Created attachment 243439 [details] Fix /var/log/messages and /var/run/dmesg.boot permissions If a regular user that does not belong to to the wheel group issues: % dmesg -a dmesg: sysctl kern.msgbuf: Operation not permitted However, a user may circumvent this restriction by either: % cat /var/log/messages Or % cat /var/run/dmesg.boot Set the proper permissions to both files. Fix relevant manual pages. Given that this has been the normal behavior since the beginning, maybe the fix should be the other way around?
Created attachment 243440 [details] Fix the umask
I don't think this is about user being in wheel and rather about security.bsd.unprivileged_read_msgbuf set to 0? $ sysctl security.bsd.unprivileged_read_msgbuf security.bsd.unprivileged_read_msgbuf: 0 $ groups staff wheel operator $ dmesg dmesg: sysctl kern.msgbuf: Operation not permitted May be relevant option in the installer should apply the permissions as well?
(In reply to Yuri Pankov from comment #2) Got it. What about the permissions? Accessible only to the root user as well, i.e., 0600?
Created attachment 243453 [details] Patch bsdinstall Follow the instructions in commit 6f3933fa6fbd021bf6f24543e91489283eafd698, and set the proper permissions to both files from the bsdinstall hardening script. For this patch to work I must first remove the hard-wired umask setting from /etc/rc.d/dmesg and set dmesg_umask (separate commit).
Note so self: https://reviews.freebsd.org/D36309 has been MFCd down to 12, /etc/rc.d scripts (chiefly dmesg) can be adapted to use it. There is a strong desire to remove the hardening menu from the installer, in the meantime, I think this could be beneficial.
Proposed patches: - https://reviews.freebsd.org/D53169 - https://reviews.freebsd.org/D53171
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=edadbc6ee95570627679f3bc14a1d5476d0ce339 commit edadbc6ee95570627679f3bc14a1d5476d0ce339 Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-17 14:34:55 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2025-10-18 17:11:49 +0000 rc: dmesg: Allow umask to be configurable Allow umask to be configurable. Being able to set the umask via an rc variable is useful when setting: security.bsd.unprivileged_read_msgbuf=0 As it allows a user to configure: dmesg_umask="066" Without modifying the rc script, and preventing the contents of the $dmesg_file (/var/run/dmesg.boot) from being publicly readable. PR: 272552 Reviewed by: netchild MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53169 libexec/rc/rc.conf | 1 + libexec/rc/rc.d/dmesg | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
A commit in branch stable/15 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=fa2e886206f41b4ce652377a6da163103ef25351 commit fa2e886206f41b4ce652377a6da163103ef25351 Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-17 14:34:55 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2025-10-20 16:04:35 +0000 rc: dmesg: Allow umask to be configurable Allow umask to be configurable. Being able to set the umask via an rc variable is useful when setting: security.bsd.unprivileged_read_msgbuf=0 As it allows a user to configure: dmesg_umask="066" Without modifying the rc script, and preventing the contents of the $dmesg_file (/var/run/dmesg.boot) from being publicly readable. PR: 272552 Reviewed by: netchild MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53169 (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339) libexec/rc/rc.conf | 1 + libexec/rc/rc.d/dmesg | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=d8ddea0d4b0ad316000970987d26307e84ce1efc commit d8ddea0d4b0ad316000970987d26307e84ce1efc Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-17 14:34:55 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2025-10-20 16:09:30 +0000 rc: dmesg: Allow umask to be configurable Allow umask to be configurable. Being able to set the umask via an rc variable is useful when setting: security.bsd.unprivileged_read_msgbuf=0 As it allows a user to configure: dmesg_umask="066" Without modifying the rc script, and preventing the contents of the $dmesg_file (/var/run/dmesg.boot) from being publicly readable. PR: 272552 Reviewed by: netchild MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53169 (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339) libexec/rc/rc.conf | 1 + libexec/rc/rc.d/dmesg | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51 commit 549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51 Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-17 14:34:55 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2025-10-20 16:05:40 +0000 rc: dmesg: Allow umask to be configurable Allow umask to be configurable. Being able to set the umask via an rc variable is useful when setting: security.bsd.unprivileged_read_msgbuf=0 As it allows a user to configure: dmesg_umask="066" Without modifying the rc script, and preventing the contents of the $dmesg_file (/var/run/dmesg.boot) from being publicly readable. PR: 272552 Reviewed by: netchild MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53169 (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339) libexec/rc/rc.conf | 1 + libexec/rc/rc.d/dmesg | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
Re-open: Still waiting for a review of: https://reviews.freebsd.org/D53171