Am 28.06.21 um 14:52 schrieb Tomas Pospisek:
Package: systemd Version: 247.3-5 Severity: wishlist Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>Hi, TLDR: $ sudo sysctl kernel.unprivileged_bpf_disabled kernel.unprivileged_bpf_disabled = 0 please disable unprivileged BPF by default, it seems that it is not safe to be allowed by default in the general case. I'm not sure if systemd is the right place to report this security/wishlist ticket against. I've chosen systemd because it ships `/etc/sysctl.d/99-sysctl.conf` which seems to me to be the nearest fit to where `kernel.unprivileged_bpf_disabled` should be set. Please reassign if there's a better package to stick this report to.
/etc/sysctl.d/99-sysctl.conf is just a symlink pointing at 99-sysctl.conf -> ../sysctl.conf $ dpkg -S /etc/sysctl.conf procps: /etc/sysctl.conf tbh, I'd prefer the security oder kernel team to make that judgement call.
OpenPGP_signature
Description: OpenPGP digital signature
