Skip to content
Commit 68c4a4f8 authored by Sebastian Schmidt's avatar Sebastian Schmidt Committed by Tony Luck
Browse files

pstore: Honor dmesg_restrict sysctl on dmesg dumps



When the kernel.dmesg_restrict restriction is in place, only users with
CAP_SYSLOG should be able to access crash dumps (like: attacker is
trying to exploit a bug, watchdog reboots, attacker can happily read
crash dumps and logs).

This puts the restriction on console-* types as well as sensitive
information could have been leaked there.

Other log types are unaffected.

Signed-off-by: default avatarSebastian Schmidt <yath@yath.de>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
parent a28726b4
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment