group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1961338] Re: Disable unprivileged BPF by default

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Thadeu Lima de Souza Cascardo <1961338@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Mar 2022 12:20:23 -0000
Reply-to: Bug 1961338 <1961338@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1961338

Title:
  Disable unprivileged BPF by default

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released

Bug description:
  [Impact]
  Unprivileged users have access to BPF, allowing them to execute code in the kernel under their control. Though restricted and verified, a lot of security issues have been uncovered over the years, indicating that it should be disabled by default in order to protect our users.

  Admins can reenable that access or give CAP_BPF to programs if needed.

  [Test case]
  A qa-regression-testing testcase has been added that checks for the ability to load BPF programs under different circumstances.

  [Potential regression]
  Users who rely on unprivileged BPF access will need to change the setting or give CAP_BPF to their programs. Also, sysctl and bpf code might be affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1961338/+subscriptions