Tobias Geerinckx-Rice <me@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Tobias Geerinckx-Rice <me@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at submit) by debbugs.gnu.org; 1 Feb 2023 19:45:25 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Feb 01 14:45:25 2023 Received: from localhost ([127.0.0.1]:59914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pNJ2r-0000KZ-15 for submit <at> debbugs.gnu.org; Wed, 01 Feb 2023 14:45:25 -0500 Received: from lists.gnu.org ([209.51.188.17]:57856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pNJ2o-0000KQ-MZ for submit <at> debbugs.gnu.org; Wed, 01 Feb 2023 14:45:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pNJ2o-0005IJ-5S; Wed, 01 Feb 2023 14:45:22 -0500 Received: from tobias.gr ([2a02:c205:2020:6054::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pNJ2l-0003iR-Vb; Wed, 01 Feb 2023 14:45:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=KjLfyxU9jmOub aSUr1FN9kQ9e/pObeZ6WaChlPsJnAE=; h=in-reply-to:date:subject:cc:to: from:references; d=tobias.gr; b=hWBEvwgrkcVycK/yyfurGqNq96NyDN1qgNqTT4 UknjjAd16x3YfO0QlUeOuwZFXzuL9WKf6EUHml5DtK/PAOqCIWo3OIDNchiOfxESSKq1V2 Zoz4xwVjHcNlV6PpuALlgKRFIVJn2DBwFBhVkHUOYbmpJmy3WaT+7p+KnPcPU5DExSj4pM /bweM66XLjK0tUxe+/4P6A0bX8a1QaYEdDnvdz/xzNpClngJIKxwb9t3Of7IsxnqA/Tng9 KkTJWo3cJ8p9GO5mnWI2/bm1CsTLI/Z26Jffdvre+NRJ/9m/ufr9YQxMeDAljLNLB5zSCu sFKtdOwSo1ypLUWOO158oH9w== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 97b74978 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 1 Feb 2023 19:45:14 +0000 (UTC) References: <e7000800-bd5d-8ba4-3f45-888572fd11d8@HIDDEN> <87fsbpnzil.fsf@nckx> <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech> From: Tobias Geerinckx-Rice <me@HIDDEN> To: Ekaitz Zarraga <ekaitz@HIDDEN> Subject: Disabling unprivileged BPF by default in our kernels Date: Wed, 01 Feb 2023 20:43:42 +0100 In-reply-to: <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87bkmdnp69.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: help-guix@HIDDEN, Christian Gelinek <christian.gelinek@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.6 (--) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Ekaitz Zarraga =E5=86=99=E9=81=93=EF=BC=9A > What does Debian's kconfig list for=20 > CONFIG_BPF_UNPRIV_DEFAULT_OFF? I've always had this option set to Y in my own kernels, and it has=20 never so much as inconvenienced me. However, I'm not a BPF power=20 user. Does anyone know any serious and concrete drawbacks to setting=20 this option in all Guix kernels, to increase default security &=20 better align with other major distros? Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY9rBzw0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15BeIBAKPpvY+lOPqMpDrvGUtvcq+PB4hCIJUiibDwSO5U t8DNAQDulhBEeK8GfXYKhQOgN6d8+2nimmqsbFiXX5bHrUccBw== =AqCV -----END PGP SIGNATURE----- --=-=-=--
Tobias Geerinckx-Rice <me@HIDDEN>:help-debbugs@HIDDEN.
Full text available.help-debbugs@HIDDEN:bug#61216; Package debbugs.gnu.org.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.