Am 28.06.21 um 14:52 schrieb Tomas Pospisek:
Package: systemd
Version: 247.3-5
Severity: wishlist
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Hi,
TLDR:
$ sudo sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 0
please disable unprivileged BPF by default, it seems that it
is not safe to be allowed by default in the general case.
I'm not sure if systemd is the right place to report this
security/wishlist ticket against. I've chosen systemd because it
ships `/etc/sysctl.d/99-sysctl.conf` which seems to me to be the
nearest fit to where `kernel.unprivileged_bpf_disabled` should
be set. Please reassign if there's a better package to stick
this report to.
/etc/sysctl.d/99-sysctl.conf is just a symlink pointing at 99-sysctl.conf -> ../sysctl.conf $ dpkg -S /etc/sysctl.conf procps: /etc/sysctl.conf tbh, I'd prefer the security oder kernel team to make that judgement call.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature