On Wed, 2013-05-08 at 14:26 -0700, Kees Cook wrote:
> Yeah, that'll be fine. I kind of like having the longer rationale in
> the commit message for future reference (i.e. destructive vs
> non-destructive, etc), but I'd rather see the code fixed. :)
There's no reason not to have both, is there?
On Wed, May 8, 2013 at 2:22 PM, Andrew Morton wrote:
> On Tue, 30 Apr 2013 10:25:41 -0700 Kees Cook wrote:
>
>> To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
>>
>> - /proc/kmsg allows:
>> - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
>>
On Tue, 30 Apr 2013 10:25:41 -0700 Kees Cook wrote:
> To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
>
> - /proc/kmsg allows:
> - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
>single-reader interface (SYSLOG_ACTION_READ).
> -
On Tue, 30 Apr 2013 10:25:41 -0700 Kees Cook keesc...@chromium.org wrote:
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
single-reader interface (SYSLOG_ACTION_READ).
On Wed, May 8, 2013 at 2:22 PM, Andrew Morton a...@linux-foundation.org wrote:
On Tue, 30 Apr 2013 10:25:41 -0700 Kees Cook keesc...@chromium.org wrote:
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if
On Wed, 2013-05-08 at 14:26 -0700, Kees Cook wrote:
Yeah, that'll be fine. I kind of like having the longer rationale in
the commit message for future reference (i.e. destructive vs
non-destructive, etc), but I'd rather see the code fixed. :)
There's no reason not to have both, is there?
--
On Tue, Apr 30, 2013 at 10:25:41AM -0700, Kees Cook wrote:
> To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
>
> - /proc/kmsg allows:
> - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
>single-reader interface (SYSLOG_ACTION_READ).
> -
On Tue, Apr 30, 2013 at 10:25:41AM -0700, Kees Cook wrote:
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
single-reader interface (SYSLOG_ACTION_READ).
- everything,
On Tue, Apr 30, 2013 at 11:35 AM, Josh Boyer wrote:
> On Tue, Apr 30, 2013 at 10:25:41AM -0700, Kees Cook wrote:
>> To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
>>
>> - /proc/kmsg allows:
>> - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
>>
On Tue, Apr 30, 2013 at 10:25:41AM -0700, Kees Cook wrote:
> To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
>
> - /proc/kmsg allows:
> - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
>single-reader interface (SYSLOG_ACTION_READ).
> -
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
single-reader interface (SYSLOG_ACTION_READ).
- everything, after an open.
- syslog syscall allows:
- anything, if
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
single-reader interface (SYSLOG_ACTION_READ).
- everything, after an open.
- syslog syscall allows:
- anything, if
On Tue, Apr 30, 2013 at 10:25:41AM -0700, Kees Cook wrote:
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
single-reader interface (SYSLOG_ACTION_READ).
- everything,
On Tue, Apr 30, 2013 at 11:35 AM, Josh Boyer jwbo...@redhat.com wrote:
On Tue, Apr 30, 2013 at 10:25:41AM -0700, Kees Cook wrote:
To fix /dev/kmsg, let's compare the existing interfaces and what they allow:
- /proc/kmsg allows:
- open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a
ris"
> >> , "Linus Torvalds"
> >> , "Christian Kujau"
> >> , "# 3.4.x" ,
