restricting dmesg

Kees Cook kees at
Tue Nov 16 21:16:58 GMT 2010

Hi Soren,

On Tue, Nov 16, 2010 at 10:04:55PM +0100, Soren Hansen wrote:
> On 16-11-2010 18:50, Kees Cook wrote:
> > I figure we could add a useful error message to "dmesg" to provide 
> > education about the change, which would suggest using "sudo" or
> > pointing people to the new /proc/sys/kernel/dmesg_restrict sysctl.
> Have we gotten any kind of feedback on the similar changes that were
> made to strace?

Not a peep that I'm aware of. I am assuming that the verbose errors out
of strace, ltrace, and gdb were enough to address it, though maybe there
won't be noise until the restriction is in an LTS version.


(Though technically, the verbose error vanished briefly in gdb and that
caused some confusion, but has since been fixed.)

Kees Cook
Ubuntu Security Team

More information about the ubuntu-devel mailing list