Bug#847198: marked as done (src:linux: dmesg should be allowed to print the kernel ring buffer for admins)

Sat, 30 Jun 2018 17:28:42 -0700 

Your message dated Sun, 01 Jul 2018 01:23:08 +0100
with message-id <b8493dedd31cb6126504f978dc5824e6543ef2b9.ca...@decadent.org.uk>
and subject line Re: src:linux: dmesg should be allowed to print the kernel 
ring buffer for admins
has caused the Debian Bug report #847198,
regarding src:linux: dmesg should be allowed to print the kernel ring buffer 
for admins
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
847198: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847198
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: src:linux
Severity: wishlist

In the past, admins could get dmesg output without running it as root,
but this is no longer possible:

  * security,printk: Enable SECURITY_DMESG_RESTRICT, preventing non-root users
    reading the kernel log by default (sysctl: kernel.dmesg_restrict)

(in changelog.linux.gz). It is good that normal users cannot read
the kernel log, but for admins (typically users in the adm group,
who can already read /var/log/kern.log, thus have access to the same
information), this is a regression.

Note: "journalctl -b" also gives kernel logs (among other logs).

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/12 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Since it is easy to change back to the old behaviour, this isn't a
significant regression.

Changing to a more sophisticated access policy could be done through
LSMs, perhaps.  But this is a feature request which would need to be
pursued upstream.

Ben.

-- 
Ben Hutchings
Q.  Which is the greater problem in the world today,
    ignorance or apathy?
A.  I don't know and I couldn't care less.

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply via email to