The fix for this bug has been awaiting testing feedback in the -proposed repository for focal for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.
** Tags added: removal-candidate -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1961338 Title: Disable unprivileged BPF by default Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Bug description: [Impact] Unprivileged users have access to BPF, allowing them to execute code in the kernel under their control. Though restricted and verified, a lot of security issues have been uncovered over the years, indicating that it should be disabled by default in order to protect our users. Admins can reenable that access or give CAP_BPF to programs if needed. [Test case] A qa-regression-testing testcase has been added that checks for the ability to load BPF programs under different circumstances. [Potential regression] Users who rely on unprivileged BPF access will need to change the setting or give CAP_BPF to their programs. Also, sysctl and bpf code might be affected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1961338/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
