b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/doc
History
Martin Weinelt 3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
..
manual linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 2022-01-15 23:44:19 +01:00
varlistentry-fixer.rb nixos/doc/*: fix indentation 2020-11-12 14:24:00 +10:00
xmlformat.conf doc: Disable wrapping source 2019-09-18 21:17:52 +02:00