Ubuntu 20.10 Moving Ahead In Restricting Access To dmesg
Following the discussions last month over restricting access to dmesg / kernel logs on Ubuntu in matching the behavior of other Linux distributions for better security practices, Ubuntu 20.10 indeed is moving forward with these plans where dmesg access would require root privileges.
In recent times more Linux distributions have been restricting access to dmesg over the possibility of kernel addresses being leaked or other potentially sensitive bits while as it stands now on Ubuntu there is free reign on multi-user systems to have unprivileged users read dmesg output.
Canonical's Seth Forshee commented their security team is in agreement with this work and they have made the change for their Linux 5.7/5.8 kernel trees. The Linux 5.7~5.8 kernel update will hit the Ubuntu 20.10 development repository in the next few weeks. CONFIG_SECURITY_DMESG_RESTRICT is being set to enable this restriction.
In recent times more Linux distributions have been restricting access to dmesg over the possibility of kernel addresses being leaked or other potentially sensitive bits while as it stands now on Ubuntu there is free reign on multi-user systems to have unprivileged users read dmesg output.
Canonical's Seth Forshee commented their security team is in agreement with this work and they have made the change for their Linux 5.7/5.8 kernel trees. The Linux 5.7~5.8 kernel update will hit the Ubuntu 20.10 development repository in the next few weeks. CONFIG_SECURITY_DMESG_RESTRICT is being set to enable this restriction.
20 Comments