o Introduce kern.security.bsd.unprivileged_read_msgbuf, which allows

  the administrator to restrict access to the kernel message buffer.
  It defaults to '1', which permits access, but if set to '0', requires
  that the process making the sysctl() have appropriate privilege.
o Note that for this to be effective, access to this data via system
  logs derived from /dev/klog must also be limited.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 13 insertions, 0 deletions

diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index 5e2d310..fcb2dd5 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -819,12 +819,25 @@ msgbufinit(void *ptr, size_t size)
 	oldp = msgbufp;
 }
 
+SYSCTL_DECL(_kern_security_bsd);
+
+static int unprivileged_read_msgbuf = 1;
+SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
+    CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
+    "Unprivileged processes may read the kernel message buffer");
+
 /* Sysctls for accessing/clearing the msgbuf */
 static int
 sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
 {
 	int error;
 
+	if (!unprivileged_read_msgbuf) {
+		error = suser_td(req->td);
+		if (error)
+			return (error);
+	}
+
 	/*
 	 * Unwind the buffer, so that it's linear (possibly starting with
 	 * some initial nulls).