Ubuntu 20.10 Looking At Restricting Access To Kernel Logs With dmesg

Written by Michael Larabel in Ubuntu on 17 June 2020 at 06:22 AM EDT. 32 Comments
UBUNTU
Ubuntu 20.10 will likely join other Linux distributions in restricting access to dmesg by unprivileged users.

Due to dmesg able to leak kernel addresses and other sensitive information, the plan is to not allow dmesg access for unprivileged users. We previously covered the situation more at length within In 2019, Most Linux Distributions Still Aren't Restricting Dmesg Access.

Over the past year or so, Clear Linux and other distributions have begun restricting this dmesg access via the CONFIG_SECURITY_DMESG_RESTRICT Kconfig switch for the kernel builds -- the same approach being pursued now by Canonical with Ubuntu 20.10.


Canonical's Matthew Ruffell calls this "the final security gap currently enjoyed by unprivileged users on multi-user systems" with Ubuntu already restricting access to kernel.log, syslog, and similar information logs yet dmesg on existing Ubuntu releases continues to be fully accessible.

More details on the dmesg restriction plans for Ubuntu 20.10 via Ubuntu-devel.
32 Comments
Related News
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Ubuntu flash-kernel Package Looks To Drop Support For Old ARM Hardware
Ubuntu 25.04 Planning To Use GCC 15 As Well As Exploring Greater LLVM Use
Mir 2.19 Released With Atomic KMS Platform Support, New Wayland Protocols
UBports' Ubuntu Touch OTA-7 Atop Ubuntu 20.04 Released
Updated Ubuntu 24.10 Install Image Released For Snapdragon X1 Elite Laptops
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features