You know what this decision will actually lead to? People will start using sudo for pretty much everything without thinking. If anything, limitations like this make security worse, not better. There's very little [security] info that can be picked from dmesg and then lots of data is still available using /proc, /sys and various kernel APIs.

It's also about restricting access to sensitive information that shouldn't be available for non-admin users. This is crucial in the context of security and it always part of any hardening guide.

Next to that, using sudo for everything is actually better thing, because all sudo uses are logged and can be part of an audit process, in comparison to su. At that point questions can arise like: why did that user access those logs and kernel information? And necessary action can be taken to investigate/modify access.

This one Canonical Ubuntu 20.10 inner family is one of three "temporary" Ubuntu's before the next Ubuntu LTS, 22.04. There are also the 21.04 & 21.10 editions ahead. These Ubuntu's are downstream from the Debian editions. There are even many more Linux operating systems that are further downstream from the small number of the inner Canonical Ubuntu family.
Of special interest is which of these very many Ubuntu downstreamers will also include these Ubuntu 20.10 innovations? These downstreamers try to be more innovative, more adventurous than the big name "Canonical conservatives" upon which they are based. Mint 20.04 is the biggest of these Ubuntu outsiders. It has added many innovations. Which if any of these will make it into which of the official future Canonicals?

1. It's trivial to create an audit policy which will log dmesg invocations by the user.
2. Enlighten me as to what "sensitive information" can be picked up from dmesg which is impossible to get by other means aside from maybe iptables/nftables logging which is not even enabled by default in Ubuntu.

Again what is "crucial in the context of security and it always part of any hardening guide" - I keep hearing that again and again, and so far I haven't seen a single example of anything "crucial" in dmesg.

Speaking of "hardening guides". Many of them are outright idiotic, for instance they insist on changing your passwords regularly. Why would you do that? It's never been proven to be effective against anything and at the same time people who are forced to change their passwords regularly start creating simple passwords and putting them in text files on their desktop. Good passwords which haven't been leaked/revealed/hacked are OK to use for eternity. Period.

Because good passwords get leaked/revealed/hacked all the time?
Just kidding :'D

Every change breaks someone's workflow, in this case yours. Don't try to generalise your pet peeve into a global problem.

Mine is not affected as I use Fedora which hasn't yet engaged in this security theatre idiocy.

This is all public information readily accessible



"The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses"

This kconfig option was introduced and merged for a reason

I think that Fedora and every other distribution will soon follow Ubuntu's lead and restrict access to dmesg.