> >> "LKML"
> >> Sent: Monday, April 1, 2013 7:51:57 PM
> >> Subject: Re: [PATCH] kmsg: Honor dmesg_restrict sysctl on /dev/k
u" ,
>> "# 3.4.x" ,
>> "LKML"
>> Sent: Monday, April 1, 2013 7:51:57 PM
>> Subject: Re: [PATCH] kmsg: Honor dmesg_restrict sysctl on /dev/kmsg
>>
>> On Fri, Mar 22, 2013 at 3:14 PM, Josh Boyer wrote:
>> > On Fri, Mar 22, 2
, Christian Kujau li...@nerdbynature.de,
# 3.4.x sta...@vger.kernel.org,
LKML linux-kernel@vger.kernel.org
Sent: Monday, April 1, 2013 7:51:57 PM
Subject: Re: [PATCH] kmsg: Honor dmesg_restrict sysctl on /dev/kmsg
On Fri, Mar 22, 2013 at 3:14 PM, Josh Boyer jwbo...@redhat.com wrote:
On Fri
epa...@redhat.com, Linus Torvalds
torva...@linux-foundation.org, Christian Kujau
li...@nerdbynature.de, # 3.4.x sta...@vger.kernel.org,
LKML linux-kernel@vger.kernel.org
Sent: Monday, April 1, 2013 7:51:57 PM
Subject: Re: [PATCH] kmsg: Honor dmesg_restrict sysctl on /dev/kmsg
On Fri
- Original Message -
> From: "Kees Cook"
> To: "Josh Boyer"
> Cc: "Andrew Morton" , "Eric Paris"
> , "Linus Torvalds"
> , "Christian Kujau" ,
> "# 3.4.x" ,
> "LKML"
> Sent
On Fri, Mar 22, 2013 at 3:14 PM, Josh Boyer wrote:
> On Fri, Mar 22, 2013 at 02:54:48PM -0700, Andrew Morton wrote:
>>
>> poke. Nothing got applied. I'll drop
>> kmsg-honor-dmesg_restrict-sysctl-on-dev-kmsg.patch, see if that has any
>> effect ;)
>
> Oh dear.
>
> Eric, were you going to cleanup
On Fri, Mar 22, 2013 at 3:14 PM, Josh Boyer jwbo...@redhat.com wrote:
On Fri, Mar 22, 2013 at 02:54:48PM -0700, Andrew Morton wrote:
poke. Nothing got applied. I'll drop
kmsg-honor-dmesg_restrict-sysctl-on-dev-kmsg.patch, see if that has any
effect ;)
Oh dear.
Eric, were you going to
...@vger.kernel.org,
LKML linux-kernel@vger.kernel.org
Sent: Monday, April 1, 2013 7:51:57 PM
Subject: Re: [PATCH] kmsg: Honor dmesg_restrict sysctl on /dev/kmsg
On Fri, Mar 22, 2013 at 3:14 PM, Josh Boyer jwbo...@redhat.com wrote:
On Fri, Mar 22, 2013 at 02:54:48PM -0700, Andrew Morton wrote:
poke
On Fri, Mar 22, 2013 at 02:54:48PM -0700, Andrew Morton wrote:
>
> poke. Nothing got applied. I'll drop
> kmsg-honor-dmesg_restrict-sysctl-on-dev-kmsg.patch, see if that has any
> effect ;)
Oh dear.
Eric, were you going to cleanup your suggestion and send it out?
josh
--
To unsubscribe from
poke. Nothing got applied. I'll drop
kmsg-honor-dmesg_restrict-sysctl-on-dev-kmsg.patch, see if that has any
effect ;)
From: Josh Boyer
Subject: kmsg: honor dmesg_restrict sysctl on /dev/kmsg
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as
poke. Nothing got applied. I'll drop
kmsg-honor-dmesg_restrict-sysctl-on-dev-kmsg.patch, see if that has any
effect ;)
From: Josh Boyer jwbo...@redhat.com
Subject: kmsg: honor dmesg_restrict sysctl on /dev/kmsg
Originally, the addition of dmesg_restrict covered both the syslog
method of
On Fri, Mar 22, 2013 at 02:54:48PM -0700, Andrew Morton wrote:
poke. Nothing got applied. I'll drop
kmsg-honor-dmesg_restrict-sysctl-on-dev-kmsg.patch, see if that has any
effect ;)
Oh dear.
Eric, were you going to cleanup your suggestion and send it out?
josh
--
To unsubscribe from
On Wed, Feb 27, 2013 at 2:19 PM, Josh Boyer wrote:
> On Wed, Feb 27, 2013 at 03:46:41PM -0500, Eric Paris wrote:
>> Fine Fine, I'll get off my lazy butt and look at this.
>
> Shock!
