** Description changed: - <Placeholder bug for disabling CONFIG_USELIB> + We should disable CONFIG_USELIB to make the uselib(2) system call + unreachable in an effort to reduce the kernel attack surface. + + The system call is only used by very old libc implementations and is + unlikely to be used today. + + This config option is recommended by the Kernel Self Protection + Project[1] and a 2019 study performed by Capsule 8 shows that it is + enabled in some other major distro kernels[2]. + + [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings + [2] https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855341 Title: CONFIG_USELIB should be disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855341/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
