GNU bug report logs - #61216
Disabling unprivileged BPF by default in our kernels

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Tobias Geerinckx-Rice <me@HIDDEN>; Done: Tobias Geerinckx-Rice <me@HIDDEN>; Maintainer for guix is bug-guix@HIDDEN.
bug closed, send any further explanations to 61216 <at> debbugs.gnu.org and Tobias Geerinckx-Rice <me@HIDDEN> Request was from Tobias Geerinckx-Rice <me@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
bug reassigned from package 'debbugs.gnu.org' to 'guix'. Request was from Tobias Geerinckx-Rice <me@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 1 Feb 2023 19:45:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Feb 01 14:45:25 2023
Received: from localhost ([127.0.0.1]:59914 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pNJ2r-0000KZ-15
	for submit <at> debbugs.gnu.org; Wed, 01 Feb 2023 14:45:25 -0500
Received: from lists.gnu.org ([209.51.188.17]:57856)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@HIDDEN>) id 1pNJ2o-0000KQ-MZ
 for submit <at> debbugs.gnu.org; Wed, 01 Feb 2023 14:45:23 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@HIDDEN>)
 id 1pNJ2o-0005IJ-5S; Wed, 01 Feb 2023 14:45:22 -0500
Received: from tobias.gr ([2a02:c205:2020:6054::1])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@HIDDEN>)
 id 1pNJ2l-0003iR-Vb; Wed, 01 Feb 2023 14:45:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=KjLfyxU9jmOub
 aSUr1FN9kQ9e/pObeZ6WaChlPsJnAE=;
 h=in-reply-to:date:subject:cc:to:
 from:references; d=tobias.gr; b=hWBEvwgrkcVycK/yyfurGqNq96NyDN1qgNqTT4
 UknjjAd16x3YfO0QlUeOuwZFXzuL9WKf6EUHml5DtK/PAOqCIWo3OIDNchiOfxESSKq1V2
 Zoz4xwVjHcNlV6PpuALlgKRFIVJn2DBwFBhVkHUOYbmpJmy3WaT+7p+KnPcPU5DExSj4pM
 /bweM66XLjK0tUxe+/4P6A0bX8a1QaYEdDnvdz/xzNpClngJIKxwb9t3Of7IsxnqA/Tng9
 KkTJWo3cJ8p9GO5mnWI2/bm1CsTLI/Z26Jffdvre+NRJ/9m/ufr9YQxMeDAljLNLB5zSCu
 sFKtdOwSo1ypLUWOO158oH9w==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 97b74978
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Wed, 1 Feb 2023 19:45:14 +0000 (UTC)
References: <e7000800-bd5d-8ba4-3f45-888572fd11d8@HIDDEN>
 <87fsbpnzil.fsf@nckx>
 <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech>
From: Tobias Geerinckx-Rice <me@HIDDEN>
To: Ekaitz Zarraga <ekaitz@HIDDEN>
Subject: Disabling unprivileged BPF by default in our kernels
Date: Wed, 01 Feb 2023 20:43:42 +0100
In-reply-to: <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech>
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87bkmdnp69.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: submit
Cc: help-guix@HIDDEN, Christian Gelinek <christian.gelinek@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Ekaitz Zarraga =E5=86=99=E9=81=93=EF=BC=9A
> What does Debian's kconfig list for=20
> CONFIG_BPF_UNPRIV_DEFAULT_OFF?

I've always had this option set to Y in my own kernels, and it has=20
never so much as inconvenienced me.  However, I'm not a BPF power=20
user.

Does anyone know any serious and concrete drawbacks to setting=20
this option in all Guix kernels, to increase default security &=20
better align with other major distros?

Kind regards,

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY9rBzw0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15BeIBAKPpvY+lOPqMpDrvGUtvcq+PB4hCIJUiibDwSO5U
t8DNAQDulhBEeK8GfXYKhQOgN6d8+2nimmqsbFiXX5bHrUccBw==
=AqCV
-----END PGP SIGNATURE-----
--=-=-=--




Acknowledgement sent to Tobias Geerinckx-Rice <me@HIDDEN>:
New bug report received and forwarded. Copy sent to help-debbugs@HIDDEN. Full text available.
Report forwarded to help-debbugs@HIDDEN:
bug#61216; Package debbugs.gnu.org. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sun, 26 Feb 2023 00:15:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.