From owner-freebsd-hackers@FreeBSD.ORG Fri Feb 22 10:31:39 2008 Return-Path: Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4183316A401; Fri, 22 Feb 2008 10:31:39 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 9897513C4E9; Fri, 22 Feb 2008 10:31:38 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.1/8.14.1) with ESMTP id m1MAVapa002815; Fri, 22 Feb 2008 11:31:37 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.1/8.14.1/Submit) id m1MAVajJ002806; Fri, 22 Feb 2008 11:31:36 +0100 (CET) (envelope-from olli) Date: Fri, 22 Feb 2008 11:31:36 +0100 (CET) Message-Id: <200802221031.m1MAVajJ002806@lurza.secnetix.de> From: Oliver Fromme To: freebsd-hackers@FreeBSD.ORG, koitsu@FreeBSD.ORG In-Reply-To: <20080222100924.GA26637@eos.sc1.parodius.com> X-Newsgroups: list.freebsd-hackers User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.2-STABLE-20070808 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 22 Feb 2008 11:31:37 +0100 (CET) Cc: Subject: Re: cool feature of dmesg.boot file X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-hackers@FreeBSD.ORG, koitsu@FreeBSD.ORG List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2008 10:31:39 -0000 Jeremy Chadwick wrote: > Oliver Fromme wrote: > > [...] > Either way, it's a feature with major security implications. So, for > those of us who are concerned about master.passwd changes via > mergemaster being stuffed into msgbuf, how do we disable said feature? > (Before answering, see below as well). > > > sysctl security.bsd.unprivileged_read_msgbuf=0 > > No can do -- we have many users who look at dmesg for a reason: logging > of coredumped binaries (kern.logsigexit=1), and if there were any signs > of disk or network issues during that time. I've tried using that in > the past and got significant flack from our userbase. If you'd like, I > can have them chime in on this thread as validation. > > Using security.bsd.unprivileged_read_msgbuf=0 to "solve" said concern > is an ineffective workaround in our case. I'm willing to bet others > feel the same way. Personally I think that normal users shouldn't need to be able to see the kernel's message buffer. Of course there are certainly people who disagree. :-) How about allowing people access to /var/log/messages (it's world-readable by default). The kernel's messages such as signal exits will be there, too. It's much more useful anyway because it has timestamps, unlike dmesg. Of course you would have to set kern.log_console_output=0 so the mergemaster session does not get logged. By the way, it's possible to tell mergemaster to ignore master.passwd in single user mode on the console so it won't turn up at all. You can merge any changes that are necessary by running mergemaster -p before going to single-user mode. That's what I usually do. > Maybe I should look into writing a patch that does in fact clear the > buffer immediately before reboot, and tie it to a sysctl. Well, you could simply type "sysctl kern.msgbuf_clear=1" right before you reboot. Or make a wrapper script for reboot (or a shell alias) so you don't have to remember. If you insist on writing a patch, then please make it default off. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code" (taken from comp.lang.awk FAQ)