Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Clear Linux Moving Ahead With Blocking dmesg Access For Non-Root Users

Written by Michael Larabel in Clear Linux on 1 June 2019 at 06:31 PM EDT. 49 Comments

CLEAR LINUX

Most Linux distributions allow unfettered access to dmesg for seeing the kernel log outputs, but seeing as kernel addresses can be dumped to this output and could be exploited by bad actors, Clear Linux is joining the select few Linux distributions so far blocking non-root users from seeing this output mostly used for debugging purposes.

Back in April I wrote about their plans for blocking dmesg access via the Linux kernel's CONFIG_SECURITY_DMESG_RESTRICT Kconfig build time switch. After evaluating the plan, they indeed are going ahead with it where only root/sudo users will be able to see the dmesg output. This also impacts container users as well as there even if you are the root user in a container you will now no longer be able to see the kernel logs of the host.

We'll see if other Linux distributions jump on board with restricting dmesg access to help kernel memory addresses from potentially being exposed.

More details on Clear Linux's enabling of SECURITY_DMESG_RESTRICT can be found via this mailing list post.

49 Comments

Related News

Clear Linux Will Now Handle Up To 512 CPU Cores / vCPUs

Intel's Clear Linux Taps -O3 For Its Kernel Builds

Clear Linux Container Performance Continues Showing Sizable Gains

Using Distrobox To Augment The Package Selection On Clear Linux, Other Distributions

Clear Linux Preparing To Move To GNOME 3.36, Dropping Their Desktop Customizations

Intel's Clear Linux To Divest From The Desktop, Focus On Server + Cloud Workloads

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features

NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance

Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries