** Description changed: + [Impact] + The CONFIG_SECURITY_DMESG_RESTRICT option is not set on the Ubuntu Pi kernels, resulting in dmesg being accessible to ordinary users. This is in contrast to PC installs, where dmesg is now restricted to the "root" user in 20.10 onwards. The following messages from the ubuntu- devel list cover the original proposal (which proposed limiting dmesg to root:adm), and earlier discussion from 2011 (which proposed limiting dmesg to root alone, which is what was implemented in groovy): https://lists.ubuntu.com/archives/ubuntu-devel/2020-June/041063.html https://lists.ubuntu.com/archives/ubuntu-devel/2011-May/033240.html + + [Test Case] + + $ dmesg > /dev/null + $ echo $? + 0 + + Should be: + $ dmesg + dmesg: read kernel buffer failed: Operation not permitted + + [Regression Potential] + + Ordinary users might still be able to execute dmesg and read the kernel + logs.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1902934 Title: dmesg is not restricted in linux-raspi kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/1902934/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
