As I can find in Mac OS X
smarek:~ marekseberaold$ dmesg
Unable to obtain kernel buffer: Operation not permitted
usage: sudo dmesg
Is this really important, to disable access to dmesg output for non-root / non-administrative users? Why is Apple doing this at all?
A clear "yes" from my side:
An attacker can use it to snoop kernel messages, e.g. about segfaults, kernel errors and thus use it as feedback loop for exploit optimization. Another usecase: the iptables LOG target will write to same buffer, information about connections of other users can then be misused to spoof packets with better chance for success.
I guess someone skilled will find even more ways to use dmesg to aid in privilege escalation.
