** Changed in: linux-raspi (Ubuntu Groovy)
Status: Triaged => Fix Committed
** No longer affects: linux-raspi (Ubuntu Hirsute)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi in Ubuntu.
https://bugs.launchpad.net/bugs/1902934
Title:
dmesg is not restricted in linux-raspi kernel
Status in linux-raspi package in Ubuntu:
Triaged
Status in linux-raspi source package in Groovy:
Fix Committed
Bug description:
[Impact]
The CONFIG_SECURITY_DMESG_RESTRICT option is not set on the Ubuntu Pi
kernels, resulting in dmesg being accessible to ordinary users.
This is in contrast to PC installs, where dmesg is now restricted to
the "root" user in 20.10 onwards. The following messages from the
ubuntu-devel list cover the original proposal (which proposed limiting
dmesg to root:adm), and earlier discussion from 2011 (which proposed
limiting dmesg to root alone, which is what was implemented in
groovy):
https://lists.ubuntu.com/archives/ubuntu-devel/2020-June/041063.html
https://lists.ubuntu.com/archives/ubuntu-devel/2011-May/033240.html
[Test Case]
$ dmesg > /dev/null
$ echo $?
0
Should be:
$ dmesg
dmesg: read kernel buffer failed: Operation not permitted
[Regression Potential]
Ordinary users might still be able to execute dmesg and read the
kernel logs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/1902934/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
