On Fri, May 27, 2011 at 7:44 AM, Kees Cook <k...@ubuntu.com> wrote:
> The problem is that dmesg is just a log. The contents can't be adjusted
> based on who is viewing it like (like has been done for the %pK sprintf
> uses in /proc, /sys, etc). Things like Oops reports will go to dmesg, which
> are utterly useless without all their addresses intact, etc.
One could also provide an suid utility that stripped out everything
that looks like an address.
For fun, I attach such a utility, though I am not convinced this is
the best approach. It
1) opens /var/log/dmesg
2) drops root privileges
3) filters out everything starting with '0x'
It strips out lots of things that aren't addresses, but It looks like
what it leaves could still be useful for many purposes. It may well
still leave some sensitive information unprotected, so I wouldn't use
it when it is not needed, particularly as it may cause confusion if
users mistake it for the real dmesg.
--
John C. McCabe-Dansted
#include <unistd.h>
#include <stdio.h>
int main ( int argc, char** argv )
{
int last_char = 0;
int this_char;
int in_address = 0;
FILE *f = fopen ( "/var/log/dmesg", "r" );
if (setuid(getuid())) { /* drop root privileges */
puts("Cannot drop root privileges\n");
return 1;
}
while ( (this_char = fgetc(f)) != EOF) {
if (this_char < 33 || this_char == ']' || this_char == '-') {
// A space, newline or special char
in_address = 0;
}
if (in_address) {
putchar('?');
} else {
putchar((char)this_char);
}
if (last_char=='0' && this_char=='x') {
in_address=1;
}
last_char = this_char;
}
return (0);
}
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
