[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Tobias Geerinckx-Rice
Severity
normal
T
T
Tobias Geerinckx-Rice wrote on 17 Jul 2019 09:26
[PATCH] gnu: linux-libre: Restrict ‘dmesg ’ to privileged users.
20190717072608.17678-1-me@tobias.gr
* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---


Patchy patch.

gnu/packages/linux.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

Toggle diff (17 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
(search-auxiliary-file file)))
(define %default-extra-linux-options
- `(;; Modules required for initrd:
+ `(;; Some very mild hardening.
+ ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+ ;; Modules required for initrd:
("CONFIG_NET_9P" . m)
("CONFIG_NET_9P_VIRTIO" . m)
("CONFIG_VIRTIO_BLK" . m)
--
2.22.0
L
L
Ludovic Courtès wrote on 27 Jul 2019 00:41
Re: [bug#36701] [PATCH] gnu: linux-libre: Restrict ‘ dmesg’ to privileged users.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
87o91gju50.fsf@gnu.org
Tobias Geerinckx-Rice <me@tobias.gr> skribis:

Toggle quote (3 lines)
> * gnu/packages/linux.scm (%default-extra-linux-options):
> Set CONFIG_SECURITY_DMESG_RESTRICT.

Go for it!

Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 27 Jul 2019 01:19
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36701-done@debbugs.gnu.org)
87k1c4gz9a.fsf@nckx
Ludo',

Ludovic Courtès ???
Toggle quote (7 lines)
> Tobias Geerinckx-Rice <me@tobias.gr> skribis:
>
>> * gnu/packages/linux.scm (%default-extra-linux-options):
>> Set CONFIG_SECURITY_DMESG_RESTRICT.
>
> Go for it!

Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04.

Thanks!

T G-R
-----BEGIN PGP SIGNATURE-----

iHQEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXTuKgQAKCRANsP+IT1Vt
eXfQAPYwlOHXveLW3jFfoSJSKG6t3SK+AE/+Kz6qDsgYG+zRAQDnOtwyI2qKsSg6
tLNUT4DunOmRb0dkNHqDnFHrLXLTDw==
=+yZu
-----END PGP SIGNATURE-----

Closed
?