T1151: elevate permissions when accessing kernel ring buffer

The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses. Rather than futilely attempt to sanitize hundreds (or thousands) of printk statements and simultaneously cripple useful debugging functionality, it is far simpler to create an option that prevents unprivileged users from reading the syslog. For more information please refer to: https://lwn.net/Articles/414813/
author: Christian Poessinger <christian@poessinger.com> 2019-01-03 16:38:56 +0100
committer: Christian Poessinger <christian@poessinger.com> 2019-01-03 16:38:56 +0100
commit: 11d91322beffcb4c420dc5e086782b20732ac6fe (patch)
tree: 7ad2faeb4069db0e11ac45b4780bc52a7a80f919 /templates
parent: 7e7c2da061f83e3f64309ca3be0c91667bf21c12 (diff)
download: vyatta-op-11d91322beffcb4c420dc5e086782b20732ac6fe.tar.gz
vyatta-op-11d91322beffcb4c420dc5e086782b20732ac6fe.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/show/system/kernel-messages/node.def b/templates/show/system/kernel-messages/node.def
index 6f41ae3..9a9229b 100644
--- a/templates/show/system/kernel-messages/node.def
+++ b/templates/show/system/kernel-messages/node.def
@@ -1,2 +1,2 @@
 help: Show messages in kernel ring buffer
-run: dmesg
+run: sudo dmesg
author	Christian Poessinger <christian@poessinger.com>	2019-01-03 16:38:56 +0100
committer	Christian Poessinger <christian@poessinger.com>	2019-01-03 16:38:56 +0100
commit	11d91322beffcb4c420dc5e086782b20732ac6fe (patch)
tree	7ad2faeb4069db0e11ac45b4780bc52a7a80f919 /templates
parent	7e7c2da061f83e3f64309ca3be0c91667bf21c12 (diff)
download	vyatta-op-11d91322beffcb4c420dc5e086782b20732ac6fe.tar.gz vyatta-op-11d91322beffcb4c420dc5e086782b20732ac6fe.zip