** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1961338
Title:
Disable unprivileged BPF by default
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
[Impact]
Unprivileged users have access to BPF, allowing them to execute code in the
kernel under their control. Though restricted and verified, a lot of security
issues have been uncovered over the years, indicating that it should be
disabled by default in order to protect our users.
Admins can reenable that access or give CAP_BPF to programs if needed.
[Test case]
A qa-regression-testing testcase has been added that checks for the ability
to load BPF programs under different circumstances.
[Potential regression]
Users who rely on unprivileged BPF access will need to change the setting or
give CAP_BPF to their programs. Also, sysctl and bpf code might be affected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1961338/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
