From 11d91322beffcb4c420dc5e086782b20732ac6fe Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 3 Jan 2019 16:38:56 +0100 Subject: T1151: elevate permissions when accessing kernel ring buffer The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses. Rather than futilely attempt to sanitize hundreds (or thousands) of printk statements and simultaneously cripple useful debugging functionality, it is far simpler to create an option that prevents unprivileged users from reading the syslog. For more information please refer to: https://lwn.net/Articles/414813/ --- templates/show/system/kernel-messages/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/show/system/kernel-messages/node.def b/templates/show/system/kernel-messages/node.def index 6f41ae3..9a9229b 100644 --- a/templates/show/system/kernel-messages/node.def +++ b/templates/show/system/kernel-messages/node.def @@ -1,2 +1,2 @@ help: Show messages in kernel ring buffer -run: dmesg +run: sudo dmesg -- cgit v1.2.3 From d304da802db07f78489fe9f5b6bd762b3ffe7025 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Sat, 26 Jan 2019 01:38:15 +0100 Subject: T1193: use vyos-config-to-commands in the commands pipe. --- etc/bash_completion.d/vyatta-op | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/bash_completion.d/vyatta-op b/etc/bash_completion.d/vyatta-op index 8064c94..7ae4d61 100644 --- a/etc/bash_completion.d/vyatta-op +++ b/etc/bash_completion.d/vyatta-op @@ -503,7 +503,7 @@ commands () if $(cli-shell-api sessionChanged); then echo "You have uncommited changes, please commit them before using the commands pipe" else - ${vyos_libexec_dir}/commands-pipe.py + vyos-config-to-commands fi else echo "commands pipe is not supported in operational mode" -- cgit v1.2.3