GNU bug report logs - #61216
Disabling unprivileged BPF by default in our kernels

Previous Next

Package: guix;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Wed, 1 Feb 2023 19:46:02 UTC

Severity: normal

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 61216 in the body.
You can then email your comments to 61216 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to help-debbugs <at> gnu.org:
bug#61216; Package debbugs.gnu.org. (Wed, 01 Feb 2023 19:46:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Tobias Geerinckx-Rice <me <at> tobias.gr>:
New bug report received and forwarded. Copy sent to help-debbugs <at> gnu.org. (Wed, 01 Feb 2023 19:46:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Ekaitz Zarraga <ekaitz <at> elenq.tech>
Cc: help-guix <at> gnu.org, Christian Gelinek <christian.gelinek <at> mailbox.org>
Subject: Disabling unprivileged BPF by default in our kernels
Date: Wed, 01 Feb 2023 20:43:42 +0100

[Message part 1 (text/plain, inline)]
Ekaitz Zarraga 写道:
> What does Debian's kconfig list for 
> CONFIG_BPF_UNPRIV_DEFAULT_OFF?

I've always had this option set to Y in my own kernels, and it has 
never so much as inconvenienced me.  However, I'm not a BPF power 
user.

Does anyone know any serious and concrete drawbacks to setting 
this option in all Guix kernels, to increase default security & 
better align with other major distros?

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]
bug reassigned from package 'debbugs.gnu.org' to 'guix'. Request was from Tobias Geerinckx-Rice <me <at> tobias.gr> to control <at> debbugs.gnu.org. (Sun, 26 Feb 2023 00:10:01 GMT) Full text and rfc822 format available.
bug closed, send any further explanations to 61216 <at> debbugs.gnu.org and Tobias Geerinckx-Rice <me <at> tobias.gr> Request was from Tobias Geerinckx-Rice <me <at> tobias.gr> to control <at> debbugs.gnu.org. (Sun, 26 Feb 2023 00:10:01 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 26 Mar 2023 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 31 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.