Re: Proposal: Allowing access to dmesg for users in group adm

To: debian-devel@lists.debian.org
Subject: Re: Proposal: Allowing access to dmesg for users in group adm
From: Bastian Blank <waldi@debian.org>
Date: Mon, 17 Aug 2020 13:47:00 +0200
Message-id: <[🔎] 20200817114659.jvlrkfhk4stsra5o@shell.thinkmo.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 11dbf6a5-57d1-af8e-ec93-554a31ceed4e@canonical.com>
References: <[🔎] 11dbf6a5-57d1-af8e-ec93-554a31ceed4e@canonical.com>

Hi

On Mon, Aug 17, 2020 at 03:50:37PM +1200, Matthew Ruffell wrote:
> 2) Following changes to /bin/dmesg permissions in package 'util-linux'
>     - Ownership changes to root:adm
>     - Permissions changed to 0750 (-rwxr-x---)

You mean 0754?

>     - Add cap_syslog capability to binary.

Can someone please confirm that filesystem capabilities are restricted
to the current user namespace?  Otherwise this could allow stuff like
containers to read host status.

What happens if using capabilities fail?

Bastian

-- 
Captain's Log, star date 21:34.5...

Reply to:

Follow-Ups:
- Re: Proposal: Allowing access to dmesg for users in group adm
  - From: The Wanderer <wanderer@fastmail.fm>

References:
- Proposal: Allowing access to dmesg for users in group adm
  - From: Matthew Ruffell <matthew.ruffell@canonical.com>

Prev by Date: Re: Proposal: Allowing access to dmesg for users in group adm
Next by Date: Re: Proposal: Allowing access to dmesg for users in group adm
Previous by thread: Re: Proposal: Allowing access to dmesg for users in group adm
Next by thread: Re: Proposal: Allowing access to dmesg for users in group adm
Index(es):
- Date
- Thread