NiXium-org / NiXium

Open-Source Infrastructure as Code Management Solution for Multiple Systems designed to be reliable in mission-critical tasks on paranoid and high-security environment.

European Union Public License 1.2

20 stars 3 forks source link

Disable Reading Kernel Message Buffer for Unprivileged Users #91

Open TanvirOnGH opened 3 months ago

TanvirOnGH commented 3 months ago

Title

Implement read_msgbuf Functionality in NixOS.

Description

Implement a feature in NixOS to disable reading the kernel message buffer for unprivileged users, similar to the read_msgbuf option in FreeBSD. This would protect sensitive kernel messages from being read by non-privileged users.

https://github.com/NiXium-org/NiXium/issues/67

Kreyren commented 3 months ago

That sounds like a good idea, but i would make a group to easily assign the permission to users who are allowed to read the buffer