.syd.optusnet.com.au (mail36.syd.optusnet.com.au [211.29.133.76]) by mx1.freebsd.org (Postfix) with ESMTP id 036E58FC12; Thu, 20 Nov 2008 06:39:40 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from server.vk2pj.dyndns.org (c122-106-215-175.belrs3.nsw.optusnet.com.au [122.106.215.175]) by mail36.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id mAK6dbNO000699 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Nov 2008 17:39:39 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.3/8.14.3) with ESMTP id mAK6daEU047000; Thu, 20 Nov 2008 17:39:37 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.3/8.14.3/Submit) id mAK6daLu046999; Thu, 20 Nov 2008 17:39:36 +1100 (EST) (envelope-from peter) Date: Thu, 20 Nov 2008 17:39:36 +1100 From: Peter Jeremy To: Jeremy Chadwick Message-ID: <20081120063936.GU51761@server.vk2pj.dyndns.org> References: <20081028081154.GQ6808@hoeg.nl> <20081118213410.GA81783@hoeg.nl> <20081118214919.GM83287@bunrab.catwhisker.org> <7d6fde3d0811190202p4f6d8941h3932b70b8fe1a93a@mail.gmail.com> <20081119104731.GA83366@icarus.home.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oOpJzULQ70+PGW7h" Content-Disposition: inline In-Reply-To: <20081119104731.GA83366@icarus.home.lan> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.18 (2008-05-17) Cc: FreeBSD Hackers Subject: Re: [Testers wanted] /dev/console cleanups X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2008 06:39:41 -0000 --oOpJzULQ70+PGW7h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2008-Nov-19 02:47:31 -0800, Jeremy Chadwick wrote: >There's a known "issue" with the kernel message buffer though: it's not >NULL'd out upon reboot. This is deliberate. If the system panics, stuff that was in the message buffer (and might not be on disk) can be read when the system reboots. If there is no crashdump, this might be the only record of what happened. > Meaning, in some cases (depends on the BIOS or >system), the kernel message buffer from single-user mode is retained >even after a reboot! A user can then do "dmesg" and see all the nifty >stuff you've done during single-user, which could include unencrypted >passwords if mergemaster was tinkering with passwd/master.passwd, etc.. There shouldn't be unencrypted passwords, though there might be encrypted passwords visible. >Rink Springer created a patch where the kernel message buffer will start >with NULL to keep this from happening, but it needs to be made into a >loader.conf tunable. I hope that never gets committed - it will make debugging kernel problems much harder. There is already a kern.msgbuf_clear sysctl and maybe people who are concerned about msgbuf leakage need to learn to use it. --=20 Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. --oOpJzULQ70+PGW7h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkklBigACgkQ/opHv/APuIfe7gCgwE65CL/NlY1YY3rY/WYN5FcM aYMAnRTfUD4o8FPXAjDX5jNaLj00iOlN =z8z3 -----END PGP SIGNATURE----- --oOpJzULQ70+PGW7h--