[Secure-testing-team] Bug#867747: rsyslog: /var/log/dmesg world-readable despite kernel.dmesg_restrict = 1

[mv87]

Package: rsyslog
Version: 8.24.0-1
Severity: normal
Tags: security

According to https://wiki.debian.org/NewInStretch 'dmesg' should require
superuser privileges.
/var/log/dmesg is world-readable which might undermine the restriction set by
kernel.dmesg_restrict = 1.



-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rsyslog depends on:
ii  init-system-helpers  1.48
ii  libc6                2.24-11+deb9u1
ii  libestr0             0.1.10-2
ii  libfastjson4         0.99.4-1
ii  liblogging-stdlog0   1.0.5-2+b2
ii  liblognorm5          2.0.1-1.1+b1
ii  libsystemd0          232-25
ii  libuuid1             2.29.2-1
ii  lsb-base             9.20161125
ii  zlib1g               1:1.2.8.dfsg-5

Versions of packages rsyslog recommends:
ii  logrotate  3.11.0-0.1

Versions of packages rsyslog suggests:
pn  rsyslog-doc                    <none>
pn  rsyslog-gnutls                 <none>
pn  rsyslog-gssapi                 <none>
pn  rsyslog-mongodb                <none>
pn  rsyslog-mysql | rsyslog-pgsql  <none>
pn  rsyslog-relp                   <none>

-- no debconf information