Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-08-02 Thread Salvatore Bonaccorso
On Mon, Aug 02, 2021 at 09:16:51PM +0200, Ben Hutchings wrote: > Control: tag -1 patch > > I think disabling unprivileged BPF is probably sensible. So far as I > know, it is quite limited in usefulness (without exploiting verifier > bugs :-). If it can't be enabled again, this should maybe be

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-08-02 Thread Ben Hutchings
Control: tag -1 patch I think disabling unprivileged BPF is probably sensible. So far as I know, it is quite limited in usefulness (without exploiting verifier bugs :-). If it can't be enabled again, this should maybe be done with a sysctl config file in linux-base rather than being a built-in

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-07-06 Thread Moritz Mühlenhoff
Am Wed, Jun 30, 2021 at 08:33:01PM +0200 schrieb Tomas Pospisek: > reassign 990411 linux-image-5.10.0-7-amd64 > > - > > Thanks Michael, reassigning as proposed. Though I'm wondering (and not > finding) whether there would be a more general package to assign this ticket > to (such as

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-06-30 Thread Salvatore Bonaccorso
Hi, Related: #928362. And on non src:linux #919226. It has to be noted that once set kernel.unprivileged_bpf_disabled=1 it cannot be cleared again. Regards, Salvatore

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-06-30 Thread Michael Biebl
Control: reassign -1 src:linux Am 30.06.21 um 20:33 schrieb Tomas Pospisek: reassign 990411 linux-image-5.10.0-7-amd64 - Thanks Michael, reassigning as proposed. Though I'm wondering (and not finding) whether there would be a more general package to assign this ticket to (such as

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-06-30 Thread Tomas Pospisek
reassign 990411 linux-image-5.10.0-7-amd64 - Thanks Michael, reassigning as proposed. Though I'm wondering (and not finding) whether there would be a more general package to assign this ticket to (such as linux-image-5.x or something). Any thoughts on this problem in the security or the

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-06-28 Thread Michael Biebl
Am 28.06.21 um 14:52 schrieb Tomas Pospisek: Package: systemd Version: 247.3-5 Severity: wishlist Tags: security X-Debbugs-Cc: Debian Security Team Hi, TLDR: $ sudo sysctl kernel.unprivileged_bpf_disabled kernel.unprivileged_bpf_disabled = 0 please disable unprivileged BPF by

Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

2021-06-28 Thread Tomas Pospisek
Package: systemd Version: 247.3-5 Severity: wishlist Tags: security X-Debbugs-Cc: Debian Security Team Hi, TLDR: $ sudo sysctl kernel.unprivileged_bpf_disabled kernel.unprivileged_bpf_disabled = 0 please disable unprivileged BPF by default, it seems that it is not safe to be allowed