Enabling the kernel's DMESG_RESTRICT feature

Kees Cook kees at ubuntu.com
Thu May 26 23:17:04 UTC 2011

On Wed, May 25, 2011 at 09:36:16PM +0200, Martin Pitt wrote:
> So if needed, you can implement attach_dmesg() with
> attach_root_command_outputs().

Ah, perfect. That'll be the way to go, then.

> But aside from that I do agree with Steve that it both seems a lot
> safer as well as more convenient and less intrusive to just filter out
> the address from the printk in the first place, instead of disallowing
> non-admins to see some useful debugging (like errors on removable disk
> drives, what the heck is currently wrong with their wifi, etc.)

This just isn't going to happen, unfortunately. The number of leaks is
giant, and upstream is completely unwilling to filter printk() so far.

I wanted to get this turned on now because it will be needed once we have
kernel base address randomization, and if that happens for the LTS, I
didn't want to have to make the dmesg privilege transition also in LTS.


Kees Cook
Ubuntu Security Team

More information about the ubuntu-devel mailing list