This change was applied during the Focal development cycle but then
reverted pending performance testing results. That performance testing
work was never finished and I'm no longer working on this bug.
** Changed in: linux (Ubuntu)
Status: Fix Committed => Triaged
** Changed in: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855341
Title:
CONFIG_USELIB should be disabled
Status in linux package in Ubuntu:
Triaged
Bug description:
We should disable CONFIG_USELIB to make the uselib(2) system call
unreachable in an effort to reduce the kernel attack surface.
The system call is only used by very old libc implementations and is
unlikely to be used today.
This config option is recommended by the Kernel Self Protection
Project[1] and a 2019 study performed by Capsule 8 shows that it is
enabled in some other major distro kernels[2].
[1]
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
[2]
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855341/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
