** Description changed: [Impact] io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface. [Test case] sysctl -w kernel.io_uring_disabled=1 then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN) + Actually also tried setting kernel.io_uring_disabled=2 and checking that + neither (privileged or unprivileged worked). + + Then testing setting it back to 0. + + Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and + that it worked for group 1000, then set it to 1001 and verified that it + didn't work anymore for group 1000. + + [Potential regression] Uses can be denied from using io_uring.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2035116 Title: allow io_uring to be disabled in runtime Status in linux package in Ubuntu: In Progress Status in linux source package in Focal: Triaged Status in linux source package in Jammy: Triaged Status in linux source package in Lunar: In Progress Status in linux source package in Mantic: In Progress Bug description: [Impact] io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface. [Test case] sysctl -w kernel.io_uring_disabled=1 then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN) Actually also tried setting kernel.io_uring_disabled=2 and checking that neither (privileged or unprivileged worked). Then testing setting it back to 0. Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and that it worked for group 1000, then set it to 1001 and verified that it didn't work anymore for group 1000. [Potential regression] Uses can be denied from using io_uring. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2035116/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
