[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2021-01-18 Thread Mathew Hodson
** Changed in: util-linux (Ubuntu) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1886112 Title: Enabling DMESG_RESTRICT in

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-10-01 Thread Launchpad Bug Tracker
This bug was fixed in the package procps - 2:3.3.16-5ubuntu2 --- procps (2:3.3.16-5ubuntu2) groovy; urgency=medium * debian/sysctl.d/10-kernel-hardening.conf: - Add documentation for DMESG_RESTRICT feature, and allow users to disable by uncommenting

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-09-25 Thread Brian Murray
I sponsored the procps changes to Groovy. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1886112 Title: Enabling DMESG_RESTRICT in Groovy Onward Status in linux

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-08-30 Thread Matthew Ruffell
As per my most recent email to ubuntu-devel, I am marking the changes to util-linux as Won't Fix. Relevant mailing list discussion (for future reference): Ansgar responded on debian-devel mentioning that adding cap_syslog to dmesg enables the user to clear the kernel log buffer:

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-08-30 Thread Matthew Ruffell
As 5.8.0-16-generic has now been released to the -release pocket, CONFIG_SECURITY_DMESG_RESTRICT is now enabled in Groovy. Marking the changes to the kernel as Fix Released. ** Changed in: linux (Ubuntu Groovy) Status: Fix Committed => Fix Released -- You received this bug notification

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-08-16 Thread Matthew Ruffell
Wrote to debian-devel to see if upstream is interested in carrying the debian postinstall changes for util-linux: https://lists.debian.org /debian-devel/2020/08/msg00107.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-08-10 Thread Matthew Ruffell
Attached is a rebased debdiff for util-linux, which implements the permission changes to the dmesg binary. ** Patch removed: "util-linux debdiff for Groovy" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886112/+attachment/5395389/+files/lp1886112_util-linux_groovy.debdiff ** Patch

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-30 Thread Mathew Hodson
** Changed in: linux (Ubuntu Groovy) Importance: Undecided => Wishlist ** Changed in: procps (Ubuntu Groovy) Importance: Undecided => Wishlist ** Changed in: util-linux (Ubuntu Groovy) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-23 Thread Matthew Ruffell
Attached is a debdiff for util-linux which implements the permission and capability changes to the dmesg binary. ** Patch added: "util-linux debdiff for Groovy" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886112/+attachment/5395389/+files/lp1886112_util-linux_groovy.debdiff -- You

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-23 Thread Matthew Ruffell
I emailed Seth Forshee asking about what happens when Groovy's kernel becomes Focal's HWE kernel, and he mentioned that the kernel team has processes in place to handle config changes, and that it isn't a problem. So we will go with the more secure by default way, and enable

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-23 Thread Matthew Ruffell
Attached is a procps debdiff for groovy, which adds documentation to /etc/sysctl.d/10-kernel-hardening.conf and a commented out way to disable DMESG_RESTRICT. ** Patch added: "procps debdiff for Groovy"

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-05 Thread Matthew Ruffell
I have created patches for both the procps package and the util-linux package which implements the proposed changes. You can find test packages in the following ppa: https://launchpad.net/~mruffell/+archive/ubuntu/lp1886112-test Debdiff for procps: https://paste.ubuntu.com/p/qvmHgMhXSj/ Debdiff

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-05 Thread Matthew Ruffell
I was thinking about this over the weekend, and I think we overlooked the impact of setting CONFIG_SECURITY_DMESG_RESTRICT in the kernel config has on downstream users of Groovy's kernel, namely when it becomes Focal's HWE kernel. Focal won't be receiving any patches for /usr/bin/dmesg, so I

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-05 Thread Matthew Ruffell
** Description changed: [Impact] This bug implements the enablement of CONFIG_SECURITY_DMESG_RESTRICT feature by default for Groovy onward, proposed to ubuntu-devel: https://lists.ubuntu.com/archives/ubuntu-devel/2020-June/041063.html The kernel log buffer contains a wealth of

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-03 Thread Matthew Ruffell
** Patch removed: "procps debdiff for Groovy" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1886112/+attachment/5389194/+files/lp1886112_procps_groovy.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-02 Thread Ubuntu Foundations Team Bug Bot
The attachment "procps debdiff for Groovy" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag,

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-02 Thread Matthew Ruffell
Attached is a debdiff for procps on Groovy. It adds a commented out entry to 10-kernel-hardening.conf which users can use to disable the setting if they wish. ** Patch added: "procps debdiff for Groovy"

[Touch-packages] [Bug 1886112] Re: Enabling DMESG_RESTRICT in Groovy Onward

2020-07-02 Thread Matthew Ruffell
Kernel is fix-committed as per: Mailing list: https://lists.ubuntu.com/archives/ubuntu-devel/2020-July/041079.html Commit: https://kernel.ubuntu.com/git/ubuntu/unstable.git/commit/?id=25e6c851704a47c81e78e1a82530ac4b328098a6 -- You received this bug notification because you are a member of