** Description changed: - <Placeholder bug for disabling CONFIG_USELIB> + We should disable CONFIG_USELIB to make the uselib(2) system call + unreachable in an effort to reduce the kernel attack surface. + + The system call is only used by very old libc implementations and is + unlikely to be used today. + + This config option is recommended by the Kernel Self Protection + Project[1] and a 2019 study performed by Capsule 8 shows that it is + enabled in some other major distro kernels[2]. + + [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings + [2] https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1855341 Title: CONFIG_USELIB should be disabled Status in linux package in Ubuntu: In Progress Bug description: We should disable CONFIG_USELIB to make the uselib(2) system call unreachable in an effort to reduce the kernel attack surface. The system call is only used by very old libc implementations and is unlikely to be used today. This config option is recommended by the Kernel Self Protection Project[1] and a 2019 study performed by Capsule 8 shows that it is enabled in some other major distro kernels[2]. [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings [2] https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855341/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
