T1151: elevate permissions when accessing kernel ring buffer

The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses. Rather than futilely attempt to sanitize hundreds (or thousands) of printk statements and simultaneously cripple useful debugging functionality, it is far simpler to create an option that prevents unprivileged users from reading the syslog. For more information please refer to: https://lwn.net/Articles/414813/ (cherry picked from commit 11d91322beffcb4c420dc5e086782b20732ac6fe)
author: Christian Poessinger <christian@poessinger.com> 2019-01-03 16:38:56 +0100
committer: Christian Poessinger <christian@poessinger.com> 2019-01-03 16:40:27 +0100
commit: 9ee75b3b351a7100152407b24d26016e2ed873ff (patch)
tree: 7ad2faeb4069db0e11ac45b4780bc52a7a80f919
parent: 5366af7adeff96eb16da9e2c6f96ae2d23067942 (diff)
download: vyatta-op-9ee75b3b351a7100152407b24d26016e2ed873ff.tar.gz
vyatta-op-9ee75b3b351a7100152407b24d26016e2ed873ff.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/show/system/kernel-messages/node.def b/templates/show/system/kernel-messages/node.def
index 6f41ae3..9a9229b 100644
--- a/templates/show/system/kernel-messages/node.def
+++ b/templates/show/system/kernel-messages/node.def
@@ -1,2 +1,2 @@
 help: Show messages in kernel ring buffer
-run: dmesg
+run: sudo dmesg
author	Christian Poessinger <christian@poessinger.com>	2019-01-03 16:38:56 +0100
committer	Christian Poessinger <christian@poessinger.com>	2019-01-03 16:40:27 +0100
commit	9ee75b3b351a7100152407b24d26016e2ed873ff (patch)
tree	7ad2faeb4069db0e11ac45b4780bc52a7a80f919
parent	5366af7adeff96eb16da9e2c6f96ae2d23067942 (diff)
download	vyatta-op-9ee75b3b351a7100152407b24d26016e2ed873ff.tar.gz vyatta-op-9ee75b3b351a7100152407b24d26016e2ed873ff.zip