Originally posted by gregzeng
View Post
Announcement
Collapse
No announcement yet.
Ubuntu 20.10 Moving Ahead In Restricting Access To dmesg
Collapse
X
-
Originally posted by birdie View PostSpeaking of "hardening guides". Many of them are outright idiotic, for instance they insist on changing your passwords regularly. Why would you do that?
And also in most cases getting passwords does not involve 1337 skills where you p0wn20r the whole PC and install rootkits in the UEFI using Intel CPU vulnerabilities, but it's something more simple like looking with your eyes or overhearing conversations.
Or any way that is not permanent, so if you change it the malicious agent has to redo his homework again to acquire the password again.
This slows down attackers, which is what a good defence does. While if you don't change passwords they could have just compiled a list of passwords back in the day and come in your systems at the drop of a hat.
It's never been proven to be effective against anything
people who are forced to change their passwords regularly start creating simple passwords
and putting them in text files on their desktop
Good passwords which haven't been leaked/revealed/hacked are OK to use for eternity. Period.
What if the malicious user does nothing obvious like "format C", is just making a copy of your databases and internal documents and none finds out? I guess that's ok right?
Why dumb people like you that can't use logic are allowed to talk about security?Last edited by starshipeleven; 03 July 2020, 09:17 AM.
- Likes 2
Comment
-
Originally posted by RahulSundaram View Post
This is all public information readily accessible
"The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses"
This kconfig option was introduced and merged for a reason
Comment
-
Originally posted by birdie View Post
Default non-debug kernel doesn't print them. Anything else?
Comment
-
Originally posted by birdie View PostYou know what this decision will actually lead to? People will start using sudo for pretty much everything without thinking. If anything, limitations like this make security worse, not better. There's very little [security] info that can be picked from dmesg and then lots of data is still available using /proc, /sys and various kernel APIs.
It's about what info programs can access.
- Likes 1
Comment
-
Originally posted by eydee View Post
It isn't about people though. People are already sudoing everything. Worse, logging in as root directly.
It's about what info programs can access.
What that will look like may be capability based and it may have to be somewhat hardware VM based, but that's up to people better versed in security than me, and probably most of the neckbeards blindly following the Unix Way as if it's the end all and be all. Something major has got to change and defense must evolve to meet modern security needs not being met by any current OS.
Comment
-
Originally posted by stormcrow View Post
Yes it is. And frankly, the Unix security model is gawd awful at protecting what intruders are really after in modern information theft. While persistence is always one of the goals, most of the time, you don't need root or even kernel exploits to gain that. Data thieves are after the data the targeted user has both on the server and the desktop. Securing dmesg, /proc, /sys, etc is part of the problem, but the fundamental Unix security model is going to have to change entirely from user based security to something else to protect against modern threats.
What that will look like may be capability based and it may have to be somewhat hardware VM based, but that's up to people better versed in security than me, and probably most of the neckbeards blindly following the Unix Way as if it's the end all and be all. Something major has got to change and defense must evolve to meet modern security needs not being met by any current OS.
Comment
Comment