Ubuntu 20.10 Looking At Restricting Access To Kernel Logs With dmesg
Due to dmesg able to leak kernel addresses and other sensitive information, the plan is to not allow dmesg access for unprivileged users. We previously covered the situation more at length within In 2019, Most Linux Distributions Still Aren't Restricting Dmesg Access.
Over the past year or so, Clear Linux and other distributions have begun restricting this dmesg access via the CONFIG_SECURITY_DMESG_RESTRICT Kconfig switch for the kernel builds -- the same approach being pursued now by Canonical with Ubuntu 20.10.
Canonical's Matthew Ruffell calls this "the final security gap currently enjoyed by unprivileged users on multi-user systems" with Ubuntu already restricting access to kernel.log, syslog, and similar information logs yet dmesg on existing Ubuntu releases continues to be fully accessible.
More details on the dmesg restriction plans for Ubuntu 20.10 via Ubuntu-devel.