I think it should be up to the user to decide whether to enable this by
setting the net.ipv4.ping_group_range sysctl.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1588917
Title:
I believe that section of the kernel code has had three user->ring0
vulnerabilities so far. It might be worth waiting a bit longer before
enabling its use by default.
Thanks
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to iputils in
** Changed in: iputils (Ubuntu)
Status: New => Triaged
** Changed in: iputils (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to iputils in Ubuntu.
** Description changed:
The latest version of iputils have the option of using SOCK_DGRAM
packets instead of SOCK_RAW, provided that the net.ipv4.ping_group_range
sysctl is set to a different value. This helps a lot with security in
-not just- Linux containers by dropping support for the
4 matches
Mail list logo