1 |
On Fri, Jan 5, 2018 at 8:39 AM, Nikos Chantziaras <realnc@×××××.com> wrote: |
2 |
|
3 |
> On 04/01/18 18:18, Rich Freeman wrote: |
4 |
> |
5 |
>> For variant 1 the only known vulnerability is BPF which probably |
6 |
>> next to nobody uses |
7 |
>> |
8 |
> |
9 |
> I had to enable various BPF settings in the kernel because systemd |
10 |
> wouldn't shut up about it. It prints warning messages during boot that the |
11 |
> system doesn't support BPF. After enabling it, systemd was happy and |
12 |
> stopped barking at me. |
13 |
> |
14 |
> |
15 |
The vulnerability specifically mentions EBPF and JIT so I'd say its |
16 |
CONFIG_HAVE_EBPF_JIT, but there's also CONFIG_BPF_JIT. |
17 |
|
18 |
I notice EBPF_JIT is =y in my .config, grepping the sysctl -a output for |
19 |
bpf only returns; |
20 |
kernel.unprivileged_bpf_disabled = 0 |
21 |
And |
22 |
https://github.com/linuxkit/linuxkit/commit/720fb219cea1fea99c2bba1d01f771eb43b2000b |
23 |
"On 4.9.x and 4.14.x kernels ebpf verifier bugs allow ebpf programs to |
24 |
access (read/write) random memory. Setting |
25 |
kernel.unprivileged_bpf_disabled=1 mitigates this somewhat until it is |
26 |
fixed upstream." |