On Fri, Mar 11, 2022 at 10:06 AM Nikos Chantziaras <rea...@gmail.com> wrote: > > On 11/03/2022 17:06, Mark Knecht wrote: > > Is this related to the 'dirty pipe' vulnerability that has been in the > > news of late and has gotten patched in most distros in the last few > > days? > > In one of the discussions about the patch, it was mentioned that "a > couple of CVEs would have never happened" if this had been the default > to begin with. So, probably yes? > >
My Kubuntu system is set to '1' but Ubuntu released a patchset for 15 CVEs including the dirty pipe and I didn't even know about this feature before this news so I have no idea if this was just changed here but I suspect it was. I'm on a much older kernel than most of you guys. To me the overriding idea of not letting any user, including root, mess around in a pipe makes logical sense, but as the OP has showed I guess there were valid uses for this feature pre-patch, and it seems that a user can override the feature by setting some bits if they need to and really think they know what they are doing. Thanks for the response, Mark