This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1974442
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1974442
Title:
enable CONFIG_DEVTMPFS_SAFE
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Kinetic:
Incomplete
Bug description:
[Impact]
Use nosuid,noexec mount options on devtmpfs, this allows to provide a
bit of extra security by preventing mmapping stuff in /dev with
PROT_EXEC or having setuid executables.
[Test case]
If we really want to provide a test case for this...:
$ grep devtmpfs /proc/mounts
We should see nosuid,noexec in the mount options if this change is
applied, otherwise we should only see nosuid (or none of the above).
[Fix]
Enable CONFIG_DEVTMPFS_SAFE.
[Regression potential]
This change can potentially break some drivers that require mmapping
/dev/mem with the PROT_EXEC flag (for example non-KSM video drivers,
or drivers that need to execute BIOS / firmware code directly from
/dev/mem).
However, it'd be nice to see if we still have drivers that are still
relying on this dangerous behavior and provide some additional safety
measures in the system.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1974442/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
