On Fri, May 27, 2011 at 04:29:33PM +0100, Matt Zimmerman wrote: > On Thu, May 26, 2011 at 04:55:59PM -0700, Kees Cook wrote: > > I won't say it doesn't complicate things, but I would like to point out > > that everyone else's suggestion for this is to completely remove the values > > from the dmesg report itself, rendering it unavailable to any user, even > > root. > > It seems we are forced into this dichotomy because there is only one log, > which is mixing different types of information. Has anyone proposed > separating kernel debugging information from simple status logging, and > allowing the remainder to remain accessible to users?
I don't think this would end up being sensible either, as the task of performing debugging may need access to both. I still don't see the problem of debugging as root. If you're not the system owner, you're not going to be able to _change_ the system in an effort to fix the problem you are debugging. -- Kees Cook Ubuntu Security Team -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
