[Kernel-packages] [Bug 2035116] Re: allow io_uring to be disabled in runtime

Thadeu Lima de Souza Cascardo Mon, 11 Sep 2023 08:40:39 -0700

** Changed in: linux (Ubuntu Mantic)
       Status: Incomplete => In Progress


** Changed in: linux (Ubuntu Lunar)
       Status: Incomplete => In Progress

** Changed in: linux (Ubuntu Jammy)
       Status: Incomplete => Triaged

** Changed in: linux (Ubuntu Focal)
       Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2035116

Title:
  allow io_uring to be disabled in runtime

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Focal:
  Triaged
Status in linux source package in Jammy:
  Triaged
Status in linux source package in Lunar:
  In Progress
Status in linux source package in Mantic:
  In Progress

Bug description:
  [Impact]
  io_uring has been an important attack vector in the recent years in local 
privilege escalation attacks. Allowing admins that don't use io_uring to 
disable it in their systems allows them to reduce their attack surface.

  [Test case]
  sysctl -w kernel.io_uring_disabled=1
  then try to use io_uring from an unprivileged user, then try it with 
privileges (CAP_SYS_ADMIN)

  [Potential regression]
  Uses can be denied from using io_uring.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2035116/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2035116] Re: allow io_uring to be disabled in runtime

Reply via email to