colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3ee206291a
nixpkgs/pkgs/os-specific
History
Martin Weinelt 3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
..
bsd os-specific/netbsd: fix mandoc splicing 2021-12-10 18:30:37 -08:00
darwin maloader: use fetchFromGitHub 2022-01-13 17:16:39 +01:00
linux linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 2022-01-15 23:44:19 +01:00
solo5 solo5: 0.6.8 -> 0.6.9 2021-12-13 22:00:02 +00:00
windows maintainers: update personal details 2021-12-31 21:48:55 +03:00