[LEDE-DEV] [PATCH 1/3] kernel: Restrict dmesg output to root.

Rosen Penev rosenp at gmail.com
Fri Mar 30 15:18:02 PDT 2018


In typical OpenWrt setups, there are no other users that have a shell spawned for them by default.

This can be overriden by the kernel.dmesg_output syssctl.

Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
 target/linux/generic/config-3.18 | 2 +-
 target/linux/generic/config-4.14 | 2 +-
 target/linux/generic/config-4.4  | 2 +-
 target/linux/generic/config-4.9  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/linux/generic/config-3.18 b/target/linux/generic/config-3.18
index 04245531f6..0f66960fdc 100644
--- a/target/linux/generic/config-3.18
+++ b/target/linux/generic/config-3.18
@@ -3284,7 +3284,7 @@ CONFIG_SCSI_PROC_FS=y
 # CONFIG_SECCOMP is not set
 # CONFIG_SECURITY is not set
 # CONFIG_SECURITYFS is not set
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 # CONFIG_SEEQ8005 is not set
 CONFIG_SELECT_MEMORY_MODEL=y
 # CONFIG_SENSORS_ABITUGURU is not set
diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
index a27198335d..8a1e494429 100644
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -3999,7 +3999,7 @@ CONFIG_SCSI_PROC_FS=y
 CONFIG_SECTION_MISMATCH_WARN_ONLY=y
 # CONFIG_SECURITY is not set
 # CONFIG_SECURITYFS is not set
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SELECT_MEMORY_MODEL=y
 # CONFIG_SENSORS_ABITUGURU is not set
 # CONFIG_SENSORS_ABITUGURU3 is not set
diff --git a/target/linux/generic/config-4.4 b/target/linux/generic/config-4.4
index 3285000eb4..d29f27d747 100644
--- a/target/linux/generic/config-4.4
+++ b/target/linux/generic/config-4.4
@@ -3423,7 +3423,7 @@ CONFIG_SCSI_PROC_FS=y
 CONFIG_SECTION_MISMATCH_WARN_ONLY=y
 # CONFIG_SECURITY is not set
 # CONFIG_SECURITYFS is not set
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SELECT_MEMORY_MODEL=y
 # CONFIG_SENSORS_ABITUGURU is not set
 # CONFIG_SENSORS_ABITUGURU3 is not set
diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9
index 3f050c205c..1cc607d4dd 100644
--- a/target/linux/generic/config-4.9
+++ b/target/linux/generic/config-4.9
@@ -3766,7 +3766,7 @@ CONFIG_SCSI_PROC_FS=y
 CONFIG_SECTION_MISMATCH_WARN_ONLY=y
 # CONFIG_SECURITY is not set
 # CONFIG_SECURITYFS is not set
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SELECT_MEMORY_MODEL=y
 # CONFIG_SENSORS_ABITUGURU is not set
 # CONFIG_SENSORS_ABITUGURU3 is not set
-- 
2.16.3




More information about the Lede-dev mailing list