[Expired for linux (Ubuntu Kinetic) because there has been no activity
for 60 days.]
** Changed in: linux (Ubuntu Kinetic)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1974442
Title:
enable CONFIG_DEVTMPFS_SAFE
Status in linux package in Ubuntu:
Expired
Status in linux source package in Kinetic:
Expired
Bug description:
[Impact]
Use nosuid,noexec mount options on devtmpfs, this allows to provide a
bit of extra security by preventing mmapping stuff in /dev with
PROT_EXEC or having setuid executables.
[Test case]
If we really want to provide a test case for this...:
$ grep devtmpfs /proc/mounts
We should see nosuid,noexec in the mount options if this change is
applied, otherwise we should only see nosuid (or none of the above).
[Fix]
Enable CONFIG_DEVTMPFS_SAFE.
[Regression potential]
This change can potentially break some drivers that require mmapping
/dev/mem with the PROT_EXEC flag (for example non-KSM video drivers,
or drivers that need to execute BIOS / firmware code directly from
/dev/mem).
However, it'd be nice to see if we still have drivers that are still
relying on this dangerous behavior and provide some additional safety
measures in the system.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1974442/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
