Enabling the kernel's DMESG_RESTRICT feature

Matt Zimmerman mdz at ubuntu.com
Fri May 27 15:29:33 UTC 2011

On Thu, May 26, 2011 at 04:55:59PM -0700, Kees Cook wrote:
> I won't say it doesn't complicate things, but I would like to point out
> that everyone else's suggestion for this is to completely remove the values
> from the dmesg report itself, rendering it unavailable to any user, even
> root.

It seems we are forced into this dichotomy because there is only one log,
which is mixing different types of information.  Has anyone proposed
separating kernel debugging information from simple status logging, and
allowing the remainder to remain accessible to users?

 - mdz

More information about the ubuntu-devel mailing list