reassign 990411 linux-image-5.10.0-7-amd64
-----
Thanks Michael, reassigning as proposed. Though I'm wondering (and not
finding) whether there would be a more general package to assign this
ticket to (such as linux-image-5.x or something).
Any thoughts on this problem in the security or the kernel team?
Thanks and greets to all of you!
*t
On Mon, 28 Jun 2021, Michael Biebl wrote:
Am 28.06.21 um 14:52 schrieb Tomas Pospisek:
Package: systemd
Version: 247.3-5
Severity: wishlist
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Hi,
TLDR:
$ sudo sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 0
please disable unprivileged BPF by default, it seems that it
is not safe to be allowed by default in the general case.
I'm not sure if systemd is the right place to report this
security/wishlist ticket against. I've chosen systemd because it
ships `/etc/sysctl.d/99-sysctl.conf` which seems to me to be the
nearest fit to where `kernel.unprivileged_bpf_disabled` should
be set. Please reassign if there's a better package to stick
this report to.
/etc/sysctl.d/99-sysctl.conf is just a symlink pointing at
99-sysctl.conf -> ../sysctl.conf
$ dpkg -S /etc/sysctl.conf
procps: /etc/sysctl.conf
tbh, I'd prefer the security oder kernel team to make that judgement call.
