diff options
| author |   zshi <zshi@redhat.com> | 2017-03-20 16:12:32 +0800 |
|---|---|---|
| committer | zshi <zshi@redhat.com> | 2017-03-22 07:20:32 +0800 |
| commit | 51c91597fbad0155b8cab62c8d12cbc01d44ed74 (patch) | |
| tree | 2f37a0454cf405d41b2e65c095a0524ff0d33e7e /releasenotes | |
| parent | e0bd63c826e687d9019b76297e9375f3b0608c2e (diff) | |
Restrict Access to Kernel Message Buffer
Unprivileged access to the kernel syslog can expose sensitive
kernel address information.
Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2
Signed-off-by: zshi <zshi@redhat.com>
Diffstat (limited to 'releasenotes')
| -rw-r--r-- | releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml b/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml new file mode 100644 index 00000000..c24e8921 --- /dev/null +++ b/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - | + The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive + kernel address information with unprivileged access. Deployments that set + or depend on values other than 1 for kernel.dmesg_restrict may be affected + by upgrading. +security: + - | + Kernel syslog contains sensitive kernel address information, setting + kernel.dmesg_restrict to avoid unprivileged access to this information. |