>
>> Right. Now we have /proc/kmsg, /dev/kmsg, and the syscall. /proc/kmsg
>> and the syscall both use
On Wed, Feb 27, 2013 at 03:46:41PM -0500, Eric Paris wrote:
> Fine Fine, I'll get off my lazy butt and look at this.
Shock!
> Right. Now we have /proc/kmsg, /dev/kmsg, and the syscall. /proc/kmsg
> and the syscall both use do_syslog() which calls
> check_syslog_permissions() and
Fine Fine, I'll get off my lazy butt and look at this.
On Wed, 2013-02-27 at 10:14 -0800, Kees Cook wrote:
> On Wed, Feb 27, 2013 at 10:01 AM, Josh Boyer wrote:
> > On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
> >> On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
> >> >
On Wed, Feb 27, 2013 at 10:01 AM, Josh Boyer wrote:
> On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
>> On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
>> > Originally, the addition of dmesg_restrict covered both the syslog
>> > method of accessing dmesg, as well as
On Wed, Feb 27, 2013 at 10:05:47AM -0800, Kees Cook wrote:
> Hi,
>
> On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
> > Originally, the addition of dmesg_restrict covered both the syslog
> > method of accessing dmesg, as well as /dev/kmsg itself. This was done
> > indirectly by
Hi,
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
> Originally, the addition of dmesg_restrict covered both the syslog
> method of accessing dmesg, as well as /dev/kmsg itself. This was done
> indirectly by security_syslog calling cap_syslog before doing any LSM
> checks.
On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
> On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
> > Originally, the addition of dmesg_restrict covered both the syslog
> > method of accessing dmesg, as well as /dev/kmsg itself. This was done
> > indirectly by
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
> Originally, the addition of dmesg_restrict covered both the syslog
> method of accessing dmesg, as well as /dev/kmsg itself. This was done
> indirectly by security_syslog calling cap_syslog before doing any LSM
> checks.
>
> However,
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well as /dev/kmsg itself. This was done
indirectly by security_syslog calling cap_syslog before doing any LSM
checks.
However, commit
On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well as /dev/kmsg itself. This was done
indirectly by security_syslog
Hi,
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well as /dev/kmsg itself. This was done
indirectly by security_syslog calling cap_syslog before doing any LSM
checks.
Actually,
On Wed, Feb 27, 2013 at 10:05:47AM -0800, Kees Cook wrote:
Hi,
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well as /dev/kmsg itself. This was done
indirectly by
On Wed, Feb 27, 2013 at 10:01 AM, Josh Boyer jwbo...@redhat.com wrote:
On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well
Fine Fine, I'll get off my lazy butt and look at this.
On Wed, 2013-02-27 at 10:14 -0800, Kees Cook wrote:
On Wed, Feb 27, 2013 at 10:01 AM, Josh Boyer jwbo...@redhat.com wrote:
On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer
On Wed, Feb 27, 2013 at 03:46:41PM -0500, Eric Paris wrote:
Fine Fine, I'll get off my lazy butt and look at this.
Shock!
Right. Now we have /proc/kmsg, /dev/kmsg, and the syscall. /proc/kmsg
and the syscall both use do_syslog() which calls
check_syslog_permissions() and security_syslog().
On Wed, Feb 27, 2013 at 2:19 PM, Josh Boyer jwbo...@redhat.com wrote:
On Wed, Feb 27, 2013 at 03:46:41PM -0500, Eric Paris wrote:
Fine Fine, I'll get off my lazy butt and look at this.
Shock!
Right. Now we have /proc/kmsg, /dev/kmsg, and the syscall. /proc/kmsg
and the syscall both use
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well as /dev/kmsg itself. This was done
indirectly by security_syslog calling cap_syslog before doing any LSM
checks.
However, commit 12b3052c3ee (capabilities/syslog: open code cap_syslog
logic to
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well as /dev/kmsg itself. This was done
indirectly by security_syslog calling cap_syslog before doing any LSM
checks.
However, commit 12b3052c3ee (capabilities/syslog: open code cap_syslog
logic to
44 matches
Mail list logo
