Clear Linux Moving Ahead With Blocking dmesg Access For Non-Root Users
Written by Michael Larabel in Clear Linux on 1 June 2019 at 06:31 PM EDT. 50 Comments
CLEAR LINUX --
Most Linux distributions allow unfettered access to dmesg for seeing the kernel log outputs, but seeing as kernel addresses can be dumped to this output and could be exploited by bad actors, Clear Linux is joining the select few Linux distributions so far blocking non-root users from seeing this output mostly used for debugging purposes.

Back in April I wrote about their plans for blocking dmesg access via the Linux kernel's CONFIG_SECURITY_DMESG_RESTRICT Kconfig build time switch. After evaluating the plan, they indeed are going ahead with it where only root/sudo users will be able to see the dmesg output. This also impacts container users as well as there even if you are the root user in a container you will now no longer be able to see the kernel logs of the host.


We'll see if other Linux distributions jump on board with restricting dmesg access to help kernel memory addresses from potentially being exposed.

More details on Clear Linux's enabling of SECURITY_DMESG_RESTRICT can be found via this mailing list post.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Clear Linux News
Popular News This Week